Weekly spam summary on October 22nd, 2005

October 23, 2005

This week we received 11,880 email messages from 233 different IP addresses. Our SMTP server handled 36,465 sessions from 4,042 different IP addresses, down markedly from last week.

Overall connections are down slightly from last week: 210,400 connections from at least 38,800 different IP addresses. This week, we only hit a highwater of 22 connections being processed simultaneously. Per day statistics:

Day Connections different IPs
Sunday 42,200 8,830
Monday 35,800 +5,110
Tuesday 18,630 +4,900
Wednesday 41,900 +5,330
Thursday 23,240 +5,500
Friday 28,820 +5,250
Saturday 19,790 +3,930

The Sunday surge is expected; we reboot with much of the kernel level IP filters cleared, and active IPs to block hit us and get added back in later on in the day. Simultaneous connections being processed hit 13 on Sunday then 22 on Thursday.

Kernel level packet filtering top ten:

Host/Mask           Packets   Bytes          21081   1180K      11764    599K           9605    461K         6461    329K           6442    301K             5568    267K           5414    260K        5238    242K         4650    223K          4523    211K

No large netblocks made the list at all, but, 'Surge Media' in SBL24721 is really living up to its name (and reappears from last week). Also putting in return appearances are and, both getting kernel level blocks due to repeated bad HELO names.

It's been a good (or bad) week for DNS blocklists; is DSBL-listed, is CBL-listed, and is on the ORDB. The remaining four IP addresses got blocked for repeated bad HELO names.

Connection-time rejection stats:

  23648 total
  10554 dynamic IP
   7333 bad or no reverse DNS
   2369 class bl-cbl
    832 class bl-spews
    533 class bl-dsbl
    367 class bl-sbl
    336 class bl-ordb
    211 class bl-njabl
    169 class bl-sdul
      5 class bl-opm

Unlike last week, there is no single really active sources.

Other stats:

what # this week (distinct IPs) # last week (distinct IPs)
Bad HELOs 13278 731 27390 1136
Bad bounces 4038 2261 5320 2739

Spammers are probably forging us less, although they continue to forge us. They will probably continue to forge us until the Internet melts down in a combination of depeerings, bankruptcies, and disagreements over which organization and country should run the whole thing.

Written on 23 October 2005.
« A gotcha with Python and Unix signals
One reason why I like Unix »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Oct 23 01:51:47 2005
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.