most spam today is sent through open relays. Those relays will simply retry the delivery no matter which software the spammer uses, so the method won't work.
Eh, open relays are soooo 20th century.:) Actually most open relays today are either blocked or closed, and newly installed MTAs are secure against third-party relaying by default, so this spam method is dying out [it-analysis.com]. Most spam today is sent either directly to the receiving MTA, through open proxies, or through formmail.pl and similar exploits.
Open proxies get most of my rejects, here's a paste from "spamstat" (a quick script I did that cron's me the output once a day). The logs rotated not quite 2 hours ago.
Open Relay: 1 Dialup Spam Source: 0 Confirmed Spam Source: 2 Smart Host: 0 Spamware Developer or Spamvertized site: 0 Unconfirmed Opt-In List Server: 0 Insecure formmail.cgi: 0 Open Proxy Server:8
The data in this article claims that 1% of all corporate mail servers in the UK allow open relaying, down from 91% in 1997. For all we know, the total number of corporate e-mail servers has grown by a factor of 100 (or more) in the last six year, meaning that perhaps there are more open relays now.
The article also doesn't measure the amount of spam coming through those relays. Even if there are only 10 open relays in the UK at any one time, it still might be possible for all of the spam to be coming through them.
Certainly, closing down open relays is a good thing, but lowering the percentage of open relays doesn't prove anything about the source of spam
Realize that the article doesn't claim that Greylisting alone will stop all spam, but Greylisting in conjunction with blacklisting and other anti-spam techniques can make open relays less of a problem.
Let's just take the scenario where a major spammer has decided to route his spam through an open relay in the UK. The network admin in charge of email security at BigSoftware Corp. has implemented Greylisting in addition to all his anti-spam measures previously existing including blacklisting. According to t
When the open relay DNSBLs are shut down becuse they no longer do anything useful then you'll know open relays are no longer a problem. I've got a (Taiwan) spammer trying to send spam through my fake open relay right now. I've wanted to catch the spammer who tests from 4.46.13.179 but so far he's slipped the hook. I just keep getting this #$@#!@# Taiwan spammer.
There's two ways to know when open relay abuse is over. The first is as abov
"Well hello there Charlie Brown, you blockhead."
-- Lucy Van Pelt
can't believe their numbers (Score:5, Informative)
Re:can't believe their numbers (Score:5, Informative)
Re:can't believe their numbers (Score:3, Interesting)
Re:can't believe their numbers (Score:2)
Release! Release! Release!
Re:can't believe their numbers (Score:2)
Sorry man, if I released my leet "grep -c"-laden script, SCO would have lawyers banging at my door.
Re:can't believe their numbers (Score:1)
Would you consider revealing which program you're grepping the logs of?
I'd consider signing an NDA
Re:can't believe their numbers (Score:1)
Just grepping the maillog looking for the messages I set up from within my sendmail.mc file.
ie: (from sendmail.mc)
and in the spamstat script the corresponding lines are:
Where ML defaults to /var/log/maillog. I zgrep as it can take a parameter of any file and older logs get gzip'd when rotated.
HTH
Re:can't believe their numbers (Score:1)
Poor use of statistics (Score:5, Insightful)
The article also doesn't measure the amount of spam coming through those relays. Even if there are only 10 open relays in the UK at any one time, it still might be possible for all of the spam to be coming through them.
Certainly, closing down open relays is a good thing, but lowering the percentage of open relays doesn't prove anything about the source of spam
Re:here are the stats (Score:3, Interesting)
You'll notice that the US is the #1 country Top 3 are:
- The United States, with over 80,000 open relays
- Korea and Japan pretty much tied at +15,000 each
- Japan, at just under 10,000
That's more than everyone else combined!Re:here are the stats (Score:2)
That's Korea and China. But who cares, they all look the same to me...
Re:here are the stats (Score:2)
Re:here are the stats (Score:2)
# Japan, at just under 10,000
Don't forget about Japan!
Re:Poor use of statistics (Score:2, Insightful)
Let's just take the scenario where a major spammer has decided to route his spam through an open relay in the UK. The network admin in charge of email security at BigSoftware Corp. has implemented Greylisting in addition to all his anti-spam measures previously existing including blacklisting. According to t
Re:can't believe their numbers (Score:2)
Like dial phones, eh?
When the open relay DNSBLs are shut down becuse they no longer do anything useful then you'll know open relays are no longer a problem. I've got a (Taiwan) spammer trying to send spam through my fake open relay right now. I've wanted to catch the spammer who tests from 4.46.13.179 but so far he's slipped the hook. I just keep getting this #$@#!@# Taiwan spammer.
There's two ways to know when open relay abuse is over. The first is as abov