North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Time to check the rate limits on your mail servers
Hi! http://news.com.com/Zombie+trick+expected+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=cd.top that botnets are now routing their mail traffic through the local ISP's mail servers rather than trying their own port 25 connections. Indeed, we also see this a long time now. Most of them specific spamruns towards the bigger players... (AOL alike).Now? We (and AOL, and some other large networks) have been seeing this thing go on since over a year. Do you let your customers send an unlimited number of emails per day? Per hour? Per minute? If so, then why? So the next article would say 'lets now all seperate MX and SMTP servers' still a LOT of large players combining those two. Giving troyans doing the above scenario a open door.One additional thing that I think wasnt mentioned in the article - Make sure your MXs (inbound servers) are separate from your outbound machines, and that the MX servers dont relay email for your dynamic IP netblock. Some other trojans do stuff like getting the ppp domain name / rDNS name of the assigned IP etc and then "nslookup -q=mx domain.com", then set itself up so that all its payloads get delivered out of the domain's MX servers Bye, Raymond.
|