nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port 25 - Blacklash

From: Joe Maimon <jmaimon () ttec com>
Date: Wed, 27 Apr 2005 10:59:16 -0400



Suresh Ramasubramanian wrote:

On 4/27/05, Joel Jaeggli <joelja () darkwing uoregon edu> wrote:


In any event the malware is already ahead of port 25 blocking and is
leveraging ISP smarthosting. SMTP-Auth is the pill to ease this pain/


Really smtp-auth will solve it? or do most windows mua's cache your
password?



They sure do cache the password.

But with smtp auth, the infected user is stamped in the email headers,
and all over my MTA logs, when a bot that hijacks his PC starts
spamming.

I can easily remove auth privileges for his account, and/or limit his
access to a walled garden till such time as he cleans up - without
taking the trouble to match timestamps of the spam + dig into radius
logs

Easier to identify, and easier to lock down, than unauthenticated access

--srs
You forgot to add the ability to rate-limit by ip sender or by authenticated user, all tools in bringing trojaned users under control.
Previous By Date Next
Previous By Thread Next

Current thread: