On 19/11/12 06:18, Michael Monnerie wrote:
[crosspost postfix-users and spamassassin-users]
Am Sonntag, 18. November 2012, 14:08:08 schrieb Michael Monnerie:
How should we report those IPs, is there a "anti botnet unit"
somewhere?
Lets concentrate back on the subject, I got this answer:
normally it makes no sense to report botnets
And this is what makes me worry. Botnets are todays biggest source of
spam, and nobody has ever started to fight it really? There are tons of
tools for every small issue, but nothing to cope with the biggest shit?
As others have stated, there are many very effective ways to fight
botnet spam, it's just that reporting individual IP addresses isn't one
of them.
To fight the spam at the recipient's end, things like
Postscreen/Postgrey are hugely effective as are DNSBLs such as Spamhaus'
PBL and XBL.
At source, many investigators have had great success taking down botnets
by targeting command and control infrastructure or by bringing legal
measures against those in control of them. ISPs are also more commonly
blocking outbound smtp traffic from domestic IP ranges by default
forcing users to use the ISP provided smarthosts.
To specifically address your query regarding reporting IP addresses -
any ISP should be able to immediately see one of their hosts is spewing
inordinate amounts of spam without you having to report the IP address -
if they can't see this (and do something about it) then they will very
quickly find their way onto DNSBLs at which point the problem generally
takes care of itself.
So generally there are better uses of one's time than reporting tens of
thousands of infected IP addresses to their ISPs who should already have
this information at their disposal.
