[Sussex] Securing Mail Servers
Andy Smith
andy at lug.org.uk
Mon Apr 17 07:01:39 UTC 2006
On Sun, Apr 16, 2006 at 09:07:44PM +0100, Desmond Armstrong wrote:
> I have a question.
> The spam that we receive does it come from improperly set up mailservers
> or/and from Windows machines which are riddled with trojans.
The vast majority fits into the latter category.
> One thing I am fairly certain on, it does not come from normal Linux boxes.
> What are the statistics on this point?
For some time I have been using p0f to work out the OS of every host
that makes a connection to port 25 of mail-in-01.lug.org.uk (i.e.
tries to send mail to any address at lug.org.uk).
Here are some stats for you:
Between Thu Apr 6 15:17:34 2006 and Mon Apr 17 06:54:05 2006 there
have been 150278 connection attempts.
121440 (~80.8%) of them were from Windows hosts.
In a ~48 hour period I bothered to check the OS of any spam I saw
that got through the antispam measures both at lug.org.uk and at
home, and 100% of them were from Windows hosts.
Because of the odds I am strongly considering devising a way to
check the OS and subject connections from Windows machines to
harsher antispam measures than I normally would. e.g. greylisting,
dynamic IP DNSBLs, etc.
Unfortunately I do not have any means in place at this time to
automatically check emails marked as spam against the p0f log file.
A minority of spam is sent via insecure proxies or open relays on
otherwise legitimate mail servers (some of which will be unix).
--
http://strugglers.net/wiki/Xen_hosting -- A Xen VPS hosting hobby
Encrypted mail welcome - keyid 0x604DE5DB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20060417/2312d555/attachment.pgp
More information about the Sussex
mailing list