Security Corner

Jul 25 2008   1:45AM GMT

Sure-fire Spam Zombie Killer

Ken Harthun Ken Harthun Profile: Ken Harthun

The other day, I got a call from one of my clients who said that their email was bouncing back from people they had always been able to send to. I investigated and found that the error message was to the effect of <hostname.domain #5.5.0 smtp;550 Blocked;Spam/Zombie address listed at sbl-xbl>.

Well, that was odd, because the client is running a bona fide Exchange server and a check of the server revealed nothing wrong that I could see. Thinking that maybe an employee was infected with a mass-mailer trojan, I blocked all traffic on smtp port 25 from all addresses on the network except the Exchange server.

Running the netstat -an command on my client’s PC revealed 88 connections, all trying to send mail out on port 25, which the firewall was now blocking.

Certainly, you don’t want to get infected by a mass-mailer trojan, but blocking outbound traffic on port 25 from your network is a sure-fire spam zombie killer and will prevent your IP address from getting blacklisted if someone does get infected.Of course, you’ll want to clean up that infection as quickly as possible.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: