Re: [courier-users] breaking smtp, smart host spam
This is a discussion on Re: [courier-users] breaking smtp, smart host spam within the Courier-Imap forums, part of the Mail Servers and Related category; J=E9r=F4me Blion wrote: >> Personally, I think transparency is a negative in this situation, since = >> ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-04-2007
|
|||
|
|||
Re: [courier-users] breaking smtp, smart host spam
J=E9r=F4me Blion wrote:
>> Personally, I think transparency is a negative in this situation, since = >> valid users of your network have nothing to indicate that they can't = >> reach the mail servers that they are supposed to use, or why that would = >> be the case. > = > When allowing all computers to send mails directly, when a virus is = > spreading on the network, I wouldn't imagine the load of the entire syste= m. > Viruses don't try to use the mail user agent and so, the configuration = > of it is not retrieved yet... They directly send mails. Not any more. The number of spamming zombies that spam via the smart = host is on the increase - and if the zombie is smart enough to use the = smart host, it's safe to assume that it's also smart enough to use the = authentication. It's going to be the next big pain in the backside to = deal with. Most of the existing anti-spam methods will be ineffective = about it. If malware knows how to read your mail reader config and retrieve the = smart host, and then forges the envelope to the same domain as your = email address, that in one fell swoop kills all RFC compliance based = filtering (nolisting, unlisting, greylisting) and IP based blacklisting. = It won't outright break whitelisting, but the only servers/networks that = remain whitelisted are likely to be the ones that stamp out the malware = before it gets out into the wild (e.g. through use of transparent proxy = filters). Then we'll be stuck with content-based filtering alone again, which is a = bit too questionable a method for my liking at the moment. > So, for now, a simple firewall is needed. All mailservers can be = > configured to be smarthosts. All clients should use a valid SMTP server = > (through VPN or not) > = > To catch all zombies, just configure your firewall to log what you need. = > A batch could process logs and give you all your need to clean your netwo= rk. > = > When zombies computers will behave like normal computers, we will look = > for another ways to block them. I'd start looking now if I were you. This has been coming for a while. Gordan ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users 
|
Linear Mode
