|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Weird distributed spam attack
> It *still* does some wonky stuff with secondaries, so I might have to > buy (grumble) their services as secondary MX spooling. We have started distribiting the list of valid addresses to secondary MX servers to reduce the store and forward load of dictionary attacks on those servers. Using a fast response RBL helps, but whitelisting is a chore. (http://openrbl.org pick one) > >I used to believe that running a catchall alias was an effective > >deterrent until the b*st*rds started sending complete spams and not > >just RCPT TO. We have never run catchall, but I am thinking about funneling LUser into pattern matching (spamassassin, or similar) and then used to build a time limited local ipfw or ipfirewall table. We have enough horsepower to filter at the routers, but prefer to let the routers route, and let the MX boxes filter. > In fact, in this scenario the catch-all is like pouring gasoline on > the fire without some giant water tank on the roof to... oh, wait... > wrong thread. Sorry. We tried water cooling, but it quit working when they patched the roof. ;-} -bryan bradsby Texas State Government Net NOC: 512-475-2432 877-472-4848 -- "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in. We're computer professionals. We cause accidents." -- Nathaniel Borenstein co-author of MIME.
|