Re: OT: sorbs blacklisting scam
On Mon, May 01, 2006 at 03:06:05PM +0300, Juha-Matti Tapio wrote:
> While we are on the topic of blacklists, can anyone point me to a
> blacklist of hosts performing ssh brute force attacks? I have been
> wondering if it would be effective to use such a list for email
> since those compromised hosts do seem to be used primarily for
> spamming. (Just having spent most of the night monitoring a Romanian
> spammer controlling his botnet.)
use a DUL (the SORBS DUL is good) and use greylisting - that will block
most spam from botnets (which are mostly on dynamic IP addresses, and
mostly don't have real MTAs so don't retry).
even a 10 or 20 second timeout for greylisting is worthwhile. spambots
typically don't retry.
craig sanders <email@example.com> (part time cyborg)