Re: increase in spam and what to do about it

Phillip Helbig---remove CLOTHES to reply wrote:
Has anyone else noticed a large increase in spam in the last few weeks?

> http://news.com.com/Tis+the+season+to+send+spam/2100-7349_3-6136901.html?tag=nefd.top


Very interesting article on spam volumes increasing for this christmas season.

The volumes are now up to 819 terabytes of spam per day, compared to 275 per day a year ago.

Researchers found evidence that about 73,000 computers in 166 countries are part of the SpamThru botnet, adding up to a mighty spam cannon. (This is some virus which transform an innocent PC in to a member of a centrally controlled spamming network whene central servers provide templates etc.

I can attest to the "cannon" thing. When spam hits my machine, it is usually in bursts lasting a few minutes con constant call attempts.

Reducing the number of concurent sessiosn my SMTO server will handle has reduced the attacks. After two calls, the subquent ones fail until the first 2 have ended their unsuccesful delivey attempt.

BTW, they often harvest email adresses in a very dumb way which includes usenet message ids.

Re: RBLs are very efficient.

Here is my smtp.config : ( a few things not available in 5.4 )

$ type $disk4:[sys0.tcpip$smtp]smtp.config
Good-Clients: 10.0.0.0/8
Bad-Clients: 220.144.0.0/16,
200.45.190.0/23
!
! Chinanet
Bad-Clients: 58.0.0.0/8,
59.0.0.0/8,
60.0.0.0/8,
218.66.0.0/15,
220.160.0.0/11,
220.192.0.0/10,
221.0.0.0/8,
222.0.0.0/8,
61.12.0.0/16,
61.206.0.0/16
!
Relay-Zones: vaxination.ca
Relay-Zones: www.vaxination.ca
Relay-Zones: gw.vaxination.ca
!
Reject-Unbacktranslatable-IP: TRUE
Accept-Mail-From: <email address of friends>
SPAM-Action: ACCOUNTING
Security: FRIENDLY
RBLs: combined.njabl.org
RBLs: sbl-xbl.spamhaus.org
Allow-EXPN: NEVER
Allow-VRFY: LOCALLY
Symbiont-Checks-Deliverability: FALSE
Try-A-Records: IFNOMX
!
!
Unbacktranslatable-IP-Text: Can't backtranslate SMTP server's IP
Client-In-RBL-Text: SMTP server is blacklisted in RBL
Bad-Clients-Text: Your network is blocked: sent too much SPAM
Unqualified-Sender-Text: Sender's email address illformed
Unresolvable-Domain-Text: Sender's email domain unresolvable
SPAM-Relay-Text: This facility does not tolerate spammers, relay disabled
EXPN-Used-Text: Environmental regulations forbid the Mining of distribution lists
VRFY-Used-Text: Spammers are not welcome here

.

Relevant Pages

  • Re: [SLE] spamassassin and rbl checks in SuSE V9.2
    ... directly submitted to your server and then you can use RBLs, ... spamd) which then returns either spam or not spam to sendmail. ... Spamassassin actually works and filters out spam emails. ... the SBL blocklist [URIs: emerseddm dot com] ...
    (SuSE)
  • Re: increase in spam and what to do about it
    ... Very interesting article on spam volumes increasing for this christmas season. ... Re: RBLs are very efficient. ... Relay-Zones: www.vaxination.ca ... machines on the INTERNET to send email anywhere. ...
    (comp.os.vms)
  • Re: IMF Recommended Settings
    ... All spam filters can result in false positives. ... There's not much to deploying the IMF. ... effective at blocking all non-spam. ... Do you have any experience working with RBLs? ...
    (microsoft.public.exchange.admin)
  • RE: Help with SPAM blocking
    ... Best practice is to not use standard RBLs as a direct method of blocking ... overall score for determining whether or not an email is spam, ... I also welcome reference to more focused mail lists I can ...
    (Security-Basics)
  • Re: anti-spam advice
    ... > What is the highest version of TCPIP for VMS 7.3-2? ... RBLs: combined.njabl.org ... So if you insist on allowing spam from dynamic IPs, you can still do this and only block the few ip ranges that are still sending spam directly. ...
    (comp.os.vms)