Re: [exim] Spam volume spike

Top Page

Reply to this message
Author: Eli
Date:  
To: 'exim users'
Subject: Re: [exim] Spam volume spike
> <http://www.sussex.ac.uk/its/email/stats/>

I can't say whether I've noticed a trend or not since I don't have as much
data to go through as you (any more), however checking your stats and
comparing from before/after the spike, it seems several areas have more than
doubled in volume:

Here is a quick before/after list of the things I noticed in your stats:

Blacklists      : 182119 / 588510
- spamhaus.org  : 113879 / 330580
- mail-abuse.com:  64264 / 249970
- dsbl.org      :   3974 /   7960


HELO string              :   3914 /   9914
- spoofing Sussex        :   2668 /   7553
- invalid syntax         :   1246 /   2361
- general Sussex spoofing:    404 /   5172


Unknown user    :   1077 /   5135
Unrouteable addr:  10873 /  14601
Anti virus      :    453 /   1063


That would seem to indicate you might have more than one "problem" happening
- the increase in blacklist hits, unknown user and anti virus would indicate
a general trend of more/new spam hitting your servers. However, the
significant increase in host spoofing might indicate someone trying to dig
up account info on your host - or it could just be innocent "smart spam"
trying to spoof your own host to get through.

Hopefully this is useful jibberish to you, instead of a waste of my time :)

Eli.