Re: Spam
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 11/23/04
- Next message: Casey: "Re: Troubles using WS_FTP Pro with Zone Alarm Pro under XP"
- Previous message: Moe Trin: "Re: Linux and firewalls"
- In reply to: Robert Folkerts: "Re: Spam"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 23 Nov 2004 13:12:47 -0600
In article <JGyod.448657$D%.235864@attbi_s51>, Robert Folkerts wrote:
>JC wrote:
>> My firewall logs indicate that a site in China is sending me spam packets
>> on port 1027
[snip]
>However, that doesn't mean that you can't mount a defense that makes
>attacking you expensive. If you are willing to install OpenBSD as a
>firewall, you can use their spamd. See http://www.openbsd.org/spamd/
>for a description.
Not impressed. I really would have expected something better out of
OpenBSD. You also seem to have missed the fact that the original
poster is complaining about 'messenger spam' (windoze pop-up ads
delivered via UDP to port 1027) not email.
>The basic idea is to 1)get a list of known spammers and route the
>traffic to spamd. Spamd has been written to return (perhaps slowly) a
>450 or 550 reutrn code. The 450 return code results in the email being
>returned to the sender's queue. If the spammer's account starts to get
>lots of returned emails, their ISP will be faced with extra traffic and
>storage.
The concept is wrong. You (or the program author) are assuming that the
spammer actually cares about return codes. First, most spam is delivered
from zombie PCs that are running a spam daemon, NOT A MAIL TRANSPORT AGENT
and are just shoveling sh1t out to your mail server. A 4xx or 5xx code
merely causes the spam daemon to move on to the next address. Delays in
returning the code have little effect on the spammer - hell, he's often
not even in the same country as the system trying to deliver the spam,
so he won't know OR CARE about delays. Have you ever seen one of the
"Millions" CDs (literally a CD with several million "valid" email
addresses - cost about $30 to $150, depending on how much the source
thinks they can rip off)? Despite claims of high numbers of "valid"
addresses, a lot of them are bad. Do you _really_ think a spammer is
waiting for result codes when upwards of HALF of the names are returning
a 550 (user unknown)? Hey, he's got a spam run of 5 to 10 million to
get out - he doesn't have that kind of time to waste.
As far as returning the spam to the sender's queue, please give an
indication of how often you have ever seen a 450 return code (4xx being
a transient condition - telling the remote mailer to try again later)
result in later retries? One of my ISP's recently had a fire, which
knocked the domain completely off the world for 12 hours. Looking at
the 'spam count' for that day showed about half the historical average
for that day - while ordinary mail (sent from real mail servers) ran
about normal.
Old guy
- Next message: Casey: "Re: Troubles using WS_FTP Pro with Zone Alarm Pro under XP"
- Previous message: Moe Trin: "Re: Linux and firewalls"
- In reply to: Robert Folkerts: "Re: Spam"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
