|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Wed, 27 Apr 2005 14:31:42 +0530 From: Suresh Ramasubramanian <ops.lists@gmail.com> Reply-To: Suresh Ramasubramanian <ops.lists@gmail.com> To: Joel Jaeggli <joelja@darkwing.uoregon.edu> Cc: Daniel Golding <dgolding@burtongroup.com>, Hank Nussbacher <hank@mail.iucc.ac.il>, Adam Jacob Muller <adam@gotlinux.us>, Nanog Mailing list <nanog@merit.edu> In-Reply-To: <Pine.LNX.4.62.0504270146480.20644@twin.uoregon.edu> Errors-To: owner-nanog@merit.edu On 4/27/05, Joel Jaeggli <joelja@darkwing.uoregon.edu> wrote: > > In any event the malware is already ahead of port 25 blocking and is > > leveraging ISP smarthosting. SMTP-Auth is the pill to ease this pain/ >=20 > Really smtp-auth will solve it? or do most windows mua's cache your > password? They sure do cache the password. But with smtp auth, the infected user is stamped in the email headers, and all over my MTA logs, when a bot that hijacks his PC starts spamming. I can easily remove auth privileges for his account, and/or limit his access to a walled garden till such time as he cleans up - without taking the trouble to match timestamps of the spam + dig into radius logs Easier to identify, and easier to lock down, than unauthenticated access --srs
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |