How do you stop outgoing spam?
Paul Vixie
vixie at vix.com
Mon Sep 9 20:20:31 UTC 2002
> The spamming is usually done (but not only) from an Internet cafe where the
> spammer inserts a "spammer CD" and blasts away at open mail relays. When
> SMTP is blocked for that IP
outbound SMTP should be blocked for any dynamic or dialup source within
a network. a rule of thumb might be that if nat or dhcp is involved, then
you should be firewalling outbound smtp. likewise for an internet cafe:
these are untrusted edges and the only things they should be able to reach
are either (a) other parts of the untrusted edge, or (b) a place where they
can authenticate themselves in order to reach further.
> ..., they switch to HTTP and send the spam via MSN, Yahoo, Hotmail,
> Kukamail, Outblaze, Safe-mail, etc. to name just a few. Blocking port 80
> is harder since it requires maintaining an ever larger list of free
> public web based mail systems or just block port 80 entirely.
per-destination host AND port egress rate shaping. if someone tries to send
more than 1Kbit/sec to all port 80's, or more than 1Kbit/sec to any single
IP address, then you can safely RED their overage. this violates the whole
peer-to-peer model but there's no help for that in the short term. if some
internet cafe has a CuCme camera setup then you can find a way to let that
traffic off-net without rate shaping. this will be the exception.
--
Paul Vixie
More information about the NANOG
mailing list