On May 16, 2005, at 1:54 PM, Rainer Zocholl wrote:
[EMAIL PROTECTED](Bart Silverstrim) 16.05.05 11:05
I did enter it in when I first discovered it, but there were no hits.
Ok, next time mention it ;-)
Here I thought it was common sense now! :-)
Apparently it will be very hard to block if it's just text without extra spammer tricks in it to bypass filters...
There is a list of known subjects which can be feed into spamassasign. But in a few days that spam will stop.
I used someone's advice from the list to add to the header_check file for postfix. Seems to have stemmed the spam. I'm gonna be ticked if it stops now that I just got that all set up... :-/
I thought it was odd that our hammering from particular sober.p infections were consistent in IP.
I scanned out logfile today: there where
? Missing part of that?
If they were spoofing (this was from the logs that I extracted that grep),
then why wouldn't I have 16000 different sober.p sources instead of a
few of them over and over?
They use 16000 different home PCs infected before.
That one IP showed up in the log as hitting us 16000 times. Unless you're saying there were 16000 pc's all spoofing that same IP. If so, I pity the "owner" of that IP lease.
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
