[74360] in North American Network Operators' Group
Re: The worst abuse e-mail ever, sverige.net
daemon@ATHENA.MIT.EDU (Mike Nice)
Thu Sep 23 10:09:53 2004
From: "Mike Nice" <niceman@att.net>
To: <nanog@merit.edu>
Date: Thu, 23 Sep 2004 10:09:15 -0400
Errors-To: owner-nanog-outgoing@merit.edu
> > Our system is similar, except we block port 25 completely via RADIUS
> > after we detect an outgoing virus or spam,
>
> Detect how?
We don't sniff traffic for suspicious signatures at this point. Viruses
are eventually caught by the assumption that "send to everyone in the
address book" eventually will hit an address on the same mail server.
Quarantined viruses are categorized by local user and IP address to identify
the sender from RADIUS accounting records.
Spam is based only on reports - those Spamcop reports are acted on by
some people!
