|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SPAM from own customers
Michel Renfer wrote: In addition to the other suggestions, scanning the CBL (cbl.abuseat.org) for your own IPs is useful from an operational standpoint to find open proxies and trojans.Hi All The topic "Spam sent over infected or malconfigured enduser pc's" will become an big issue. We saw Virus' sending Spam directly from the users pc, downloading the recipient list and the payload trough HTTP from the web. How will you deal with the problem, that one user can flood your SMTP Server with tousends of emails within 10-20 minutes? On a similar vein, detecting customer IPs trying to connect to 47.129.25.87 on port 25 (no legitimate email goes there) will give you similar intelligence, tho, it's not quite as definitive as a CBL listing. Most reliable if you exclude legitimate customer mail servers (bounced forged spam and virii) or correlate to the CBL. Couple either or both with an autodisconnect script like what Suresh suggested.
|