I've had enough. I'm starting a DNS blackhole list.
Kirk Strauser
kirk at strauser.com
Wed Sep 24 19:42:32 PDT 2003
At 2003-09-25T01:17:26Z, "Drew Derbyshire" <avatar at 2003-09.plus.kew.com> writes:
> Seems like a lot of work with way too much room for false positives.
There are no false positives; all addresses listed are machines that have
directly transmitted viral mail onto my network. No other hosts are listed.
> Why aren't you running a content filter on executable attachments so they
> get bounced and you never see them?
I *am* running Spamassassin with the executable score turned up
sufficiently, but that only goes so far. I have no desire to scan 40,000
more messages, and a well-seeded blacklist would go quite a way toward
stemming the tide.
After I harvested the first batch of 10,000 or so addresses, I noticed that
some machines had sent me 20, 30, 40 plus emails. I'm perfectly content to
cut that to 1.
> BTW -- Shouldn't that be hunnypot.net?
Probably. I'd never thought about it before, and it would've saved a fight
with a porn studio had I seen that it was open back when I registered this
one.
--
Kirk Strauser
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20030924/0d39eb85/attachment.bin
More information about the freebsd-stable
mailing list