North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How do you stop outgoing spam?

  • From: Brad Knowles
  • Date: Mon Sep 09 18:01:29 2002
  • Reply-by: Wed, 1 Jan 1984 12:34:56 +0100

At 10:08 AM -0700 2002/09/09, John M. Brown wrote:

 How do you determin what is spam ?

 Not trying to be difficult or start another bloody thread.

 It would seem to me that in order to create an "off the shelf"
 non NOC-updating solution, you would have to beable to define
 "what is spam"  and then you could "detect it".
You could transparently proxy port 25 for all outgoing traffic, and then run spamassassin on that machine (collection of machines). You could do a slightly modified version to look at the traffic on port 80. Not only would you be looking for standard spam keywords, but you would also be looking at spam reports from other people (e.g., Vipul's Razor), so this should continue to adapt as the spam attacks change.

However, I also like the idea of doing a bandwidth budget on a per machine basis, with short term bursts allowing for most "normal" activity.

--
Brad Knowles, <[email protected]>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)