Lazy network operators
John Curran
jcurran at istaff.org
Tue Apr 13 19:52:47 UTC 2004
At 8:39 PM +0100 4/13/04, Stephen J. Wilcox wrote:
>Most of the spam I'm seeing comes directly from end user hosts that have either
>an open proxy on them or some kind of malware with its own SMTP engine designed
>to send out junk.. in this model the only port 25 traffic is that from the end
>host coming outwards, I believe you're suggestion is to filter port 25 towards
>hosts.
>
>Even blocking the outbound 25 traffic (eg pushing it via the ISP SMTP relay)
>will not stop the emails. It is possible to extend this and implement some sort
>of statistical sanity checking on the mail being relayed (eg alarm/deny mail
>once it exceeds X/minute/host) which is potentially a workable solution.
Steve,
I'm very much suggesting blocking outward to the Internet port 25
traffic, except from configured mail relays for that end-user site.
Those hosts which have MSTP malware are stopped cold as a result.
/John
More information about the NANOG
mailing list