When the mainstream press started reporting stories like "You are not under FBI surveillance" about the newest windows worm variety, I started checking my logs for signs of what the stories described. Nothing of the sort reported had reached any windows machine on our network, so I started looking at the gateway's logs. The result is a very preliminary draft which I've put at http://www.bgnett.no/~peter/pf/spamd-vs-sober-prelim.txt
My problem is that the sample size is so tiny. If I am to turn this into a publishable article, I need more data. Would anyone running pf plus spamd in greylisting mode volunteer to do the same tests and send me their results (or raw data for that matter)? Any other feedback would be welcome of course, and truly useful data will merit at least a mention in the thanks to list if this gets published. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
