[77711] in North American Network Operators' Group
Re: Time to check the rate limits on your mail servers
daemon@ATHENA.MIT.EDU (Raymond Dijkxhoorn)
Thu Feb 3 10:11:55 2005
Date: Thu, 3 Feb 2005 16:08:49 +0100 (CET)
From: Raymond Dijkxhoorn <raymond@prolocation.net>
To: Gadi Evron <ge@linuxbox.org>
Cc: Michael.Dillon@radianz.com, nanog@merit.edu
In-Reply-To: <4202397D.2020604@linuxbox.org>
Errors-To: owner-nanog-outgoing@merit.edu
Hi!
>> CNET reports
>> http://news.com.com/Zombie+trick+expected+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=cd.top
>> that botnets are now routing their mail traffic through the local
>> ISP's mail servers rather than trying their own port 25
>> connections.
> Both on ASRG and here on NANOG, many of us said many times, and most of the
> times people called me crazy;
>
> 1. Block port 25 for dynamic ranges - that will kill the current strain of
> worms.
> 2. It won't solve spam, and neither will SPF or anything else of the sort, as
> when you have 100K zombies, you don't need to act a server, you can use the
> real credentials for the user, and even if limited to a 1000 messages, that
> times 100K drones is...
Did you actially read the article? This was about drones sending out via
its ISP mailserver. Blocking outbound 25 doesnt help a bit here. In
general sure, good ide, and also start using submission for example. But
in this contect its silly.
Bye,
Raymond.
