On Tue, 1 Apr 2003, Devin Carraway wrote: > > Have you done testing on this? It seems to me that all my spam is > > coming direct to MX via open proxies. Anyone using a static IP is going > > I'm not even counting open proxies. First, they're easy for the DNSBLs > to probe.
That's reactive not proactive though. I get a lot of open proxy spam coming through despite using 3 proxy lists. > Second, POST proxying is trivial to filter. Agreed. > Taking those out, you have relayed spam and direct-to-MX spam. > First-time denysoft won't do anything about the former. Not so. It gives time to probe it. Or if you're not into probing, then it gives time to wait for it to appear on a DNSBL. The direct to MX spammers are taken care of by the SBL. > > Not really - you just age out all the entries that have only connected > > once (or maybe twice). That's a bit of extra work, but not much. > > Sure, that helps. Actually it's simpler to think of it in terms of > connection rate -- if you age out anything that drops below one connect > per month Yup, something like that would work fine. The other thing to note is that this probably doesn't work too well for huge networks, where the same IP will *likely* be trying to connect more than once (for multiple recipients at the same host), but this is a very lightweight and effective mechanism for small organisations. But I may do some testing on the large organisation thing and see. -- <!-- Matt --> <:->get a SMart net</:-> Spam trap - do not mail: [EMAIL PROTECTED]
