Suresh Ramasubramanian wrote:
On 4/27/05, Joel Jaeggli <joelja@darkwing.uoregon.edu> wrote:
In any event the malware is already ahead of port 25 blocking and is leveraging ISP smarthosting. SMTP-Auth is the pill to ease this pain/
Really smtp-auth will solve it? or do most windows mua's cache your password?
They sure do cache the password.
But with smtp auth, the infected user is stamped in the email headers, and all over my MTA logs, when a bot that hijacks his PC starts spamming.
I can easily remove auth privileges for his account, and/or limit his access to a walled garden till such time as he cleans up - without taking the trouble to match timestamps of the spam + dig into radius logs
Easier to identify, and easier to lock down, than unauthenticated access
--srs
You forgot to add the ability to rate-limit by ip sender or by authenticated user, all tools in bringing trojaned users under control.