Nice links.
We've had a lot of success using a combination of
-Postfix greylisting
-Brutally rate-limiting all APNIC IPs (we wouldn't get much traffic
from there)
-Spamsink to feed Spamassassin
-Throttling anyone who gets more than x 550s per minute
-Fairly tolerant blacklist rules
It's also hilarious watching the spambots get caught up in wpoison.
I've seen a combo of only #4 and #5 do a very good job at a big UK
investment bank (with incidentally the biggest, most hilariously
complicated Postfix config I have ever seen)
-John
On Nov 4, 2005, at 12:03 PM, Glogger Steven wrote:
hi there
while analysing some bogus stuff i found out, that some strange
requests
where going to:
http://wm.maxysearch.info/cgi-bin5/repeaterm.fcgi?n=5&lastid=
http://maxysearch.info/gallery20081/xpsystem/rxs.ini.php
http://traff-store.com/gallery20081/xpsystem/rxs.ini.php
especially the first link is very interesting.
it generates (random?) e-mail adresses and the spamming text...
and also some nonworking (anymore) links:
http://maxysearch.info/gallery20081/xpsystem/rxs.ini.php
http://clickonseek.com/gallery20081/xpsystem/rxs.ini.php
http://www.student.ru.nl/markjansen/g2/bazooka.php?
get=1&hostfile=1&net=
gnutella2&client=RAZA&version=2.2.0.0
http://twopi.no-ip.org/g2/bazooka.php?
get=1&hostfile=1&net=gnutella2&cli
ent=RAZA&version=2.2.0.0
http://rssfed23.angeltowns.com/g2/bazooka.php?
get=1&hostfile=1&net=gnute
lla2&client=RAZA&version=2.2.0.0
what do you think about this? lets autogenerate filters? :-)
-steven
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
_______________________________________________
swinog mailing list
[email protected]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
