Re: [Exim] Columbian Spammer

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Matthew Byng-Maddick
Datum:  
To: exim-users
Betreff: Re: [Exim] Columbian Spammer
On Mon, Nov 03, 2003 at 12:16:46PM -0500, Wakko Warner wrote:
[please keep the attributions of messages you quote:]
[ > Giuliano Gavazzi wrote, and "Wakko" snipped: ]
> > More than I care to do (I do not enforce blacklisting based on
> > attempts) but perhaps something Matthew would accept.


This is precisely the kind of theing I'm warning about.

> If someone configured their MX to point to my machine and I have no idea who
> these people are, they may get blacklisted by me. However, if the rcpt to


Who are you going to blacklist? The people who configured their MX to point
at you, or the people who (not realising that you're not really an official
MX) send that domain mail. If the latter, then you lose.

> domain is always the same, it would be easy to figure out WHO did the
> configuring.


Indeed.

> I dislike the @mx (I forget what it was called) in the relay_to_domains for
> this reason. But that's just me. I'd rather not unknowningly become
> someone's backup MX.


I didn't say it was a good idea. But blacklisting people who are the innocent
third party in such a situation, in such a way that they can't mail your
postmaster and try to unpick what's going on is not going to help anyone
in the long run. You should just be rejecting the relay attempt with a normal
550 relay denied type message. Of course, there's a good DoS for anyone who
attempts to do sender callouts, too.

The former is what the first poster was suggesting doing. This is why he
loses. Not understanding the implications of his actions in that way
doesn't make him competent to run a mail system, in my view, but that's
just me.

As to other people who have accused me of liking spammers, I dislike
spammers as much as anyone, but more even than spam (because mostly my
filtering works for my main inbox), I dislike "anti-spam" measures that
have un-considered collateral damage. (yes, spamcop is included in that
list). The kind of ``one "relay" attempt and you can't mail anyone,
including postmaster at our domain'' is among those kind of measures. It
wouldn't be the first time that I've seen an advertised primary MX for
a domain return "550 relaying denied" after RCPT.

The net has become a hostile place, there is no denying it, but the bits
that still work, still do because some cooperation happens, and some
cooperation is necessary. That's why RCPT TO:<postmaster> has to work,
as it is the legitimate user's way of saying "you blacklisted me? why? I
did what the DNS told me to do." If you break the cooperation, you're no
better than the spammers, in many ways, and I'll know that I don't want
to accept mail from you, because I'll be unlikely to be able to report
problems with it to someone who'll listen. Similarly with spammers.

MBM

--
Matthew Byng-Maddick         <mbm@???>           http://colondot.net/