I have found that when I combine some rules where I detect a notquit and
they are hitting my fake high IP addresses or some other spammer only
tricks that I can basically identify all spam bots on the first attempt.
Here's a list of 600,000 IP addresses of virus infected computers that
have
Marc Perkel wrote:
Not that it is by itself but when combined with other conditions it is
very effective. My theory is that after the message is sent by the virus
sending the quit just takes more time and bandwidth so the spambot just
leaves the connection open on the server side.
But -
W B Hacker wrote:
Marc Perkel wrote:
Not that it is by itself but when combined with other conditions it is
very effective. My theory is that after the message is sent by the virus
sending the quit just takes more time and bandwidth so the spambot just
leaves the connection open on
Marc Perkel wrote:
Basically most all good email servers are polite and do the quit. Most
all spam bot server don't want to expend the time and bandwidth to be
polite and that can be used in combination with other indicators to
catch spam.
The new 4.68 Exim is a major advancement with
Not that it is by itself but when combined with other conditions it is
very effective. My theory is that after the message is sent by the virus
sending the quit just takes more time and bandwidth so the spambot just
leaves the connection open on the server side.
But - almost all of the
