Time to check the rate limits on your mail servers
Gadi Evron
ge at linuxbox.org
Thu Feb 3 14:47:25 UTC 2005
Michael.Dillon at radianz.com wrote:
> CNET reports
> http://news.com.com/Zombie+trick+expected+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=cd.top
> that botnets are now routing their mail traffic through the local
> ISP's mail servers rather than trying their own port 25
> connections.
Both on ASRG and here on NANOG, many of us said many times, and most of
the times people called me crazy;
1. Block port 25 for dynamic ranges - that will kill the current strain
of worms.
2. It won't solve spam, and neither will SPF or anything else of the
sort, as when you have 100K zombies, you don't need to act a server, you
can use the real credentials for the user, and even if limited to a 1000
messages, that times 100K drones is...
The issue is numbers, and how to reduce them, not stop the tide.
Currently there is a discussion of this on Spam-Research [1], quite
interesting.
Gadi.
1 - Spam-Research archives:
https://linuxbox.org/cgi-bin/mailman/listinfo/spam
More information about the NANOG
mailing list