On Thu, Oct 18, 2012 at 10:24:43PM +0200, mouss wrote: > and really, you should only look at this once you analyzed the > situation for more "neutral" approaches, such as: mail submission > should require authentication. this does not solve all problems, > but if your authnetication is compromised, then you have other > problems...
Indeed. I have been called in on a few of these, and in the ones I have seen firsthand, the spew came from the compromised user's machine. Right exactly the place where you would be expecting the mail to originate. This "solution" is only going to catch a certain type of malware, leaving other threats unchecked. And even within that type, can you say for sure that the botnet controller nodes are outside the USA? No, of course not. Don't bother with this! -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
