[Cialug] damn spammers
Tom Pohl
tom at tcpconsulting.com
Wed Nov 7 10:38:44 CST 2007
That's the same list that we're using, but I think you misunderstood
where I've got the list in the chain. Up front, before everything, I
will drop the sender based upon source IP before they even have a
chance to send me an email.
When you say lookup isn't done because the "fake addresses are
dropped earlier" it sounds like you're accepting mail from the bogus
IP and then dealing with it whereas I don't even allow them to waste
my bandwidth :)
-Tom
On Nov 7, 2007, at 10:21 AM, Dave Weis wrote:
> Tom Pohl wrote:
>> I used to have load issues until I started dropping SMTP
>> connections up front based upon spamhaus' blocklists. I've found
>> that the PBL (Policy Block List) rejects really well for the bot
>> networks running from residential broadband users. Lots of ISPs
>> are listing their residential users in the list. I've found that
>> I'm rejecting about 50% of incoming SMTP connections immediately
>> easing the load because it won't allow the sender to send a
>> message (my average for the past 24 hours in 10 min avg Allow:
>> 6656.0 Deny: 6353.0). The biggest drawback is that it blocks the
>> sender even before any SMTP AUTH attempts, so you need to use an
>> alternate port for users who need to relay mail through the server
>> if they're coming from an dynamic ip range listed in the PBL.
>
> We are using the zen.spamhaus.org list that combines pbl, xbl, and
> sbl into one list. It's working very well on our other servers.
> This particular one doesn't even get to the point where the lookup
> is done because the fake addresses are dropped earlier.
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list