All, thanks for the input and comment. In summary, I will block TCP port 25. My DNS loadbalancer (F5) can filter MX query and need license to do it. But given the information the botnet use address list with pre-resolved IP addresses then blocking MX query is not the answer :-) Thanks & Regards Ibrahim On Wed, Sep 5, 2012 at 9:18 AM, George Herbert <george.herbert@gmail.com>wrote:
On Sep 4, 2012, at 12:07 PM, William Herrin <bill@herrin.us> wrote:
You are. You should be doing SMTP Auth to *your* email server on which you have an authorized account and then letting it relay your messages to the world.
This is not the thread for this conversation per se. The practicality of general ISP 25 blocking is established for antispam purposes. So are power users running home domains. Different user profiles. Different circumstances.
George William Herbert Sent from my iPhone