craigwhite at azapple.com
Thu Jul 22 00:21:06 UTC 2004
On Wed, 2004-07-21 at 16:56, Scot L. Harris wrote:
> On Wed, 2004-07-21 at 19:35, netmask wrote:
> > > ----
> > > I'm not convinced that this is entirely true any longer. I was under the
> > > impression that much of today's UBE was being sent by Windows machines
> > > that have been compromised and are relaying mail at the control of
> > > others and less from improperly configured mail servers (hence your
> > > point about idiot ISP's that don't block port 25 properly I suppose). I
> > > don't have any statistics on this though.
> > According to my logs, this would be an accurate statement. I get hit by a lot
> > of brute forcers trying *@domain and just tons of stupid spam drones.. Nearly
> > all coming from dialup win boxes (according to p0f they are win boxes).
> > Luckily cbl.abuseat.org and the other various rbl's do a pretty good job of
> > keeping them under control. I very rarely see someone rejected as being an
> > open relay.
> > However, the second someone has an open relay up.. it's a spammer heaven.
> Everyday I see relay attempts through the mail server, all blocked of
> course. There must be enough open relays for them to keep trying that
> And I agree with you that the majority of the spam comes from
> compromised zombie windows clients. I recently setup greylisting on the
> mail server and this alone reduced spam by 98 to 99% (was 2000 to 6000
> spam messages a day and now we get 3 to 8 spam messages a day).
> Greylisting works by telling the remote MTA that there is a temporary
> error (451). A real MTA will wait a few minutes and try to connect
> again. Virtually all the zombie machines out there are not that smart,
> they get an error and just move on and don't retry. Amazingly quiet on
> the email server now. :)
why is it that I feel this is only a temporary fix?
More information about the users