Re: using spamd to block outbound spam
Paolo Supino wrote: I appriciate your straight and forward replies :-) but the world isn't black and white and sometime you have to create work arounds to overcome other people's crap (well most of the time). No, in this case it is black and white. There is NO WAY to reliably fix this problem other than fixing the broken app or implementing the measures Bob Beck suggested. --- Lars Hanssn
Re: using spamd to block outbound spam
On 2007/04/14 11:37, Paolo Supino wrote: > From the technical aspect, I agree with you. But non technical people > don't see (or understand) that :-( I wish I had time to sit down and > find out how to exploit the webapp. if you don't have time to work this out, you don't have time to get yourself off all the public and in-house blacklists. reliably getting mail into places like aol and hotmail can be challenging at the best of times, even without known vulnerabilities in your mail-sending setup. > I tried to bring in a company to do penetration testing, but I was > refused the budget for it. you can probably just read logs/tcpdump.
Re: using spamd to block outbound spam
On Sat, Apr 14, 2007 at 05:58:52PM +0200, Henning Brauer wrote: > * Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 17:53]: > > From the technical aspect, I agree with you. But non technical people > > don't see (or understand) that :-( I wish I had time to sit down and > > find out how to exploit the webapp. I tried to bring in a company to do > > penetration testing, but I was refused the budget for it. > > I can't fix the problem completely, but I can put measures in place > > that will reduce the problem to an acceptable level. > > yeah, cut the cable. > > otherwise at least tell us the IP address (range) so we can all > blacklist it. > > really, there is no solution (or even half reasonable band-aid) that is > nbot "fix the application" Henning brings up a good point: can't you explain to management the cost of fixing the application vs the effort of getting yourself off all blacklist that you soon will be on? Otherwise, try mod_security. Joachim -- TFMotD: top (1) - display and update information about the top CPU processes
Re: using spamd to block outbound spam
Hi Vijay In one of my replies I did write that I was checking what it means to manage a white list (I didn't use the term white list though) to block outgoing spam but since the new firewall isn't in place yet (and it will be a couple of weeks before I can install it) I thought of doing it in the IIS6 SMTP service (this isn't the place to discuss IIS6 SMTP configurations). TIA Paolo Vijay Sankar wrote: On Saturday 14 April 2007 10:06, Paolo Supino wrote: Hi Joachim I know that right now I'm mostly going at it in the wrong way but I have to fix it quickly and without changing the infrastructure. I'm not a windows or layer 7 person but rather a layer 1 to layer 4 in my background, so I'm trying to find a solution in those layers. I work in an environment where I'm told: Fix it without spending money ... The webapp development was outsourced thus the developers aren't local. Blunt objects aren't an option :-( The legitimate email structure (subject and content) is pretty limited and steady. Will sendmail + procmail to filter emails be a solutions? I will try to implement rate limiting. Just a thought -- is it practical for you to have a white list? For example, I am wondering whether you could have a white-list table in pf and configure your openbsd firewall to allow email to go only to addresses in that white list from your app server. That may be easier and more elegant to do with OpenBSD than limiting the smtp service to connect to authorized remote servers using TCPIP settings on Windows. TIA Paolo Joachim Schipper wrote: On Fri, Apr 13, 2007 at 10:17:51PM -0400, Paolo Supino wrote: Hi Bob The webapp does talk to a real mail server: on localhost (IIS6 SMTP service). When a spammers abuses the webapp the email is actually sent via the local mail server and not directly from the webapp to all the mail servers on the Internet. Rate limiting isn't an option because emails must be out the door within a very short time frame from the moment a set of events is triggered in the webapp. Right now the only way I can think of is limit the SMTP service to connect only to authorized remote SMTP servers that I will manage manually (I'm in the process of checking how often I would have to change the list to see if it's feasible). You wrote that I can do it with spamd, how? Another option I thought of is setting up a sendmail relay on another computer and let that sendmail only relay specific emails according to a set of criteria (that fit only valid emails). You are going about this all wrong. First step is finding a suitable blunt instrument and getting the developers to fix it. The second step is configuring rate limiting, along the lines of '1000 mails/hour'; this will allow a large batch of e-mail to get through immediately, but stop spammers. What you're planning now is both less effective and way more work. Joachim !DSPAM:1,4620f04c203471073733319!
