Force all SMTP outbound connections from users thru a SMTP proxy. On that proxy, force users to do SMTP Authentication; I've heard only once of a spam code that will use the user's configuration info or dispatch e-mail thru them. Even if they do, you can rate-limit messages/hour, unique mail to/hour, disable mail service after a threshold, whatever sounds a good policy to you. Rubens ----- Original Message ----- From: "Adi Linden" <adil@adis.on.ca> To: <nanog@merit.edu> Sent: Saturday, February 07, 2004 2:43 AM Subject: Stopping open proxies and open relays
I am looking for ideas to stop the spam created by compromised Windows PC's. This is not about the various worms and viruses replicating but these boxes acting as open relays or open proxies.
There are valid reasons not to run antivirus software, coupled with clueless users, this results in machines that SPAM again just a few hours after having been cleaned.
Adi