on 5/9/2012 9:59 AM Les Mikesell spake the following:
On Wed, May 9, 2012 at 11:07 AM, Bob Hoffman bob@bobhoffman.com wrote:
I am starting to see a real pattern to all this.
I would love to see someone do a case study on spam attacks. Their system seems well honed to scale up with your defenses until they finally have to 'appear' on their real computers like the ovh.net servers, and many more hosts,
I think you are over-analyzing. The senders are distributed and shift around whether you do anything defensive or not, and if you have ever accepted an address, even years ago with a system like qmail that accepted without checking anything, then tried to bounce bad addresses, those addresses will be on some lists that are re-tried forever no matter how many times you reject them now. I haven't watched this for a while but I used to be surprised that even though the senders were spread over hundreds of IPs, the overall rate seemed to be centrally controlled and in what would look like a dictionary attack the list seemed to be sorted, at least in big chunks, across the senders.
I would turn that address into a spamtrap and use it to reject on your other servers...