On Sun, 18 Aug 2013, Len Conrad wrote:
Came up with a cool trick that seems to be working well after running for
several months.
I do the same by harvesting the IPs that fail SMTP AUTH a number of
times, and then if more than a number of IPs in a ClassC, I block the
entire ClassC.
I do
On Mon, 19 Aug 2013 07:31:33 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
Have you considered TCP Tarpitting instead of just blocking them?
Blocking them doesn't actually *punish* them. Getting their MTAs
*stuck* for hours or days does.
IMO, tarpitting is useless. When you have
On Mon, 19 Aug 2013, David F. Skoll wrote:
On Mon, 19 Aug 2013 07:31:33 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
Have you considered TCP Tarpitting instead of just blocking them?
Blocking them doesn't actually *punish* them. Getting their MTAs
*stuck* for hours or days does.
On Mon, 19 Aug 2013 07:52:15 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
Have you considered TCP Tarpitting instead of just blocking them?
Blocking them doesn't actually *punish* them. Getting their MTAs
*stuck* for hours or days does.
IMO, tarpitting is useless. When you have
On 8/19/2013 7:31 AM, John Hardin wrote:
On Sun, 18 Aug 2013, Len Conrad wrote:
Came up with a cool trick that seems to be working well after
running for several months.
I do the same by harvesting the IPs that fail SMTP AUTH a number of
times, and then if more than a number of IPs in a
It seems to me that greylisting and TCP tarpitting catch both sides of the
problem. Greylisting blocks junk from the single-attempt zombies, and TCP
tarpitting will catch the ones who are persistent offenders.
Maybe, probably not. Modern MTAs, even the ones that are not
spambots, can run
On Mon, 19 Aug 2013, David F. Skoll wrote:
On Mon, 19 Aug 2013 07:52:15 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
Have you considered TCP Tarpitting instead of just blocking them?
Blocking them doesn't actually *punish* them. Getting their MTAs
*stuck* for hours or days does.
IMO,
On Mon, 19 Aug 2013 08:36:14 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
[...]
In addition, tarpitting is at least partly intended to help *others*,
by getting the attacker stuck before it moves on to the next target.
OK; I guess it's just a difference in mindset. I approach the
Hello,
Is there any setting in spamassassin to make it NOT add the X-Spam headers
for mails which are originating from trusted ips (listed in
trusted_networks) ?
Thanks!
On Mon, 19 Aug 2013, David F. Skoll wrote:
On Mon, 19 Aug 2013 08:36:14 -0700 (PDT)
John Hardin jhar...@impsec.org wrote:
[...]
In addition, tarpitting is at least partly intended to help *others*,
by getting the attacker stuck before it moves on to the next target.
OK; I guess it's just a
On Mon, 19 Aug 2013, Catalin Constantin wrote:
Hello,
Is there any setting in spamassassin to make it NOT add the X-Spam headers
for mails which are originating from trusted ips (listed in
trusted_networks) ?
Bear in mind, trusted networks is trusted to not forge Received:
headers, not
Hi all,
I just registered to be able to post this. I have a working solution for
learning with sa-learn messages placed into a special folders by exchange
2013 users.
This works for me as I have a small number of users (this is a family
server) but might be adapted to more corporate
So, I have this in my /etc/mail/spamassassin/local.cf:
score RP_MATCHES_RCVD 0
Yet, even after restart of spamd, mail comes thru with a -2.8.
What should I look at?
I know other stuff is read as I changed trusted and local network IP's and had
a typo in one. lint called me out on it.
joe
On Mon, 19 Aug 2013, Joe Acquisto-j4 wrote:
So, I have this in my /etc/mail/spamassassin/local.cf:
score RP_MATCHES_RCVD 0
Yet, even after restart of spamd, mail comes thru with a -2.8.
I assume you mean by that, RP_MATCHES_RCVD is still hitting and scoring
points?
What should I look
On 8/19/2013 at 6:54 PM, John Hardin jhar...@impsec.org wrote:
On Mon, 19 Aug 2013, Joe Acquisto-j4 wrote:
So, I have this in my /etc/mail/spamassassin/local.cf:
score RP_MATCHES_RCVD 0
Yet, even after restart of spamd, mail comes thru with a -2.8.
I assume you mean by that,
15 matches
Mail list logo