Re: New types of Trojans coming

The problem with 1a and 1b is that some networks won't accept mail from 
non mx hosts.

Curtis

R A Lichtensteiger wrote:

>Dallman Ross wrote:
>
><> http://news.zdnet.com/2100-1009_22-5560664.html
><> 
><> Precis: Spam levels expected to rise with suddenness
><> soon, as blacklists become less effective.
>
>The "trick" of sending out spam via the hosts' legitimate mail relays
>has been seen in the wild for about 18 months now.  It's not new, just
>new to the media :-/  (AOL reported seeing it that long ago, anyway)
>
>There are a number of fixes, of course:
>
>  1a. Separate your outgoing relays from your inbound MX hosts.
>      Some of the trojans do a PTR lookup on their address, then
>      an MX query on the forward zone.
>  1b. Configure your MX hosts to not accept mail from INSIDE your
>      network and configure your outbound relays to not accept mail
>      from OUTSIDE your network.
>
>  2.  Enable SMTP AUTH
>
>  3.  Implement rate limiting on outbound email 
>
>The thing that seems to be overlooked about this spammer trick is that
>it puts the cost exactly where it ought to be -- if your network
>tolerates zombie hosts and spammers, then YOUR relays get hammered, not
>mine (well, at least yours get hit before mine do).  Finally, some
>motivation for companies like comcast and verizon to clean up their
>acts.
>
>Reto, not too unhappy
>  
>