|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Port 25 - Blacklash
Suresh Ramasubramanian wrote: You forgot to add the ability to rate-limit by ip sender or by authenticated user, all tools in bringing trojaned users under control.On 4/27/05, Joel Jaeggli <[email protected]> wrote:In any event the malware is already ahead of port 25 blocking and is leveraging ISP smarthosting. SMTP-Auth is the pill to ease this pain/Really smtp-auth will solve it? or do most windows mua's cache your password?They sure do cache the password. But with smtp auth, the infected user is stamped in the email headers, and all over my MTA logs, when a bot that hijacks his PC starts spamming. I can easily remove auth privileges for his account, and/or limit his access to a walled garden till such time as he cleans up - without taking the trouble to match timestamps of the spam + dig into radius logs Easier to identify, and easier to lock down, than unauthenticated access --srs
|