On Mon, 10 May 1999, Nigel Metheringham wrote:
> Marc.Haber-lists@??? said:
> > In Germany, the latest ORBS action has caused some havoc. Apparently,
> > some danish site has done some scanning and reported all open relays
> > they found to ORBS. This has included some multi-level relays
> > including the major smarthosts of quite a few major ISPs in Germany.
>
> This is a bit of a problem - I have had experience of a correctly
> configured mail system being ORBS listed because it allowed relaying
> from hosts connected in via our dialup pools. If one of the dialup
> hosts is connected and running an old sendmail config or something else
> that allows relaying during the probe tests then that host and its
> upstream relays get blacklisted. ISPs really cannot control the
> configurations of every machine that connects in via them. This sort
> of action tends to lead to rather silly action being taken to
> counteract it (in our case we built a filter that detected and rejected
> the probe messages - which does nothing to deal with the real problem,
> and alternative approach would have been to block port 25 into modems).
Perhaps ORBS/IMRSS should reference the DUL/DSSL, and if the "input
address" is listed as part of a dynamic dialup pool, then throw out the
entry, since ISP's are always going to allow their own dialups to relay
thru them, and there's no way to prevent any random schmuck from
setting up a relayable MTA on their system connected dialup..
Hrm.. Although I suppose ISP's could get one more level stricter, and
block incoming port 25 _to_ dialup blocks.... Hrm..
--
*** Exim information can be found at
http://www.exim.org/ ***