• Published on | Jan 16, 2006 | by Chris Osborn

Are you a spammer and don't know it?

I setup my spammer logging to lookup the owner of the IP address that the spam is coming from. You'd be surprised at where some of it is coming from. There's the obvious expected places like China and DSL/cable users. But there's been some coming from government controlled IPs. My guess is there's a lot of people that are running hacked computers and the spammers are using them as relays. These people probably have no clue that they are acting as spammers themselves.

So for fun I've setup a web page that will print out the 1000 most recent spam connections. Check the list, maybe you're in it and you need to secure your computer!

All of the entries in this list come from spam and spam only. Nothing has been falsely identified. How do I know? Because none of it is going to a real email address. I setup catch-alls on several of my domains to trap mail that goes to a non-existant address and send it off to my trap. All of the spam that is logged is from dictionary attacks on my domains. Right now it's averaging at over 30,000 spams a day.

Click here to view the list

I use the contents of that blacklist to automatically generate a set of iptables rules that I use on all my routers. Each IP is banned for a variable amount of time based on how many times they have spammed me. The more they spam me, the longer it is until they can try to spam me again. Every 5 minutes the list is updated and they are blocked from connecting to port 25 on any of my servers. It's amazing how much less spam I'm getting in my mailbox since I set this up. I was getting probably a spam that made it through all my procmail and spamassassin filters every 10-20 minutes, now it's an hour or more.

Join The Discussion

+1  Posted by Living in the Whine Country • Jan.16.2006 at 06.58 • Reply

Chris posted in his blog. I guess he set it up to post the latest IP addresses that emailed spam to him. Not going to do much good, but it makes him feel better. The number one way spammers seem to be spamming is by taking control of other computer...