Hi Vijay
In one of my replies I did write that I was checking what it means to
manage a white list (I didn't use the term white list though) to block
outgoing spam but since the new firewall isn't in place yet (and it will
be a couple of weeks before I can install it) I thought of doing it in
the IIS6 SMTP service (this isn't the place to discuss IIS6 SMTP
configurations).
TIA
Paolo
Vijay Sankar wrote:
On Saturday 14 April 2007 10:06, Paolo Supino wrote:
Hi Joachim
I know that right now I'm mostly going at it in the wrong way but
I have to fix it quickly and without changing the infrastructure. I'm
not a windows or layer 7 person but rather a layer 1 to layer 4 in my
background, so I'm trying to find a solution in those layers. I work
in an environment where I'm told: Fix it without spending money ...
The webapp development was outsourced thus the developers aren't
local. Blunt objects aren't an option :-(
The legitimate email structure (subject and content) is pretty
limited and steady. Will sendmail + procmail to filter emails be a
solutions?
I will try to implement rate limiting.
Just a thought -- is it practical for you to have a white list? For
example, I am wondering whether you could have a white-list table in pf
and configure your openbsd firewall to allow email to go only to
addresses in that white list from your app server. That may be easier
and more elegant to do with OpenBSD than limiting the smtp service to
connect to authorized remote servers using TCPIP settings on Windows.
TIA
Paolo
Joachim Schipper wrote:
On Fri, Apr 13, 2007 at 10:17:51PM -0400, Paolo Supino wrote:
Hi Bob
The webapp does talk to a real mail server: on localhost (IIS6
SMTP service). When a spammers abuses the webapp the email is
actually sent via the local mail server and not directly from the
webapp to all the mail servers on the Internet. Rate limiting
isn't an option because emails must be out the door within a very
short time frame from the moment a set of events is triggered in
the webapp.
Right now the only way I can think of is limit the SMTP service
to connect only to authorized remote SMTP servers that I will
manage manually (I'm in the process of checking how often I would
have to change the list to see if it's feasible). You wrote that I
can do it with spamd, how?
Another option I thought of is setting up a sendmail relay on
another computer and let that sendmail only relay specific emails
according to a set of criteria (that fit only valid emails).
You are going about this all wrong. First step is finding a
suitable blunt instrument and getting the developers to fix it. The
second step is configuring rate limiting, along the lines of '1000
mails/hour'; this will allow a large batch of e-mail to get through
immediately, but stop spammers. What you're planning now is both
less effective and way more work.
Joachim
!DSPAM:1,4620f04c203471073733319!
