[91626] in North American Network Operators' Group
Re: ISP wants to stop outgoing web based spam
daemon@ATHENA.MIT.EDU (Ken Simpson)
Wed Aug 9 11:57:29 2006
Date: Wed, 9 Aug 2006 08:51:24 -0700
From: Ken Simpson <ksimpson@mailchannels.com>
To: Hank Nussbacher <hank@efes.iucc.ac.il>
Cc: "Mills, Charles" <cmills@accessdc.com>,
"Michael K. Smith - Adhost" <mksmith@adhost.com>,
Nanog <nanog@merit.edu>
Reply-To: Ken Simpson <ksimpson@mailchannels.com>
In-Reply-To: <Pine.LNX.4.64.0608091804410.20378@efes.iucc.ac.il>
Errors-To: owner-nanog@merit.edu
Hi Hank,
Have you had any luck combining Squid in a transparent proxy
configuration with SpamAssassin? A commercial plugin like Cloudmark
might provide better performance (since it doesn't have to evaluate
thousands of regex rules for each connection).
How to run Squid as a transparent proxy:
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy
I haven't figured out how to get Squid to let you run a script to scan
and modify requests that are passing through. If you can figure that
out I'd love to know!
Otherwise, you might try looking at a couple of security auditing
proxies:
http://www.parosproxy.org/functions.shtml (Java)
http://www.immunitysec.com/resources-freesoftware.shtml (Spike Proxy,
Python)
.. Or you could roll your own simple CGI script that accepts web
queries and uses LWP or another simple package to fetch the results --
scanning for spam at the same time.
Regards,
Ken Simpson
MailChannels
Hank Nussbacher [09/08/06 18:11 +0300]:
>
> On Wed, 9 Aug 2006, Mills, Charles wrote:
>
> I guess I wasn't clear enough in my first posting. I am not interested in
> smtp (port 25 spam). We have that covered. I am only interested in
> blocking outgoing web based spam. A user sits and sends out spam via
> automated tools via Hotmail, Yahoo, Gmail, or whatever Webmail system
> where they have set up thousands of throwaway users. An antispam proxy
> (that I want to install and manage) has to be able to come between the
> user on his/her PC and the Hotmail system and scan the http posts and page
> templates for things like number of receipents and other tricks like
> keeping track of the number of http posts. It has to maintain a list of
> known free webmail systems that are abused.
>
> Based on my stats from Spamcop, 60% of all outgoing spam is http based
> rather than smtp based. Others may have slightly higher or lower numbers.
>
> So, is there any magic fu out there to solve this?
--
MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com
--
Suite 203, 910 Richards St.
Vancouver, BC, V6B 3C1, Canada
Direct: +1-604-729-1741