You can play the game of using your swall
to block SMTP from spammers. BUT, if you
have a secondary MX record pointing to, lets
say, your ISP's SMTP server, the spam will
just be sent there and then sent back into
your network. Also, my SW Pro can only have
100 rules.
If you control all your MX records:
1. Look at the msg header and extract the
sending IP (all other fields are almost
always forged) - spamcop.net can help
with this.
2. Use samspade.org or nslookup to find
the owner of the IP. You might want to
block their entire range.
3. Create a DENY SMTP from startrange to
endrange.
www.okean.com/asianspamblocks.html -
This will block a ton of Korean/Chinese spam.
I entered most of these in my swpro and
get quite a few dropped smtp attempts.
Generally speaking, you can block spam by:
1. Dropping the TCP connection.
a. Manually - Use firewall rules.
Spammers change IP constantly.
b. Automatically - Setting up your MTA
to use a service, lots of free ones
out there - dsbl.org, spews.org,
relays.osirusoft.com, etc...
*** KNOW THE IMPACT OF THESE ***
2. Processing each message looking for common
characteristics. GFI.com, lyris.com come
to mind (tons of others).
3. Client package (EEEWWWwwww) (yyuukkk).
Your support time will go WAY up...
I have used I hate spam by
sunbelt-software.com and it was okay
for me.
>From what I can glean - start with blocking
open relays.
We have a SMTP server on our DMZ of our Swall
pro. It is our primary MX record and it scans
for viruses before sending the mail to our
exchange server. I am looking into some DNSBL
packages to add to it. From what I can tell, if
you block open relays, your spam will be greatly
reduced. You can also look into software that
looks at the message and acts accordingly.
Trendmicro has one, but the do a lookaround at
groups.google.com and you might want to stay
away from this.
I think we will be purchasing "Open Relay Filter"
>From www.vamsoft.com and adding to our gateway
on the DMZ. It is $99 and seems to do what we
need.
Thanks,
Devin L. Meade, CNE, MCP
Network Administrator
Frankfurt-Short-Bruza
www.fsb-ae.com
www.oklahomadome.com
-----Original Message-----
From: Craig Lynch [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 02, 2003 3:06 PM
To: [EMAIL PROTECTED]
Subject: [SonicWALL]- Tips for stopping spam at sonicwall
Does anyone have any tips for effectively stopping spam at the sonicwall?
Thanks for all replies.
Craig Lynch
CNA,A+
Teachers Academy for Math and Science
312 949-2528
Visit us on the web at:
HTTP://www.tams.org
---
[This E-mail scanned for viruses by Declude/F-Prot AV]
============================================================================
======================To unsubscribe, send email to [EMAIL PROTECTED] In
the body of the email put the following: unsubscribe sonicwall your_name
The archive of this list is at
http://www.mail-archive.com/sonicwall%40peake.com/
---
[This E-mail scanned for viruses by Declude/F-Prot AV]
===================================================================================================
To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the
following: unsubscribe sonicwall your_name
The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
