Some quick CBL stats

June 27, 2005

Last night I shuffled our antispam rules to put checking the CBL before everything, including our per-IP-address greylisting.

Since 3:20am this morning, 83% of the connect-time SMTP rejections were due to the CBL, for 88% of the IP addresses (4,180 out of 5,000 rejections from 3,038 different IP addresses out of 3,455).

So the simple recommendation seems to be: if you can only deploy one DNS blocklist, use the CBL. (Better yet, use the XBL, since that includes the CBL as well as a few others.)

It's also a depressing testament to just how much of our SMTP load is from compromised zombie machines. Over roughly the same time period, we had successful SMTP connections from only 271 different IP addresses, which means that around 82% of the IP addresses that tried to talk to us were zombies. (And probably still are zombies.)

Some of the zombies were pretty persistent about it; the top honors goes to, with 22 connection attempts refused.

Written on 27 June 2005.
« Dangerously over-broad error catching
Scripting and automation capture knowledge »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Mon Jun 27 23:52:44 2005
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.