[DLSLUG-Discuss] spam control

Lloyd Kvam python at venix.com
Sat Feb 28 09:09:15 EST 2009 

I have configured my mail server to reject connections from any outside
mail server with a defective HELO command or reverse IP address that
does not "round-trip" (postfix: reject_unknown_client).

Occasionally I would find that I was rejecting mail from legitimate
sources that were badly configured.  Since spammers normally try once
and then give up,  I set up a nightly job to report those servers that
tried repeatedly.  I review the report and "whitelist" any legitimate
mail servers.

I am now seeing spambots that try 10 times before giving up.  I assume
that's a reaction to those email admins that are using "greylists".
        
        http://en.wikipedia.org/wiki/Greylisting
        Reject an unknown mail server, but save the IP address.  Allow
        the connection if they retry.  Spammers are not expected to
        retry.

So if you are relying on a greylist strategy, you may need to escalate
your defense.

>>>>>> from my cron reporting >>>>>>>>>>>>>>>>>>>>>>>

Passed CLEAN	# email accepted for delivery (about 10% spam handled by client spam filters)
1284
Blocked SPAM	# undelivered email saved in server spam folder
32529
cannot find your hostname	# rejected because reverse lookup failed
27754
Helo command rejected	# rejected because of defective HELO command
76802

persistent rejected mail servers	# retry counts for rejected connections
    196 207.108.234.24 from=<exogenauxiliares at yahoo.com> to=<python at venix.com>
    182 80.123.231.11 from=<service at amazon.com> to=<pastor at clcenfield.org>
     60 from=<postmaster at webcoretech.com> to=<dwvenixm at venix.com>
     56 from=<dargento at cypresscom.net> to=<N_Farid at fnxnet.com>
     55 from=<patriciaci at venix.com> to=<patriciaci at venix.com>
     39 from=<Annette at mail.middm.net> to=<staff at howsyourhealth.org>
     35 from=<nosendhere at mail.sadiel.es> to=<staff at howsyourhealth.org>
     31 from=<user at domain.com> to=<info at improveyourmedicalcare.com>
     28 209.152.180.231 from=<scooter at doubleinch.com> to=<mkvam at venix.com>
     27 from=<user at domain.com> to=<info at improveyourhealth.com>
     22 from=<thirteen94 at venix.com> to=<thirteen94 at venix.com>
     21 from=<hamiltonsom at venix.com> to=<hamiltonsom at venix.com>
     21 from=<drdie at venix.com> to=<drdie at venix.com>
     20 from=<binpause at venix.com> to=<binpause at venix.com>
     20 from=<abound at improveyourhealth.com> to=<abound at improveyourhealth.com>
     17 from=<jaydico at venix.com> to=<jaydico at venix.com>
     17 from=<epprinting at ncpg.net> to=<office at clcenfield.org>
     16 from=<bpinnock at venix.com> to=<bpinnock at venix.com>
     16 from=<abujay at venix.com> to=<abujay at venix.com>
     15 from=<hgcea at venix.com> to=<hgcea at venix.com>
     15 from=<camham at venix.com> to=<camham at venix.com>
     15 from=<aboltboss at venix.com> to=<aboltboss at venix.com>
     11 from=<netropolis at venix.com> to=<netropolis at venix.com>
     11 from=<moishehoskie at howsyourheart.com> to=<moishehoskie at howsyourheart.com>
     11 from=<mgollner at venix.com> to=<mgollner at venix.com>
     11 from=<meikeschwarz at venix.com> to=<meikeschwarz at venix.com>
     11 from=<kvamlloyd at venix.com> to=<kvamlloyd at venix.com>
     11 from=<kvamlloyd5 at venix.com> to=<kvamlloyd5 at venix.com>
     11 from=<kvamlkvamp at venix.com> to=<kvamlkvamp at venix.com>
     11 from=<kvamlkvam at venix.com> to=<kvamlkvam at venix.com>
     11 from=<jkb at fnxnet.com> to=<jkb at fnxnet.com>
