Re: simple spamd questions

Sun, 10 Jun 2007 13:12:05 -0700 

* Juan Miscaro <[EMAIL PROTECTED]> [2007-06-10 10:24]:
> --- Jeff Santos <[EMAIL PROTECTED]> wrote:
> 
> > Hi,
> > 
> > Thank you.
> > 
> > Can I assume that all connected/disconnected messages I see in
> > /var/log/daemon
> > are
> > from blacklisted hosts or some are still greylisted (undefined)?
> 
> Either blacklisted or greylisted.
> 
        If they are blacklisted, the connected/disconntected message
will name the blacklist(s) they are on. if they are greylisted, there
will be no mention of lists in the log message. For example, from my logs,
minutes ago:

Jun 10 13:50:32 snouts spamd[17678]: 82.54.64.16: disconnected after 12 seconds.
Jun 10 13:52:41 snouts spamd[17678]: 84.254.159.186: disconnected after 4 
seconds. lists: uatraps nixspam
Jun 10 13:54:28 snouts spamd[17678]: 203.200.20.226: disconnected after 84 
seconds. lists: nixspam
Jun 10 13:55:49 snouts spamd[17678]: 24.94.42.193: disconnected after 11 
seconds.
Jun 10 13:56:01 snouts spamd[29477]: Trapping 24.94.42.193 for tuple 
24.94.42.193 7eolbe.b37yain.rr.com <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Jun 10 13:56:01 snouts spamd[17678]: 24.94.42.193: disconnected after 11 
seconds.
Jun 10 13:56:15 snouts spamd[29477]: Trapping 24.94.42.193 for tuple 
24.94.42.193 D70HN291.gute.net <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Jun 10 13:56:15 snouts spamd[17678]: 24.94.42.193: disconnected after 12 
seconds.
Jun 10 13:56:33 snouts spamd[29477]: Trapping 24.94.42.193 for tuple 
24.94.42.193 D70HN291.uukud.com <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Jun 10 13:56:33 snouts spamd[17678]: 24.94.42.193: disconnected after 11 
seconds.
Jun 10 13:57:17 snouts spamd[17678]: 24.94.42.193: disconnected after 30 
seconds. lists: spamd-greytrap
Jun 10 13:57:48 snouts spamd[17678]: 24.94.42.193: disconnected after 31 
seconds. lists: spamd-greytrap

82.54.64.16 is simply greylisted, no lists...  84.254.159.186 is
blacklisted, on both the uatraps and nixspam list. Similarly,
203.200.20.226 is on nixspam.  24.94.42.193 was initially greylisted
on his first three (simultaneous) connections, however as he ran afoul
of a greytrap, and was then blacklisted, the following connections got
trapped as he is then on the on the spamd-greytrap list (for the next
24 hours..) 

        -Bob

Reply via email to