Wandering Thoughts archives

2005-10-02

Weekly spam summary on October 1st, 2005

This week we received 11,661 email messages from 245 different IP addresses. Our SMTP server handled 49,500 sessions from 5,900 different IP addresses. Email volume has held steady from last week, but session volume is down.

Overall connections are actually up from previous weeks: 251,000, from at least 41,000 different IP addresses. Our SMTP frontend hit 50 simultaneous pending connections early in the week, which is its maximum at the moment. Other statistics suggest that this time around, the changes are because spammers are trying to spam us.

Kernel level SMTP blocks:

Host/Mask           Packets   Bytes
218.102.53.0/24       10647    492K [*]
68.21.250.130          8784    411K
212.74.114.37          7860    388K
195.188.82.90          7582    354K [*]
213.4.149.11           7556    344K [*]
212.216.176.0/24       6075    325K [*]
67.116.92.82           5963    286K
216.130.96.132         5511    257K
66.192.184.35          5262    253K
64.212.161.229         4731    227K

The four marked entries reappeared from last week; the remainder are new.

  • 212.74.114.37 is Tiscali UK's lead mail machine, and is on SPEWS.
  • 66.192.184.35 is in what we consider to be twtelecom.net dynamic IP address space.

Everyone else got listed for sending us enough unresolvable HELO greetings.

Connection-time rejection stats:

  25588 total
  13475 dynamic IP
   6328 bad or no reverse DNS
   2166 class bl-cbl
   1691 class bl-spews
    479 class bl-dsbl
    404 class bl-sbl
    233 class bl-ordb
    107 class bl-sdul
     63 class bl-njabl
      4 class bl-opm

Nothing stands out in looking at detailed stats, which means that the big jump in CBL hits is probably from spammers trying to spam us.

Other stats:

what # this week (distinct IPs) # last week (distinct IPs)
Bad HELOs 19943 1141 26297 1726
Bad bounces 7087 3259 9866 4597

Spammers are still actively forging our domains, just not quite as often as last week. Such is life for a domain where they've been forging us for literally years. (I sometimes wish the University would sue a few of them, but the lawyers probably have many better things to do.)

spam/SpamSummary-2005-10-01 written at 01:13:20;


Page tools: See As Normal.
Search:
Login: Password:

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.