[CentOS] Spam, fail2ban and centos

Thu May 10 15:52:54 UTC 2012
Scott Silva <ssilva at sgvwater.com>

on 5/9/2012 9:59 AM Les Mikesell spake the following:
> On Wed, May 9, 2012 at 11:07 AM, Bob Hoffman <bob at bobhoffman.com> wrote:
>> I am starting to see a real pattern to all this.
>> I would love to see someone do a case study on spam attacks. Their
>> system seems well honed to scale up with your defenses until they
>> finally have to 'appear' on their real computers like the ovh.net
>> servers, and many more hosts,
> I think you are over-analyzing.  The senders are distributed and shift
> around whether you do anything defensive or not, and if you have ever
> accepted an address, even years ago with a system like qmail that
> accepted without checking anything, then tried to bounce bad
> addresses, those addresses will be on some lists that are re-tried
> forever no matter how many times you reject them now.   I haven't
> watched this for a while but I used to be surprised that even though
> the senders were spread over hundreds of IPs, the overall rate seemed
> to be centrally controlled and in what would look like a dictionary
> attack the list seemed to be sorted, at least in big chunks, across
> the senders.
I would turn that address into a spamtrap and use it to reject on your other