Dallman Ross wrote:
<> Precis: Spam levels expected to rise with suddenness
<> soon, as blacklists become less effective.
The "trick" of sending out spam via the hosts' legitimate mail relays
has been seen in the wild for about 18 months now. It's not new, just
new to the media :-/ (AOL reported seeing it that long ago, anyway)
There are a number of fixes, of course:
1a. Separate your outgoing relays from your inbound MX hosts.
Some of the trojans do a PTR lookup on their address, then
an MX query on the forward zone.
1b. Configure your MX hosts to not accept mail from INSIDE your
network and configure your outbound relays to not accept mail
from OUTSIDE your network.
2. Enable SMTP AUTH
3. Implement rate limiting on outbound email
The thing that seems to be overlooked about this spammer trick is that
it puts the cost exactly where it ought to be -- if your network
tolerates zombie hosts and spammers, then YOUR relays get hammered, not
mine (well, at least yours get hit before mine do). Finally, some
motivation for companies like comcast and verizon to clean up their
Reto, not too unhappy
R A Lichtensteiger rali(_at_)tifosi(_dot_)com
"Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the Universe trying to produce
bigger and better idiots. So far, the Universe is winning." - Some Smart Guy
procmail mailing list Procmail homepage: http://www.procmail.org/