|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ISP wants to stop outgoing web based spam
Hi Hank, Have you had any luck combining Squid in a transparent proxy configuration with SpamAssassin? A commercial plugin like Cloudmark might provide better performance (since it doesn't have to evaluate thousands of regex rules for each connection). How to run Squid as a transparent proxy: http://wiki.squid-cache.org/SquidFaq/InterceptionProxy I haven't figured out how to get Squid to let you run a script to scan and modify requests that are passing through. If you can figure that out I'd love to know! Otherwise, you might try looking at a couple of security auditing proxies: http://www.parosproxy.org/functions.shtml (Java) http://www.immunitysec.com/resources-freesoftware.shtml (Spike Proxy, Python) .. Or you could roll your own simple CGI script that accepts web queries and uses LWP or another simple package to fetch the results -- scanning for spam at the same time. Regards, Ken Simpson MailChannels Hank Nussbacher [09/08/06 18:11 +0300]: > > On Wed, 9 Aug 2006, Mills, Charles wrote: > > I guess I wasn't clear enough in my first posting. I am not interested in > smtp (port 25 spam). We have that covered. I am only interested in > blocking outgoing web based spam. A user sits and sends out spam via > automated tools via Hotmail, Yahoo, Gmail, or whatever Webmail system > where they have set up thousands of throwaway users. An antispam proxy > (that I want to install and manage) has to be able to come between the > user on his/her PC and the Hotmail system and scan the http posts and page > templates for things like number of receipents and other tricks like > keeping track of the number of http posts. It has to maintain a list of > known free webmail systems that are abused. > > Based on my stats from Spamcop, 60% of all outgoing spam is http based > rather than smtp based. Others may have slightly higher or lower numbers. > > So, is there any magic fu out there to solve this? -- MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com -- Suite 203, 910 Richards St. Vancouver, BC, V6B 3C1, Canada Direct: +1-604-729-1741
|