| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4580A827.7080200@nersc.gov> Date: Wed, 13 Dec 2006 17:25:59 -0800 From: Thomas Davis <tdavis@...sc.gov> To: Dumitru Ciobarcianu <Dumitru.Ciobarcianu@...s.ro> CC: Matti Aarnio <matti.aarnio@...iler.org>, linux-kernel@...r.kernel.org Subject: Re: Postgrey experiment at VGER Dumitru Ciobarcianu wrote: > On Wed, 2006-12-13 at 01:50 +0200, Matti Aarnio wrote: >> I do already see spammers smart enough to retry addresses from >> the zombie machine, but that share is now below 10% of all emails. >> My prediction for next 200 days is that most spammers get the clue, >> but it gives us perhaps 3 months of less leaked junk. > > IMHO this is only an step in an "arms race". > What you will do in three months, remove this check because it will > prove useless since the spammers will also retry ? If yes, why install > it in the first place ? > > spammers are already re-trying; but they give up after 10 minutes. As the delay time increases, the chances of getting on a blacklist increase, which makes it easier to identify a machine as a spamming bot. I normally let my greyfilters run at 30 minutes deny, and 72hrs of lease time on a IP/To/From tuplet. This setting seams to be pretty effective in dropping spam; at one point, upto 10k spam vs. a couple hundred ham messages. thomsa - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists