spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Hardin <jhar...@impsec.org>
Subject Re: Massive spamruns
Date Thu, 13 Jun 2013 22:53:11 GMT
On Thu, 13 Jun 2013, Alex wrote:

>>> John Hardin wrote:
>>>> As was suggested earlier: greylisting?
>
> I'm thinking this is sounding like a better option. The IPs change way
> too quickly for me to be able to keep up with updating a DNSBL. It's
> funny -- despite all MXs having the same weight, mail03 is really the
> one that's pounded with these pump-and-dump spams. Maybe I'll start
> with implementing greylisting there.

If the spammers are preferring a particular MX host, greylisting only on 
that host to start with sounds like a good approach.

There's anecdotal reports that spammers focus on backup MX hosts in the 
hopes they are less-well-protected. You might also try changing the MX 
weighting and see if that causes the spam to concentrate on a specific MX 
host. That might give you a little more positive control over it.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   You do not examine legislation in the light of the benefits it
   will convey if properly administered, but in the light of the
   wrongs it would do and the harms it would cause if improperly
   administered.                                  -- Lyndon B. Johnson
-----------------------------------------------------------------------
  5 days until SWMBO's Birthday

Mime
View raw message