[70576] in North American Network Operators' Group
Re: Barracuda Networks Spam Firewall
daemon@ATHENA.MIT.EDU (Eric A. Hall)
Wed May 19 19:24:38 2004
Date: Wed, 19 May 2004 18:24:03 -0500
From: "Eric A. Hall" <ehall@ehsco.com>
To: jcouzens@6o4.ca
Cc: nanog@merit.edu
In-Reply-To: <1085008774.8604.87.camel@antitrust.6o4.ca>
Errors-To: owner-nanog-outgoing@merit.edu
On 5/19/2004 6:19 PM, James Couzens wrote:
> On Wed, 2004-05-19 at 15:28, Eric A. Hall wrote:
> Going through the spam that I've got access to (and it is a substantial
> amount allbeit not in the millions of spam per day) I can't seem to
> associate the spam with chinese urls, and certainly not to the extent
> that you indicate (90%).
extract hostname from url, dig on hostname, whois on addr, and nine times
out of ten the host is in a CN netblock. that's from the spam that gets
into my mailbox.
let me state AGAIN that what I really want is a plugin that allows for
cidr match-lists so that I can also include the handful of non-enforcing
hosters in Russia, New York, Florida, etc. One responder also suggested
ASN matchlists but I'm not that mad.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
