Paolo Supino wrote: > Hi Bob > > The webapp does talk to a real mail server: on localhost (IIS6 SMTP > service). When a spammers abuses the webapp the email is actually sent > via the local mail server and not directly from the webapp to all the > mail servers on the Internet. Rate limiting isn't an option because > emails must be out the door within a very short time frame from the > moment a set of events is triggered in the webapp. > Right now the only way I can think of is limit the SMTP service to > connect only to authorized remote SMTP servers that I will manage > manually (I'm in the process of checking how often I would have to > change the list to see if it's feasible). You wrote that I can do it > with spamd, how? > Another option I thought of is setting up a sendmail relay on another > computer and let that sendmail only relay specific emails according to > a set of criteria (that fit only valid emails). >
Paolo, setting up an openbsd smarthost for the IIS6 mailserver sounds like it could give you some more room to maneuver, as per bob's suggestion. you can setup spamd and all that on the smarthost. cheers, jake > > > > > > TIA > Paolo > > > Bob Beck wrote: > >> * Paolo Supino <[EMAIL PROTECTED]> [2007-04-12 22:12]: >> >>> Hi >>> >>> I have the following problem: I host a group of windows servers >>> that run a webapp using IIS6 ASP technology. The webapp was written >>> and is maintained by a small private company that develops custom >>> webapps for companies. One of the services the webapp does is send >>> out emails (nothing amazing until now). The problem is that the >>> webapp isn't written securely. The developers keep saying the webapp >>> is secure and isn't the problem. Bringing someone from the outside >>> to prove them wrong has failed thus far. Showing logs and showing >>> network access also proved futile. the webapp is (ab)used by >>> spammers to relay spam emails which caused the webapp's IP address >>> to be added to various spam black lists :-( I'm sure it's the ASP is >>> the problem because only HTTP and HTTPS are accessible on these >>> servers. The website itself is hidden behind a firewall and SMTP >>> port isn't reachable. I'm in the process of replacing the current >>> firewall (Microtik's RouterOS, a Linux based OS) with OpenBSD and I >>> thought of using spamd to block outgoing spam emails. I've started >>> reading about spamd and usage scenarios, but thus far only found >>> spamd being used on incoming emails. Did anyone use spamd to block >>> outgoing spam emails? Is what I want to do possible (in combination >>> PF)? >>> Other solutions will also be appreciated obviously based on OpenBSD :-) >>> >> >> >> While you can use spamd to do this, you do not need to. >> >> What you want to do is make the webapp unattractive to spammers. >> >> Ideally, the webapp should talk to a real mail server to >> forward it's outgoing smtp messages, and you can limit messages sent >> on the mta right there. Failing that, if it sends crap directrly >> out via port 25, simply make it where it can't send out to port 25 >> very quickly using max-src-conn-rate at an appropriate rate. >> >> But the ideal solution is really to ensure the webapp >> does all it's smtp from a specific mail server, which is configured >> appropriately for rate limiting, and ensuring an appropritate >> source address with no relaying, and then you simply do not allow >> the web app machine to make port 25 connections to elsewhere. >> -Bob
