On 5/14/07, Christopher X. Candreva <[EMAIL PROTECTED]> wrote:
This looks like what is being called "Snowshow" spammers on Spam-L . They
will have a rather large block and just cycle through until their whols
space is used up, then get more.
Ugh.. I had heard about this tactic some time ago, b
On Sun, 13 May 2007, Jason Frisvold wrote:
> later112.itbobble.com (216.74.88.112)
> source238.wearisen.com (216.74.120.238)
You can safely block all of 216.74.64.0/18 -- that's 216.75.64 - 216.74.127
==
Chris Candreva -- [EMAIL PROTEC
On Sun, 13 May 2007, Jason Frisvold wrote:
> Here's a sample of the hits I'm getting ... As you can see, its a
> bunch of different IPs in various ranges.. I've decided to just block
> the ranges at this point.. I have no idea if there's anything legit
> in there, but I'll take that risk...
>
Thanks for the heads up on this... This has given me a few ideas on
some custom blocking software... If it works out, ill be sure to
release it...
On 5/13/07, Faisal N Jawdat <[EMAIL PROTECTED]> wrote:
Given the level of the traffic, you might look at implementing
something like Deny Spammers
Thanks for the heads up on this... This has given me a few ideas on
some custom blocking software... If it works out, ill be sure to
release it...
On 5/13/07, Faisal N Jawdat <[EMAIL PROTECTED]> wrote:
Given the level of the traffic, you might look at implementing
something like Deny Spammers
Given the level of the traffic, you might look at implementing
something like Deny Spammers at he /24 level (rather than the host
level).
https://sourceforge.net/projects/deny-spammers/
-faisal
On May 13, 2007, at 12:15 AM, Jason Frisvold wrote:
On 5/12/07, Jason Frisvold <[EMAIL PROTECTE
On 5/12/07, Jason Frisvold <[EMAIL PROTECTED]> wrote:
I installed the botnet plugin today, but it's not going to help
anyway.. The IPs these are coming from resolve to a variety of
different hostnames, all without triggering botnet at all.
Here's a sample of the hits I'm getting ... As you ca
On 5/12/07, Matthias Haegele <[EMAIL PROTECTED]> wrote:
I am not sure if the botnet plugin would catch these, but are you using
the botnet plugin at all and sare-rules (www.rulesemporium.com).
I installed the botnet plugin today, but it's not going to help
anyway.. The IPs these are coming fro
On 5/12/07, Faisal N Jawdat <[EMAIL PROTECTED]> wrote:
On May 11, 2007, at 10:54 PM, Jason Frisvold wrote:
> It appears that each mail is sent by a unique IP, so it doesn't look
> like a simple firewall rule will stop this.
Is every single message coming from a unique IP, or is it just that
they
Jason Frisvold schrieb:
Greetings,
I'm seeing incoming spam at a rate of 2-3 a minute per user and I'm
having trouble properly identifying these as spam with spamassassin.
Or, alternatively, blocking them.
Does anyone have any idea how I can trigger on these and block them?
Return-Path: <[E
On May 11, 2007, at 10:54 PM, Jason Frisvold wrote:
It appears that each mail is sent by a unique IP, so it doesn't look
like a simple firewall rule will stop this.
Is every single message coming from a unique IP, or is it just that
they're widely distributed?
-faisal
Greetings,
I'm seeing incoming spam at a rate of 2-3 a minute per user and I'm
having trouble properly identifying these as spam with spamassassin.
Or, alternatively, blocking them.
It appears that each mail is sent by a unique IP, so it doesn't look
like a simple firewall rule will stop this.
12 matches
Mail list logo