nanog mailing list archives
Re: Lazy network operators
From: John Curran <jcurran () istaff org>
Date: Tue, 13 Apr 2004 15:52:47 -0400
At 8:39 PM +0100 4/13/04, Stephen J. Wilcox wrote:
Most of the spam I'm seeing comes directly from end user hosts that have either an open proxy on them or some kind of malware with its own SMTP engine designed to send out junk.. in this model the only port 25 traffic is that from the end host coming outwards, I believe you're suggestion is to filter port 25 towards hosts. Even blocking the outbound 25 traffic (eg pushing it via the ISP SMTP relay) will not stop the emails. It is possible to extend this and implement some sort of statistical sanity checking on the mail being relayed (eg alarm/deny mail once it exceeds X/minute/host) which is potentially a workable solution.
Steve, I'm very much suggesting blocking outward to the Internet port 25 traffic, except from configured mail relays for that end-user site. Those hosts which have MSTP malware are stopped cold as a result. /John
Current thread:
- Re: Abuse mail boxese (was Re: Lazy network operators), (continued)
- Re: Abuse mail boxese (was Re: Lazy network operators) Deepak Jain (Apr 12)
- Re: Abuse mail boxese (was Re: Lazy network operators) Dan Hollis (Apr 12)
- Re: Abuse mail boxese (was Re: Lazy network operators) Paul Vixie (Apr 12)
- Re: Abuse mail boxese (was Re: Lazy network operators) Eric A. Hall (Apr 12)
- Re: Abuse mail boxese (was Re: Lazy network operators) J.D. Falk (Apr 12)
- Re: Lazy network operators Paul Vixie (Apr 12)
- Re: Lazy network operators E.B. Dreger (Apr 13)
- Re: Lazy network operators Stephen J. Wilcox (Apr 13)
- Re: Lazy network operators John Curran (Apr 13)
- Re: Lazy network operators Sean Donelan (Apr 13)
- Re: Lazy network operators Andrew - Supernews (Apr 13)
- Re: Lazy network operators Iljitsch van Beijnum (Apr 13)
- Re: Lazy network operators John Curran (Apr 13)
- Re: Lazy network operators Randy Bush (Apr 13)
- Re: Lazy network operators Christopher L. Morrow (Apr 13)
- Re: Lazy network operators Randy Bush (Apr 13)
- Re: Lazy network operators Christopher L. Morrow (Apr 13)
- Re: Lazy network operators Robert E. Seastrom (Apr 14)
- Routing issues Simon Brilus (Apr 14)