[afnog] how to block spam activity on my router cisco 2600

[Mikisa Richard]

Mark Tinka wrote

>Is your upstream telling the truth from your perspective? 
>How do they know spam is originating from your router's 
>Ethernet interface? Are they familiar with your network 
>topology and/or IP addressing scheme?
>
>If you have identified your router's Ethernet interface 
>as sourcing the spam, could it be clients/servers are 
>using the IP address on your router's Ethernet 
>interface? NAT, perhaps? Your upstream must be able to 
>identify a real IP address, and not relegate the source 
>to your router.
>
>I'm curious to know why your upstream has identified your 
>router as the source.
>
>Cheers,
>
>Mark.
>
I have received a couple of those warning myself, turns out they actually do belong to some natted clients of mine who have been hit by some massive mailers.  Since most of us use NAT, all the upstream provider can do is point the culprit to your block.I would do what the others have said - point all SMTP traffic to one server, and perform spam/Virus filtering on it.

cheers
Richard