[Mimedefang] Scary... Filtering on the outbound.

John Scully jscullylg3 at lifegiver.net
Fri Feb 18 10:39:25 EST 2005

On inbound we are using the same sort of tracking - log and count number of 
bad recipients from one IP as a ratio to good recipients during the envelope 
stage, we will discard a message before the data stage if it hits 5 bad 
receipients with no good ones.

I think others do something similar, because I have seen the average number 
of recipients per message keep dropping.

During one dictionary spam run inbound to ONE of our domains we saw 538K "no 
such user" events in 75K messages from 24K Ip addresses, with multiple 
messages per IP!  That is only   22 recipients per IP and a little over 7 
per message.

That is one reason we have started using iptables to block at the 
interface - think of the denial of service attack 24K infected PCs could do 
if they were focused on one domain.

----- Original Message ----- 
From: "David F. Skoll" <dfs at roaringpenguin.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Friday, February 18, 2005 7:24 AM
Subject: Re: [Mimedefang] Scary... Filtering on the outbound.

> On Thu, 17 Feb 2005, Les Mikesell wrote:
>> Are you looking at the number of recipient addresses or the number
>> of messages for this test?  Or does the current crop of spam-worms
>> generally send a message per recipient?
> Interesting point!  I bet ISPs lower MaxRecipientsPerMessage to something
> like 10 or so...
> Regards,
> David.
> _______________________________________________
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

This message scanned for viruses by Lifegiver.net
For more information on our filtered email and dial up internet service please visit http://www.lifegiver.net

More information about the MIMEDefang mailing list