Hi Bob
The webapp does talk to a real mail server: on localhost (IIS6 SMTP
service). When a spammers abuses the webapp the email is actually sent
via the local mail server and not directly from the webapp to all the
mail servers on the Internet. Rate limiting isn't an option because
emails must be out the door within a very short time frame from the
moment a set of events is triggered in the webapp.
Right now the only way I can think of is limit the SMTP service to
connect only to authorized remote SMTP servers that I will manage
manually (I'm in the process of checking how often I would have to
change the list to see if it's feasible). You wrote that I can do it
with spamd, how?
Another option I thought of is setting up a sendmail relay on another
computer and let that sendmail only relay specific emails according to a
set of criteria (that fit only valid emails).
TIA
Paolo
Bob Beck wrote:
* Paolo Supino <[EMAIL PROTECTED]> [2007-04-12 22:12]:
Hi
I have the following problem: I host a group of windows servers that
run a webapp using IIS6 ASP technology. The webapp was written and is
maintained by a small private company that develops custom webapps for
companies. One of the services the webapp does is send out emails
(nothing amazing until now). The problem is that the webapp isn't
written securely. The developers keep saying the webapp is secure and
isn't the problem. Bringing someone from the outside to prove them wrong
has failed thus far. Showing logs and showing network access also proved
futile. the webapp is (ab)used by spammers to relay spam emails which
caused the webapp's IP address to be added to various spam black lists
:-( I'm sure it's the ASP is the problem because only HTTP and HTTPS are
accessible on these servers. The website itself is hidden behind a
firewall and SMTP port isn't reachable. I'm in the process of replacing
the current firewall (Microtik's RouterOS, a Linux based OS) with
OpenBSD and I thought of using spamd to block outgoing spam emails. I've
started reading about spamd and usage scenarios, but thus far only found
spamd being used on incoming emails. Did anyone use spamd to block
outgoing spam emails? Is what I want to do possible (in combination PF)?
Other solutions will also be appreciated obviously based on OpenBSD :-)
While you can use spamd to do this, you do not need to.
What you want to do is make the webapp unattractive to spammers.
Ideally, the webapp should talk to a real mail server to
forward it's outgoing smtp messages, and you can limit messages sent
on the mta right there. Failing that, if it sends crap directrly
out via port 25, simply make it where it can't send out to port 25
very quickly using max-src-conn-rate at an appropriate rate.
But the ideal solution is really to ensure the webapp
does all it's smtp from a specific mail server, which is configured
appropriately for rate limiting, and ensuring an appropritate
source address with no relaying, and then you simply do not allow
the web app machine to make port 25 connections to elsewhere.
-Bob
