sendmail issue.

[Craig White]

On Wed, 2004-07-21 at 16:56, Scot L. Harris wrote:
> On Wed, 2004-07-21 at 19:35, netmask wrote:
> > > ----
> > > I'm not convinced that this is entirely true any longer. I was under the
> > > impression that much of today's UBE was being sent by Windows machines
> > > that have been compromised and are relaying mail at the control of
> > > others and less from improperly configured mail servers (hence your
> > > point about idiot ISP's that don't block port 25 properly I suppose). I
> > > don't have any statistics on this though.
> > 
> > According to my logs, this would be an accurate statement. I get hit by a lot 
> > of brute forcers trying *@domain and just tons of stupid spam drones.. Nearly 
> > all coming from dialup win boxes (according to p0f they are win boxes). 
> > Luckily cbl.abuseat.org and the other various rbl's do a pretty good job of 
> > keeping them under control. I very rarely see someone rejected as being an 
> > open relay.
> > 
> > However, the second someone has an open relay up.. it's a spammer heaven.
> 
> Everyday I see relay attempts through the mail server, all blocked of
> course.  There must be enough open relays for them to keep trying that
> method.
> 
> And I agree with you that the majority of the spam comes from
> compromised zombie windows clients.  I recently setup greylisting on the
> mail server and this alone reduced spam by 98 to 99% (was 2000 to 6000
> spam messages a day and now we get 3 to 8 spam messages a day). 
> Greylisting works by telling the remote MTA that there is a temporary
> error (451).  A real MTA will wait a few minutes and try to connect
> again.  Virtually all the zombie machines out there are not that smart,
> they get an error and just move on and don't retry.  Amazingly quiet on
> the email server now.  :)
----
why is it that I feel this is only a temporary fix?

;-(

Craig