The point of the "flurry" is that each connection will be diverse and originate from unassociated networks.
-- ME2 (mobile) -----Original Message----- From: "Dave Emory" <[EMAIL PROTECTED]> Date: Thursday, Jul 12, 2007 5:49 pm Subject: Re: [Assp-user] Spam pattern - can it be detected? To: "Questions and Answers for users of ASSP Anti-Spam SMTP Proxy" <[email protected]>Reply-To: Questions and Answers for users of ASSP Anti-Spam SMTP Proxy <[email protected]> Kevin wrote: Dave Emory wrote: > Hi, all. > > I sometimes see a flurry of attempted connections such as these from > the mail > log: > <--snip--> > > The messages come from different IP addresses and different senders, > but are the invalid addresses are repeated. Does anyone know of a > way to detect a spam flurry like this in ASSP and add an additional > PB score to the offending sender IP addresses? And just out of > curiosity, does anyone know how the spammers manage to send from > such geographically diverse IP addresses, all to the same invalid > address, all within a few minutes? > > Delaying might be something to look at. > One thing you might be able to do is if they use the same address repeatedly you could put it in the 'blackListedDomains' list. > Kevin Even better is the penaltytraplist. The next time the bots start to spew, they'll get a high score. ------------------------------------------------------------------------- This SF ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
