Re: [Assp-user] zerg rush: spam from @google.com

Tue, 05 Nov 2013 20:40:26 -0800 

DoDomainIP would be nice but it does not work too well. As you can see
below it works very rarely. Basicly its not, while it should catch so
many IPs!

root@sv1 [/usr/assp]# cat assp.cfg|grep DoDomainIP
DoDomainIP:=1
root@sv1 [/usr/assp]# cat assp.cfg|grep maxSMTPdomainIP
maxSMTPdomainIP:=10
maxSMTPdomainIPExpiration:=7200
maxSMTPdomainIPLD:=1
maxSMTPdomainIPWL:=yahoo.com|hotmail.com|gmail.com

root@sv1 [/usr/assp/logs]# cat maillog.txt|grep 'of ips per domain'|tail -n 10
Nov-05-13 17:27:43 38366-82065 [IPperDomain] 190.235.182.47
<reversaliegy...@google.com>  '@google.com' passed limit(10) of ips
per domain;
Nov-05-13 17:27:45 38366-82068 [IPperDomain] 190.235.182.47
<loiteredo...@google.com>  '@google.com' passed limit(10) of ips per
domain;
Nov-05-13 17:27:46 38366-82079 [IPperDomain] 190.235.182.47
<disclaimed...@google.com>  '@google.com' passed limit(10) of ips per
domain;
Nov-05-13 18:54:54 38367-92203 [IPperDomain] 190.237.154.229
<expungin...@google.com>  '@google.com' passed limit(10) of ips per
domain;
Nov-05-13 18:55:00 38367-92216 [IPperDomain] 190.190.141.73
<birdin...@google.com>  '@google.com' passed limit(10) of ips per
domain;
Nov-05-13 18:55:02 38367-92219 [IPperDomain] 190.190.141.73
<marcia...@google.com>  '@google.com' passed limit(10) of ips per
domain;
Nov-05-13 19:29:25 38367-95213 [IPperDomain] 190.239.197.42
<cruciformr...@google.com>  '@google.com' passed limit(10) of ips per
domain;
Nov-05-13 19:30:30 38367-95306 [IPperDomain] 2.145.109.86
<drum...@google.com>  '@google.com' passed limit(10) of ips per
domain;
Nov-05-13 19:42:49 38367-97978 [IPperDomain] 190.238.249.61
<stick...@google.com>  '@google.com' passed limit(10) of ips per
domain;
Nov-05-13 20:28:53 38367-01924 [IPperDomain] 183.91.80.50
<controll...@google.com>  '@google.com' passed limit(10) of ips per
domain;


root@sv1 [/usr/assp/logs]# cat maillog.txt|grep '@google.com'|tail -n
30|awk '{print $4}'|uniq -c
      1 188.186.84.29
      1 [SpoofedSender]
      2 188.186.84.29
      1 [SpoofedSender]
      2 94.183.41.92
      1 202.29.239.113
      2 202.84.75.242
      1 87.76.50.237
      2 118.98.197.170
      1 181.64.158.166
      1 117.241.0.194
      1 59.177.235.197
      1 147.30.39.222
      1 200.35.37.4
      1 87.76.50.237
      1 2.180.138.43
      1 110.164.71.145
      1 201.230.184.55
      1 117.241.0.194
      1 202.53.80.218
      2 2.184.221.41
      1 200.35.202.156
      1 181.66.116.195
      1 95.58.102.125
      1 124.158.74.2

