On 05/20/2015 08:05 AM, Lindsay Haisley wrote:
> The helo address in rate-limited spams tells a lot.
...
> They observed that commercial spamming
> operations engage in what's called "domain tasting" from registrars
> ... Large spam spews from these people cover a huge range of IP
> addresses and an infinite number of domain names, but I'm seeing
> only half a dozen or so name servers for these domain names.

What do you get from the HELO data that you don't get from the envelope 
sender address?  Wouldn't you get the same or better set of nameservers 
if you look up NS for the domain in the from=<> entry in the log?

> I've hacked together a "baddns" pythonfilter module based on this
> information which is proving to be_very_ useful and effective in
> keeping spam away from FMP's customer in-boxes.

It's an interesting concept.

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to