Re: Time to check the rate limits on your mail servers

[Patrick W Gilmore <patrick () ianai net>]

On Feb 3, 2005, at 9:30 AM, up () 3 am wrote:

> > One additional thing that I think wasnt mentioned in the article -
> > Make sure your MXs (inbound servers) are separate from your outbound
> > machines, and that the MX servers dont relay email for your dynamic IP
> > netblock. Some other trojans do stuff like getting the ppp domain name
> > / rDNS name of the assigned IP etc and then "nslookup -q=mx
> > domain.com", then set itself up so that all its payloads get delivered
> > out of the domain's MX servers
>
> Easier said than done, especially if you're a small ISP that's been 
> doing
> POP before SMTP and changing this requires that every customer's 
> settings
> be changed.

IMHO, if you are a small ISP and limit the # of e-mails per user per 
day, even to something like 1K, you probably don't have to separate the 
MX & SMTP servers.  But that's me, others might still think you were 
being "irresponsible".


> Is there any info on how this zombie is spread?  ie, email worms, 
> direct
> port attacks, etc.  If the former, there's hope of nipping it in the 
> bud
> with anti-virus filtering.

All of the above.

--
TTFN,
patrick