[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: sorbs blacklisting scam

On Mon, May 01, 2006 at 03:06:05PM +0300, Juha-Matti Tapio wrote:
> While we are on the topic of blacklists, can anyone point me to a
> blacklist of hosts performing ssh brute force attacks? I have been
> wondering if it would be effective to use such a list for email
> since those compromised hosts do seem to be used primarily for
> spamming. (Just having spent most of the night monitoring a Romanian
> spammer controlling his botnet.)

use a DUL (the SORBS DUL is good) and use greylisting - that will block
most spam from botnets (which are mostly on dynamic IP addresses, and
mostly don't have real MTAs so don't retry).

even a 10 or 20 second timeout for greylisting is worthwhile.  spambots
typically don't retry.


craig sanders <cas@taz.net.au>           (part time cyborg)

Reply to: