[77699] in North American Network Operators' Group
Re: Time to check the rate limits on your mail servers
daemon@ATHENA.MIT.EDU (Raymond Dijkxhoorn)
Thu Feb 3 09:24:50 2005
Date: Thu, 3 Feb 2005 15:24:18 +0100 (CET)
From: Raymond Dijkxhoorn <raymond@prolocation.net>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: "Michael.Dillon@radianz.com" <Michael.Dillon@radianz.com>,
nanog@merit.edu
In-Reply-To: <bb0e440a050203041213c11704@mail.gmail.com>
Errors-To: owner-nanog-outgoing@merit.edu
Hi!
> http://news.com.com/Zombie+trick+expected+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=cd.top
>> that botnets are now routing their mail traffic through the local
>> ISP's mail servers rather than trying their own port 25
>> connections.
> Now? We (and AOL, and some other large networks) have been seeing
> this thing go on since over a year.
Indeed, we also see this a long time now. Most of them specific spamruns
towards the bigger players... (AOL alike).
>> Do you let your customers send an unlimited number of
>> emails per day? Per hour? Per minute? If so, then why?
> One additional thing that I think wasnt mentioned in the article -
> Make sure your MXs (inbound servers) are separate from your outbound
> machines, and that the MX servers dont relay email for your dynamic IP
> netblock. Some other trojans do stuff like getting the ppp domain name
> / rDNS name of the assigned IP etc and then "nslookup -q=mx
> domain.com", then set itself up so that all its payloads get delivered
> out of the domain's MX servers
So the next article would say 'lets now all seperate MX and SMTP servers'
still a LOT of large players combining those two. Giving troyans doing the
above scenario a open door.
Bye,
Raymond.
