Recurring abuser
Tim Sailer
sailer at BNL.GOV
Thu Dec 1 19:57:18 GMT 2005
On Thu, Dec 01, 2005 at 02:51:22PM -0500, DAve wrote:
> Casey King wrote:
> >My MailScanner boxes are still getting drilled with the Sober.Virus and
> >spam (none which have made it through) from a single IP address. I did
> >a lookup on dnsstuff.com for the address {66.243.13.178} but made no
> >headway on what to do about this. What steps do I need to do in order
> >to get this to stop? I haven't seen a degridation in mail processing,
> >but seeing over 150 Sober infected emails, and countless spam each day
> >is a bit annoying.
> >
>
> This might help track down a contact address,
> http://www.senderbase.org/search?searchString=66.243.13.178
>
> I would block them at your sendmail access file for the time being.
On my Linux boxes running MS, I use Vispan. From the web interface:
Temporary Spam / Virus Source Blocks- (total 6305)
Level 1 - 5463 ; Level 2 - 425 ; Level 3 - 254 ; Level 4 - 163 ;
Repeat offenders get bumped to the next level, and have the IPTables
block for a longer period of time. It's very effective.
Tim
http://www.while.homeunix.net/mailstats/
--
Tim Sailer <sailer at bnl.gov>
Information and Special Technologies Program
Office of Counterintelligence
Brookhaven National Laboratory (631) 344-3001
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list