How do you stop outgoing spam?

Brad Knowles brad.knowles at skynet.be
Mon Sep 9 21:31:44 UTC 2002


At 10:08 AM -0700 2002/09/09, John M. Brown wrote:

>  How do you determin what is spam ?
>
>  Not trying to be difficult or start another bloody thread.
>
>  It would seem to me that in order to create an "off the shelf"
>  non NOC-updating solution, you would have to beable to define
>  "what is spam"  and then you could "detect it".

	You could transparently proxy port 25 for all outgoing traffic, 
and then run spamassassin on that machine (collection of machines). 
You could do a slightly modified version to look at the traffic on 
port 80.  Not only would you be looking for standard spam keywords, 
but you would also be looking at spam reports from other people 
(e.g., Vipul's Razor), so this should continue to adapt as the spam 
attacks change.

	However, I also like the idea of doing a bandwidth budget on a 
per machine basis, with short term bursts allowing for most "normal" 
activity.

-- 
Brad Knowles, <brad.knowles at skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)



More information about the NANOG mailing list