On 05/20/2015 08:05 AM, Lindsay Haisley wrote: > The helo address in rate-limited spams tells a lot. ... > They observed that commercial spamming > operations engage in what's called "domain tasting" from registrars > ... Large spam spews from these people cover a huge range of IP > addresses and an infinite number of domain names, but I'm seeing > only half a dozen or so name servers for these domain names.
What do you get from the HELO data that you don't get from the envelope sender address? Wouldn't you get the same or better set of nameservers if you look up NS for the domain in the from=<> entry in the log? > I've hacked together a "baddns" pythonfilter module based on this > information which is proving to be_very_ useful and effective in > keeping spam away from FMP's customer in-boxes. It's an interesting concept. ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users