Dictionary Attacks

[DAve]

Peter Russell wrote:
> 
> 
> Mike Kercher wrote:
>> mailscanner-bounces at lists.mailscanner.info <> scribbled on :
>>
>>
>>> My frustration with the deluge of spam of late has gotten to
>>> the point that I'm fairly convinced I will stop the spam
>>> filtering on the domain of the next user that bitches to me
>>> about the spam they're getting. Then they can see what spam
>>> they've *not* been getting.
>>>
>>
>> I've done that before.  And if they're REALLY pissy, I'll change my
>> config to forward them ALL of the spam for other domains as well.  They
>> come crawling back in no time.
>>
>> Mike
> 
> This is a big problem for me at the moment. I am under attack from users 
> more than spammers. At the momement there is a lot of negative talk 
> about the solution we use (MS, SA, MW) because they are getting the 
> stock picture spam, and we stop 1 in 10000 as false positives.

I don't see how they could complain. My original post on this thread was 
to A) ask if anyone else was having problems and B) let Julian know that 
MailScanner was working for us, even under a huge attack.

As for stock spam, we use the SARE stock rules, recently updated, and 
the image info plugin. Both seem to catch the vast majority of the stock 
spams, very very few slip by. After watching the performance of the new 
SARE rules we are about to crank them up to "KILL" score they work so well.

> 
> Is there any reported info on the web i can use to illustrate that there 
> is a world wide increase in the volume of spam, spammers have far more 
> resources than we do etc etc?

I would like that as well.

> 
> Our volume of spam has more than quadrupled in the past 5 months.

Hard to tell, we are constantly changing to meet the demands. It 
certainly feels like it though. We need to get some stats on the 
rejections at smtp.

I finally gave up last night and added dul.dnsbl.sorbs.net to Sendmail. 
We now run three RBLs at smtp time. It made an immediate difference, 
though I am certain there will be  problems. Any client who can't send 
to our servers will just have to start using their ISP's smarthost, as 
they should be doing anyway.

We can no longer afford to be accommodating.

DAve


-- 
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.