     11 from=<jccarrjr at venix.com> to=<jccarrjr at venix.com>
     11 from=<jaypenwell at venix.com> to=<jaypenwell at venix.com>
     11 from=<jamesmila at venix.com> to=<jamesmila at venix.com>
     11 from=<irene at venix.com> to=<irene at venix.com>
     11 from=<holmes.ieder at venix.com> to=<holmes.ieder at venix.com>
     11 from=<henkeland at venix.com> to=<henkeland at venix.com>
     11 from=<gagc at venix.com> to=<gagc at venix.com>
     11 from=<ffaheyl at venix.com> to=<ffaheyl at venix.com>
     11 from=<dwfel at venix.com> to=<dwfel at venix.com>
     11 from=<dtrochlell at venix.com> to=<dtrochlell at venix.com>
     11 from=<abesinger at venix.com> to=<abesinger at venix.com>
     10 from=<service at truetargetmarketing.com> to=<N_Farid at fnxnet.com>
     10 from=<pythontutornn at venix.com> to=<pythontutornn at venix.com>
     10 from=<pythontutorn at venix.com> to=<pythontutorn at venix.com>
     10 from=<pythontutor at venix.com> to=<pythontutor at venix.com>
     10 from=<pythontutor5 at venix.com> to=<pythontutor5 at venix.com>
     10 from=<onderste at venix.com> to=<onderste at venix.com>
     10 from=<mycuxhh at fnxnet.com> to=<mycuxhh at fnxnet.com>
     10 from=<kvampythontutorm at venix.com> to=<kvampythontutorm at venix.com>
     10 from=<klxja at venix.com> to=<klxja at venix.com>
     10 from=<kiewgand at venix.com> to=<kiewgand at venix.com>
     10 from=<jk at fnxnet.com> to=<jk at fnxnet.com>
     10 from=<ibewusa at venix.com> to=<ibewusa at venix.com>
     10 from=<hmbna at venix.com> to=<hmbna at venix.com>
     10 from=<hcooksey at venix.com> to=<hcooksey at venix.com>
     10 from=<gwasson at fnxnet.com> to=<gwasson at fnxnet.com>
     10 from=<gavilu at venix.com> to=<gavilu at venix.com>
     10 from=<freinat at venix.com> to=<freinat at venix.com>
     10 from=<fodvenixwan at venix.com> to=<fodvenixwan at venix.com>
     10 from=<eastbayjat at venix.com> to=<eastbayjat at venix.com>
     10 from=<draworess at venix.com> to=<draworess at venix.com>
     10 from=<diretoria at venix.com> to=<diretoria at venix.com>
     10 from=<dennypanthen at venix.com> to=<dennypanthen at venix.com>
     10 from=<crqdz at venix.com> to=<crqdz at venix.com>
     10 from=<cossalt at venix.com> to=<cossalt at venix.com>
     10 from=<ccdmrk at venix.com> to=<ccdmrk at venix.com>
     10 from=<bvpgb at venix.com> to=<bvpgb at venix.com>
     10 from=<bubblecar at venix.com> to=<bubblecar at venix.com>
     10 from=<bounce at m2.mobilestorm.com> to=<JHW at FNXNET.COM>
     10 from=<bounce at fgrrb.org> to=<jhw at fnxnet.com>
     10 from=<bloopcity at venix.com> to=<bloopcity at venix.com>
     10 from=<bkresic at venix.com> to=<bkresic at venix.com>
     10 from=<biometrix at venix.com> to=<biometrix at venix.com>
     10 from=<bilpro at venix.com> to=<bilpro at venix.com>
     10 from=<bijur at venix.com> to=<bijur at venix.com>
     10 from=<biftlgdcvdd at venix.com> to=<biftlgdcvdd at venix.com>
     10 from=<bhus at venix.com> to=<bhus at venix.com>
     10 from=<bhughes at venix.com> to=<bhughes at venix.com>
     10 from=<betsmasi at venix.com> to=<betsmasi at venix.com>
     10 from=<baba_older at howsyourhealth.com> to=<baba_older at howsyourhealth.com>
     10 from=<agneshope at venix.com> to=<agneshope at venix.com>

-- 
Lloyd Kvam
Venix Corp
DLSLUG/GNHLUG library
http://dlslug.org/library.html
http://www.librarything.com/catalog/dlslug
http://www.librarything.com/rsshtml/recent/dlslug
http://www.librarything.com/rss/recent/dlslug

More information about the DLSLUG-Discuss mailing list