[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
quietly....
>
> Yeah, I threw it in as an afterthought. ISP firewalls do exist and not
> just small isolated incidents. I wish more money had gone into making
> them much more adaptive, then you could enjoy your tcp/25 and possibly
> not have a problem unless your traffic patterns drew concerns and
> caused
> an adaptive filter to block it (eh? thousands of emails suddenly to a
> variety of servers? block). Interestingly, adaptive filters are often
> used for probing scans (and we didn't apply them to tcp/25, why?)
>
>
> Jack
Maybe because it is just easier to do a transparent redirect to the ISPs
mail server and look for patterns there. Some customer drops a
bazillion email messages from a bazillion From: addresses in 14.7
seconds ... chances are you have a spam candidate. If the spam filter
flags a lot (all?) of the messages as possible spam, queue them to the
quarantine until someone can have a look and if they are, dismiss the
customer and send them up the road OR inform them that they are possibly
bot-net infected and block access to port 25 from them until they get it
cleaned up.
- References:
- quietly....
- From: jra at baylink.com (Jay Ashworth)
- quietly....
- From: mhuff at ox.com (Matthew Huff)
- quietly....
- From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- quietly....
- From: lowen at pari.edu (Lamar Owen)
- quietly....
- From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- quietly....
- From: drais at icantclick.org (david raistrick)
- quietly....
- From: owen at delong.com (Owen DeLong)
- quietly....
- From: drais at icantclick.org (david raistrick)
- quietly....
- From: owen at delong.com (Owen DeLong)
- quietly....
- From: jbates at brightok.net (Jack Bates)
- quietly....
- From: owen at delong.com (Owen DeLong)
- quietly....
- From: jbates at brightok.net (Jack Bates)