up until a couple of week ago, smtp/pop3 was fine. then the mis director decided we needed norton av for smtp gateways. I could not get both smtp authentication and av gateway to work at the same time so we brought in a consultant last wed.

The consultant says it can't be done, that as long as we use smtp w/norton we can't authenticate. the smtp sever needs to 'not authenticate all requests from the av server. It looks like we might get exchange, but it will take some time, 2 weeks to a month for the powers that be to decide.

Today i notice that someone in thiland has hi-jacked my server to relay spam, creating a log file 24 meg over normal. were talking serious spam.

I can't deal with this. I hate fu##en spam.

the corp says we must have av gateway and relay is essential for the work that they do.

the way i see it my only alternative is to filter out entire ip ranges. We have no dealins with S E asia so maybe blocking the whole lot and other misc spamhauses ain't a bad idea.

In ISA i can filter deny smtp to a range of ip addresses, but i don't quite understand it

the rage they ask for is:

subnet: xxx.xxx.xxx.xxx

mask: xxx.xxx.xxx.xxx

now given the block the spammer owns 202.198.0.1 - 202.198.255.255 how is this info calculated.

i tried to enter, under 'block this computer', 202.198.0.0 hoping to include everything included in 202.198, but that didn't work.

anybody have any idea?

ps if any one knows what the ip range is for s.e. asia that would be appreciated. not that all spam comes from their but much of it does.