Intresting info from the firewall
Monday, April 12 2004 @ 02:19 AM Eastern Daylight Time
Contributed by: Michael Brusletten
Views: 2,090
As I was looking over the logs for the SMTP, I had noticed that there were alot attemps to gain access to our mail server. The first thing I had noticed was an increase in port attacks from 216.26.224.178 Raleigh, NC 216-26-224-178.ded.btitelecom.net
After monitoring the traffic for awhile, I decided it was time to block them manually before they could start a DOS attack on our network. It turns out they were a known spammer trying to send SPAM thru out our network. And they were not happy that they got pinched in the beginning of there mail run. To bad, to sad. They never had a fighting chance. Anyways, during this whole time, they decided to bring in some offshore mail servers to send there UCEs. There again, they were blocked before they even got started. As far as this Administrator is concerned, stop wasting your time and the bandwith you suck up. Your trash-mail is not worth letting thru.
So if those SPAMMERS want to keep trying, do so if you like wasting your time. We use a combination of several tools at our disposal to keep SPAM from even entering our SMTP mail server. What we have done is to engineer a combo with the RBL's and internal black lists, along with stong firewall and anti-virus detection schemes.
Since this adoption, we have dramatically cut our SPAM rate to vertually zero percent. We have had no complains as to decrease in mail the users here have received. They have been happy with the service that we have provided them. No longer have they had to worry about getting junk in there inboxes. There was a user that was looking for on email that suddenly stopped coming in and we researched it. It turned out to be a known SPAMMER that was runnig a aprtion of their legit email service off of there known SPAM server. Unfortunatly, we cannot turn off the blocking system just so that user can receive his junk mail.
How this works is when an email server sends mail to Spacequad, we determine the origins, email name and contents before we allow it to proceed to our users mail accounts. Example, if the sender was sending an email to one of our users, we would put the email thru a series of tests. These tests determine the IP, email address it was from and then varify this against known databases of bad senders and SPAMMERS. It also go thru a another test to determine if the mail is considered SPAM or not.
We feel that our methods are justified for the amount of SPAM our users get. Also, we continue to strive for better solutions to our mutually growing problems in this area. If you have any great ideas as to how we and the rest of the internet community can curb or hopefully, perhaps stop the onslought of SPAM, let us know in our forums.
After monitoring the traffic for awhile, I decided it was time to block them manually before they could start a DOS attack on our network. It turns out they were a known spammer trying to send SPAM thru out our network. And they were not happy that they got pinched in the beginning of there mail run. To bad, to sad. They never had a fighting chance. Anyways, during this whole time, they decided to bring in some offshore mail servers to send there UCEs. There again, they were blocked before they even got started. As far as this Administrator is concerned, stop wasting your time and the bandwith you suck up. Your trash-mail is not worth letting thru.
So if those SPAMMERS want to keep trying, do so if you like wasting your time. We use a combination of several tools at our disposal to keep SPAM from even entering our SMTP mail server. What we have done is to engineer a combo with the RBL's and internal black lists, along with stong firewall and anti-virus detection schemes.
Since this adoption, we have dramatically cut our SPAM rate to vertually zero percent. We have had no complains as to decrease in mail the users here have received. They have been happy with the service that we have provided them. No longer have they had to worry about getting junk in there inboxes. There was a user that was looking for on email that suddenly stopped coming in and we researched it. It turned out to be a known SPAMMER that was runnig a aprtion of their legit email service off of there known SPAM server. Unfortunatly, we cannot turn off the blocking system just so that user can receive his junk mail.
How this works is when an email server sends mail to Spacequad, we determine the origins, email name and contents before we allow it to proceed to our users mail accounts. Example, if the sender was sending an email to one of our users, we would put the email thru a series of tests. These tests determine the IP, email address it was from and then varify this against known databases of bad senders and SPAMMERS. It also go thru a another test to determine if the mail is considered SPAM or not.
We feel that our methods are justified for the amount of SPAM our users get. Also, we continue to strive for better solutions to our mutually growing problems in this area. If you have any great ideas as to how we and the rest of the internet community can curb or hopefully, perhaps stop the onslought of SPAM, let us know in our forums.
What's Related