nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The worst abuse e-mail ever, sverige.net

From: "Mike Nice" <niceman () att net>
Date: Thu, 23 Sep 2004 10:09:15 -0400


Our system is similar, except we block port 25 completely via RADIUS
after we detect an outgoing virus or spam,


Detect how?


 We don't sniff traffic for suspicious signatures at this point.    Viruses
are eventually caught by the assumption that "send to everyone in the
address book" eventually will hit an address on the same mail server.
Quarantined viruses are categorized by local user and IP address to identify
the sender from RADIUS accounting records.

   Spam is based only on reports - those Spamcop reports are acted on by
some people!
Previous By Date Next
Previous By Thread Next

Current thread: