Dummy SMTP - Opinions required - New feature? |
Post Reply 
|
Page <12 |
| Author | |
jerbo128 
Senior Member 
Joined: 06 March 2006 Status: Offline Points: 178 |
 Post Options
 Thanks(0)
 Quote Reply
 Posted: 26 December 2007 at 5:09pm |
|
I have over 200K from the harvest alone. That is less than a week's worth. I too need to go through and remove a lot of singles and replace them with Class C entries.
I have shut down my "harvester" for the time being so that I can watch the new beta. In case the beta screws up bad, I don't want a lot of good mail going to the harvester. Let me know if you want to swap IP blacklists.
Jeremy
|
|
 |
|
|
ImInAfrica
Groupie 
Joined: 27 June 2006 Location: FL, USA Status: Offline Points: 60 |
Post Options
Thanks(0)
Quote Reply
Posted: 26 December 2007 at 5:43pm |
|
Dwight,
> I determined our spam by domain ranking with an sql query on the quarantine. Can you post or PM me your sql query you refer to? Thanks Amir |
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 December 2007 at 1:17pm |
|
Dwight, I actually took mine off-line due to the following: I am testing using the Greylist option and many servers initially see the greylisting action (disconnect) as a non-responsive server and pushed up the "food chain" until they hit my dummy SMTP server and then got black-listed. This was compounded by the scripting I wrote to auto-add the IP's to my dnsbl server. This caused a huge amount of good servers to suddenly be black-listed by our own server and that just ended up s%*king ... big time. Up to that point, I had nearly 500,000 IP in my dnsbl with no false positives. I need to re-think how to utilize the "spam ip harvester" as I have been calling it.
|
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
dcook
Senior Member
Joined: 31 January 2005 Location: United States Status: Offline Points: 174 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 December 2007 at 1:26pm |
|
Thanksfor the reply. I was afraid of my MX (99) being pushed up the chain. I was also concerned about the number of individual IP addresses captured. I also have taken mine off line and have remove all MX records pointing to the dummy install.
I do have an A record for the dummy server so that it has a reverse address. I will see how many people fish for a port 25 server and capture those IP's. There are still a lot of fishermen searching networks for mail servers.
But let'keep thinking and discussing the issue on this thread.
|
|
|
Dwight
www.vividmix.com |
|
|
|
|
ImInAfrica
Groupie
Joined: 27 June 2006 Location: FL, USA Status: Offline Points: 60 |
Post Options
Thanks(0)
Quote Reply
Posted: 31 December 2007 at 5:35am |
|
To all that have been using some sort of harvesting method using SF.
I think you may have missed the original point (and in the process made a very good one as well). The original idea was to create a high number MX record, point it to a dummy smtp that will disconnect the session before it is completed. Spammer WILL NOT try to resend the message, while 'real' smtp servers will retry based on their setup. This way, even if your spamfilters are down, real emails will not be lost. I quite like the idea of harvesting the ip's although my initial main concern was to reduce the load on the secondary MX record. Happy New Year to everyone! |
|
|
|
|
IKILLSPAM1
Groupie
Joined: 02 May 2007 Location: United States Status: Offline Points: 70 |
Post Options
Thanks(0)
Quote Reply
Posted: 03 January 2008 at 11:37am |
|
I setup my dummy smtp with the * in local domains and in honeypots. I also have had the other honeypot setup on my primary mailserver which has email addresses that when emailed, the senders ip gets added to a file.
So I let my dummy smtp run for awhile. Then after around 4000 ips harvested, I took those and the 65,000 that were in the other honeypot and combined them. Brought them into MS Access table and then ran some queries to grab the highest offending Class Cs. I ended up taking any Class Cs with more than 11 IPs in my file, and exporting them to a new txt file. I then took those and added them to the local ip blacklist. I ended up added 90 Class Cs.
|
|
|
|
|
WebGuyz
Senior Member
Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
Post Options
Thanks(0)
Quote Reply
Posted: 06 January 2008 at 9:36pm |
|
Stopped using my spamtrap because of the greylisting in the new beta.
Very impressive 1st day numbers using the beta where 90% of the traffic I would normally have had to filter was stopped by the greylisting. My SFE's are not working anywhere as hard as they were before which is a great improvement.
 |
|
|
http://www.webguyz.net
|
|
|
|
|
dcook
Senior Member
Joined: 31 January 2005 Location: United States Status: Offline Points: 174 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 January 2008 at 9:44am |
|
I am running the latest pre-release version, "SF3.5.4.730." I have seen the discussions about greylisting but have not seen that feature offered as of yet in the registered downloads area. Edited by dcook - 07 January 2008 at 9:45am |
|
|
Dwight
www.vividmix.com |
|
|
|
|
WebGuyz
Senior Member
Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 January 2008 at 2:51pm |
|
Shoot an email to support@logsat.com and Roberto will give you the link.
|
|
|
http://www.webguyz.net
|
|
|
|
Topic Options|
Post Reply
|
Page <12 |
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.127 seconds.