Stopping open proxies and open relays

Adi_Linden · February 7, 2004, 4:43am

I am looking for ideas to stop the spam created by compromised Windows
PC's. This is not about the various worms and viruses replicating but
these boxes acting as open relays or open proxies.

There are valid reasons not to run antivirus software, coupled with
clueless users, this results in machines that SPAM again just a few hours
after having been cleaned.

Adi

Rubens_Kuhl_Jr3 · February 7, 2004, 4:53am

Force all SMTP outbound connections from users thru a SMTP proxy. On that
proxy, force users to do SMTP Authentication; I've heard only once of a spam
code that will use the user's configuration info or dispatch e-mail thru
them. Even if they do, you can rate-limit messages/hour, unique mail
to/hour, disable mail service after a threshold, whatever sounds a good
policy to you.

Rubens

Robin_Lynn_Frank · February 7, 2004, 4:55am

And they are?

Adi_Linden · February 7, 2004, 5:00am

> There are valid reasons not to run antivirus software,

And they are?

P90w/32MB running Win95 used for email only... or insufficient finances
to purchase anti virus software... to name a couple.

Adi

Robert_Boyle1 · February 7, 2004, 5:15am

> > There are valid reasons not to run antivirus software,
>
> And they are?

P90w/32MB running Win95 used for email only...

Odd... When that was a state of the art machine for which I paid $3k+ in 1995 (IRC) I used a CLI virus scanner and before I opened anything from a BBS or the Internet, I would scan it. AVAST, FSecure, Norton, McAfee, and all others with which I am familiar still have a CLI version too. If it is only used for email, they can probably wait a few seconds longer to access files. They are already waiting a long time to do anything with that computer.

or insufficient finances to purchase anti virus software... to name a couple.

Not a valid excuse/reason. www.avast.com - It is excellent AV software and it is completely FREE for non-commercial use.

R

Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Good will, like a good name, is got by many actions, and lost by one." - Francis Jeffrey

Chris_Horry · February 7, 2004, 5:27am

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adi Linden wrote:

There are valid reasons not to run antivirus software,

And they are?

P90w/32MB running Win95 used for email only... or insufficient finances
to purchase anti virus software... to name a couple.

Products such as Clam-AV and Amavisd-new work very well together, are
free, and have a very small CPU/memory footprint. Give them a try.

Chris

- --
Chris Horry "Winter is the season in which people
zerbey@wibble.co.uk try to keep the house as warm as it was
PGP: DSA/2B4C654E it was in the summer, when they complained
Amateur Radio: KG4TSM about the heat" --Author Unknown

Robin_Lynn_Frank · February 7, 2004, 5:28am

Not to be argumentative, but by that logic, I guess it is okay to drive my
1948 Ford which doesn't have brakes if I don't have the cash to fix it.

It may be a reason, but not a valid reason. Intentionally running a computer
in a manner which can do substantial damage to others is not an option.

We run AV on our systems which are Linux based to insure that nothing goes
thru our network which could harm others.

Vivien_M · February 7, 2004, 5:37am

There's a big difference between the two. If you drive your 1948 Ford
without brakes, the local law enforcement agency will make sure it's not in
your interest to repeat the mistake a second time. If you leave your
computer unsecured, well... realistically, no one is going to fine/jail/etc
you whatever the law provides for driving an unfit vehicle.

Now, if hooking up an unsecured computer to a network was punishable by a
$1000 fine, and law enforcement somehow had the staff to prosecute all
offenders (or a representative sample), I'm sure everybody would agree that
suddenly they'd be able to afford antiviruses.

Vivien

Adi_Linden · February 7, 2004, 5:51am

Not to be argumentative, but by that logic, I guess it is okay to drive my
1948 Ford which doesn't have brakes if I don't have the cash to fix it.

This is a matter of opinion. While this was my initial first thought, I
can't agree with it. An old PC is by no means a threat to others. The
invasive and unlawful actions of a third party is what turns the computer
into a threat.

I'd rather compare this with Canadian winter. It is so cold out that I
have to start my vehicle and let it idle for a few minutes. This means an
unattended vehicle with the key in the ignation. If the neighbours kid
takes the vehicle and plays impersonates "Grand Theft Auto", who's
responsible for the damage? As owner, at which point have I taken
reasonable precautions against such an event?

There are programs happening which refurbish and distribute retired
corporate PC's to schools and other organizations. All of this equipment
is as I described. There are an enormous number of PC's out there that
match the situation I described...

But that's all really not all that important to my question. What I really
need is an easy to use solution to deal with the problem. Emphasis is on
"easy to use" not necesarily easy to implement.

Matthew_Sullivan · February 7, 2004, 2:47pm

Robin Lynn Frank wrote:

There are valid reasons not to run antivirus software,

And they are?

With the exception of my BBS (still running) and until 2 weeks ago I hadn't run any av software on my machines (now I run clamav via postfix to stop the stream of incoming crap in my inbox)....

I've never needed to run any anti virus software. Funnily enough neither has my wife or son (age 9) they both know the golden rules. No disks from friends, no cover disks, and don't open any attachment unless you know what it is and who it's from. (and the other measure - linux runs on the desktops, so no LookOut Express)

To date I haven't been infected with a virus (except when analysing a few, but that's another story).

/ Mat

Gregh · February 9, 2004, 11:58am

Optus in Australia have taken the line of blocking port 25 to anything at
all excepting contact with their own servers. Seems to work. Some pissed off
customers with their own smtp progs etc but my guess is that this would fit
your bill.

Greg.

I_Am_Not_A_Lawyer_Si · February 9, 2004, 1:51pm

Gregh wrote:

Optus in Australia have taken the line of blocking port 25 to anything at
all excepting contact with their own servers. Seems to work. Some pissed off
customers with their own smtp progs etc but my guess is that this would fit
your bill.

Earthlink and many others have been doing this in the US for a long time.

But, they don't require any "authorization" in sending, despite that
being available built-in to NetScape/Mozilla for many years, and they
don't seem to actually scan their outgoing email for virii and cut off
the user.

I'm not sure this is the answer.

Jeff_Shultz2 · February 9, 2004, 5:03pm

** Reply to message from Adi Linden <adil@adis.on.ca> on Fri, 6 Feb
2004 23:00:12 -0600 (CST)

> > There are valid reasons not to run antivirus software,
>
> And they are?

P90w/32MB running Win95 used for email only... or insufficient finances
to purchase anti virus software... to name a couple.

Adi

That's not a valid reason. That's an excuse. http://www.grisoft.com -
AVG has a very nice free version for personal use. And they obviously
have the means to afford an internet connection....

Next?