They best way is to address that in the egress router.
Most routers nowadays can have alerts and triggers based on traffic, so
simply create a router policy that sends an alert when too many tcp syn
packets out from an IP attempt to connect to remote IPs on port 25.
You can do this for many different ports of course, including port
465/587 etc.. to detect auth attacks from your VPS servers.
On 7/12/24 12:36, Mark E. Jeftovic via mailop wrote:
On 2024-07-12 2:21 PM, Marco Moock wrote:
Am 12.07.2024 um 10:57:15 Uhr schrieb Mark E Jeftovic via mailop:
Implement a policy that if big amounts of spam are going out you can
immediately block outgoing port 25.
Is there anything commonly used for monitoring the level of outbound
SMTP? Or are vendors forcing all outbound through an egress server to
scan everything, or homerolling wireshark, tcpdump, web flo scripts.
You'd need to be able to break down which unit is generating the spam.
- mark
-
Mark E. Jeftovic <mar...@easydns.com>
Co-founder & CEO easyDNS Technologies Inc.
+1-(416)-535-8672 ext 225
/"Never expect a thing you do not want,
and never desire a thing you do not expect."
-- Bob Proctor /
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" is a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
