Re: Cisco PIX Version 6.3(3) SMTP Problem

[Devdas Bhagat <devdas () dvb homelinux org>]

On 06/07/05 10:00 -0700, Gregory Hicks wrote:
<snip>
> For a home or SMALL business, I'd rather run my own mail scanner as
> well.  For a medium to large business, I'd almost rather outsource the
> spam suppression.

Why? 
If you use a properly configured set of systems rejecting spam at the
very edge, you can reject most of your spam without even hitting the
content filters. Filter out specific file extensions as well, and you
have very few things to really worry about (zipped viruses mostly).

Using DNSBLs effectively is a nice way of blocking a lot of spam.
Another trick is to block systems which helo as a domain you host, or
the hostname/domain name of your system. Add in sender NS and MX checks
for valid MX IP addresses, and you lose a crapload of spam just like
that. And a check on proper ESMTP pipelining usage.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards