[Dshield] Extreme increase in spam attempts... any one else seeing similar event?
Tony Earnshaw
tonni at hetnet.nl
Fri Aug 17 15:57:18 GMT 2007
Chris Phillips skrev, on 17-08-2007 16:25:
> Since yesterday (16 Aug 6pm EDT) I am seeing a HUGE increase in spam
> activity:
> sed -n '/^Aug 16 18/,$p' /var/log/smtpd.log | egrep 'Not allowed' | wc -l
> 12110
> sed -n '/^Aug 16 18/,$p' /var/log/smtpd.log | egrep 'Not allowed' |
> egrep UNKNOWN | wc -l
> 480
> (This is less than 24 hours ! )
[...]
That sort of thing is very often backscatter from joe jobs, i.e. a bot
network sending out spam with the smtp 'MAIL FROM:' with one of your
valid addresses and the receiving MTA bouncing it (as opposed to smtp
refusing it).
Using a good and *lenient* dnsbl such as zen.spamhaus.org as filter will
get rid of at least 75% of it. For the rest, my sites use (latest,
stable) Postfix + amavisd-new that themselves have an enormous anti-UCE
armory built in. We refuse at least as much shoot as legal mail per day
with the above.
Best,
--Tonni
--
Tony Earnshaw
Email: tonni at hetnet dot nl
More information about the list
mailing list