On Fri, 2009-05-22 at 14:14 +0200, Arvid Ephraim Picciani wrote: > Greetings. > I'm thinking of implementing: > - greylisting
very effective. I cut my incoming mail by about 80% when we put up greylisting. I'm using sqlgrey. > - honeypots > - rejecting broken HELO at smtp time (such as "MUMS_XP_BOX") We had too many false-positives when I did that. In particular, Exchange administrators sem to be completely incapable of setting the HELO name to something sane. > - rejecting dynamic IPS at smtp time (PBL) > - firewalling hosts with 100% spam, forever. > I'm getting lots of it from zombies, so i wonder if its legitime to scan > the sender before accepting. For example if it blocks icmp, its very > likely a home router. Any sane enterprise server administrator will block external icmp. I would recommend that you use p0f and a tool like BOTNET.pm to detect zombies - if they have messed up DNS and are running Windows, then it's a bot... > But i have no data on that, and no clue. > Spamhaus has only about half of the zombies. PBL even lacks half of the > german dialup ISPs. i'm thinking i need my own techniques to build such > lists. > > thanks. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
signature.asc
Description: This is a digitally signed message part
