hi
i have so much experience on this that i can do a PHD on it
(around 90 percent of my my posts on this list for figure out ways to
prevent this)
atleast 8 occasions of clients' high speed lease lines getting compromised
shooting of 100s of thousands of spam and the last one was just 3 days
ago.
variety of methods by which hackers have accessed these networks
with the permission of this list i could put it here on this list to which
people can add their comments and a polished version can go on the wiki
please let me know your thoughts on this
rajesh
> QMT has some great anti-spam tools for dealing with spam coming in from
> the outside, but little that I know of that deals with spam coming from
> authenticated accounts on the inside.
>
> This would make a nice how-to on the wiki. Would someone like to write
> it up?
>
> Andreas Galatis wrote:
>> Hi Rajesh,
>>
>> have a look at the iptables- module recent. It logs connections on the
>> desired
>> ports, counting new connections in a table and, when a threshold is
>> reached,
>> blocks the concerned ip.
>>
>> Consider running a script that looks at the blocked ips to resolve the
>> problem
>> on the infected PC.
>>
>> Andreas
>> Am Thursday 10 December 2009 19:17:12 schrieb Rajesh M:
>>> hi all
>>>
>>> recently we had a spam attack due to a compromised user. we are
>>> planning
>>> on a script to prevent this by having an automatic tool to monitor the
>>> qmail queue.
>>>
>>> if the number of emails in the queue exceeds say 100 then open every
>>> email
>>> in the queue, track the ips and if any one is repeated more than 50
>>> times
>>> block the ip address in iptables
>>>
>>> my questions
>>>
>>> Question no 1
>>> will opening and reading the qmail queue cause any kind of corruption
>>> of
>>> the queue ?
>>>
>>>
>>> Question no 2
>>> is there a better way to control such spammers by having a limit on the
>>> number of emails per day or per hour thru one specific smtp
>>> authenticated
>>> user id and password ?
>>>
>>> any ideas on this would be very helpful
>>>
>>> thanks
>>> rajesh
>>>
>>>
>>> ---------------------------------------------------------------------------
>
>
> --
> -Eric 'shubes'
>
>
> ---------------------------------------------------------------------------------
> Qmailtoaster is sponsored by Vickers Consulting Group
> (www.vickersconsulting.com)
> Vickers Consulting Group offers Qmailtoaster support and
> installations.
> If you need professional help with your setup, contact them today!
> ---------------------------------------------------------------------------------
> Please visit qmailtoaster.com for the latest news, updates, and
> packages.
>
> To unsubscribe, e-mail:
> qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail:
> qmailtoaster-list-h...@qmailtoaster.com
>
>
>
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
