Date: Wed, 24 Sep 2003 21:41:58 -0500 From: Kirk Strauser <kirk@strauser.com> To: "Drew Derbyshire" <avatar@2003-09.plus.kew.com> Cc: freebsd-stable@freebsd.org Subject: Re: I've had enough. I'm starting a DNS blackhole list. Message-ID: <87u171egi1.fsf@strauser.com> In-Reply-To: <004001c38302$c8589e50$84cba8c0@kendra> (Drew Derbyshire's message of "Wed, 24 Sep 2003 21:17:26 -0400") References: <8765jhg7eo.fsf@strauser.com> <004001c38302$c8589e50$84cba8c0@kendra>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Transfer-Encoding: quoted-printable At 2003-09-25T01:17:26Z, "Drew Derbyshire" <avatar@2003-09.plus.kew.com> wr= ites: > Seems like a lot of work with way too much room for false positives. There are no false positives; all addresses listed are machines that have directly transmitted viral mail onto my network. No other hosts are listed. > Why aren't you running a content filter on executable attachments so they > get bounced and you never see them? I *am* running Spamassassin with the executable score turned up sufficiently, but that only goes so far. I have no desire to scan 40,000 more messages, and a well-seeded blacklist would go quite a way toward stemming the tide. After I harvested the first batch of 10,000 or so addresses, I noticed that some machines had sent me 20, 30, 40 plus emails. I'm perfectly content to cut that to 1. > BTW -- Shouldn't that be hunnypot.net? Probably. I'd never thought about it before, and it would've saved a fight with a porn studio had I seen that it was open back when I registered this one. =2D-=20 Kirk Strauser --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQA/clYA5sRg+Y0CpvERAkNqAJ9yWwYMJ9AVMNPmqZ/kE7NqtWLdNgCePnqF S8cUHQpIZ6DCI8dhU0VVO54= =Ikig -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87u171egi1.fsf>