Time to check the rate limits on your mail servers
Patrick W Gilmore
patrick at ianai.net
Thu Feb 3 14:44:24 UTC 2005
On Feb 3, 2005, at 9:30 AM, up at 3.am wrote:
>> One additional thing that I think wasnt mentioned in the article -
>> Make sure your MXs (inbound servers) are separate from your outbound
>> machines, and that the MX servers dont relay email for your dynamic IP
>> netblock. Some other trojans do stuff like getting the ppp domain name
>> / rDNS name of the assigned IP etc and then "nslookup -q=mx
>> domain.com", then set itself up so that all its payloads get delivered
>> out of the domain's MX servers
>
> Easier said than done, especially if you're a small ISP that's been
> doing
> POP before SMTP and changing this requires that every customer's
> settings
> be changed.
IMHO, if you are a small ISP and limit the # of e-mails per user per
day, even to something like 1K, you probably don't have to separate the
MX & SMTP servers. But that's me, others might still think you were
being "irresponsible".
> Is there any info on how this zombie is spread? ie, email worms,
> direct
> port attacks, etc. If the former, there's hope of nipping it in the
> bud
> with anti-virus filtering.
All of the above.
--
TTFN,
patrick
More information about the NANOG
mailing list