[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] Is it quiet or is my email broken? :) (fwd)

On Mon, Jun 17, 2002 at 07:49:04PM +0200, Maurits van de Kamp wrote:
> Again, it's completely silly to hold Casema's smtp server responsible for
> this, since this would be the case for ANY isp's smtp server whenever one
> of their customers is so silly (and since there's one born every minute,
> every ISP *will* have an unsuspecting open relay somewhere amongst his
> clients). Might as well blacklist smtp.* and be done with it.

The problem is that on the end that is receiving the spam, the only thing I
see is the IP address where it originates - it does not matter if that is a
single open relay or a multihop relay, I get the spam anyway.

So to effectively block spam, I *need* to block multihop relays, since
otherwise, all spammers which quickly switch to these (it is interesting to
see how many different relay attempts show up in my mailserver, so they *do*
actively scan).

A good provider needs a policy and an abuse team to block such misuse of its
relay.

This is unfortunately (I still remember the days when everyone allowed
relaying through her servers as long as the traffic did not cause trouble),
but as long as there are no other possibilities to block spam, we will have
to live with the negative side-effects.

> Sure, and if they don't bump into an open relay customer this time, it
> will be negative.

The test will test only the one IP address that was an open relay last time.
If they still have not shut off or secured that customer's server, they
belong on the list.

> I guess the DSBL main list is a good thing, but if the multihop list
> really exists to punish ISPs for the stupidity of their customers, they
> might as well save themselves the trouble and ban every single ISP. They

What alternative do you propose? It is the only possibility to make the ISP
*do* something about these clueless customers - otherwise, why would they
care?

> will _ALL_ relay their customers' mail, and they will _ALL_ have customers
> that install nifty my-*-server packages into their windows systems that
> create open relays. It's those open relays _themselves_ you'd want to ban,
> but that's not possible since they will usually be on dynamic IP
> addresses. Blacklisting everyone on that ISP (which is what has basically
> happened here) is like bombing an entire nation because a terrorist might
> be hiding in the hills. ;)

It is debatable if a dynamic IP address needs incoming traffic on port 25 -
a sane policy might be to block that by default, and only enable it on
request (and after the customer signed a "I know what I am doing"-letter).

However, I would guess that most multihop relays at customers are not on
dynamic addresses, since these tend to be gone by the time the relay checker
comes along.

cu
Michael