On 6/19/07, Leigh Porter <leigh.porter@ukbroadband.com> wrote:
Agreed, SMTP is not really a special vector, other than it's ovbious commercial spam use. So just block all the usual virus vector ports, block 25 and force people to use your own SMTP servers and the problem 9this particular one goes away..
No. the part of it you target (outbound spam) merely relocates itself, and your smtp servers become huge spam sinks. Filter all you want and you'll still leak spam unless you take those hosts down And in the meantime those hosts will also be launching dos attacks, hosting "fast flux" pills / warez / kiddy pr0n sites, carrying out id / card theft .. best to isolate and take them down. You can port block at your edge till you burst and you'll still be in a lot of hot water. -- Suresh Ramasubramanian (ops.lists@gmail.com)