nanog mailing list archives
Re: Mail Submission Protocol
From: Franck Martin <franck () genius com>
Date: Thu, 22 Apr 2010 14:54:37 +1200 (MAGST)
If you have left port 25 open, this is a good place to start. http://www.uceprotect.net/en/rblcheck.php I suspect any decent IDS will tell you which machine has weird traffic. I suppose you can put rules based on the IDS result to redirect them to a special web page to tell them, they have to do something. The main issue, it not to know which machines are hijacked, but to support these machines. ----- Original Message ----- From: "Suresh Ramasubramanian" <ops.lists () gmail com> To: "Alex Kamiru" <nderitualex () gmail com> Cc: nanog () nanog org Sent: Thursday, 22 April, 2010 1:35:56 PM Subject: Re: Mail Submission Protocol Log and monitor all that you can. And watch for a large number of IPs logging into an account over a day (over a set limit - even across country - that takes into account "home - blackberry - airport lounge - airport lounge in another country - hotel - RIPE meeting venue" type scenarios). And especially watch for and/or firewall off logins from areas from where you see particularly high levels of smtp auth abuse / logins to compromised accounts --srs 2010/4/21 Alex Kamiru <nderitualex () gmail com>:
Inside customers, we have not changed to force port 587 and authentication for email clients, but the topic has come up in discussions. This won't of course, stop spammers if they are hijacking the users local email client settings.How best would you stop spammers hijacking local users email clients -Mike
Current thread:
- Mail Submission Protocol Claudio Lapidus (Apr 21)
- Re: Mail Submission Protocol Dan White (Apr 21)
- Re: Mail Submission Protocol Daniel Senie (Apr 21)
- RE: Mail Submission Protocol Mike Walter (Apr 21)
- Re: Mail Submission Protocol Leen Besselink (Apr 21)
- RE: Mail Submission Protocol Alex Kamiru (Apr 21)
- Re: Mail Submission Protocol Suresh Ramasubramanian (Apr 21)
- Re: Mail Submission Protocol Franck Martin (Apr 21)
- Re: Mail Submission Protocol Suresh Ramasubramanian (Apr 21)
- Re: Mail Submission Protocol Dave CROCKER (Apr 22)
- Re: Mail Submission Protocol Dan White (Apr 21)
- Re: Mail Submission Protocol Jakob Schlyter (Apr 21)
- Re: Mail Submission Protocol Franck Martin (Apr 21)
- <Possible follow-ups>
- Re: Mail Submission Protocol Tony Finch (Apr 22)
- Re: Mail Submission Protocol Raoul Bhatia [IPAX] (Apr 22)
- Re: Mail Submission Protocol Jeroen van Aart (Apr 27)
- Re: Mail Submission Protocol Raoul Bhatia [IPAX] (Apr 22)