Jethro R Binks wrote: > Bill: > > On Thu, 2 Nov 2006, W B Hacker wrote: > >> The good news is that a blocklist of 400-600 partially-wildcarded 'HELO' >> names >> nails about 70-80%, and twice that gets nearly all of them - both figures now >> solidly verified against two or more RBL's. About 1/4 of these persist >> year-on-year for the 5+ years we have been watching. > > That sounds like a useful list to publish ... I only have a small > collection of a half-dozen or so persistent offenders! > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
One of the many reasons I *don't* publish it is that arrival targets are highly domain-specific, even on the same virtual-hosting box, let alone other boxes in the same rack and IP block. TANSTAAFL, and one size does NOT fit all. But if we each individually set up to auto-gather info on our own server's primo attackers, research the worst of them, and apply some customization, yes, that can help a lot. If only by de-cluttering our logs ;-) Perhaps 10-20% of our worst long-term/chronic repeaters long ago moved into ipfw tables where I can no longer whitelist them. No need to. Your Mileage *WILL* Vary Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
