North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SPAM from own customers

  • From: Chris Lewis
  • Date: Tue Dec 02 16:07:02 2003

Michel Renfer wrote:
Hi All

The topic "Spam sent over infected or malconfigured enduser pc's"
will become an big issue. We saw Virus' sending Spam directly from
the users pc, downloading the recipient list and the payload trough
HTTP from the web.

How will you deal with the problem, that one user can flood your
SMTP Server with tousends of emails within 10-20 minutes?
In addition to the other suggestions, scanning the CBL ( for your own IPs is useful from an operational standpoint to find open proxies and trojans.

On a similar vein, detecting customer IPs trying to connect to on port 25 (no legitimate email goes there) will give you similar intelligence, tho, it's not quite as definitive as a CBL listing. Most reliable if you exclude legitimate customer mail servers (bounced forged spam and virii) or correlate to the CBL.

Couple either or both with an autodisconnect script like what Suresh suggested.