Szerző: W B Hacker Dátum: Címzett: exim users Tárgy: Re: [exim] Setting up Honeypot
John W. Baxter wrote:
> On 9/5/06 5:32 AM, "W B Hacker" <wbh@???> wrote:
>
>
>>The worst offenders seem to be more consist w/r using the same bogus HELO than
>>they are as to using the same bogus user address. Most appear to be zombified
>>Winboxen.
>
>
> And others are "outlaw" yahoo, hotmail, and msn (etc) accounts, so it seems
> a good idea to temper the automatic nature of the blocking. (Where an
> "outlaw" account is a proper account set up by a spammer and used via the
> proper servers until it is booted off.)
>
> --John
>
>
>
Agreed.
While we block *forgeries* of those ISP's, 'outlaw' traffic would ordinarily
pass ALL of our server-manners acl's, and would be in the 11% that hit SA.
or another filter that covers the sending user..
OTOH, we block roadrunner and comcast after 2+ years of 100% spam, and massively
so. No exceptions - not that we would know or care any longer.
Verizon is also blocked, with just one specific correspondent whitelisted.
Not "recommended", mind you - just the way it is for *OUR* environment.