[CentOS] Spam, fail2ban and centos

Thu May 10 23:42:32 UTC 2012
Scott Silva <ssilva at sgvwater.com>

on 5/10/2012 9:47 AM Les Mikesell spake the following:
> On Thu, May 10, 2012 at 10:52 AM, Scott Silva <ssilva at sgvwater.com> wrote:
>>> I think you are over-analyzing.  The senders are distributed and shift
>>> around whether you do anything defensive or not, and if you have ever
>>> accepted an address, even years ago with a system like qmail that
>>> accepted without checking anything, then tried to bounce bad
>>> addresses, those addresses will be on some lists that are re-tried
>>> forever no matter how many times you reject them now.   I haven't
>>> watched this for a while but I used to be surprised that even though
>>> the senders were spread over hundreds of IPs, the overall rate seemed
>>> to be centrally controlled and in what would look like a dictionary
>>> attack the list seemed to be sorted, at least in big chunks, across
>>> the senders.
>> I would turn that address into a spamtrap and use it to reject on your other
>> servers...
> It wasn't 'an address'.  It was a dictionary attack to thousands of
> user names that don't exist at a few domains.   Years ago I had used
> an SME server with its stock qmail setup to receive for those domains
> - up to the point where accepting/bouncing rejections became
> impractical.  But by then the addresses must have gotten on some
> 'known good' spam list because they had been accepted at least once,
> and from then on there was a steady stream of about 50k/day delivery
> attempts .  For unrelated business reasons we no longer use those
> domains but it went on for years and for all I know the list is still
> being used.  After I switched to receiving with sendmail with all the
> real users in virtusertable the rate wasn't a problem - rejects happen
> very quickly with only a dbm lookup and a default reject rule.
But still... If you know those addresses are never legitimate anymore, they
are perfect to port to a spamtrap, and use for local blocking of those senders...