ISP wants to stop outgoing web based spam
Ken Simpson
ksimpson at mailchannels.com
Wed Aug 9 15:51:24 UTC 2006
Hi Hank,
Have you had any luck combining Squid in a transparent proxy
configuration with SpamAssassin? A commercial plugin like Cloudmark
might provide better performance (since it doesn't have to evaluate
thousands of regex rules for each connection).
How to run Squid as a transparent proxy:
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy
I haven't figured out how to get Squid to let you run a script to scan
and modify requests that are passing through. If you can figure that
out I'd love to know!
Otherwise, you might try looking at a couple of security auditing
proxies:
http://www.parosproxy.org/functions.shtml (Java)
http://www.immunitysec.com/resources-freesoftware.shtml (Spike Proxy,
Python)
.. Or you could roll your own simple CGI script that accepts web
queries and uses LWP or another simple package to fetch the results --
scanning for spam at the same time.
Regards,
Ken Simpson
MailChannels
Hank Nussbacher [09/08/06 18:11 +0300]:
>
> On Wed, 9 Aug 2006, Mills, Charles wrote:
>
> I guess I wasn't clear enough in my first posting. I am not interested in
> smtp (port 25 spam). We have that covered. I am only interested in
> blocking outgoing web based spam. A user sits and sends out spam via
> automated tools via Hotmail, Yahoo, Gmail, or whatever Webmail system
> where they have set up thousands of throwaway users. An antispam proxy
> (that I want to install and manage) has to be able to come between the
> user on his/her PC and the Hotmail system and scan the http posts and page
> templates for things like number of receipents and other tricks like
> keeping track of the number of http posts. It has to maintain a list of
> known free webmail systems that are abused.
>
> Based on my stats from Spamcop, 60% of all outgoing spam is http based
> rather than smtp based. Others may have slightly higher or lower numbers.
>
> So, is there any magic fu out there to solve this?
--
MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com
--
Suite 203, 910 Richards St.
Vancouver, BC, V6B 3C1, Canada
Direct: +1-604-729-1741
More information about the NANOG
mailing list