[77705] in North American Network Operators' Group
Re: Time to check the rate limits on your mail servers
daemon@ATHENA.MIT.EDU (Gadi Evron)
Thu Feb 3 09:51:55 2005
Date: Thu, 03 Feb 2005 16:47:25 +0200
From: Gadi Evron <ge@linuxbox.org>
To: Michael.Dillon@radianz.com
Cc: nanog@merit.edu
In-Reply-To: <OFA12414A3.CD3B33C0-ON80256F9D.00401306-80256F9D.00405A5B@radianz.com>
Errors-To: owner-nanog-outgoing@merit.edu
Michael.Dillon@radianz.com wrote:
> CNET reports
> http://news.com.com/Zombie+trick+expected+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=cd.top
> that botnets are now routing their mail traffic through the local
> ISP's mail servers rather than trying their own port 25
> connections.
Both on ASRG and here on NANOG, many of us said many times, and most of
the times people called me crazy;
1. Block port 25 for dynamic ranges - that will kill the current strain
of worms.
2. It won't solve spam, and neither will SPF or anything else of the
sort, as when you have 100K zombies, you don't need to act a server, you
can use the real credentials for the user, and even if limited to a 1000
messages, that times 100K drones is...
The issue is numbers, and how to reduce them, not stop the tide.
Currently there is a discussion of this on Spam-Research [1], quite
interesting.
Gadi.
1 - Spam-Research archives:
https://linuxbox.org/cgi-bin/mailman/listinfo/spam
