Mail Submission Protocol

Suresh Ramasubramanian ops.lists at gmail.com
Thu Apr 22 03:16:18 UTC 2010


No. UCEProtect is certainly not a decent or any other kind of place to start.

The MAAWG BCPs have far more available than one of the worst
maintained blacklists that has ever been in existence.

If you want FAQs from blocklists - there is much that's available on
the spamhaus.org website

On Thu, Apr 22, 2010 at 8:24 AM, Franck Martin <franck at genius.com> wrote:
> If you have left port 25 open, this is a good place to start.
>
> http://www.uceprotect.net/en/rblcheck.php
>
> I suspect any decent IDS will tell you which machine has weird traffic. I suppose you can put rules based on the IDS result to redirect them to a special web page to tell them, they have to do something.
>
> The main issue, it not to know which machines are hijacked, but to support these machines.
>
> ----- Original Message -----
> From: "Suresh Ramasubramanian" <ops.lists at gmail.com>
> To: "Alex Kamiru" <nderitualex at gmail.com>
> Cc: nanog at nanog.org
> Sent: Thursday, 22 April, 2010 1:35:56 PM
> Subject: Re: Mail Submission Protocol
>
> Log and monitor all that you can. And watch for a large number of IPs
> logging into an account over a day (over a set limit - even across
> country - that takes into account "home - blackberry - airport lounge
> - airport lounge in another country - hotel - RIPE meeting venue"
> type scenarios).
>
> And especially watch for and/or firewall off logins from areas from
> where you see particularly high levels of smtp auth abuse / logins to
> compromised accounts
>
> --srs
>
> 2010/4/21 Alex Kamiru <nderitualex at gmail.com>:
>>>>Inside customers, we have not changed to force port 587 and
>>>>authentication for email clients, but the topic has come up in
>>>>discussions. This won't of course, stop spammers if they are
>>>>hijacking the users local email client settings.
>>
>> How best would you stop spammers hijacking local users email clients
>>
>> -Mike
>



-- 
Suresh Ramasubramanian (ops.lists at gmail.com)




More information about the NANOG mailing list