Kelsey Cummings
kgc@sonic.net
Fri May 21 17:23:01 UTC 2004
On Fri, May 21, 2004 at 10:43:55AM -0600, Vernon Schryver wrote: > > From: Kelsey Cummings > > > Here's my situation. I've only be able to get a rather high limit (1000 > > > nice if I could define a reject level for mail sourced from the webservers > > at 10, or 20 which would have a pronounced affect at dropping outbound > > spam. > > > > One way to accomplish this would be to define classes of users/hosts that > > have differing thresholds. Untrusted, with a very low limit, trusted, with > > a reasonable limit for 'normal' use within our AUP, and Whitelisted, for > > allowed bulk senders. > > 1000 does not sound like a high limit, and 10-20 seems awfully low. Well, we've found that AOL likes to blacklist our mail servers after sending them less than 1000 spams. The most obvious response is to drop the dcc limits do 500 or so and hope that it drops us below the AOL auto-rathole threshold where we can keep on playing whackamole on the sources inside our network without having to reroute outbound mail flows to keep legit mail moving. AOL seems to be the target of choice for the CGI exploiting spam runs. I can take action to deal with AOL specifically by setting up a dedicated server for outbound AOL mail and running some restrictive content filtering and quarantining but I don't relish that idea. Perhaps there is another approach I can take to prevent spam from leaving servers under my control besides DCC bulk detection. Any suggestions from others? I can't be the only one struggling with this problem. Incidentally, it's been ages since we've had a customer relay a spam run through our servers. Spam sourced from our network is always from exploited home PCs, customer CGI, or colocation. I imagine we are as clean as any other ISP our size with a full time abuse desk staff. -- Kelsey Cummings - kgc@sonic.net sonic.net, inc. System Administrator 2260 Apollo Way 707.522.1000 (Voice) Santa Rosa, CA 95407 707.547.2199 (Fax) http://www.sonic.net/ Fingerprint = D5F9 667F 5D32 7347 0B79 8DB7 2B42 86B6 4E2C 3896
More information about the DCC
mailing list
