Slightly OT: sfm-sav milter
René Berber
r.berber at computer.org
Fri Dec 1 23:13:03 GMT 2006
Kevin Miller wrote:
> I just posted the following to the smf-sav list, but thought I'd give
> folks here a heads up too, since I know some are using smf-sav milter...
>
> ===========
> The spammers are up to their old tricks apparently. I noticed this in
> my logs today:
>
> -------------------------------------------------
> Nov 30 19:06:23 mx2 smf-sav[22911]: sender check succeeded:
> <burlkevin_miller at ci.juneau.ak.us>, 124.120.38.30,
> ppp-124.120.38.30.revip2.asianet.co.th, [00:00:03]
> Nov 30 19:06:24 mx2 smf-sav[22911]: recipient check failed:
> <burlkevin_miller at ci.juneau.ak.us>, 124.120.38.30,
> ppp-124.120.38.30.revip2.asianet.co.th,
> <burlkevin_miller at ci.juneau.ak.us>, [00:00:00]
> -------------------------------------------------
>
> There are numerous entries where they use some phoney address as the
> from=, which generally fail. I guess they figured they'd have a better
> chance of getting their spam through if they forged an address from my
> domain, but configured their server to verify it.
A variation of dictionary attacks... smarter, but it could be easily made more
accurate.
SnertSoft's milter-error would stop the queries if smf-sav signal an error when
the ckeck fails (I don't use smf-sav but, for instance, gray listing a sender
does produce an error, and when the sender retries too fast too often,
milter-error kicks and black list them for a longer period).
[snip]
--
René Berber
More information about the MailScanner
mailing list