On Sat, 28 Sep 2002, Federico Sevilla III wrote:
..
> I believe the problem Orly faces, however, is these really nasty people
> locking up his smtpds with SYNs. So he wants to block them out
> completely (not just from SMTP) using IPTables. Aside from wondering
> what kind of an impact a massive set of rules (Orly's current figure is
> 2000+) will have on our systems, I wonder if it's possible to extend
> this to have multiple systems syncing with each other or a central IP
> repository, updating each set of IPTables rules to block the addresses.
I have two problems really.
1) SYN people
2) DNSBL's aren't good enough, and the really paranoid ones (e.g.
dorkslayers) are SO paranoid that they cut off too much legitimate mail
I had this other scheme for a "spam honeypot." I set up a mail address
"[EMAIL PROTECTED]" ("Sarah" is the most common name in the English
language) but we have no such customer. So by definition, any mail going
into that address is unsolicited. I was planning to add a .forward which
will insert the IP's from any mail received by that address into my
blacklist. However I never got around to it..
At worst I get 5 spams/day now.. (down from 50-70) out of a total of 120
mails. So personally, my system is good enough, and I'm not highly
inclined to getting that last 5-10% of accuracy. That it scales to 50k
mailboxes is even better. :)
---
Orlando Andico <[EMAIL PROTECTED]>
Mosaic Communications, Inc.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
