Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How do you stop outgoing spam?

  • From: Brad Knowles
  • Date: Mon Sep 09 18:01:29 2002
  • Reply-by: Wed, 1 Jan 1984 12:34:56 +0100

At 10:08 AM -0700 2002/09/09, John M. Brown wrote:

 How do you determin what is spam ?

 Not trying to be difficult or start another bloody thread.

 It would seem to me that in order to create an "off the shelf"
 non NOC-updating solution, you would have to beable to define
 "what is spam"  and then you could "detect it".
You could transparently proxy port 25 for all outgoing traffic, and then run spamassassin on that machine (collection of machines). You could do a slightly modified version to look at the traffic on port 80. Not only would you be looking for standard spam keywords, but you would also be looking at spam reports from other people (e.g., Vipul's Razor), so this should continue to adapt as the spam attacks change.

However, I also like the idea of doing a bandwidth budget on a per machine basis, with short term bursts allowing for most "normal" activity.

Brad Knowles, <>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.