[SA-exim] Teergrubing, how long are you holding off spammers?

Marc MERLIN marc at merlins.org
Tue, 29 Oct 2002 22:14:53 -0800

Previous message: [SA-exim] Re: SA-Exim 2.2 released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For  those who  are upgrading/planning  to  upgrade to  SA-Exim 2.2  and
willing to use teergrubing, I'd be curious to know how long you can hold
spammers off before the disconnect (this is the first version of SA-Exim
that can detect that the other side  went way and will stop spewing crap
into the void :-)

So far,  I found  that apparently  both sendmail  and postfix  will wait
during the full 15 minutes that  I teergrube them (well, I don't anymore
since  those are  known places  who just  happen to  relay spam  through
mailing lists, so I've configured SA-Exim not to teergrube them but just
reject the message)

That said, I just caught my first direct connection from a real spammer

----- Forwarded message from root <root@merlins.org> -----

Subject: magic.merlins.org 2002/10/29 22:02 system check

This mail is sent by logcheck. If you do not want to receive it any more,
please modify the configuration files in /etc/logcheck or deinstall logcheck.

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
(...)
2002-10-29 21:53:47 186llf-0003iE-00 SA: SAteergrubecond expand returned: '1'
2002-10-29 21:53:47 186llf-0003iE-00 SA: Writing message to /var/spool/exim/SAteergrube/new/E186llf-0003iE-00@mail1.merlins.org
2002-10-29 21:53:47 186llf-0003iE-00 SA: local_scan will teergrube the sender for 900 secs: hits=26.6 required=7.0 trigger=25.0 (scanned in 1/1 secs). From <cyan0316@hanmail.net> (host=NULL [218.54.77.151]) for marc@merlins.org
2002-10-29 21:55:27 186llf-0003iE-00 SA: Interrupting Teergrube, remote side closed the connection after about 100 secs
2002-10-29 21:55:27 186llf-0003iE-00 temporarily rejected by local_scan(): Remote side closed the connection after about 100 secs of teergrube (hits=26.6 required=7.0 trigger=25.0)

----- End forwarded message -----

100 seconds  instead of the  usual 1-5 secs  that they usually  spend to
send a spam. That's  slowed them down by  a factor of more  than 20, not
bad :-)

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking 
Home page: http://marc.merlins.org/   |   Finger marc_f@merlins.org for PGP key

Previous message: [SA-exim] Re: SA-Exim 2.2 released
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]