RE: [Exim] ISP-style spam stopping?

Top Page
Delete this message
Reply to this message
Author: Jonathan Hunter
Date:  
To: Gyan Mathur
CC: exim-users
Subject: RE: [Exim] ISP-style spam stopping?
Hi,

I guess I should have defined the problem a little more clearly :)

The machine will be sat on a subnet where there are also public-access (to
students) Windows NT machines. I would like to be able to use it as a relay
for project-related email (the machine is a server dedicated to this
project) for a number of reasons, but there is the possibility that somebody
could:

a) discover that the machine is there (it's not widely advertised), and
b) run a bulk-email program on a public machine, directing it towards this
server.

I don't think that is all that likely, but I did wonder how the larger ISPs
(running Exim) prevented their dialups from running bulk emailers directed
at the mail server.

If there isn't a simple rule or way of detecting such large quantities of
mail from one of a particular range of IP addresses, then it's not the end
of the world; I would have turned this feature on if it was there, that's
all. And as you say, "after the event" action can always be taken. I was
just hoping that there was some way of detecting it as it was happening, or
before it happened..

Thanks for your help!

Jonathan


-----Original Message-----
From: Gyan Mathur [mailto:gyan@nl.demon.net]
Sent: 14 October 1999 17:24
To: Jonathan Hunter
Cc: exim-users@???; gyan@???
Subject: Re: [Exim] ISP-style spam stopping?


In response to "Jonathan Hunter":

> I want to be able to allow users of local machines to be able to use it as

a
> relay to send outbound mail - this part is easy. The tricky part is that
> some of the local machines are public-access machines. Potentially

somebody
> could use a public machine to relay thousands of messages out through

Exim.

Do you mean that the public-access machines could run a mailer that
will act as an open relay? Or that someone might _originate_
unsolicited bulk mail from one of those machines? If it is the first,
then I would suggest proper controls on what software is put on those
machines! If the second, controls on who goes near the machines would
be in order; you don't define "public access" so do you mean your own
students for example?

> This problem would seem to be similar to an ISP with dialup users - the
> dialups would be considered local and allowed to relay through Exim, but

the
> ISPs wouldn't want their dialups to be able to send spam to the outside
> world.
>
> How do the big ISPs do it? Are there some rules that can be put in place

to
> reject spams like this?