Jesse Sanford wrote: > I've often wanted to do this kind of thing, but my understanding is that > proxies and spoofing IPs make selectively blocking bad IPs > questionable -- a lot of experienced sysadmins seem to avoid it, whether > for ssh or apache or whatever. I dunno, maybe it would work > better here for some reason, but the general concern is that legitimate > users are likely to get blocked too. > Also, it may be of limited use. We have been under Spam-attack for several days now, and it looks like every piece of spam is coming from a different IP. As such, there is no point in blacklisting something that won't be back again.
Anyway, as an intellectual exercise, anyone interested should be able to go through their existing logs and see just how much spam originates from the same IP - and so such a blacklisting scheme would be worthwhile. In the words of DJB: "profile, don't speculate" PS: you can't spoof SMTP sessions. Quick rule: TCP != spoofable, UDP == spoofable. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Qmail-scanner-general mailing list Qmail-scanner-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
