Thanks for your replies!!!! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Don Queen Sent: Wednesday, July 17, 2002 2:47 PM To: [EMAIL PROTECTED] Subject: Re: blocking spam with cisco routers [7:48971]
You'll need a mail relay program like Worldsecure(now Tumbleweed) that searches the content of the message before relaying it to the internal e-mail server. As others have stated, other e-mail servers will open smtp connections to your mail server in order to send mail. Most spammers change IP addresses constantly to avoid being blocked by devices such as routers. ----- Original Message ----- From: "Nigel Taylor" To: Sent: Wednesday, July 17, 2002 10:22 AM Subject: Re: blocking spam with cisco routers [7:48971] > George, > Priscilla brings up a good point in that this will not be easy. > The most important issue here > is as Priscilla pointed out, is going to revolve around the architecture of > your networks or the network > you use for connectivity(to the rest of the world). Some other questions > that may apply are very specific > to your email services. If you have your own domain and don't relay any > mail for specific purposes, then > this will help, however mail directly address to your domain's users will be > delivered. The problem here > is how do you determine who is allowed to send you email. This is somewhat > of an impossible task because > there's no real way of identifying your SMTP-specific "Community of > Interest" (COI). > > The reason being that smtp(tcp) connections are made from any > server-to-server(your server) for the > delivery of mail. I'm sure your smtp requirements are much like the typical > domain, in which filtering inbound mail > falls outside the area of the routed network. It's one thing to filter a > specific hosts or number of host to > prevent the spread of a new "virus". This would still only be accomplished > through monitoring of existing smtp > traffic flows, in which you could address the issue by resolving the source > of the infected mail traffic. > Again, the traffic is only identified based on a "criteria" which can now be > tracked or filtered. > > Where I'm going with this is that the only effective way of containing > "spam" is by identifying who is sending it and > most importantly what "subject lines" are being used in the SPAM email > received. This is important because you might > not want to block or filter all mail inbound from "hotmail.com" so finding > another way to identify the "spam" is very > important. I'm not sure of the flexibility of Micro$oft's exchange to > filter mail based on "subject lines" but, I know > that sendmail(the best mail server) through the use of the "cf" file can > aide in this process. There is assistance in the > form of various programs that does do this type of filtering, however the > need to providing the "rules" for the filter still > falls within the area of monitoring and prevention > > Currently, we use Solaris on all of our mail servers(16 of them). We do > relay mail for all or most of our users and > with some scripting and MySql was able compile a database of the domains and > subject lines of typical spam specific > emails. All inbound email is processed through this script which will tag > the "spam" email and forwards it into a separate > mail server queue for profiling(to check the validity), before being > forwarded to the user. We have just begun to use a program > called "SPAM Assassin" which uses our daily updated list of spammers and > subject lines. > > HTH > > Nigel > > P.S. Please note the use of "Howard-isms" in this email..:-> > > > > ----- Original Message ----- > From: "Priscilla Oppenheimer" > To: > Sent: Tuesday, July 16, 2002 10:50 PM > Subject: Re: blocking spam with cisco routers [7:48971] > > > > Brad Ellis wrote: > > > > > > Yup, use an access list filtering IPs on port 25 (only allow > > > yours through) > > > > Yes, but, other SMTP servers for legitimate reasons are also going to be > > opening TCP sessions to port 25 because they have e-mail to send to your > > users. It's not as easy as it sounds. > > > > I guess it depends on the ISP's network architecture too. We have a > > challenge where I work in that our users are on cable modems that connect > to > > the cable provider (which isn't technically us). Their e-mail requests > come > > into our network on the same interface that all Internet traffic comes in > on. > > > > Priscilla > > > > > > > > > > thanks, > > > -Brad Ellis > > > CCIE#5796 (R&S / Security) > > > [EMAIL PROTECTED] > > > Cisco home labs: www.optsys.net > > > ""GEORGE"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hi all I have a question ,I configured my e-mail server to > > > only accept > > > > local e-mail, and deny other relay , however im still > > > vulnerable to > > > > spam. My question is how do the ips block other e-mail going > > > to their > > > > smtp > > > > Do they do it by access-list? Allowing only the local network > > > with port > > > > 25? > > > > Or just the e-mail server? > > > > If cisco routers have to be involved does anyone have some > > > links. Im > > > > behind a pix and would like to allow only my network to use > > > smtp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49064&t=48971 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]