Time to check the rate limits on your mail servers
Raymond Dijkxhoorn
raymond at prolocation.net
Thu Feb 3 14:24:18 UTC 2005
Hi!
> http://news.com.com/Zombie+trick+expected+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=cd.top
>> that botnets are now routing their mail traffic through the local
>> ISP's mail servers rather than trying their own port 25
>> connections.
> Now? We (and AOL, and some other large networks) have been seeing
> this thing go on since over a year.
Indeed, we also see this a long time now. Most of them specific spamruns
towards the bigger players... (AOL alike).
>> Do you let your customers send an unlimited number of
>> emails per day? Per hour? Per minute? If so, then why?
> One additional thing that I think wasnt mentioned in the article -
> Make sure your MXs (inbound servers) are separate from your outbound
> machines, and that the MX servers dont relay email for your dynamic IP
> netblock. Some other trojans do stuff like getting the ppp domain name
> / rDNS name of the assigned IP etc and then "nslookup -q=mx
> domain.com", then set itself up so that all its payloads get delivered
> out of the domain's MX servers
So the next article would say 'lets now all seperate MX and SMTP servers'
still a LOT of large players combining those two. Giving troyans doing the
above scenario a open door.
Bye,
Raymond.
More information about the NANOG
mailing list