Spam”The Other White MeatYes, you have all seen it: all those fantastic emails with get-rich-quick schemes, weight-loss medicine, and pornography. Although some like to refer to spam as unsolicited commercial email (UCE), spam seems to be a much more appropriate term unless you actually like Spam meat products. To combat spam, Cisco included a spam IDS signature with the IOS Firewall. The way the spam filter works is that the signature checks the number of email recipients in a single email. If the number exceeds a configurable threshold, a spam attack is suspected, and the IDS can take one or more of the actions described earlier. To configure a spam threshold, use the following command: Router(config)# ip audit smtp spam number-of-recipients The configurable number can range from only one recipient to 65,535 recipients. For instance, if you want to configure a threshold of 300 recipients to fire the spam signature, use the command in Figure 6.4. Figure 6.4. Configuring a spam threshold.
Now, if the number of email recipients in a single message is 300 or more, the IDS services will suspect a spam attack.
|