Re: [exim] DynaStop - I like it!

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM++\W B Hacker at <-
MMMMMW B Hacker at ->
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] DynaStop - I like it!
Jethro R Binks wrote:
> Bill:
>
> On Thu, 2 Nov 2006, W B Hacker wrote:
>
>> The good news is that a blocklist of 400-600 partially-wildcarded 'HELO' names
>> nails about 70-80%, and twice that gets nearly all of them - both figures now
>> solidly verified against two or more RBL's. About 1/4 of these persist
>> year-on-year for the 5+ years we have been watching.
>
> That sounds like a useful list to publish ... I only have a small
> collection of a half-dozen or so persistent offenders!
>
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

One of the many reasons I *don't* publish it is that arrival targets are highly
domain-specific, even on the same virtual-hosting box, let alone other boxes in
the same rack and IP block.

TANSTAAFL, and one size does NOT fit all.

But if we each individually set up to auto-gather info on our own server's primo
attackers, research the worst of them, and apply some customization, yes, that
can help a lot. If only by de-cluttering our logs ;-)

Perhaps 10-20% of our worst long-term/chronic repeaters long ago moved into ipfw
tables where I can no longer whitelist them. No need to.

Your Mileage *WILL* Vary

Bill




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Allow untrusted_set_sender for particular usersRe: [exim] Rules for HELO->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)