Re: using spamd to block outbound spam
Hi Henning I appriciate your straight and forward replies :-) but the world isn't black and white and sometime you have to create work arounds to overcome other people's crap (well most of the time). Unfortunately cutting the cable isn't an acceptable solution (I'll get fired and someone else will come and reconnect it). The IP range 0.0.0.0/0 to 255.255.255.255/32 should cover it ;-) TIA Paolo Henning Brauer wrote: * Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 17:53]: From the technical aspect, I agree with you. But non technical people don't see (or understand) that :-( I wish I had time to sit down and find out how to exploit the webapp. I tried to bring in a company to do penetration testing, but I was refused the budget for it. I can't fix the problem completely, but I can put measures in place that will reduce the problem to an acceptable level. yeah, cut the cable. otherwise at least tell us the IP address (range) so we can all blacklist it. really, there is no solution (or even half reasonable band-aid) that is nbot "fix the application"
Re: using spamd to block outbound spam
On 4/14/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
* Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 16:43]:
> 1. Fixing the code is impossible :-( I already tried it, the developers
> keep saying that they're code is sound and safe. I've shown logs and
> statistics to the bosses of the company that owns the webapp, but the
> only response I got was: "fix it" (they aren't making the connection
> between the webapp and the spam emails). The only thing I can do to
> prove my point is exploit the webapp in front of them, but I don't know
> how to do that.
then you should obviously find out how to do the latter.
you cannot fix this problem without fixing the buggy application.
A word of caution: Don't get yourself fired in the process.
Be very certain that you have written approval to "break in"
when you demonstrate how the webapp can be misused
by spammers.
--
Eke Nordin, moose (a) {stacken.kth|enting|netia} (o) se
Re: using spamd to block outbound spam
On Saturday 14 April 2007 10:06, Paolo Supino wrote: > Hi Joachim > >I know that right now I'm mostly going at it in the wrong way but > I have to fix it quickly and without changing the infrastructure. I'm > not a windows or layer 7 person but rather a layer 1 to layer 4 in my > background, so I'm trying to find a solution in those layers. I work > in an environment where I'm told: Fix it without spending money ... > The webapp development was outsourced thus the developers aren't > local. Blunt objects aren't an option :-( >The legitimate email structure (subject and content) is pretty > limited and steady. Will sendmail + procmail to filter emails be a > solutions? >I will try to implement rate limiting. Just a thought -- is it practical for you to have a white list? For example, I am wondering whether you could have a white-list table in pf and configure your openbsd firewall to allow email to go only to addresses in that white list from your app server. That may be easier and more elegant to do with OpenBSD than limiting the smtp service to connect to authorized remote servers using TCPIP settings on Windows. > > > > > > TIA > Paolo > > Joachim Schipper wrote: > > On Fri, Apr 13, 2007 at 10:17:51PM -0400, Paolo Supino wrote: > >>Hi Bob > >> > >> The webapp does talk to a real mail server: on localhost (IIS6 > >> SMTP service). When a spammers abuses the webapp the email is > >> actually sent via the local mail server and not directly from the > >> webapp to all the mail servers on the Internet. Rate limiting > >> isn't an option because emails must be out the door within a very > >> short time frame from the moment a set of events is triggered in > >> the webapp. > >> Right now the only way I can think of is limit the SMTP service > >> to connect only to authorized remote SMTP servers that I will > >> manage manually (I'm in the process of checking how often I would > >> have to change the list to see if it's feasible). You wrote that I > >> can do it with spamd, how? > >>Another option I thought of is setting up a sendmail relay on > >> another computer and let that sendmail only relay specific emails > >> according to a set of criteria (that fit only valid emails). > > > > You are going about this all wrong. First step is finding a > > suitable blunt instrument and getting the developers to fix it. The > > second step is configuring rate limiting, along the lines of '1000 > > mails/hour'; this will allow a large batch of e-mail to get through > > immediately, but stop spammers. What you're planning now is both > > less effective and way more work. > > > > Joachim > > !DSPAM:1,4620f04c203471073733319! -- Vijay Sankar ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 Phone: +1 (204) 885-9535, E-Mail: [EMAIL PROTECTED]
Re: using spamd to block outbound spam
* Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 17:53]: > From the technical aspect, I agree with you. But non technical people > don't see (or understand) that :-( I wish I had time to sit down and > find out how to exploit the webapp. I tried to bring in a company to do > penetration testing, but I was refused the budget for it. > I can't fix the problem completely, but I can put measures in place > that will reduce the problem to an acceptable level. yeah, cut the cable. otherwise at least tell us the IP address (range) so we can all blacklist it. really, there is no solution (or even half reasonable band-aid) that is nbot "fix the application" -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: using spamd to block outbound spam
Hi Henning From the technical aspect, I agree with you. But non technical people don't see (or understand) that :-( I wish I had time to sit down and find out how to exploit the webapp. I tried to bring in a company to do penetration testing, but I was refused the budget for it. I can't fix the problem completely, but I can put measures in place that will reduce the problem to an acceptable level. TIA Paolo Henning Brauer wrote: * Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 16:43]: 1. Fixing the code is impossible :-( I already tried it, the developers keep saying that they're code is sound and safe. I've shown logs and statistics to the bosses of the company that owns the webapp, but the only response I got was: "fix it" (they aren't making the connection between the webapp and the spam emails). The only thing I can do to prove my point is exploit the webapp in front of them, but I don't know how to do that. then you should obviously find out how to do the latter. you cannot fix this problem without fixing the buggy application.
Re: using spamd to block outbound spam
On Sat, Apr 14, 2007 at 11:06:43AM -0400, Paolo Supino wrote: > Hi Joachim > > I know that right now I'm mostly going at it in the wrong way but I > have to fix it quickly and without changing the infrastructure. I'm not > a windows or layer 7 person but rather a layer 1 to layer 4 in my > background, so I'm trying to find a solution in those layers. I work in > an environment where I'm told: Fix it without spending money ... > The webapp development was outsourced thus the developers aren't > local. Blunt objects aren't an option :-( > The legitimate email structure (subject and content) is pretty > limited and steady. Will sendmail + procmail to filter emails be a > solutions? > I will try to implement rate limiting. I don't do sendmail, but I'm certain it can be made to run outgoing mail through a filter of some sort. milter_regex or something similar might be a better fit than procmail, though. Joachim -- PotD: x11/915resolution - change resolution on available vbios modes for i8x5/9x5
Re: using spamd to block outbound spam
* Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 17:16]: > I know that right now I'm mostly going at it in the wrong way but I > have to fix it quickly and without changing the infrastructure. I'm not > a windows or layer 7 person but rather a layer 1 to layer 4 in my > background, so I'm trying to find a solution in those layers. I work in > an environment where I'm told: Fix it without spending money ... I have a layer 1 solution for you: cut the cable. quick! -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: using spamd to block outbound spam
Hi Joachim I know that right now I'm mostly going at it in the wrong way but I have to fix it quickly and without changing the infrastructure. I'm not a windows or layer 7 person but rather a layer 1 to layer 4 in my background, so I'm trying to find a solution in those layers. I work in an environment where I'm told: Fix it without spending money ... The webapp development was outsourced thus the developers aren't local. Blunt objects aren't an option :-( The legitimate email structure (subject and content) is pretty limited and steady. Will sendmail + procmail to filter emails be a solutions? I will try to implement rate limiting. TIA Paolo Joachim Schipper wrote: On Fri, Apr 13, 2007 at 10:17:51PM -0400, Paolo Supino wrote: Hi Bob The webapp does talk to a real mail server: on localhost (IIS6 SMTP service). When a spammers abuses the webapp the email is actually sent via the local mail server and not directly from the webapp to all the mail servers on the Internet. Rate limiting isn't an option because emails must be out the door within a very short time frame from the moment a set of events is triggered in the webapp. Right now the only way I can think of is limit the SMTP service to connect only to authorized remote SMTP servers that I will manage manually (I'm in the process of checking how often I would have to change the list to see if it's feasible). You wrote that I can do it with spamd, how? Another option I thought of is setting up a sendmail relay on another computer and let that sendmail only relay specific emails according to a set of criteria (that fit only valid emails). You are going about this all wrong. First step is finding a suitable blunt instrument and getting the developers to fix it. The second step is configuring rate limiting, along the lines of '1000 mails/hour'; this will allow a large batch of e-mail to get through immediately, but stop spammers. What you're planning now is both less effective and way more work. Joachim
Re: using spamd to block outbound spam
* Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 16:43]: > 1. Fixing the code is impossible :-( I already tried it, the developers > keep saying that they're code is sound and safe. I've shown logs and > statistics to the bosses of the company that owns the webapp, but the > only response I got was: "fix it" (they aren't making the connection > between the webapp and the spam emails). The only thing I can do to > prove my point is exploit the webapp in front of them, but I don't know > how to do that. then you should obviously find out how to do the latter. you cannot fix this problem without fixing the buggy application. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: using spamd to block outbound spam
* Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 08:43]: > Hi Kyle > > 1. Fixing the code is impossible :-( I already tried it, the developers > keep saying that they're code is sound and safe. I've shown logs and > statistics to the bosses of the company that owns the webapp, but the > only response I got was: "fix it" (they aren't making the connection > between the webapp and the spam emails). The only thing I can do to > prove my point is exploit the webapp in front of them, but I don't know > how to do that. Sounds like a problem best fixed by printing resumes. Problems with stupid people are not best solved by techincal means. -Bob
Re: using spamd to block outbound spam
Hi Kyle 1. Fixing the code is impossible :-( I already tried it, the developers keep saying that they're code is sound and safe. I've shown logs and statistics to the bosses of the company that owns the webapp, but the only response I got was: "fix it" (they aren't making the connection between the webapp and the spam emails). The only thing I can do to prove my point is exploit the webapp in front of them, but I don't know how to do that. 2. I currently don't have any suitable SMTP server that I can do 2 and see 1 above about changing the code. 3. Once the OpenBSD firewall will be in place I'll probably go with setting up rate limiting via sendmail, though I'd rather not run any servers on the firewall. TIA Paolo Kyle George wrote: On Fri, 13 Apr 2007, Paolo Supino wrote: The webapp does talk to a real mail server: on localhost (IIS6 SMTP service). When a spammers abuses the webapp the email is actually sent via the local mail server and not directly from the webapp to all the mail servers on the Internet. Rate limiting isn't an option because emails must be out the door within a very short time frame from the moment a set of events is triggered in the webapp. You could: 1) Make them fix the code 2) Uninstall the IIS SMTP service and make them change the code to send through a trusted host that can rate limit, filter, etc. 3) http://support.microsoft.com/kb/308161, see "smart host" (2) and (3) would let you configure an MTA to filter this mess. The best option is for them to fix their code AND use (2) or (3). It makes sense to have untrusted applications send through the network's MTA(s) and to put the machine behind pf blocking outgoing port 25. You don't want to get blacklisted. Also, code that's letting this happen likely has many other problems. I'd isolate it.
Re: using spamd to block outbound spam
> You are going about this all wrong. First step is finding a suitable > blunt instrument and getting the developers to fix it. The second step > is configuring rate limiting, along the lines of '1000 mails/hour'; > this will allow a large batch of e-mail to get through immediately, but > stop spammers. What you're planning now is both less effective and way > more work. > exactly. spamd is not useful for this. just rate limit it. or better yet, rate limit the source connections into the web script, so one source can only make X many connections in 10 minutes or something - also easily doable with pf. -Bob
Re: using spamd to block outbound spam
On Fri, Apr 13, 2007 at 10:17:51PM -0400, Paolo Supino wrote: > Hi Bob > > The webapp does talk to a real mail server: on localhost (IIS6 SMTP > service). When a spammers abuses the webapp the email is actually sent > via the local mail server and not directly from the webapp to all the > mail servers on the Internet. Rate limiting isn't an option because > emails must be out the door within a very short time frame from the > moment a set of events is triggered in the webapp. > Right now the only way I can think of is limit the SMTP service to > connect only to authorized remote SMTP servers that I will manage > manually (I'm in the process of checking how often I would have to > change the list to see if it's feasible). You wrote that I can do it > with spamd, how? > Another option I thought of is setting up a sendmail relay on another > computer and let that sendmail only relay specific emails according to a > set of criteria (that fit only valid emails). You are going about this all wrong. First step is finding a suitable blunt instrument and getting the developers to fix it. The second step is configuring rate limiting, along the lines of '1000 mails/hour'; this will allow a large batch of e-mail to get through immediately, but stop spammers. What you're planning now is both less effective and way more work. Joachim
Re: using spamd to block outbound spam
On Fri, 13 Apr 2007, Paolo Supino wrote: The webapp does talk to a real mail server: on localhost (IIS6 SMTP service). When a spammers abuses the webapp the email is actually sent via the local mail server and not directly from the webapp to all the mail servers on the Internet. Rate limiting isn't an option because emails must be out the door within a very short time frame from the moment a set of events is triggered in the webapp. You could: 1) Make them fix the code 2) Uninstall the IIS SMTP service and make them change the code to send through a trusted host that can rate limit, filter, etc. 3) http://support.microsoft.com/kb/308161, see "smart host" (2) and (3) would let you configure an MTA to filter this mess. The best option is for them to fix their code AND use (2) or (3). It makes sense to have untrusted applications send through the network's MTA(s) and to put the machine behind pf blocking outgoing port 25. You don't want to get blacklisted. Also, code that's letting this happen likely has many other problems. I'd isolate it. -- Kyle George
Re: using spamd to block outbound spam
Paolo Supino wrote: > Hi Bob > > The webapp does talk to a real mail server: on localhost (IIS6 SMTP > service). When a spammers abuses the webapp the email is actually sent > via the local mail server and not directly from the webapp to all the > mail servers on the Internet. Rate limiting isn't an option because > emails must be out the door within a very short time frame from the > moment a set of events is triggered in the webapp. > Right now the only way I can think of is limit the SMTP service to > connect only to authorized remote SMTP servers that I will manage > manually (I'm in the process of checking how often I would have to > change the list to see if it's feasible). You wrote that I can do it > with spamd, how? > Another option I thought of is setting up a sendmail relay on another > computer and let that sendmail only relay specific emails according to > a set of criteria (that fit only valid emails). > Paolo, setting up an openbsd smarthost for the IIS6 mailserver sounds like it could give you some more room to maneuver, as per bob's suggestion. you can setup spamd and all that on the smarthost. cheers, jake > > > > > > TIA > Paolo > > > Bob Beck wrote: > >> * Paolo Supino <[EMAIL PROTECTED]> [2007-04-12 22:12]: >> >>> Hi >>> >>> I have the following problem: I host a group of windows servers >>> that run a webapp using IIS6 ASP technology. The webapp was written >>> and is maintained by a small private company that develops custom >>> webapps for companies. One of the services the webapp does is send >>> out emails (nothing amazing until now). The problem is that the >>> webapp isn't written securely. The developers keep saying the webapp >>> is secure and isn't the problem. Bringing someone from the outside >>> to prove them wrong has failed thus far. Showing logs and showing >>> network access also proved futile. the webapp is (ab)used by >>> spammers to relay spam emails which caused the webapp's IP address >>> to be added to various spam black lists :-( I'm sure it's the ASP is >>> the problem because only HTTP and HTTPS are accessible on these >>> servers. The website itself is hidden behind a firewall and SMTP >>> port isn't reachable. I'm in the process of replacing the current >>> firewall (Microtik's RouterOS, a Linux based OS) with OpenBSD and I >>> thought of using spamd to block outgoing spam emails. I've started >>> reading about spamd and usage scenarios, but thus far only found >>> spamd being used on incoming emails. Did anyone use spamd to block >>> outgoing spam emails? Is what I want to do possible (in combination >>> PF)? >>> Other solutions will also be appreciated obviously based on OpenBSD :-) >>> >> >> >> While you can use spamd to do this, you do not need to. >> >> What you want to do is make the webapp unattractive to spammers. >> >> Ideally, the webapp should talk to a real mail server to >> forward it's outgoing smtp messages, and you can limit messages sent >> on the mta right there. Failing that, if it sends crap directrly >> out via port 25, simply make it where it can't send out to port 25 >> very quickly using max-src-conn-rate at an appropriate rate. >> >> But the ideal solution is really to ensure the webapp >> does all it's smtp from a specific mail server, which is configured >> appropriately for rate limiting, and ensuring an appropritate >> source address with no relaying, and then you simply do not allow >> the web app machine to make port 25 connections to elsewhere. >> -Bob
Re: using spamd to block outbound spam
Hi Bob The webapp does talk to a real mail server: on localhost (IIS6 SMTP service). When a spammers abuses the webapp the email is actually sent via the local mail server and not directly from the webapp to all the mail servers on the Internet. Rate limiting isn't an option because emails must be out the door within a very short time frame from the moment a set of events is triggered in the webapp. Right now the only way I can think of is limit the SMTP service to connect only to authorized remote SMTP servers that I will manage manually (I'm in the process of checking how often I would have to change the list to see if it's feasible). You wrote that I can do it with spamd, how? Another option I thought of is setting up a sendmail relay on another computer and let that sendmail only relay specific emails according to a set of criteria (that fit only valid emails). TIA Paolo Bob Beck wrote: * Paolo Supino <[EMAIL PROTECTED]> [2007-04-12 22:12]: Hi I have the following problem: I host a group of windows servers that run a webapp using IIS6 ASP technology. The webapp was written and is maintained by a small private company that develops custom webapps for companies. One of the services the webapp does is send out emails (nothing amazing until now). The problem is that the webapp isn't written securely. The developers keep saying the webapp is secure and isn't the problem. Bringing someone from the outside to prove them wrong has failed thus far. Showing logs and showing network access also proved futile. the webapp is (ab)used by spammers to relay spam emails which caused the webapp's IP address to be added to various spam black lists :-( I'm sure it's the ASP is the problem because only HTTP and HTTPS are accessible on these servers. The website itself is hidden behind a firewall and SMTP port isn't reachable. I'm in the process of replacing the current firewall (Microtik's RouterOS, a Linux based OS) with OpenBSD and I thought of using spamd to block outgoing spam emails. I've started reading about spamd and usage scenarios, but thus far only found spamd being used on incoming emails. Did anyone use spamd to block outgoing spam emails? Is what I want to do possible (in combination PF)? Other solutions will also be appreciated obviously based on OpenBSD :-) While you can use spamd to do this, you do not need to. What you want to do is make the webapp unattractive to spammers. Ideally, the webapp should talk to a real mail server to forward it's outgoing smtp messages, and you can limit messages sent on the mta right there. Failing that, if it sends crap directrly out via port 25, simply make it where it can't send out to port 25 very quickly using max-src-conn-rate at an appropriate rate. But the ideal solution is really to ensure the webapp does all it's smtp from a specific mail server, which is configured appropriately for rate limiting, and ensuring an appropritate source address with no relaying, and then you simply do not allow the web app machine to make port 25 connections to elsewhere. -Bob
Re: using spamd to block outbound spam
hogwash might help. I havent used it in a fair while though. http://www.securityfocus.com/infocus/1208 On 13/04/07, Paolo Supino <[EMAIL PROTECTED]> wrote: > > Hi > >I have the following problem: I host a group of windows servers that > run a webapp using IIS6 ASP technology. The webapp was written and is > maintained by a small private company that develops custom webapps for > companies. One of the services the webapp does is send out emails > (nothing amazing until now). The problem is that the webapp isn't > written securely. The developers keep saying the webapp is secure and > isn't the problem. Bringing someone from the outside to prove them wrong > has failed thus far. Showing logs and showing network access also proved > futile. the webapp is (ab)used by spammers to relay spam emails which > caused the webapp's IP address to be added to various spam black lists > :-( I'm sure it's the ASP is the problem because only HTTP and HTTPS are > accessible on these servers. The website itself is hidden behind a > firewall and SMTP port isn't reachable. I'm in the process of replacing > the current firewall (Microtik's RouterOS, a Linux based OS) with > OpenBSD and I thought of using spamd to block outgoing spam emails. I've > started reading about spamd and usage scenarios, but thus far only found > spamd being used on incoming emails. Did anyone use spamd to block > outgoing spam emails? Is what I want to do possible (in combination PF)? > Other solutions will also be appreciated obviously based on OpenBSD :-) > > > > > > TIA > Paolo
Re: using spamd to block outbound spam
* Paolo Supino <[EMAIL PROTECTED]> [2007-04-12 22:12]: > Hi > > I have the following problem: I host a group of windows servers that > run a webapp using IIS6 ASP technology. The webapp was written and is > maintained by a small private company that develops custom webapps for > companies. One of the services the webapp does is send out emails > (nothing amazing until now). The problem is that the webapp isn't > written securely. The developers keep saying the webapp is secure and > isn't the problem. Bringing someone from the outside to prove them wrong > has failed thus far. Showing logs and showing network access also proved > futile. the webapp is (ab)used by spammers to relay spam emails which > caused the webapp's IP address to be added to various spam black lists > :-( I'm sure it's the ASP is the problem because only HTTP and HTTPS are > accessible on these servers. The website itself is hidden behind a > firewall and SMTP port isn't reachable. I'm in the process of replacing > the current firewall (Microtik's RouterOS, a Linux based OS) with > OpenBSD and I thought of using spamd to block outgoing spam emails. I've > started reading about spamd and usage scenarios, but thus far only found > spamd being used on incoming emails. Did anyone use spamd to block > outgoing spam emails? Is what I want to do possible (in combination PF)? > Other solutions will also be appreciated obviously based on OpenBSD :-) > While you can use spamd to do this, you do not need to. What you want to do is make the webapp unattractive to spammers. Ideally, the webapp should talk to a real mail server to forward it's outgoing smtp messages, and you can limit messages sent on the mta right there. Failing that, if it sends crap directrly out via port 25, simply make it where it can't send out to port 25 very quickly using max-src-conn-rate at an appropriate rate. But the ideal solution is really to ensure the webapp does all it's smtp from a specific mail server, which is configured appropriately for rate limiting, and ensuring an appropritate source address with no relaying, and then you simply do not allow the web app machine to make port 25 connections to elsewhere. -Bob
using spamd to block outbound spam
Hi I have the following problem: I host a group of windows servers that run a webapp using IIS6 ASP technology. The webapp was written and is maintained by a small private company that develops custom webapps for companies. One of the services the webapp does is send out emails (nothing amazing until now). The problem is that the webapp isn't written securely. The developers keep saying the webapp is secure and isn't the problem. Bringing someone from the outside to prove them wrong has failed thus far. Showing logs and showing network access also proved futile. the webapp is (ab)used by spammers to relay spam emails which caused the webapp's IP address to be added to various spam black lists :-( I'm sure it's the ASP is the problem because only HTTP and HTTPS are accessible on these servers. The website itself is hidden behind a firewall and SMTP port isn't reachable. I'm in the process of replacing the current firewall (Microtik's RouterOS, a Linux based OS) with OpenBSD and I thought of using spamd to block outgoing spam emails. I've started reading about spamd and usage scenarios, but thus far only found spamd being used on incoming emails. Did anyone use spamd to block outgoing spam emails? Is what I want to do possible (in combination PF)? Other solutions will also be appreciated obviously based on OpenBSD :-) TIA Paolo
