George, Priscilla brings up a good point in that this will not be easy. The most important issue here is as Priscilla pointed out, is going to revolve around the architecture of your networks or the network you use for connectivity(to the rest of the world). Some other questions that may apply are very specific to your email services. If you have your own domain and don't relay any mail for specific purposes, then this will help, however mail directly address to your domain's users will be delivered. The problem here is how do you determine who is allowed to send you email. This is somewhat of an impossible task because there's no real way of identifying your SMTP-specific "Community of Interest" (COI).
The reason being that smtp(tcp) connections are made from any server-to-server(your server) for the delivery of mail. I'm sure your smtp requirements are much like the typical domain, in which filtering inbound mail falls outside the area of the routed network. It's one thing to filter a specific hosts or number of host to prevent the spread of a new "virus". This would still only be accomplished through monitoring of existing smtp traffic flows, in which you could address the issue by resolving the source of the infected mail traffic. Again, the traffic is only identified based on a "criteria" which can now be tracked or filtered. Where I'm going with this is that the only effective way of containing "spam" is by identifying who is sending it and most importantly what "subject lines" are being used in the SPAM email received. This is important because you might not want to block or filter all mail inbound from "hotmail.com" so finding another way to identify the "spam" is very important. I'm not sure of the flexibility of Micro$oft's exchange to filter mail based on "subject lines" but, I know that sendmail(the best mail server) through the use of the "cf" file can aide in this process. There is assistance in the form of various programs that does do this type of filtering, however the need to providing the "rules" for the filter still falls within the area of monitoring and prevention Currently, we use Solaris on all of our mail servers(16 of them). We do relay mail for all or most of our users and with some scripting and MySql was able compile a database of the domains and subject lines of typical spam specific emails. All inbound email is processed through this script which will tag the "spam" email and forwards it into a separate mail server queue for profiling(to check the validity), before being forwarded to the user. We have just begun to use a program called "SPAM Assassin" which uses our daily updated list of spammers and subject lines. HTH Nigel P.S. Please note the use of "Howard-isms" in this email..:-> ----- Original Message ----- From: "Priscilla Oppenheimer" To: Sent: Tuesday, July 16, 2002 10:50 PM Subject: Re: blocking spam with cisco routers [7:48971] > Brad Ellis wrote: > > > > Yup, use an access list filtering IPs on port 25 (only allow > > yours through) > > Yes, but, other SMTP servers for legitimate reasons are also going to be > opening TCP sessions to port 25 because they have e-mail to send to your > users. It's not as easy as it sounds. > > I guess it depends on the ISP's network architecture too. We have a > challenge where I work in that our users are on cable modems that connect to > the cable provider (which isn't technically us). Their e-mail requests come > into our network on the same interface that all Internet traffic comes in on. > > Priscilla > > > > > > thanks, > > -Brad Ellis > > CCIE#5796 (R&S / Security) > > [EMAIL PROTECTED] > > Cisco home labs: www.optsys.net > > ""GEORGE"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi all I have a question ,I configured my e-mail server to > > only accept > > > local e-mail, and deny other relay , however im still > > vulnerable to > > > spam. My question is how do the ips block other e-mail going > > to their > > > smtp > > > Do they do it by access-list? Allowing only the local network > > with port > > > 25? > > > Or just the e-mail server? > > > If cisco routers have to be involved does anyone have some > > links. Im > > > behind a pix and would like to allow only my network to use > > smtp. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48994&t=48971 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]