06-05-2007 10:32 AM
Hello:
There's a kind of spam that my Ironport boxes are not quite well detecting and they are about replica watches.
The subjects are always the same:
"Imitations of the Best"
"Replica Wathes"
"Copy, or Original?"
The senders of this spam are zombies from my network that are directing the mail to the server of the network which is an Ironport farm.
I'm receving every day many reports from AOL about this spam and it started about three or four months ago.
I've reported some samples to the Ironport spam account.
Does anyone of you have problems this this kind of spam?
Regards:
Salvador
06-05-2007 08:27 PM
Nope, but if the spam is coming from inside of your network, it shouldnt been passing through ironports, should it?
06-06-2007 08:58 AM
This is an ISP and our Ironport machines are working as outgoing mail server for our costumers. More than I wish of them are zombies and they are sending spam to their outgoing mail server which is my Ironport farm. And then, the Ironport delivers to the MX of the destination.
In general it's working fine, but it's getting hard for it the detection of this spam about replica watches.
06-06-2007 02:38 PM
Have you tried submitting it to spam@access.ironport.com? AOL does tend to be a problem since spam attacks that concentrate on AOL tend to be a bit slower to get picked up by spam engines.
AOL is good about sending spam reports to the sender but not to places where spam engines could pick it up.
06-06-2007 03:14 PM
I've submitted lots of reports from AOL to spam@access.ironport.com
06-06-2007 03:57 PM
Whats ur relay config? allow the entire range?
Why dont block these connections and set relay only for true mail servers? end user machines should not have permission to relay at your ironport farm...
06-06-2007 04:10 PM
Hello:
I should do. They are my costumers and the may want to send messages using their outgoing mail server, which is an Ironport farm.
The Ironport must block the spam which our users try to send, without knowing, to Internet.
Of course sometimes there are missed spam, when a new kind arises that is not detected and then relayed to the final destination, AOL for instance. But with this spam about replica watches it's failing since two or three months ago.
06-06-2007 04:28 PM
At my last position the AOL issue got so bad that we had to build a system to automatically parse the feedback messages and grep out the IP address of the source.
Once a source got too many reports we automatically put them into a DNS list so that the Ironport could rate limit them to 0 messages per hour. Once we did that we added a 'nicer' SMTP response directing customers to a special phone number and website to help them get their system cleaned up.
We got a good number of calls at first, but not as many as expected. The nice thing was that it really settled the number of complaints right down to almost nothing.
It isn't that hard to do with a bit of perl code.
06-06-2007 04:30 PM
A lot of people on this forum are not aware of the challenges that an ISP faces...don't let it get you down. :)
Hello:
I should do. They are my costumers and the may want to send messages using their outgoing mail server, which is an Ironport farm.
06-11-2007 08:00 PM
I don't know how feasible this is for your situation, but requiring SMTP authentication in order to send mail through your IronPort farm would help. I haven't yet heard of a spam zombie that could authenticate. I don't work for an ISP, but I do work for a major university with tens of thousands of workstations on our internal network using my mail server as their SMTP relay. This is not too dissimilar from the situation faced by a small to middle-sized ISP. We started requiring SMTP authentication for all outgoing mail back in 2004 to prevent exactly the problem you're having now. From a technical perspective, it isn't too hard. The biggest problem was user education. It took us months, but it was worth it.
06-12-2007 08:38 AM
The biggest problem was user education. It took us months, but it was worth it.
06-12-2007 01:40 PM
Yes, if fact that's the problem, how to tell over 100.000 hopeless users to change the configuration of their SMTP client.
06-12-2007 03:41 PM
Its possible to do. It will require a lot of work...
bots and zombies are a real threat and cause a lot of damage through the net, probably it'll worth.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: