Dummy SMTP - Opinions required - New feature? |
Post Reply ![]() |
Page <12 |
Author | |
jerbo128 ![]() Senior Member ![]() ![]() Joined: 06 March 2006 Status: Offline Points: 178 |
![]() ![]() ![]() ![]() ![]() |
I have over 200K from the harvest alone. That is less than a week's worth. I too need to go through and remove a lot of singles and replace them with Class C entries.
I have shut down my "harvester" for the time being so that I can watch the new beta. In case the beta screws up bad, I don't want a lot of good mail going to the harvester. Let me know if you want to swap IP blacklists.
Jeremy
|
|
![]() |
|
ImInAfrica ![]() Groupie ![]() ![]() Joined: 27 June 2006 Location: FL, USA Status: Offline Points: 60 |
![]() ![]() ![]() ![]() ![]() |
Dwight,
> I determined our spam by domain ranking with an sql query on the quarantine. Can you post or PM me your sql query you refer to? Thanks Amir |
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
Dwight, I actually took mine off-line due to the following: I am testing using the Greylist option and many servers initially see the greylisting action (disconnect) as a non-responsive server and pushed up the "food chain" until they hit my dummy SMTP server and then got black-listed. This was compounded by the scripting I wrote to auto-add the IP's to my dnsbl server. This caused a huge amount of good servers to suddenly be black-listed by our own server and that just ended up s%*king ... big time. Up to that point, I had nearly 500,000 IP in my dnsbl with no false positives. I need to re-think how to utilize the "spam ip harvester" as I have been calling it.
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
![]() |
|
dcook ![]() Senior Member ![]() ![]() Joined: 31 January 2005 Location: United States Status: Offline Points: 174 |
![]() ![]() ![]() ![]() ![]() |
Thanksfor the reply. I was afraid of my MX (99) being pushed up the chain. I was also concerned about the number of individual IP addresses captured. I also have taken mine off line and have remove all MX records pointing to the dummy install.
I do have an A record for the dummy server so that it has a reverse address. I will see how many people fish for a port 25 server and capture those IP's. There are still a lot of fishermen searching networks for mail servers.
But let'keep thinking and discussing the issue on this thread.
|
|
Dwight
www.vividmix.com |
|
![]() |
|
ImInAfrica ![]() Groupie ![]() ![]() Joined: 27 June 2006 Location: FL, USA Status: Offline Points: 60 |
![]() ![]() ![]() ![]() ![]() |
To all that have been using some sort of harvesting method using SF.
I think you may have missed the original point (and in the process made a very good one as well). The original idea was to create a high number MX record, point it to a dummy smtp that will disconnect the session before it is completed. Spammer WILL NOT try to resend the message, while 'real' smtp servers will retry based on their setup. This way, even if your spamfilters are down, real emails will not be lost. I quite like the idea of harvesting the ip's although my initial main concern was to reduce the load on the secondary MX record. Happy New Year to everyone! |
|
![]() |
|
IKILLSPAM1 ![]() Groupie ![]() Joined: 02 May 2007 Location: United States Status: Offline Points: 70 |
![]() ![]() ![]() ![]() ![]() |
I setup my dummy smtp with the * in local domains and in honeypots. I also have had the other honeypot setup on my primary mailserver which has email addresses that when emailed, the senders ip gets added to a file.
So I let my dummy smtp run for awhile. Then after around 4000 ips harvested, I took those and the 65,000 that were in the other honeypot and combined them. Brought them into MS Access table and then ran some queries to grab the highest offending Class Cs. I ended up taking any Class Cs with more than 11 IPs in my file, and exporting them to a new txt file. I then took those and added them to the local ip blacklist. I ended up added 90 Class Cs.
|
|
![]() |
|
WebGuyz ![]() Senior Member ![]() Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
![]() ![]() ![]() ![]() ![]() |
Stopped using my spamtrap because of the greylisting in the new beta.
Very impressive 1st day numbers using the beta where 90% of the traffic I would normally have had to filter was stopped by the greylisting. My SFE's are not working anywhere as hard as they were before which is a great improvement.
![]() |
|
http://www.webguyz.net
|
|
![]() |
|
dcook ![]() Senior Member ![]() ![]() Joined: 31 January 2005 Location: United States Status: Offline Points: 174 |
![]() ![]() ![]() ![]() ![]() |
I am running the latest pre-release version, "SF3.5.4.730." I have seen the discussions about greylisting but have not seen that feature offered as of yet in the registered downloads area. Edited by dcook - 07 January 2008 at 9:45am |
|
Dwight
www.vividmix.com |
|
![]() |
|
WebGuyz ![]() Senior Member ![]() Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
![]() ![]() ![]() ![]() ![]() |
Shoot an email to support@logsat.com and Roberto will give you the link.
|
|
http://www.webguyz.net
|
|
![]() |
Post Reply ![]() |
Page <12 |
Tweet
|
Forum Jump | Forum Permissions ![]() You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.203 seconds.