Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Abrupt spam increase

> I've noticed over the past 6 weeks a sudden, abrupt increase in the
> flow of spam on my home server.  It's gone from about 250/day to
> 440/day; last month's average daily flow was about 360.
> Thus far I've been simply directing it to a quarantine folder, and
> keeping general tabs on the volume.
> But as volume grows, at some point I'll want to do something
> different.  I have a couple of questions:
> (1) Have any of y'all tried to keep stats on the flow of spam?  Are my
> observations about message flow on-target?
> (2) Beyond SpamAssassin, have you tried out any tools which reject
> spam before it reaches your mailbox?  I know that I could configure
> sendmail to reject mail from sites listed in certain blacklist
> databases, but before I take that step I want to make sure to use the
> right blacklists and I also want to keep better statistics on a
> per-recipient basis (example, I get mail to "daemon" and "amanda", in
> addition to "richb", at my domain). (3) Are there any spam-folder
> statistical analysis tools that are useful?

I've noticed a marked increase in spam attempts since the first of the year,
including spam from otherwise "legitimate" businesses who are now licensed
to spam based upon the US (I) CAN SPAM act.

I use a series of blacklists, including blocking off entire countries
(Korea, China, Poland, etc).  Then again, I've not had any legitimate
messages from those areas, and don't yet expect any in the future.  Some of
my lists include dynamic IPs on cable and DSL providers, though these lists
are not complete.  After fine-tuning (and whitelisting certain addresses),
if I get one spam message come through in two weeks that's a lot.  I haven't
blocked one legitimate message in probably close to a year, as far as I can

Unfortunately, I don't keep statistics, other than for (who
has one particular user who tries hundreds of times a day to hit my
mailserver).  They're blocked at the firewall for that block of dynamic


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /