[51882] in North American Network Operators' Group
Re: How do you stop outgoing spam?
daemon@ATHENA.MIT.EDU (Paul Vixie)
Mon Sep 9 16:46:43 2002
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 09 Sep 2002 20:20:31 +0000
In-Reply-To: <5.1.0.14.2.20020909120631.0103a3d8@max.att.net.il>
Errors-To: owner-nanog-outgoing@merit.edu
> The spamming is usually done (but not only) from an Internet cafe where the
> spammer inserts a "spammer CD" and blasts away at open mail relays. When
> SMTP is blocked for that IP
outbound SMTP should be blocked for any dynamic or dialup source within
a network. a rule of thumb might be that if nat or dhcp is involved, then
you should be firewalling outbound smtp. likewise for an internet cafe:
these are untrusted edges and the only things they should be able to reach
are either (a) other parts of the untrusted edge, or (b) a place where they
can authenticate themselves in order to reach further.
> ..., they switch to HTTP and send the spam via MSN, Yahoo, Hotmail,
> Kukamail, Outblaze, Safe-mail, etc. to name just a few. Blocking port 80
> is harder since it requires maintaining an ever larger list of free
> public web based mail systems or just block port 80 entirely.
per-destination host AND port egress rate shaping. if someone tries to send
more than 1Kbit/sec to all port 80's, or more than 1Kbit/sec to any single
IP address, then you can safely RED their overage. this violates the whole
peer-to-peer model but there's no help for that in the short term. if some
internet cafe has a CuCme camera setup then you can find a way to let that
traffic off-net without rate shaping. this will be the exception.
--
Paul Vixie
