[Cialug] damn spammers

Dave Weis djweis at internetsolver.com
Wed Nov 7 10:43:25 CST 2007 

Tom Pohl wrote:
> That's the same list that we're using, but I think you misunderstood 
> where I've got the list in the chain.  Up front, before everything, I 
> will drop the sender based upon source IP before they even have a chance 
> to send me an email.
> 
> When you say lookup isn't done because the "fake addresses are dropped 
> earlier" it sounds like you're accepting mail from the bogus IP and then 
> dealing with it whereas I don't even allow them to waste my bandwidth :)

I'm picking it up now, I moved the blacklist checkers to the front of 
the list now. It's getting a lot of hits on the CBL stuff but not any 
noticeable on the spamhaus lists.

> On Nov 7, 2007, at 10:21 AM, Dave Weis wrote:
> 
>> Tom Pohl wrote:
>>> I used to have load issues until I started dropping SMTP connections 
>>> up front based upon spamhaus' blocklists.  I've found that the PBL 
>>> (Policy Block List) rejects really well for the bot networks running 
>>> from residential broadband users.  Lots of ISPs are listing their 
>>> residential users in the list.  I've found that I'm rejecting about 
>>> 50% of incoming SMTP connections immediately easing the load because 
>>> it won't allow the sender to send a message (my average for the past 
>>> 24 hours in 10 min avg Allow: 6656.0 Deny: 6353.0).  The biggest 
>>> drawback is that it blocks the sender even before any SMTP AUTH 
>>> attempts, so you need to use an alternate port for users who need to 
>>> relay mail through the server if they're coming from an dynamic ip 
>>> range listed in the PBL.
>>
>> We are using the zen.spamhaus.org list that combines pbl, xbl, and sbl 
>> into one list. It's working very well on our other servers. This 
>> particular one doesn't even get to the point where the lookup is done 
>> because the fake addresses are dropped earlier.
>>
>>
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
> 
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list