Showing posts from April, 2010

GeoIP with Splunk

People are checking their emails all over the world. Maybe they're stuck because of Eyjafjallajökull ...?

Fighting Spammers with Splunk 4.1

I haven't blogged about Splunk for a while, but with Release 4.1 there are some new cool features, that helps us tremendously in fighting spammers.

Most of you may not know, that a substantial part of running an ISP mail platform consists of fighting abuse.

Almost all abuse cases are caused by Spammers. Their main target is to control as many mailbox accounts as possible, where they can send spam from. Spammers can send Spam through bot-nets, acquire passwords through phishing attacks, or just do a smpt-auth brute-force attack.

Anyways, the Internet is 24x7, Spammers never sleep and we do neither. There is always someone on-call.

I want to show you, how we currently detect abuse on our platform, and what we do against it.

Detecting Abuse

There are many ways how to detect abuse. I don't want to go into too many details, and also, I don't want to reveal everything we do, as Spammers might read this :-)

One popular way is to count the number of "User unknowns" status messa…

Sun Ray Dualhead on OpenSolaris

It wasn't hard to set up at all, took about 2h to remember all the commands ;-)