----- Original Message ----- From: "Len Conrad" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 21, 2004 11:29 Subject: [Spam - 18]Re: [IMail Forum] Dictionary Attacks and MX Records
> > > > What about just 'kill' listing IPs that fail 10 attempts? > > > >Some of the addresses may only appear six or seven times in a day, or even > >in an hour. I'm very nervous about setting the trigger too low, thus > >risking blocking mailing lists in the case of a customer who has changed > >email addresses without letting the listserver know. > > greylisting is ideal for this kind of defense against low-volume msgs from > a wide range of IPs. > > Since these IPs are very probably compromised "subscriber" IPs (cable, > dialup, dsl), they are not real MTAs but mass mailing worms, and have no > facilities for defer/queue/retry (and I'm observing that some spam farms > don't retry, either). > > Greylisting EVERY single inbound msg kills this kind of traffic dead. <snip> > As I predicted months ago, the amount of crap coming from subscriber IPs > has been increasing to the point that I bet 99+% of all msgs from > subscriber PTRs is abuse. I hadn't thought of that. It sounds like a neat idea, and one that doesn't require a repugnant amount of processing. How long would you grey list an address for rejections? If they try to pump more than half a dozen messages through? This sounds like it might be the solution, but I'm curious as to how you do it. -- A. Clausen [EMAIL PROTECTED] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
