SPAM from own customers

• Previous message (by thread): SPAM from own customers
• Next message (by thread): objective performance tests - broadwing, cogent
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michel Renfer wrote:
> Hi All
> 
> The topic "Spam sent over infected or malconfigured enduser pc's"
> will become an big issue. We saw Virus' sending Spam directly from
> the users pc, downloading the recipient list and the payload trough
> HTTP from the web.
> 
> How will you deal with the problem, that one user can flood your
> SMTP Server with tousends of emails within 10-20 minutes?

In addition to the other suggestions, scanning the CBL (cbl.abuseat.org) 
for your own IPs is useful from an operational standpoint to find open 
proxies and trojans.

On a similar vein, detecting customer IPs trying to connect to 
47.129.25.87 on port 25 (no legitimate email goes there) will give you 
similar intelligence, tho, it's not quite as definitive as a CBL 
listing. Most reliable if you exclude legitimate customer mail servers 
(bounced forged spam and virii) or correlate to the CBL.

Couple either or both with an autodisconnect script like what Suresh 
suggested.

• Previous message (by thread): SPAM from own customers
• Next message (by thread): objective performance tests - broadwing, cogent
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]