[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spamd effectiveness

To: misc@openbsd.org
Subject: Re: spamd effectiveness
From: Jay Moore <jay_mo@bellsouth.net>
Date: Fri, 12 Sep 2003 23:08:47 -0500
References: <20030912143439.GF15269@gxis.de>

On Fri, 12 Sep 2003 16:34:39 +0200, you wrote:

>I started playing around with spamd on an 3.3 box 
>just yesterday, but I seem to have noticed that no 
>spammer connection seems to last more than about 400 
>seconds (at least according to the "age" display in 
>pftop, which I'm currently using to get a rough overview).
>
>Is there some recommended tuning in pf parameters or 
>something to make them stay longer, or have the spammers 
>already adapted?

I haven't tried pftop (ports tree?), and I've just begun with spamd
myself. I have done some initial testing by blacklisting one of my
other hosts (sender), and then sending a single message from that host
to a receiver with spamd.

The spamd log on receiver had an entry for boinked connections from
sender every 30 minutes; i.e. sender repeated the connection attempt
every 30 mins. My receiver box went "live" earlier today, and I've not
seen any "repeaters"... so, yeah - I think many of them have already
learned to recognize things like teergrubes and spamd that waste their
time. This is logical and efficient behavior - required, I think, if
you're going to be a survivor in the spam industry.

It would be cool if spamd provided more details in the log about what
happened during the connection. Following are a couple of (sanitized)
consecutive entries from the sender's log. I'm not sure what all of it
means, but the 'xdelay' entries may reflect how much time was wasted.

Sep 11 16:45:14 toady sm-mta[22654]: h8B9t8hT012540:
to=<jaymo@rcvr.testr.com>, ctladdr=<sluggo@sendr.com>
(1001/1001), delay=11:50:06, xdelay=00:07:19, mailer=esmtp,
pri=2220446, relay=rcvr.testr.com. [37.63.158.196],
dsn=4.0.0, stat=Deferred: 450-SPAM. Your address 37.63.158.96 has
spammed me previously, and has been added to my
blacklist.

Sep 11 17:15:13 toady sm-mta[8683]: h8B9t8hT012540:
to=<jaymo@rcvr.testr.com>, ctladdr=<sluggo@sendr.com>
(1001/1001), delay=12:20:05, xdelay=00:07:18, mailer=esmtp,
pri=2310446, relay=rcvr.testr.com. [37.63.158.196],
dsn=4.0.0, stat=Deferred: 450-SPAM. Your address 37.63.158.96 has
spammed me previously, and has been added to my
blacklist.

References:
- spamd effectiveness
  - From: Alexander Bochmann <ab@lists.gxis.de>

Prev by Date: Re: large disks
Next by Date: Re : Unable to get PS/2 mouse to work under X in OpenBSD 3.3
Prev by thread: spamd effectiveness
Next by thread: Re: spamd effectiveness
Index(es):
- Date
- Thread