Re: [EXIM] (un)blocking dynamic IP addresses [Was: A way to …

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Exim-users
Old-Topics: Re: [EXIM] A way to do this?
New-Topics: OFFTOPIC was Re: [EXIM] (un)blocking dynamic IP addresses [Was: A way to do this?]
Subject: Re: [EXIM] (un)blocking dynamic IP addresses [Was: A way to do this?]
[Late to this since I have been away, also comments on lots of messages]

morpheus@??? said:
> Jeffrey Goldberg wrote:
> >I applaud the practice of those ISPs that capture port 25 traffic and
> >force it through their mail hubs.


>     That is utterly deplorable.  People who run legit mail servers of
> their own do so for a reason.  All the ISP is doing is increasing the
> load of their mail server dramatically for no good reason at all. 


I'm not exactly unbiased - I implemented this policy for freeserve and
am *very* proud of it....

To put this in perspective, if you are working off a dynamic IP, then
the ISP has the duty to make sure that you are behaving yourself since
other people cannot just filter/block you out. If you want to be a
full net citizen with proper mail handling etc then you get yourself a
full connection with your own address space.

With Freeserve (and other dial up services) the choice is that they
block port 25 outgoing, or redirect it. The former is the easiest and
most secure, FS went for the more difficult route that allowed people
to continue using products or configurations that wanted to send mail
directly, but allowed control of the idiots that want to cause trouble.

> On 18 Apr 1999 01:08:46 -0500, Jason L Tibbitts III wrote:
> >More and more sites do not accept mail for dialups


>     Which is entirely unacceptable. 


Get real. Anyhow you are attempting to buck an established trend, and
soon there will be no ISP that allows direct send off dynamic IP
dialups - if they do they will effectively be cut off by the rest of
the net.

If you don't like this then you need to get an effective secure
protocol for end to end transmission of email where the sender pays the
costs of transport - ie you need on-line real time billing support as
well.

Quoth Greg A. Woods on Mon, Apr 19, 1999:
> I think you're way out of line there. Security and privacy alone *are*
> the reasons such redirects should be done where possible.


vadik@??? said:
> Why? What security and privacy do users or ISPs gain if all the
> users' mail passes through the ISP's mailserver?


The users gain because their ISP (if they control their mailserver
correctly), isn't a serious source of spam. That means other ISPs or
mail systems don't block that ISPs complete address space. This is a
*direct* result of MAPS RBL & ORBS.


vadik@??? said:
> Sure. If the users spams someone, the AUP must be such that the ISP
> can sue the user and pull several millions off his wallet.


You have touching faith in the law. You have to prove who the spammer
is - registration info, credit card data etc may be fake, If you have
CLI it might not be theirs.... a hotel room, a prepaid mobile etc...
Even when you have the idiot pinned down, getting more from them than
the legal expenses cost you is not clear cut. The only people who gain
from that are the lawyers and they are quite rich enough already.

vadik@??? said:
> And as a user, I want the right to connect to any host telnetting to
> any port and debug it if I think it might have a problem. I want to
> know why the mail was not delivered, what happened with the primary MX
> for the domain (whether the mailer daemon died there or the route is
> down), and why the secondary MX barks at me.


Then get an ISP with that sort of thing in their service level. FS
(where this started) do not and will never have that sort of service
level since it is a pile em high and sell em cheap operation - if you
want gold service you have the ability go out and buy it. Whats
happening is that people are complaining about the cheap end ISPs not
allowing themselves to be hijacked by their customers - that seems
entirely reasonable to me and its not restricting the end user since
they are perfectly able to vote with their feet.

On 20 Apr 99, at 8:19, michael@??? wrote:
> I do not redirect port 25, because I want users to be free to send mail on
> their own, but most people use that for spamming through open relays.


chris.bannister@??? said:
> They do? Where are the figures that you base this assumption on?
> Anyone running an open relay deserves any problems they are having.
> There are guides for every MTA I have seen to secure the relaying to
> those hosts/networks you wish to provide relaying.


For FS, the volume of mail by number of messages clearly shows that the
vast majority of mail that was attempted to be sent directly was
"inappropriate" - spam, mailbombing and other abuse. I don't have the
figures as such, but ran their mail system for six months so believe me
I know!
However there were a good number of users sending small amount of
legitmate mail - and the users sending spam didn't stay around because
it didn't work and got their accounts terminated.
So not so much "most people", but "most messages" sent directly (ie not
through ISP mail server) is mail abuse of one form or another.

    Nigel.
-- 
[ Nigel Metheringham                  Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]




--
*** Exim information can be found at http://www.exim.org/ ***