Autor: Marc Perkel Data: A: Mike Cardwell CC: exim-users Assumpte: Re: [exim] Innovative Host Blacklisting Idea
Mike Cardwell wrote: > * on the Fri, Jun 15, 2007 at 12:37:12AM -0700, Marc Perkel wrote:
>
>
>> I'm trying out a new idea for blacklisting hosts. I have several email
>> servers for processing spam. These servers service my lowered numbered
>> MX records. I also have several dummy mx records that are higher
>> numbered than my real servers. So in theory no one should ever hit the
>> higher numbered servers. Especially when the IP addresses are on the
>> same server as the lower numbered MX.
>>
>> But as most of you know spammers don't play by the rules and they try
>> hitting the higher MX records first thinking there's less spam filtering
>> there. So what I'm doing is counting hits by IP address. At the moment
>> they have to hit it 75 times to get blacklisted. And it's all spammers
>> and spam bots.
>>
>> Who thinks this is interesting?
>>
>
> Sounds like a waste of effort to me. How many hosts has this method
> caught so far that wouldn't have been caught by more common methods
> anyway?
>
> Mike
>
> It's been running for about 7 hours now and I've added about 15% to the
size of my blacklist. I've been looking up some of these IPs on dnsstuff
and about 1/2 of them aren't listed anywhere else. I've has 145152 hits
on it in the las 7 hours.
One think to keep in mind is that it's a low CPU cost to detect spam
bots as compared to running it through spamassassin which is the more
common method and I think this is going to be 100% accurate for the
hosts it collects. And it's going to be faster at detecting spambots. I
think that if this data were fed from many big sources that spambots
could be detected much faster.
Also - this is powering my public hostkarma blacklist so it's an early
warning for those who are using it. I'm getting bots listed far faster
than spamhaus.