The worst abuse e-mail ever, sverige.net

Mike Nice niceman at att.net
Thu Sep 23 14:09:15 UTC 2004


> > Our system is similar, except we block port 25 completely via RADIUS
> > after we detect an outgoing virus or spam,
>
> Detect how?

 We don't sniff traffic for suspicious signatures at this point.    Viruses
are eventually caught by the assumption that "send to everyone in the
address book" eventually will hit an address on the same mail server.
Quarantined viruses are categorized by local user and IP address to identify
the sender from RADIUS accounting records.

   Spam is based only on reports - those Spamcop reports are acted on by
some people!





More information about the NANOG mailing list