Email Issues
Bill Campbell
bill at celestial.com
Mon Jan 23 11:04:02 PST 2017
On Mon, Jan 23, 2017, Jean-Pierre Radley via Filepro-list wrote:
...
>Brian, Mark was giving possible explanations for a user's failing email.
>How is that unhelpful?
I see about 6,000 notices a day from systems I monitor here and
at client sites of suspicious activity, the vast majority being
dictionary attacks via ssh, imap, web access, and a few attempts
to send spam to mailing lists hosted here.
These notices are generated via the 'swatch' log watch program
which feeds into a system I've developed similar to 'fail2ban'
that automatically adds 'iptables' blocks on the offending IP
address when there are multiple attempts from that IP within a
short period of time, and sends an email notification of the
block. I monitor these, using them to maintain a real-time block
list (RBL) that's used here and at our client sites to quickly block
similar dictionary attacks, and spammers/phishers from sending
email through these systems.
Given the quantity of notices, I can't dig into each block in
detail, but have to rely on people to notify me if they are
having a problem getting email to the lists.
FWIW, you can send email to postmaster at celestial.com, an address
that is totally unfiltered bypassing these blocks. There are
other role addresses, security at celestial.com and abuse at celestial.com
which are also unfiltered. It's amazing how much spam I see
coming to these role accounts which is great fodder for the
Bayesian filters used by Spamassassin.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792
Never underestimate the power of stupid people in large groups.
More information about the Filepro-list
mailing list