nanog mailing list archives

Re: ISP wants to stop outgoing web based spam

From: Ken Simpson <ksimpson () mailchannels com>
Date: Wed, 9 Aug 2006 08:51:24 -0700


Hi Hank,

Have you had any luck combining Squid in a transparent proxy
configuration with SpamAssassin? A commercial plugin like Cloudmark
might provide better performance (since it doesn't have to evaluate
thousands of regex rules for each connection).

How to run Squid as a transparent proxy:
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy

I haven't figured out how to get Squid to let you run a script to scan
and modify requests that are passing through. If you can figure that
out I'd love to know!

Otherwise, you might try looking at a couple of security auditing
proxies:

http://www.parosproxy.org/functions.shtml (Java)
http://www.immunitysec.com/resources-freesoftware.shtml (Spike Proxy,
Python)

.. Or you could roll your own simple CGI script that accepts web
queries and uses LWP or another simple package to fetch the results --
scanning for spam at the same time.

Regards,
Ken Simpson
MailChannels

Hank Nussbacher [09/08/06 18:11 +0300]:


On Wed, 9 Aug 2006, Mills, Charles wrote:

I guess I wasn't clear enough in my first posting.  I am not interested in 
smtp (port 25 spam).  We have that covered.  I am only interested in 
blocking outgoing web based spam.  A user sits and sends out spam via 
automated tools via Hotmail, Yahoo, Gmail, or whatever Webmail system 
where they have set up thousands of throwaway users.  An antispam proxy 
(that I want to install and manage) has to be able to come between the 
user on his/her PC and the Hotmail system and scan the http posts and page 
templates for things like number of receipents and other tricks like 
keeping track of the number of http posts.  It has to maintain a list of 
known free webmail systems that are abused.

Based on my stats from Spamcop, 60% of all outgoing spam is http based 
rather than smtp based.  Others may have slightly higher or lower numbers.

So, is there any magic fu out there to solve this?


-- 
MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com

--
Suite 203, 910 Richards St.
Vancouver, BC, V6B 3C1, Canada
Direct: +1-604-729-1741

Current thread:

Re: ISP wants to stop outgoing web based spam, (continued)
- - - Re: ISP wants to stop outgoing web based spam Barry Shein (Aug 10)
    - Re: ISP wants to stop outgoing web based spam Peter Corlett (Aug 11)
    - Re: ISP wants to stop outgoing web based spam Valdis . Kletnieks (Aug 11)
    - fingerprinting and spam ID (was: Re: ISP wants to stop outgoing web based spam) Steven Champeon (Aug 11)
    - Re: fingerprinting and spam ID (was: Re: ISP wants to stop outgoing web based spam) Ken Simpson (Aug 11)
    - Re: fingerprinting and spam ID Petri Helenius (Aug 12)
    - Re: ISP wants to stop outgoing web based spam Ken Simpson (Aug 11)
    - Message not available
    - Re: ISP wants to stop outgoing web based spam Ken Simpson (Aug 11)
    - Re: ISP wants to stop outgoing web based spam Florian Weimer (Aug 10)
    - Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 10)
  - Re: ISP wants to stop outgoing web based spam Ken Simpson (Aug 09)
  - Re: ISP wants to stop outgoing web based spam Florian Weimer (Aug 10)
    - Re: ISP wants to stop outgoing web based spam Hank Nussbacher (Aug 10)
    - Re: ISP wants to stop outgoing web based spam Simon Waters (Aug 11)
    - Re: ISP wants to stop outgoing web based spam Peter Corlett (Aug 11)
- Re: ISP wants to stop outgoing web based spam Allan Poindexter (Aug 09)
  - Re: ISP wants to stop outgoing web based spam Barry Shein (Aug 09)
    - Re: ISP wants to stop outgoing web based spam Allan Poindexter (Aug 09)