My running blacklist (24 hour expiry) from my greytraps bloated
from a usual total of about 6000 hosts to over 20,000 during the worst
of it.
Net result being most of them hit the wall, unless they
came via a previously whitelisted mailhost - and then you go
at them other ways.
The only ones I actually got in my inbox were from on-campus
hosts (i.e virus run-time environments using mmmSexChange servers)
but this is because we don't subject on-campus hosts to greylisting.
That fact alone pretty much speaks to it. The only stuff I got
was from compromised machines on our class B.
-Bob
* Peter N. M. Hansteen <[EMAIL PROTECTED]> [2005-11-23 06:15]:
> When the mainstream press started reporting stories like "You are not
> under FBI surveillance" about the newest windows worm variety, I started
> checking my logs for signs of what the stories described. Nothing of
> the sort reported had reached any windows machine on our network, so I
> started looking at the gateway's logs. The result is a very preliminary
> draft which I've put at
> http://www.bgnett.no/~peter/pf/spamd-vs-sober-prelim.txt
>
> My problem is that the sample size is so tiny. If I am to turn this
> into a publishable article, I need more data. Would anyone running pf
> plus spamd in greylisting mode volunteer to do the same tests and send
> me their results (or raw data for that matter)? Any other feedback
> would be welcome of course, and useful data or other useful feedback
> will merit at least a mention in the thanks to list if this gets
> published.
>
> - P
> --
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
> "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
>
--
| | | The ASCII Fork Campaign
\|/ against gratuitous use of threads.
|
