On Wed, Nov 6, 2013 at 4:45 PM, William Herrin <b...@herrin.us> wrote:
> Incidentally, I'd suggest that an ounce of prevention is worth a pound > of cure. Simply block outbound tcp port 25 for new hosting customers > on a "tell me if you want it open" basis. > > Or to thwart those clever spammers, block inbound SYN/ACK packets with a source port of 25. This catches the ones who send SYNs out other providers with your network's source addresses which bypasses most simple ACLs. --Doug