[69503] in North American Network Operators' Group
Re: Lazy network operators
daemon@ATHENA.MIT.EDU (John Curran)
Tue Apr 13 15:54:13 2004
In-Reply-To:
<Pine.LNX.4.44.0404132031020.800-100000@server2.tcw.telecomplete.net>
Date: Tue, 13 Apr 2004 15:52:47 -0400
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
From: John Curran <jcurran@istaff.org>
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
At 8:39 PM +0100 4/13/04, Stephen J. Wilcox wrote:
>Most of the spam I'm seeing comes directly from end user hosts that have either
>an open proxy on them or some kind of malware with its own SMTP engine designed
>to send out junk.. in this model the only port 25 traffic is that from the end
>host coming outwards, I believe you're suggestion is to filter port 25 towards
>hosts.
>
>Even blocking the outbound 25 traffic (eg pushing it via the ISP SMTP relay)
>will not stop the emails. It is possible to extend this and implement some sort
>of statistical sanity checking on the mail being relayed (eg alarm/deny mail
>once it exceeds X/minute/host) which is potentially a workable solution.
Steve,
I'm very much suggesting blocking outward to the Internet port 25
traffic, except from configured mail relays for that end-user site.
Those hosts which have MSTP malware are stopped cold as a result.
/John
