North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: How do you stop outgoing spam?
> The spamming is usually done (but not only) from an Internet cafe where the > spammer inserts a "spammer CD" and blasts away at open mail relays. When > SMTP is blocked for that IP outbound SMTP should be blocked for any dynamic or dialup source within a network. a rule of thumb might be that if nat or dhcp is involved, then you should be firewalling outbound smtp. likewise for an internet cafe: these are untrusted edges and the only things they should be able to reach are either (a) other parts of the untrusted edge, or (b) a place where they can authenticate themselves in order to reach further. > ..., they switch to HTTP and send the spam via MSN, Yahoo, Hotmail, > Kukamail, Outblaze, Safe-mail, etc. to name just a few. Blocking port 80 > is harder since it requires maintaining an ever larger list of free > public web based mail systems or just block port 80 entirely. per-destination host AND port egress rate shaping. if someone tries to send more than 1Kbit/sec to all port 80's, or more than 1Kbit/sec to any single IP address, then you can safely RED their overage. this violates the whole peer-to-peer model but there's no help for that in the short term. if some internet cafe has a CuCme camera setup then you can find a way to let that traffic off-net without rate shaping. this will be the exception. -- Paul Vixie
|