On Thu, 2002-04-04 at 05:23, Olivier Nicole wrote:
> BTW, a serious question. Do you any of you know if on a Cisco router
> it is possible to do transparent redirection for SMTP?
Yes - you use policy routing. You need a box to accept the SMTP
sessions as the next hop - we (when I worked at Planet Online in the UK
- who host Freeserve which is a 3 million or so user ISP) used to do
this on all dial ups which were trying to connect to SMTP ports outside
our service addresses. The intercepting servers were linux boxes using
the transparent proxy code to pick up the forwarded sessions. We ran
the policy routing on the NAS (dial in) boxes - they had plenty of spare
CPU for that sort of thing - however running it on one of the other
router sets would have been technically possible if less scalable.
Those boxes did traffic analysis - ie bursts of mail from an IP to more
than a particular threshold of targets were held for later release.
Adding SA into that pipeline would be possible, although we tended to be
more interested in message trends rather than per message scoring - one
highly spammy message would not be interesting, 100 spammy messages are
much more interesting, as were 100+ attempted mail bomb/abuse runs.
Nigel.
--
[ Nigel Metheringham [EMAIL PROTECTED] ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
