[125726] in North American Network Operators' Group
Re: Mail Submission Protocol
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Wed Apr 21 21:37:00 2010
In-Reply-To: <1271859483.3681.25.camel@akamiru>
Date: Thu, 22 Apr 2010 07:05:56 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
To: Alex Kamiru <nderitualex@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Log and monitor all that you can. And watch for a large number of IPs
logging into an account over a day (over a set limit - even across
country - that takes into account "home - blackberry - airport lounge
- airport lounge in another country - hotel - RIPE meeting venue"
type scenarios).
And especially watch for and/or firewall off logins from areas from
where you see particularly high levels of smtp auth abuse / logins to
compromised accounts
--srs
2010/4/21 Alex Kamiru <nderitualex@gmail.com>:
>>>Inside customers, we have not changed to force port 587 and
>>>authentication for email clients, but the topic has come up in
>>>discussions. =C2=A0This won't of course, stop spammers if they are hijac=
king
>>>the users local email client settings.
>
> How best would you stop spammers hijacking local users email clients
>
> -Mike
