From owner-freebsd-stable@FreeBSD.ORG Wed Sep 24 19:42:32 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58BAA16A4B3 for ; Wed, 24 Sep 2003 19:42:32 -0700 (PDT) Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9754243FDD for ; Wed, 24 Sep 2003 19:42:30 -0700 (PDT) (envelope-from kirk@strauser.com) Received: from pooh.strauser.com (pooh.honeypot.net [10.0.5.128]) by kanga.honeypot.net (8.12.9/8.12.9) with ESMTP id h8P2g8Gf087185; Wed, 24 Sep 2003 21:42:09 -0500 (CDT) (envelope-from kirk@strauser.com) To: "Drew Derbyshire" References: <8765jhg7eo.fsf@strauser.com> <004001c38302$c8589e50$84cba8c0@kendra> From: Kirk Strauser Date: Wed, 24 Sep 2003 21:41:58 -0500 In-Reply-To: <004001c38302$c8589e50$84cba8c0@kendra> (Drew Derbyshire's message of "Wed, 24 Sep 2003 21:17:26 -0400") Message-ID: <87u171egi1.fsf@strauser.com> Lines: 27 X-Mailer: Gnus/5.1003 (Gnus v5.10.3) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" cc: freebsd-stable@freebsd.org Subject: Re: I've had enough. I'm starting a DNS blackhole list. X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2003 02:42:32 -0000 --=-=-= Content-Transfer-Encoding: quoted-printable At 2003-09-25T01:17:26Z, "Drew Derbyshire" wr= ites: > Seems like a lot of work with way too much room for false positives. There are no false positives; all addresses listed are machines that have directly transmitted viral mail onto my network. No other hosts are listed. > Why aren't you running a content filter on executable attachments so they > get bounced and you never see them? I *am* running Spamassassin with the executable score turned up sufficiently, but that only goes so far. I have no desire to scan 40,000 more messages, and a well-seeded blacklist would go quite a way toward stemming the tide. After I harvested the first batch of 10,000 or so addresses, I noticed that some machines had sent me 20, 30, 40 plus emails. I'm perfectly content to cut that to 1. > BTW -- Shouldn't that be hunnypot.net? Probably. I'd never thought about it before, and it would've saved a fight with a porn studio had I seen that it was open back when I registered this one. =2D-=20 Kirk Strauser --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQA/clYA5sRg+Y0CpvERAkNqAJ9yWwYMJ9AVMNPmqZ/kE7NqtWLdNgCePnqF S8cUHQpIZ6DCI8dhU0VVO54= =Ikig -----END PGP SIGNATURE----- --=-=-=--