jp wrote:
We've seen some of it with our webmail too.
When one of your users gives out their password and you notice their
account being abused, lookin the message headers or apache logs to see
where the perp is. We've seen them mostly to be from Africa, Nigeria
probably. I've taken to blocking their /16 on our webmail server, and
after a dozen or so IP ranges added, it's stopped. The have a lot of
time on their hands and phish so they can spam. Who knows what else they
do with data collected from the naieve.
If your webmail runs on Apache, you could block entire countries using
mod_defensible. Here's an example config that would disallow requests
from China and Nigeria:
DnsblUse On
DnsblServers ng.countries.nerd.dk cn.countries.nerd.dk
Unfortunately, I don't have that luxury as I work for a University that
has staff and students all over the World.
You could also use rbls like sbl-xbl.spamhaus.org if you wanted as well
of course.
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)