6 Nov
2013
6 Nov
'13
5:09 p.m.
On Wed, Nov 6, 2013 at 4:45 PM, William Herrin <bill@herrin.us> wrote:
Incidentally, I'd suggest that an ounce of prevention is worth a pound of cure. Simply block outbound tcp port 25 for new hosting customers on a "tell me if you want it open" basis.
Or to thwart those clever spammers, block inbound SYN/ACK packets with a source port of 25. This catches the ones who send SYNs out other providers with your network's source addresses which bypasses most simple ACLs. --Doug