How do you stop outgoing spam?

• Previous message (by thread): How do you stop outgoing spam?
• Next message (by thread): How do you stop outgoing spam?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The spamming is usually done (but not only) from an Internet cafe where the 
> spammer inserts a "spammer CD" and blasts away at open mail relays.  When 
> SMTP is blocked for that IP

outbound SMTP should be blocked for any dynamic or dialup source within
a network.  a rule of thumb might be that if nat or dhcp is involved, then
you should be firewalling outbound smtp.  likewise for an internet cafe:
these are untrusted edges and the only things they should be able to reach
are either (a) other parts of the untrusted edge, or (b) a place where they
can authenticate themselves in order to reach further.

> ..., they switch to HTTP and send the spam via MSN, Yahoo, Hotmail,
> Kukamail, Outblaze, Safe-mail, etc. to name just a few.  Blocking port 80
> is harder since it requires maintaining an ever larger list of free
> public web based mail systems or just block port 80 entirely.

per-destination host AND port egress rate shaping.  if someone tries to send
more than 1Kbit/sec to all port 80's, or more than 1Kbit/sec to any single
IP address, then you can safely RED their overage.  this violates the whole
peer-to-peer model but there's no help for that in the short term.  if some
internet cafe has a CuCme camera setup then you can find a way to let that
traffic off-net without rate shaping.  this will be the exception.
-- 
Paul Vixie

• Previous message (by thread): How do you stop outgoing spam?
• Next message (by thread): How do you stop outgoing spam?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]