nanog mailing list archives
Re: ISP wants to stop outgoing web based spam
From: Ken Simpson <ksimpson () mailchannels com>
Date: Wed, 9 Aug 2006 08:51:24 -0700
Hi Hank, Have you had any luck combining Squid in a transparent proxy configuration with SpamAssassin? A commercial plugin like Cloudmark might provide better performance (since it doesn't have to evaluate thousands of regex rules for each connection). How to run Squid as a transparent proxy: http://wiki.squid-cache.org/SquidFaq/InterceptionProxy I haven't figured out how to get Squid to let you run a script to scan and modify requests that are passing through. If you can figure that out I'd love to know! Otherwise, you might try looking at a couple of security auditing proxies: http://www.parosproxy.org/functions.shtml (Java) http://www.immunitysec.com/resources-freesoftware.shtml (Spike Proxy, Python) .. Or you could roll your own simple CGI script that accepts web queries and uses LWP or another simple package to fetch the results -- scanning for spam at the same time. Regards, Ken Simpson MailChannels Hank Nussbacher [09/08/06 18:11 +0300]:
On Wed, 9 Aug 2006, Mills, Charles wrote: I guess I wasn't clear enough in my first posting. I am not interested in smtp (port 25 spam). We have that covered. I am only interested in blocking outgoing web based spam. A user sits and sends out spam via automated tools via Hotmail, Yahoo, Gmail, or whatever Webmail system where they have set up thousands of throwaway users. An antispam proxy (that I want to install and manage) has to be able to come between the user on his/her PC and the Hotmail system and scan the http posts and page templates for things like number of receipents and other tricks like keeping track of the number of http posts. It has to maintain a list of known free webmail systems that are abused. Based on my stats from Spamcop, 60% of all outgoing spam is http based rather than smtp based. Others may have slightly higher or lower numbers. So, is there any magic fu out there to solve this?
-- MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com -- Suite 203, 910 Richards St. Vancouver, BC, V6B 3C1, Canada Direct: +1-604-729-1741
Current thread:
- Re: ISP wants to stop outgoing web based spam, (continued)
- Re: ISP wants to stop outgoing web based spam Barry Shein (Aug 10)
- Re: ISP wants to stop outgoing web based spam Peter Corlett (Aug 11)
- Re: ISP wants to stop outgoing web based spam Valdis . Kletnieks (Aug 11)
- fingerprinting and spam ID (was: Re: ISP wants to stop outgoing web based spam) Steven Champeon (Aug 11)
- Re: fingerprinting and spam ID (was: Re: ISP wants to stop outgoing web based spam) Ken Simpson (Aug 11)
- Re: fingerprinting and spam ID Petri Helenius (Aug 12)
- Re: ISP wants to stop outgoing web based spam Ken Simpson (Aug 11)
- Message not available
- Re: ISP wants to stop outgoing web based spam Ken Simpson (Aug 11)
- Re: ISP wants to stop outgoing web based spam Florian Weimer (Aug 10)
- Re: ISP wants to stop outgoing web based spam Suresh Ramasubramanian (Aug 10)
- Re: ISP wants to stop outgoing web based spam Hank Nussbacher (Aug 10)
- Re: ISP wants to stop outgoing web based spam Simon Waters (Aug 11)
- Re: ISP wants to stop outgoing web based spam Peter Corlett (Aug 11)
- Re: ISP wants to stop outgoing web based spam Barry Shein (Aug 09)
- Re: ISP wants to stop outgoing web based spam Allan Poindexter (Aug 09)