[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Asrg] Re: 7. BCP - Mail Administrators: Checking HELO
On Tue, Sep 09, 2003 at 10:04:46AM -0400, Chris Lewis wrote:
> Steven F Siirila wrote:
>
> >I won't break down on a per-DNSbl basis, but here's some data for the past
> >week:
> >
> >Insecure server 342,122 (79,449 unique -- blocked ONLY for
> >this reason)
> >Known spam src 351,648 (288,234 unique)
> >rDNS blocks 591,570 (378,792 unique)
> >Dynamic IP addr 1,095,792 (950,424 unique)
> >
> >Total blocked 2,048,523
>
> Strange. Is there some sequencing at play? Which are done first?
We query all DNSbls all the time. We tell the remote user (via URLs),
all reasons for the block, not just the first one we run across.
> Here's moderately comparable breakdowns from our spamtrap (percentage of
> full spamtrap load):
>
> CLASS DUL 345446 3.04
> CLASS MANUAL 154099 1.36
> CLASS MISC 4106790 36.12
> CLASS PROXY 8804470 77.43
> CLASS RELAY 24925 0.22
> CLASS SPAMSOURCE 163314 1.44
>
> [These overlap, but there is no sequencing dependencies]
>
> I would assume your "Insecure server" is analogous to a combination of
> our PROXY and RELAY classes. One DNSBL, CBL, _alone_ manages to catch
> 74% of the 77% that PROXY gets.
Correct. Open Proxy, Open Relay, Insecure Formmail.cgi, etc..
> What BL are you using for Dynamic? That 3% is PDL+SORBSdul.
We use several; most notably MAPS DUL and SORBS.
> MISC is a combination of several things, including a "No rDNS +
> complaints" and a "spamcop or ORDB block + complaints" BL.
>
> Open relay is isn't worth bothering with anymore, tho, none of the ones
> I'm using are particularly good (SORBSsmtp + a local one - can't use
> ORDB...).
Agreed.
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg