Re: How do you stop outgoing spam?

["John M. Brown" <john () chagresventures com>]

How do you determin what is spam ?

Not trying to be difficult or start another bloody thread.

It would seem to me that in order to create an "off the shelf"
non NOC-updating solution, you would have to beable to define
"what is spam"  and then you could "detect it".

The only thing that comes to this feeble mind is something ala
Snort, with a rule set that will catch most common "finger prints"
of spam.  The IDS would then have to trigger something to drop
packets and alert the NOC.

I guess if you treat it as an "Intruder" you might be closer at
achieving your goals.

just an idea.

john brown

On Mon, Sep 09, 2002 at 12:17:08PM +0300, Hank Nussbacher wrote:
> Please try to keep this discussion technical and not diverge to 
> opinions.  I am not looking for opinions or religion.  I am trying to find 
> automated tools/systems/boxes that will stop spam from going *out* from an 
> ISP.  The ISP has no servers and allocates IP address space to downstream 
> customers who spam.  Yes, I know all about ACLs to block offending 
> IPs.  The ISP is willing to buy any box or system to stop outgoing spams 
> and thereby stop constantly playing with ACLs.
>
> The spamming is usually done (but not only) from an Internet cafe where the 
> spammer inserts a "spammer CD" and blasts away at open mail relays.  When 
> SMTP is blocked for that IP, they switch to HTTP and send the spam via MSN, 
> Yahoo, Hotmail, Kukamail, Outblaze, Safe-mail, etc. to name just a 
> few.  Blocking port 80 is harder since it requires maintaining an ever 
> larger list of free public web based mail systems or just block port 80 
> entirely.
>
> Technical solutions welcome.
>
> Thanks,
> Hank