Re: Lazy network operators

[John Curran <jcurran () istaff org>]

At 8:39 PM +0100 4/13/04, Stephen J. Wilcox wrote:
> Most of the spam I'm seeing comes directly from end user hosts that have either 
> an open proxy on them or some kind of malware with its own SMTP engine designed 
> to send out junk.. in this model the only port 25 traffic is that from the end 
> host coming outwards, I believe you're suggestion is to filter port 25 towards 
> hosts.
>
> Even blocking the outbound 25 traffic (eg pushing it via the ISP SMTP relay) 
> will not stop the emails. It is possible to extend this and implement some sort 
> of statistical sanity checking on the mail being relayed (eg alarm/deny mail 
> once it exceeds X/minute/host) which is potentially a workable solution.

Steve,
 
   I'm very much suggesting blocking outward to the Internet port 25 
   traffic, except from configured mail relays for that end-user site.   
   Those hosts which have MSTP malware are stopped cold as a result.

/John