North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: How do you stop outgoing spam?
On Mon, Sep 09, 2002 at 11:31:44PM +0200, firstname.lastname@example.org said: [snip] > At 10:08 AM -0700 2002/09/09, John M. Brown wrote: > > > How do you determin what is spam ? > > > > Not trying to be difficult or start another bloody thread. > > > > It would seem to me that in order to create an "off the shelf" > > non NOC-updating solution, you would have to beable to define > > "what is spam" and then you could "detect it". Spam is bulk, by definition. It doesn't work otherwise. Remove the capability for bulk and you have eliminated the problem (or at least forced it elsewhere). Rate limiting outbound SMTP is still the best technical solution I have seen in this thread, and requires little to no upkeep on an ongoing basis. As soon as you start examining the contents of mail, you have increased the effort required by an order of magnitude. > You could transparently proxy port 25 for all outgoing traffic, > and then run spamassassin on that machine (collection of machines). > You could do a slightly modified version to look at the traffic on > port 80. Not only would you be looking for standard spam keywords, > but you would also be looking at spam reports from other people > (e.g., Vipul's Razor), so this should continue to adapt as the spam > attacks change. Much more complex to implement and manage; doesn't scale well. The fewer decisions the anti-spam system has to make, the better it will work. If it only has to decide whether or not a specific IP/port combination has exceeded a certain threshold, it will run much more smoothly than if it's examining the contents of each packet. > However, I also like the idea of doing a bandwidth budget on a > per machine basis, with short term bursts allowing for most "normal" > activity. *nod* -- -= Scott Francis || darkuncle (at) darkuncle (dot) net =- GPG key CB33CCA7 has been revoked; I am now 5537F527 illum oportet crescere me autem minui