[Dshield] New spammer tactic...

*Hobbit* hobbit at avian.org
Thu Mar 13 16:45:31 GMT 2003


It's not a new tactic, and if you poke at some of the machines listed
in the received: headers of spam you *do* receive you might find a lot
of other open proxies out there that were in close enough proximity to
an otherwise closed mail relay that spammers were able to abuse the pair.

Since not all proxies are necessarily socks or CONNECT based, it's
probably worth having your MTA alarm and close connections if commands
like GET, POST, HEAD, TRACE, etc are received.  As well as the obvious
proxy config and network-level ACLing and such..

_H*



More information about the list mailing list