Weekly spam summary for August 13th, 2005
Overall SMTP connections are running at twice the expected rate, at 246,000 SMTP connections although only from the usual 33,000 different IP address. The SMTP frontend hit a highwater of 18 simultaneous connections during the week.
Kernel level IP filtering:
Host/Mask Packets Bytes 22.214.171.124 11909 572K 126.96.36.199 8186 393K 188.8.131.52 8148 391K 184.108.40.206 7206 346K 220.127.116.11/24 6916 330K 18.104.22.168/13 5395 262K 22.214.171.124/24 4953 257K 126.96.36.199/11 4875 238K 188.8.131.52/12 4774 245K 184.108.40.206/10 4627 226K
This week is an impressive one for individual accomplishment; we had
some very determined would-be callers. 220.127.116.11 got into our IP
level filtering by being in dnsbl.njabl.org; everyone else was very
eager to give us a bad SMTP
HELO greeting. 18.104.22.168 made a
prior appearance in SpamAftermath-2005-07-30; 22.214.171.124 showed
up all the way back in IPReject-2005-06-18.
Connection-time rejections run:
24776 total 11386 dynamic IP 8050 bad or no reverse DNS 1347 class bl-spews 1284 class bl-cbl 573 class bl-dsbl 506 class bl-ordb 372 class bl-sbl 264 class bl-njabl 67 class bl-sdul 4 class bl-opm
These are up somewhat over last week. Unlike last week, there are no really big single sources that account for the jump in SPEWS.
On the unscientific basis of the number of different places sending us bad HELO greetings and SMTP bounces to nonexistent local users, we are being very actively forged as a spam origin once again. The numbers are up dramatically from last week:
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
Other systems show (if anything) a semi-significant decrease in spam and bounces.