North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Lazy network operators
At 8:39 PM +0100 4/13/04, Stephen J. Wilcox wrote: >Most of the spam I'm seeing comes directly from end user hosts that have either >an open proxy on them or some kind of malware with its own SMTP engine designed >to send out junk.. in this model the only port 25 traffic is that from the end >host coming outwards, I believe you're suggestion is to filter port 25 towards >hosts. > >Even blocking the outbound 25 traffic (eg pushing it via the ISP SMTP relay) >will not stop the emails. It is possible to extend this and implement some sort >of statistical sanity checking on the mail being relayed (eg alarm/deny mail >once it exceeds X/minute/host) which is potentially a workable solution. Steve, I'm very much suggesting blocking outward to the Internet port 25 traffic, except from configured mail relays for that end-user site. Those hosts which have MSTP malware are stopped cold as a result. /John
|