Re: Reverse dns checking for local machine

Top Page
Delete this message
Reply to this message
Author: George Bonser
Date:  
To: Redvers Davies
CC: exim-users
Subject: Re: Reverse dns checking for local machine

On 05-Sep-97 Redvers Davies wrote:
>
>This is a very scary statement to make. "I do not wish to provide a service
>to my users unless I have the ability to see what they are doing".


To do otherwise is irresponsible. You must assume that the dialup site is
incapable of logging transactions in any significant way. To provide a legal
remedy for the recipient of a mailbomb or other malicious act, there must be a
log somewhere of the transaction. The ENTIRE purpose of bypassing the ISP's
mail host is to avoid detection of email activity that would otherwise be
against the terms of service of the provider.

Let me give an example that occured two nights ago. A spammer was "cruising"
concentric network's consumer dialup IP addresses looking for systems that
would accept a port 25 connection and dumping spam into them for relay. These
are mainly home and hobbyist systems with dynamic IP that are not normally on
the net more than a few hours every day. The spammer injects a few dozen
spams into each such system found and to the end recipient, it looks like
Concentric sent the mail.

That spammer was using a dialup account at another major ISP. If that ISP had
blocked port 25 access at the router, there would be no way for that to happen.


You also seem to be forgetting one of the first rules of life, it only takes
one or two idiots to mess up a good thing for everyone.?

>
>Limiting the freedom that people enjoy is censorship...
>>From Websters Dictionary:


You are not limiting anyones freedom in the slightest. They may email anyone
they choose and recieve email from anyone. You are simply
establishing a policy of how email transactions are to be performed.



>
>Just because you choose to do it in this way does not mean that
>this is the correct and only way to do it.



SMTP is designed for hosts that are permanently connected to the net. Using it
for intermittently connected hosts is inefficient and a waste of system
resources. Those are good enough reasons for me.


>This is the way *I* choose to do it as it gives me far more flexibility,
>privacy and visibility of any problems that may arise.


But there are a few dozen pro spammers using dialup ports that are going to
screw it up for you. Sorry, that is life, happens all the time. I expect
blocked port 25 to be commonplace at most ISP's shortly. It is growing. You
will still be able to use exim, you would just use your ISP as your smarthost.
That will also save you bandwidth since you will not have to perform the DNS
lookups for each email.

>"The purpose of blocking use of encryption is to make it easier for the
>police to kill an account whose activity they don't like, as they will have
>hard copy of the transactions"


Oh, knock it off. NOBODY is talking about READING email, they are only talking
about logging it just as telephone calls are logged by the phone company.
Also, you are fully free to encrypt you mail. Who said anything about looking
at the CONTENT of the email? An ISP passing hundreds of thousands of emails a
day doen not have the time OR the interest in what is in your email.

>
>How is this so? Surely if you are asking the originators ISP to impliment
>the filter, the remote sites won't be able to apply anything.


Because I can then allow my mailhost to deny all connections from a network
EXCEPT for the proper mailhost.

>
>In your "quest for the truth" you are going to log intentionally
>peoples valid and law abiding communication through things such as
>anonymous re-mailers... You are infringing on their privacy.


Look, the logging is EXACTLY like your mail log. Look at it. Does it state
what was IN the mail ... NO. Nobody is talking about READING the mail. All it
would do is write a log entry that at X time a mail from Y to Z was sent.
Period.

>
>"I can think of no reason that a dialup customer would ever need encryption".


I can. Encryption is your friend.

>

---
George Bonser
Debian/GNU Linux See http://www.debian.org
Linux ... It isn't just for breakfast anymore!

--
* This is sent by the exim-users mailing list.  To unsubscribe send a
    mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/