-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joey さんは書きました: |> -----Original Message----- |> From: Jorey Bump [mailto:[EMAIL PROTECTED] |> Sent: Monday, October 13, 2008 6:09 PM |> To: Joey |> Cc: postfix-users@postfix.org |> Subject: Re: Finally blocking some spam |> |> Joey wrote, at 10/13/2008 05:10 PM: |> Make sure you count the hosts, not the number of packets that were |> attempted. In many cases, each host is only trying to send one message. |> Blocking can skew the numbers (but the ones you report are still rather |> large). |> | [SNIP] | | I forgot to mention that if I remove the firewall rules I do get supporting | numbers in maillog with "connect from" lines, so the numbers are accurate. | I have struggled with this for a long time. | |
That's still too simple. You're simply counting connections again. How many of those connection attempts are hosts retrying (sending the same mail)? You do not have the data to tell you what is going on. To get a more accurate count evaluate the source IP, sender and RCPT TO. This might also reveal the false positives that you cannot see by blocking IP blocks at a firewall. The method you are using has been tried by others before and has been discussed here several times before. The problems with this approach are well known. Mainly, it is generally considered to be bad behaviour. Among more recent problems that have appeared for sites doing the same thing is that they become blacklisted. Don't be surprised to find your domain or at least your IP on blacklists. Sites that block large swaths of IP address space like this sooner or later do and it's very difficult, if not impossible to get off them. That will only reduce legitimate mail, not spam, as sites that subscribe to such blacklists will not talk to you. Get rid of your tainted IP and ensure that your domain is also not tainted. Once a domain or username is tainted, it seems to stay that way apparently forever. jd == "I've seen, I SAY, I've seen better heads on a mug of beer" ~ -- Senator Claghorn -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFI91z3hpL3F+HeDrIRAlG1AJ9YmZUtfBIIV1r4P/U7B7Q4O6t+2gCgqACm oG6YGxVpNhR/dZmRJScXaxY= =Y9kt -----END PGP SIGNATURE-----
