Dave Emory wrote: > Kevin wrote: >> Dave Emory wrote: >>> Hi, all. >>> >>> I sometimes see a flurry of attempted connections such as these from >>> the mail >>> log: >>> >> <--snip--> >>> The messages come from different IP addresses and different senders, >>> but are the invalid addresses are repeated. Does anyone know of a >>> way to detect a spam flurry like this in ASSP and add an additional >>> PB score to the offending sender IP addresses? And just out of >>> curiosity, does anyone know how the spammers manage to send from >>> such geographically diverse IP addresses, all to the same invalid >>> address, all within a few minutes? >>> >> Delaying might be something to look at. >> >> One thing you might be able to do is if they use the same address >> repeatedly you could put it in the 'blackListedDomains' list. >> >> > Even better is the penaltytraplist. The next time the bots start to spew, > they'll get a high score.
It's better to deny them outright if possible. Most botnets spam out the same content which will corrupt your corpus over time. Kevin ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
