While we're on the topic of the cost of security...
A brief article has just gone live at the Handlers Diary at the SANS Internet Storm Centre with by-line "Relay Reject Woes"
Pity that poor guy putting all that time and effort into fighting the spam-bots.
The article brings to mind my experiences about 6 years ago; I'd just started taking care of a server running Novell and GroupWise. Every night their server had been crashing and/or running extremely slowly and their current IT provider were unable to work out what the problem was. They threw money at that server - more RAM, bigger hard drives, upgrading software, etc to no avail.
It didn't take long for me to work out what was going on; mail relaying was enabled on the server (back in those days mail relaying was enabled by default) and said server was being brought to its knees every night by the spam load being pumped through it and the inevitable NDRs that were being generated. The server was on every blacklist in existence and, of course, postmaster@ was not being monitored. Damned if I know how the situation could have escaped the attentions of the IT support provider.
Ok, so I turn mail relaying off, but that did not resolve the situation. Sure, it stopped the spam from being relayed, but it didn't stop the stuff from being accepted in the first place and dumped into the BAD directory. The server was STILL under an amazing load, and guess who had to pay the cost of the bandwidth being used.
Fast forward to current day and another server, this time running SBS. This time there is no mail relaying enabled but we are still the recipient of ridiculous loads of spam. Again, time and effort is devoted to trying to stem the flood - users a complaining about the level of spam getting into their inbox. Now that Exchange has mail filtering the job is easier, but it still takes up way too much time. Being a law firm, no email can be automatically deleted. Every single filtered message must be checked to ensure it is not a legitimate email and NDRs must be enabled :o(
It irritates me that so much spam is getting to me unimpeded. It irritates me that so much of that spam is coming from spam-bots owned by home users. But there is little that *I* can do to solve the problem. The problem has to be solved at the source, not the destination.
Then there are the baddies trying to log into my server for nefarious purposes using names like 'webmaster' or 'postmaster' or 'admin' or 'asdfasdf' (yeah right, like that last one is gonna work) or 'Pete' or 'Fred' or 'Sam'.
It irritates me that so much time and effort and cost is expended fighting the bad stuff. Go..away..and..leave..my..server..alone.