Mike Cardwell wrote: > * on the Fri, Jun 15, 2007 at 12:37:12AM -0700, Marc Perkel wrote: > > >> I'm trying out a new idea for blacklisting hosts. I have several email >> servers for processing spam. These servers service my lowered numbered >> MX records. I also have several dummy mx records that are higher >> numbered than my real servers. So in theory no one should ever hit the >> higher numbered servers. Especially when the IP addresses are on the >> same server as the lower numbered MX. >> >> But as most of you know spammers don't play by the rules and they try >> hitting the higher MX records first thinking there's less spam filtering >> there. So what I'm doing is counting hits by IP address. At the moment >> they have to hit it 75 times to get blacklisted. And it's all spammers >> and spam bots. >> >> Who thinks this is interesting? >> > > Sounds like a waste of effort to me. How many hosts has this method > caught so far that wouldn't have been caught by more common methods > anyway? > > Mike > > It's been running for about 7 hours now and I've added about 15% to the size of my blacklist. I've been looking up some of these IPs on dnsstuff and about 1/2 of them aren't listed anywhere else. I've has 145152 hits on it in the las 7 hours.
One think to keep in mind is that it's a low CPU cost to detect spam bots as compared to running it through spamassassin which is the more common method and I think this is going to be 100% accurate for the hosts it collects. And it's going to be faster at detecting spambots. I think that if this data were fed from many big sources that spambots could be detected much faster. Also - this is powering my public hostkarma blacklist so it's an early warning for those who are using it. I'm getting bots listed far faster than spamhaus. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
