[afnog] how to block spam activity on my router cisco 2600

Mikisa Richard rmikisa at bushnet.net
Tue Oct 18 12:37:04 EAT 2005


Mark Tinka wrote

>Is your upstream telling the truth from your perspective? 
>How do they know spam is originating from your router's 
>Ethernet interface? Are they familiar with your network 
>topology and/or IP addressing scheme?
>
>If you have identified your router's Ethernet interface 
>as sourcing the spam, could it be clients/servers are 
>using the IP address on your router's Ethernet 
>interface? NAT, perhaps? Your upstream must be able to 
>identify a real IP address, and not relegate the source 
>to your router.
>
>I'm curious to know why your upstream has identified your 
>router as the source.
>
>Cheers,
>
>Mark.
>

I have received a couple of those warning myself, turns out they 
actually do belong to some natted clients of mine who have been hit by 
some massive mailers.  Since most of us use NAT, all the upstream 
provider can do is point the culprit to your block.I would do what the 
others have said - point all SMTP traffic to one server, and perform 
spam/Virus filtering on it.

cheers
Richard





More information about the afnog mailing list