Re: block Mail Spam

m.abdallah · ‎01-14-2003

I have Cisco PIX 515 ver 6.x and Cisco IDS 4230 ver. 3.1(2)S23 ( IDS Manager and Viewer )

I want to protect my mail server from Mail Spams ( emails sent to more than 200 Recipients on my mail server. )

The IDS and the Mail Server installed in the internal side ( inside interface ) of the PIX 515

Is it possible for the IDS OR the PIX to block the email-spams ( don't deliver this emails to the Mail Server ) ???

Can anyone help my in this configuration ?

Thanks

Regards

Mohamed Abdallah

astuckey · ‎01-14-2003

Some standard parts of email delivery are going to work against you here.

While a shun or a TCP reset might be issued fast enough to interrupt a specific message, most mail servers are set to retry delivery in case of failures. The message may time out after a few days, but you have no control over that.

Also, shunning popular mail servers like hotmail.com might cause disruptions you don't want.

This really seems like a problem better solved elsewhere in the system.

m.abdallah · ‎01-14-2003

hi,

Thanks for you reply.

i am using IMAIL ver. 6.x as Mail Server

Do you suggest TCP reset or block signature # 3106 on the IDS ?

What is the differenece between TCP reset and Block ?

Why do you think servers like hotmail may cause disruptions ??

how can I solve this problem elsewhere in the system as you suggest ?

Regards

Mohamed Abdallah

8ssethi · ‎01-14-2003

Best way to block spam is on the email server unless cisco comes out with IDS signature that can control it. What i use is a software solution on our company exchange server to filter out domains from RBl list. Email me i will let u know in detail.

m.abdallah · ‎01-14-2003

Hi,

Thanks for your reply

I am using IMAIL ver. 6 as a Mail Sever

What about the Sig. # 3106 on Cisco IDS which control Mail Spam ?

Would you please send me more info. to my email address : mabdalla@access.com.eg

Regards

Mohamed Abdallah