The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Wednesday, May 14, 2003

Musings on the Spam

Mark just alerted me that he blocked an IP address because it was attempting to spam us. Or rather, it was attempting to spam all sorts of addresses to conman.org. Over 200 attempts in the past month.

I then started going through the mail logs, and I found all sorts of fun stuff. Mr. Spammer trying various userids. Then there was the spammer that attempted to mail the same invalid address nearly 300 times. I also noticed that spammers were queueing mail up at our backup MX servers, which not only loads our system up rejecting such mail, but loads our backup MX servers in accepting such mail to begin with.

Mark and I discussed the issue a bit and we came up with a few ideas of lessening the load. One idea was to add a module to Postfix (since not only do we use that, but both our backup MX servers use it as well) to monitor rejected addresses and if a single IP address attempts to deliver to too many bogus addresses, automatically block access from that address for a period of time (both the number of attempts, and the length of time of the block would be configurable).

The other problem is spam sent to bogus addresses at the backup MX servers; they have no idea which addresses are valid and which aren't, so all mail is accepted and queued up for final delivery. To get around that problem, another module could be added for the primary MX server to notify the backup MX servers of valid addresses; something similar to the way DNS updates changes from master to slave servers. Such a scheme certainly won't scale, but for the number of users we have (across our system, and our backup MX servers) it's servicable, and it would prevent the backup MX servers from queueing up mail for non-existent users.

In fact, now that I'm thinking about it, I wonder if this is how people selling lists of email addresses can “claim” that all the addresses are deliverable? Of course they're deliverable, if you send the email to a backup MX server, of course it's deliverable (for most—I'm sure there are a few exceptions).

But this is something I need to look into …

Obligatory Picture

[The future's so bright, I gotta wear shades]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

https://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2024 by Sean Conner. All Rights Reserved.