Hi, i've a rare scenario with one of my customers and i though that someone from here could give me some fresh(?) ideas.<br><br>My client has it's own MTA (wich i don't manage, neither have access to logs, etc) and it sends all outbound traffic to my server that has (MScanner, SA, clamav, dcc, pyzor, razor, some custom rules, etc).<br>
<br>The problem i've right now is that (i assume) some malware stole valid user/passwords to authenticate in the smtp server of my client, so tons of spam are trying to get out to internet through my server.<br><br>Althogh all anti-spam stuff seems to work, i need some new countermeasures to stop this at MailScanner stage (i cant do anything at MTA level because everything comes from the same ip).<br>
<br>Any idea?<br><br>something like my own checksum repository, or url blacklist, or header authentication matching, etc.<br><br>Any help would be appreciated.<br><br>Eduardo.<br>