North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Time to check the rate limits on your mail servers

  • From: Patrick W Gilmore
  • Date: Thu Feb 03 09:45:40 2005

On Feb 3, 2005, at 9:30 AM, [email protected] wrote:

One additional thing that I think wasnt mentioned in the article -
Make sure your MXs (inbound servers) are separate from your outbound
machines, and that the MX servers dont relay email for your dynamic IP
netblock. Some other trojans do stuff like getting the ppp domain name
/ rDNS name of the assigned IP etc and then "nslookup -q=mx", then set itself up so that all its payloads get delivered
out of the domain's MX servers
Easier said than done, especially if you're a small ISP that's been doing
POP before SMTP and changing this requires that every customer's settings
be changed.
IMHO, if you are a small ISP and limit the # of e-mails per user per day, even to something like 1K, you probably don't have to separate the MX & SMTP servers. But that's me, others might still think you were being "irresponsible".

Is there any info on how this zombie is spread? ie, email worms, direct
port attacks, etc. If the former, there's hope of nipping it in the bud
with anti-virus filtering.
All of the above.