[Dshield] SMTP question....
josh at raintreeinc.com
Mon Aug 8 16:08:14 GMT 2005
Richard Golodner wrote:
> We noticed that we have been placed on a blacklist at Spamcop
> and I am trying to figure out why.
I've used two things, which may or may not be useable in your
environment. First, a snort rule designed to fire on anything other than
our mail server trying to send traffic on port 25 out to the rest of the
world. This was in place for quite some time, and since our network is
small, was triggered mostly by misconfigured applications and people
trying to use email accounts other than the ones provided by the company.
The second was a firewall rule preventing outgoing traffic on port 25
from anything but our mail server. I put this in place after we too were
blacklisted because of an employee's infected laptop. This caused some
headaches for the users mentioned above trying to use other accounts,
but they soon learned to just live with it, particularly after being
informed that their options were either to 1) have most of their
business email rejected, or 2) have access to external email accounts.
When we were listed in spamcop, the snort rule was helpful for
identifying the infected computer, and the firewall rule allowed the
spamcop folks to quickly see that the offending traffic had been stopped.
Raintree Systems, Inc.
Office Phone: (801) 293-3090
Corporate Office: (800) 333-1033
More information about the list