Arvid Ephraim Picciani wrote on Tue, 2 Dec 2008 14:02:53 +0100: > Now i just saw a spike of spam/scam/ and virus messages in very well formed > german. It's 200% spam all sudden. They all have a similar writing style, > hence i assume they are from a single group trying to build up on german > ground.
Most of these don't even make it on our systems. > We don't have clamav running (becouse of the mentioned low effect reason), > should we start seting one up? The few left that make it on the system got blocked as bad content by MailScanner. It was also identified by clamav as Trojan.Invo-13. > Is there anything else that we should take > care of in order to minimize the harm done by the likely comming waves? Use a complete anti-spam/malware solution and not just a backend spam detector. Alternatives would be MailScanner, amavis or MIMEDefang for instance. They all make or can make use of SA, but only as part of the whole solution. And configure your MTA in a way that it blocks those unwelcome connects. Really doesn't make sense to waste CPU cycles on conencts that can be detected as unwanted the one or the other way. > We're blocking IPs from dialups from countries no one receives mail here > anyway. Why just block dialups then? > Should we start blocking dialups from our own country as well, *any* dialups. That's just what more and more ISPs do. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
