[80226] in North American Network Operators' Group
Re: Port 25 - Blacklash
daemon@ATHENA.MIT.EDU (Joe Maimon)
Wed Apr 27 11:03:52 2005
Date: Wed, 27 Apr 2005 10:59:16 -0400
From: Joe Maimon <jmaimon@ttec.com>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: Joel Jaeggli <joelja@darkwing.uoregon.edu>,
Daniel Golding <dgolding@burtongroup.com>,
Hank Nussbacher <hank@mail.iucc.ac.il>,
Adam Jacob Muller <adam@gotlinux.us>,
Nanog Mailing list <nanog@merit.edu>
In-Reply-To: <bb0e440a05042702013e37b5db@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
Suresh Ramasubramanian wrote:
> On 4/27/05, Joel Jaeggli <joelja@darkwing.uoregon.edu> wrote:
>
>>>In any event the malware is already ahead of port 25 blocking and is
>>>leveraging ISP smarthosting. SMTP-Auth is the pill to ease this pain/
>>
>>Really smtp-auth will solve it? or do most windows mua's cache your
>>password?
>
>
> They sure do cache the password.
>
> But with smtp auth, the infected user is stamped in the email headers,
> and all over my MTA logs, when a bot that hijacks his PC starts
> spamming.
>
> I can easily remove auth privileges for his account, and/or limit his
> access to a walled garden till such time as he cleans up - without
> taking the trouble to match timestamps of the spam + dig into radius
> logs
>
> Easier to identify, and easier to lock down, than unauthenticated access
>
> --srs
>
>
You forgot to add the ability to rate-limit by ip sender or by
authenticated user, all tools in bringing trojaned users under control.
