Port 25 - Blacklash

• Previous message (by thread): Port 25 - Blacklash
• Next message (by thread): Port 25 - Blacklash
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Suresh Ramasubramanian wrote:
> On 4/27/05, Joel Jaeggli <joelja at darkwing.uoregon.edu> wrote:
> 
>>>In any event the malware is already ahead of port 25 blocking and is
>>>leveraging ISP smarthosting. SMTP-Auth is the pill to ease this pain/
>>
>>Really smtp-auth will solve it? or do most windows mua's cache your
>>password?
> 
> 
> They sure do cache the password.
> 
> But with smtp auth, the infected user is stamped in the email headers,
> and all over my MTA logs, when a bot that hijacks his PC starts
> spamming.
> 
> I can easily remove auth privileges for his account, and/or limit his
> access to a walled garden till such time as he cleans up - without
> taking the trouble to match timestamps of the spam + dig into radius
> logs
> 
> Easier to identify, and easier to lock down, than unauthenticated access
> 
> --srs
> 
> 
You forgot to add the ability to rate-limit by ip sender or by 
authenticated user, all tools in bringing trojaned users under control.

• Previous message (by thread): Port 25 - Blacklash
• Next message (by thread): Port 25 - Blacklash
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]