I've been having a pretty good hit rate on spam until recently (about two weeks). Two types of email have been coming through at a good rate. I'm receiving at least four per hour from the domains included below. I've also been training bayes with them as well, to no avail.
*...@chocolatebearbear .INFO *...@biblegame .info *...@clickbetterthere .info To make matters worse, they seem to be using normal SMTP process of some type as they are getting through sqlgrey, without any problem. I blew away the all entries from sqlgrey for awl and the connection log, yet they came right back. +-------------+-------------------+---------------+---------------------+---------------------+ | sender_name | sender_domain | src | first_seen | last_seen | +-------------+-------------------+---------------+---------------------+---------------------+ | evcoieytabo | apostlesblog.info | 208.110.94 | 2009-08-19 14:22:51 | 2009-08-19 14:35:15 | | edfluzvpbio | apostlesblog.info | 208.110.94.34 | 2009-08-19 14:26:23 | 2009-08-19 14:46:51 | | flnkaxscfue | parishstore.info | 76.73.123 | 2009-08-19 14:27:34 | 2009-08-19 14:39:46 | | qmfeypysuno | parishstore.info | 76.73.123 | 2009-08-19 14:36:40 | 2009-08-19 14:48:53 | | xomdaygtyqi | parishstore.info | 76.73.2 | 2009-08-19 14:45:04 | 2009-08-19 14:58:41 | | hnmuelcljhu | biblegame.info | 76.73.85 | 2009-08-19 14:33:29 | 2009-08-19 14:45:18 | | cfkgytorpxe | biblegame.info | 76.73.85.250 | 2009-08-19 14:41:28 | 2009-08-19 14:56:16 | | obzfyowgbse | biblegame.info | 76.73.85.250 | 2009-08-19 14:40:57 | 2009-08-19 14:55:38 | ... +-------------+-------------------+---------------+---------------------+---------------------+ Anyway, I'm using sorbs and spamhaus in postfix, but these guys aren't listed on either of the two. I know some time ago SA had a list of fresh top X daily/weekly spammers. Does that still exist? Anyone have any recommended action to take on this. My SA config is pretty basic and is hitting lots of other spams, just not these guys.