root@sv1 [/usr/assp/logs]# cat maillog.txt|grep '@google.com'|tail -n 30
Nov-06-13 05:31:21 38371-00645 202.53.80.218 <suppleme...@google.com>
to: p...@omega-bud.pl disconnected (1 seconds);
Nov-06-13 05:31:22 38371-00647 2.184.221.41 <appetizin...@google.com>
to: bi...@rysy.pl recipient delayed: bi...@rysy.pl;
Nov-06-13 05:31:22 38371-00647 2.184.221.41 <appetizin...@google.com>
to: bi...@rysy.pl disconnected (2 seconds);
Nov-06-13 05:31:23 38371-00646 200.35.202.156 <stable...@google.com>
to: sekretar...@soart.pl disconnected (8 seconds);
Nov-06-13 05:31:27 38371-00650 181.66.116.195 <oafsxu...@google.com>
to: woszczy...@w-s.pl disconnected (3 seconds);
Nov-06-13 05:31:36 38371-00658 95.58.102.125 <compresso...@google.com>
to: y...@uni-bus.com.pl disconnected (6 seconds);
Nov-06-13 05:31:39 38371-00664 124.158.74.2 <cutest...@google.com> to:
hande...@medsoft.com.pl disconnected (1 seconds);
Nov-06-13 05:31:47 38371-00671 202.47.64.70 <pepper...@google.com> to:
m...@uni-bus.com.pl disconnected (5 seconds);
Nov-06-13 05:31:50 38371-00672 119.63.83.37
<besmirchingq...@google.com> to: ad...@lottocad.pl recipient delayed:
ad...@lottocad.pl;
Nov-06-13 05:31:50 38371-00672 119.63.83.37
<besmirchingq...@google.com> to: ad...@lottocad.pl disconnected (1
seconds);
Nov-06-13 05:31:53 38371-00673 181.18.28.140
<sociablespu...@google.com> to: da...@lysyszyn.pl recipient delayed:
da...@lysyszyn.pl;
Nov-06-13 05:31:53 38371-00673 181.18.28.140
<sociablespu...@google.com> to: da...@lysyszyn.pl disconnected (2
seconds);
Nov-06-13 05:31:56 38371-00676 190.238.166.45 <bergera...@google.com>
to: kinermaciejki...@pasadema.pl disconnected (2 seconds);
Nov-06-13 05:31:56 38371-00679 95.56.157.17 <seventhc...@google.com>
to: kaz...@medsoft.com.pl disconnected (4 seconds);
Nov-06-13 05:31:56 38371-00680 95.56.157.17
<additionally...@google.com> to: l...@medsoft.com.pl disconnected (4
seconds);
Nov-06-13 05:32:02 38371-00710 178.61.193.159
<manuelalb...@google.com> to: dog...@w-s.pl disconnected (3 seconds);
Nov-06-13 05:32:02 38371-00711 178.61.193.159 <dogmati...@google.com>
to: hzldsumw...@w-s.pl disconnected (3 seconds);
Nov-06-13 05:32:08 38371-00712 37.218.153.138 <expiate...@google.com>
to: redak...@101porad.pl disconnected (3 seconds);
Nov-06-13 05:32:10 38371-00713 118.98.197.170 <railway...@google.com>
to: m...@oneclick.pl disconnected (2 seconds);
Nov-06-13 05:32:11 38371-00715 117.3.177.253 <pricec...@google.com>
to: progl...@proglama.pl recipient delayed: progl...@proglama.pl;
Nov-06-13 05:32:12 38371-00715 117.3.177.253 <pricec...@google.com>
to: progl...@proglama.pl disconnected (2 seconds);
Nov-06-13 05:32:12 38371-00714 122.2.22.242 <bellicosee...@google.com>
to: norb...@rafalik.pl recipient delayed: norb...@rafalik.pl;
Nov-06-13 05:32:12 38371-00714 122.2.22.242 <bellicosee...@google.com>
to: norb...@rafalik.pl disconnected (2 seconds);
Nov-06-13 05:32:14 38371-00718 117.3.177.253 <thr...@google.com> to:
n...@flashblog.pl recipient delayed: n...@flashblog.pl;
Nov-06-13 05:32:14 38371-00718 117.3.177.253 <thr...@google.com> to:
n...@flashblog.pl disconnected (2 seconds);
Nov-06-13 05:32:15 38371-00717 117.218.108.23 <burdened...@google.com>
to: ra...@ratel.net.pl recipient delayed: ra...@ratel.net.pl;
Nov-06-13 05:32:15 38371-00717 117.218.108.23 <burdened...@google.com>
to: ra...@ratel.net.pl disconnected (3 seconds);
Nov-06-13 05:32:18 38371-00721 87.76.50.237 <grann...@google.com> to:
mi...@w-s.pl disconnected (1 seconds);
Nov-06-13 05:32:23 38371-00725 82.200.205.101 <absolv...@google.com>
to: e...@ece.com.pl recipient delayed: e...@ece.com.pl;
Nov-06-13 05:32:23 38371-00725 82.200.205.101 <absolv...@google.com>
to: e...@ece.com.pl disconnected (1 seconds);

------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most 
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user

Reply via email to