More on spamming..

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mario Valente mvalente at esoterica.pt
Wed Oct 1 12:29:45 CEST 1997

>>> I think, it's not a solution to build a frontier to the ISPs who are
>>> housing such spammers. We must stop those spammers with commercial ideas
>>> not with technical solutions such as filtering out IPs with as-path access
>>> lists.
>>
>>Um, please read how the list works - it doesn't use as-path access list.
>>It sends /32 routes (normally) for specific hosts which orginate spam,
>>and transiently for specific relays currently being used to propogate
>>spam. 
>
>Well...how can I filter hosts out, which are connected dynamically. The
>most spams I get, are from several IPs which are dial-up customers of (well
>known) ISPs in USA.


  I'm going to describe once again how were dealing with spam.

  We've installed sendmail (latest) with several patches, namely the
 no relay patch (unless the host is listed as allowed to use the relay) and
 also patches for checking the existence of the From and To addresses.

  We have a daemon on the background scanning the mail log. We accept
 mail from everywhere, anyplace. As long as its one message at a time or
 within a reasonable interval. If a spam is detected (several incoming
messages
 from the same domain, or from "weird domains" like cyberpromo.com,
344234.com, etc
 we just use the packet filtering capabilities of Linux to refuse packets
from the
 incoming IP address doing the spam. About 15 minutes later the daemon cleans
 up the IP filters in existence and rescans the mail log.

  This means that an ongoing spam will be continually blocked. It also means
 that instead of refusing the message, or sending back an error, or
whatever, the
 spammer thinks that the server is out of reach, the network is not
working, the
 server is not responding, etc stopping him from retaliation measures like
we had
 in the past from spammers who got mad with us stopping them with other
techniques.

  Mail from every domain is always accepted, even from well known spammers.
They
 are able to get messages through, as long as they arent patterned. If they
are they
 will be able to send 4 or 5 of them, but them the server will be unreachable.

  C U!

   -- Mario Valente

Previous message: More on spamming..

Next message: More on spamming..

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ lir-wg Archives ]