Spam Attacks
Paul Kelly :: Blacknight
paul at blacknight.com
Wed Sep 14 23:34:39 IST 2011
A full days logs here I think.
http://dominion.blacknight.ie/~paul/postfix-Sep14.txt
It's not as bad as I thought it was going to be. But I can clearly see the first 10 domains we moved over were indeed getting most of the traffic.
At least now we've got proper logging, unlike Qmail which is just a MAJOR pita to get any information from.
I suppose if you use a 10 year old car in a race, you're going to loose.
Paul
Paul Kelly
Technical Director
Microsoft Certified Partner
Blacknight Internet Solutions ltd
Hosting, Colocation, Dedicated servers
IP Transit Services
Tel: +353(0)599183072
Lo-call: 1850 929 929
DDI: +353 (0) 59 9183091
e-mail: paul at blacknight.com
web: http://www.blacknight.com
Blacknight Internet Solutions Ltd,
Unit 12A,Barrowside Business Park,
Sleaty Road,
Graiguecullen,
Carlow,
Ireland
Company No.: 370845
On 14 Sep 2011, at 16:32, Glenn Steen wrote:
> On 14 September 2011 12:07, Paul Kelly :: Blacknight
> <paul at blacknight.com> wrote:
>> <snip>
>>
>>> I've got pflogsumm daily reports stored since August -08, and apart
>>> from natural differences (layoffs making the total volume drop,
>>> temporarily driving up the "no such address"-rejections back in -09) a
>>> cursory comparision of a semi-random selection show no real difference
>>> during the last months (well, there's always a lull during the
>>> summer/vacation period:-).
>>>
>>
>> [Paul Kelly] Care to share percentages maybe? :)
>
> :-)
> Well, over the entire period, all rejections seem to lie within the
> span 30-60% of all incoming delivery attempts, and for the last couple
> of months... closer to 30 than anything.
> I don't have the legal ability to use RBLs for rejections, only points
> in SA, due to specific Swedish legislation, so all rejections come
> from "RFC strictness", relaying attempts, fraud (pretending to be a
> local sender) and recipient verification. As Martin notes, the last
> bit seem to grab what you're seeing, so I should be seeing the same
> increase, but match on different rejection criteria.
> Since the layoffs (reduced the workforce by a third), our domain
> (ap1.se) is real low volume, and ... luckily has escaped attention so
> far:-).
>
>>> But that might only show quirks of my particular setup, volume and
>>> usage patterns of my userbase etc. I suspect an ISP-type organization
>>> would be more likely to ... attract ... badness:-).
>>
>> [Paul Kelly] Believe it or not, 10 domain names from the 43k or so hosted on our Qmail cluster get 94% of all e-mail. One of them is a medical research company. I suspect someone out there doesn't like them :-)
> :-)
>>
>> Top 10 domains received 20,000,000 (yes 20 million) + spam rejections in the last 10 days.
>>
> .... Oh ...
>> It's a wee bit crazy.
>>
> Yep, real crazy. How is the PF things holding up under the deluge?
>
>> Regards,
>>
>> Paul
>>
>
> Cheers!
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list