[Greylist-users] Stopping "machine gunners" - not really a

Barb Dijker barb at netrack.net
Wed Mar 15 13:34:17 PST 2006

Thanks for all the recent tips especially wrt sendmail.  Time to  
implement those.

Just fyi to all.  Greylisting is great for what it does, but I still  
use other means in addition to greylisting to divert things, e.g.,  
blacklisting.  I recently had some similar problems that were  
resolved by this:


This above list is hard to find on spamhaus.  I only see it buried as  
the last item in their "ISP Spam Issues" FAQ.  I originally applied  
it as intended by null routing all those blocks at my core/borders.   
Doing so does not block the first incoming tcp SYN packet, only the  
returned ACK.  So then my mail servers where getting hit by what  
looked like port 25 SYN attacks - sometimes 10-20 times as many SYN  
packets as connections.  The traffic was at times crippling, but not  
visible in the sendmail log because there wasn't a full connection.   
Adding an incoming filter for those blocks of course did the trick.   
I've been using the drop list on a production commercial customer  
network (not just the mail server) for almost a year without anyone  
wishing we were not.

Barb Dijker x100
Netrack, 3080 Valmont Rd Ste 200, Boulder CO 80301
+1.303.938.0188, toll free +1.888.9Netrack, fax +1.303.938.0177

More information about the Greylist-users mailing list