Matus UHLAR - fantomas wrote:
On 10.08.09 11:24, Rick Macdougall wrote:
I can't speak for others but at my main job (20K+ email accounts) it
happens about once every 2 month's or so. Some how the spammer gets a
hold of someone's password and either uses smtp-auth or webmail to send
out spam.
How ever, I know of two other companies that I do consulting for where
it happens almost weekly (one of them, 4 different users in the past 2
weeks). Both of these companies have their web presence and email
hosted on the same machine, so it would not surprise me if the passwords
had been some how compromised.
Do they provide unauthenticated SMTP relay from their own IP space or not?
Because if not, there's not much to compare.
I found blocking user's account much easier than blacklisting the source IP,
especially when it may change.
No, it is all smtp-auth, there is no unauthenticated relays on the
servers I'm talking about.
At my main job, we do allow unauthenticated access on our IP space but
we are very proactive about shutting down infected users. A regular
user who gets infected and starts spamming is usually shut down with in
15 minutes. Thankfully we don't get many of those, maybe 1 or 2 per month.
Regards,
Rick
