Time to check the rate limits on your mail servers

• Previous message (by thread): Time to check the rate limits on your mail servers
• Next message (by thread): Time to check the rate limits on your mail servers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 3, 2005, at 9:30 AM, up at 3.am wrote:

>> One additional thing that I think wasnt mentioned in the article -
>> Make sure your MXs (inbound servers) are separate from your outbound
>> machines, and that the MX servers dont relay email for your dynamic IP
>> netblock. Some other trojans do stuff like getting the ppp domain name
>> / rDNS name of the assigned IP etc and then "nslookup -q=mx
>> domain.com", then set itself up so that all its payloads get delivered
>> out of the domain's MX servers
>
> Easier said than done, especially if you're a small ISP that's been 
> doing
> POP before SMTP and changing this requires that every customer's 
> settings
> be changed.

IMHO, if you are a small ISP and limit the # of e-mails per user per 
day, even to something like 1K, you probably don't have to separate the 
MX & SMTP servers.  But that's me, others might still think you were 
being "irresponsible".


> Is there any info on how this zombie is spread?  ie, email worms, 
> direct
> port attacks, etc.  If the former, there's hope of nipping it in the 
> bud
> with anti-virus filtering.

All of the above.

-- 
TTFN,
patrick

• Previous message (by thread): Time to check the rate limits on your mail servers
• Next message (by thread): Time to check the rate limits on your mail servers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]