Re: OFFTOPIC was Re: [EXIM] (un)blocking dynamic IP addresse…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Nigel Metheringham
Data:  
Para: Steve Lamb
CC: Exim-users
Asunto: Re: OFFTOPIC was Re: [EXIM] (un)blocking dynamic IP addresses [Was: A way to do this?]

morpheus@??? said:
>     I mean, let's think this through.  They force all customers to go
> through a redirect to port 25.  Great, now they increased the load of
> their mail machine, piss off customers, but themselves at risk of
> legal action, and what have they gained?  Nothing.  When the see the
> load, they cancel the account and the spammer just gets a new one.  If
> anything, all they have done is shorten the cycle, nothing more.  That
> isn't worth it. 


Greg has explained most of this, but I'll give some detail from how
Freeserve worked.

All FS mail systems monitor incoming mail in 2 ways - firstly a per
message check (system filter) which looks for suspicious message forms
(we did virus detection in there, check on # recipients, address
patterns etc) and freezes those messages for post processing (its a
sloppy detection designed to give false positives rather than false
negatives). Additionally another process watches the system and flags
suspicious incoming patterns, the messages from which are then frozen
and the IP address temporarily added to a block pool which is handled
within the system filter. [this is both belt and braces, but allows
for our systems being able to deliver most messages before they hit the
logs].

Basically after post processing our false hit rate was very low. On
spam runs we often got all the messages in a run, or lost the first
dozen (max).

The additional loading of redirecting SMTP into our servers is pretty
much zero - the machines that took those connects were very
underloaded, and the modem chassis had loads of spare CPU. You also
seem convinced that the choice is between redirecting SMTP or letting
it through. This is not the case - the choice is redirection or
blocking. I believe that any mass market ISP (non specialist market)
that allows direct SMTP is irresponsible and/or giving themselves a
hideous support load/reputation. [Just look at the gist of the Virgin
court case - not that the guy spammed through them but that they hence
forth got put in the RBL]

We often had the account terminated before the guy had finished
attempting to inject the mail, added his CLI to a black list (you
cannot send mail at all without CLI, and changing CLI is relatively
problematic). Then we terminate the guy at the modem and were rid of
him for good.

As for credit card verification (which is utterly irrelevant to a free
service), I have quite a list of numbers I know, and I know how to put
together card numbers which pass the basic tests and look authentic. I
could then write a set of perl (I actually have it somewhere - it was
the test harness for various signup systems I wrote) which just
subscribes (or attempts to subscribe) accounts by the dozen.

In short ISPs sell mail services, not in general infrastructure for you
to run your own. If you want to do something that in the new market is
a specialist application then you need to get a specialist service. If
that costs more then thats market forces.

    Nigel.
-- 
[ Nigel Metheringham                  Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]




--
*** Exim information can be found at http://www.exim.org/ ***