Conversation:

Notices

1. kat (boneidol)'s status on Wednesday, 11-Feb-2015 05:59:36 EST kat

   Remote profile options...
   definitely seeing an uptick in email spam this week. The orange line is lame bots getting rejected https://indy.im/attachment/5764699
   1. Dennis (dennisgut)'s status on Wednesday, 11-Feb-2015 07:04:32 EST Dennis

      Remote profile options...
      @boneidol Yo, Spammer sollten geteert und gefedert werden und dann auf youtube veröffentlicht werden... lol ein bisschen hart, aber ich finde die sollten ma härter dran genommen werden.
   2. kat (boneidol)'s status on Wednesday, 11-Feb-2015 08:54:40 EST kat

      Remote profile options...
      @boneidol so I'm getting bursts of several 1000's single delivery attempts all from different IP addresses. One delivery attempt per IP. Looking for some heuristic to identify early and automate blocks.
      1. kat (boneidol)'s status on Wednesday, 11-Feb-2015 08:56:58 EST kat

         Remote profile options...
         greylisting.. but I'm not a fan of greylisting all connections.
   3. kat (boneidol)'s status on Friday, 27-Feb-2015 04:37:46 EST kat

      Remote profile options...
      What i'm doing is looking over reject logs ( backwards 30 min ) and counting the number of failed deliveries with a particular sender address. If the sender address > SOMENUMBER of rejects, it's likely spam, and I block the envelope address. This is a good match to this botnet
   4. kat (boneidol)'s status on Friday, 27-Feb-2015 04:39:24 EST kat

      Remote profile options...
      Another good heuristic would be the number of previous IP's a FROM: has connected from. If email from foo@example.com has (attempted) delivered from 20 different IP addresses in the last 30 min it's probably a bot.