hi i have so much experience on this that i can do a PHD on it (around 90 percent of my my posts on this list for figure out ways to prevent this)
atleast 8 occasions of clients' high speed lease lines getting compromised shooting of 100s of thousands of spam and the last one was just 3 days ago. variety of methods by which hackers have accessed these networks with the permission of this list i could put it here on this list to which people can add their comments and a polished version can go on the wiki please let me know your thoughts on this rajesh > QMT has some great anti-spam tools for dealing with spam coming in from > the outside, but little that I know of that deals with spam coming from > authenticated accounts on the inside. > > This would make a nice how-to on the wiki. Would someone like to write > it up? > > Andreas Galatis wrote: >> Hi Rajesh, >> >> have a look at the iptables- module recent. It logs connections on the >> desired >> ports, counting new connections in a table and, when a threshold is >> reached, >> blocks the concerned ip. >> >> Consider running a script that looks at the blocked ips to resolve the >> problem >> on the infected PC. >> >> Andreas >> Am Thursday 10 December 2009 19:17:12 schrieb Rajesh M: >>> hi all >>> >>> recently we had a spam attack due to a compromised user. we are >>> planning >>> on a script to prevent this by having an automatic tool to monitor the >>> qmail queue. >>> >>> if the number of emails in the queue exceeds say 100 then open every >>> email >>> in the queue, track the ips and if any one is repeated more than 50 >>> times >>> block the ip address in iptables >>> >>> my questions >>> >>> Question no 1 >>> will opening and reading the qmail queue cause any kind of corruption >>> of >>> the queue ? >>> >>> >>> Question no 2 >>> is there a better way to control such spammers by having a limit on the >>> number of emails per day or per hour thru one specific smtp >>> authenticated >>> user id and password ? >>> >>> any ideas on this would be very helpful >>> >>> thanks >>> rajesh >>> >>> >>> --------------------------------------------------------------------------- > > > -- > -Eric 'shubes' > > > --------------------------------------------------------------------------------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and > installations. > If you need professional help with your setup, contact them today! > --------------------------------------------------------------------------------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: > qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com > > > --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com