Weekly spam summary for August 13th, 2005

August 14, 2005

Overall SMTP connections are running at twice the expected rate, at 246,000 SMTP connections although only from the usual 33,000 different IP address. The SMTP frontend hit a highwater of 18 simultaneous connections during the week.

Kernel level IP filtering:

Host/Mask           Packets   Bytes
204.50.22.50          11909    572K
170.206.225.64         8186    393K
66.237.19.76           8148    391K
192.35.251.3           7206    346K
218.102.53.0/24        6916    330K
219.144.0.0/13         5395    262K
212.216.176.0/24       4953    257K
220.160.0.0/11         4875    238K
202.96.0.0/12          4774    245K
61.128.0.0/10          4627    226K

This week is an impressive one for individual accomplishment; we had some very determined would-be callers. 170.206.225.64 got into our IP level filtering by being in dnsbl.njabl.org; everyone else was very eager to give us a bad SMTP HELO greeting. 170.206.225.64 made a prior appearance in SpamAftermath-2005-07-30; 192.35.251.3 showed up all the way back in IPReject-2005-06-18.

Connection-time rejections run:

 24776 total
 11386 dynamic IP
  8050 bad or no reverse DNS
  1347 class bl-spews
  1284 class bl-cbl
   573 class bl-dsbl
   506 class bl-ordb
   372 class bl-sbl
   264 class bl-njabl
    67 class bl-sdul
     4 class bl-opm

These are up somewhat over last week. Unlike last week, there are no really big single sources that account for the jump in SPEWS.

On the unscientific basis of the number of different places sending us bad HELO greetings and SMTP bounces to nonexistent local users, we are being very actively forged as a spam origin once again. The numbers are up dramatically from last week:

what # this week (distinct IPs) # last week (distinct IPs)
Bad HELOs 17830 679 3392 197
Bad bounces 5818 2568 1471 878

Other systems show (if anything) a semi-significant decrease in spam and bounces.

Written on 14 August 2005.
« Those amusing Referer spammers
Check your backups »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Aug 14 01:34:14 2005
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.