Re: [Exim] Columbian Spammer

Góra strony
Delete this message
Reply to this message
Autor: Wakko Warner
Data:  
Dla: Matthew Byng-Maddick
CC: exim-users
Temat: Re: [Exim] Columbian Spammer
> > If someone configured their MX to point to my machine and I have no idea who
> > these people are, they may get blacklisted by me. However, if the rcpt to
>
> Who are you going to blacklist? The people who configured their MX to point
> at you, or the people who (not realising that you're not really an official
> MX) send that domain mail. If the latter, then you lose.


If there's tons to a specific domain, I'll know someone pointed their MX at
me. If I see random relay attempts, they are subject to being blacklisted.
I don't blacklist at every attempt though. I don't loose anything per se
because I'm the only user of this mail system. I see all relay attempts
through my personal server as abuse. Just like people trying the ftp bounce
attacks. If they continue, yes, they get banned especially if the ISP
refuses to take any form of action.

> > domain is always the same, it would be easy to figure out WHO did the
> > configuring.
>
> Indeed.


Again, if I see the rcpt to domain being the same from random IPs, I'll know
what's going on. If the rcpt to domain is something like yahoo, aol,
netscape, microsoft, etc, they're more likely to be banned than some of the
ones that aren't common.

> > I dislike the @mx (I forget what it was called) in the relay_to_domains for
> > this reason. But that's just me. I'd rather not unknowningly become
> > someone's backup MX.
>
> I didn't say it was a good idea. But blacklisting people who are the innocent
> third party in such a situation, in such a way that they can't mail your
> postmaster and try to unpick what's going on is not going to help anyone
> in the long run. You should just be rejecting the relay attempt with a normal
> 550 relay denied type message. Of course, there's a good DoS for anyone who
> attempts to do sender callouts, too.


In this case, as I said, I am the only user of this server. You spam me,
you get banned 100% no questions asked. Currently due to my bandwidth and
the swen payload, my primary mailserver is not seen on the internet. I've
configured another system to handle the swen payload and forward my mail.
When it quits, if ever, I'll relax all the current blocks. But that's just
me.

> The former is what the first poster was suggesting doing. This is why he
> loses. Not understanding the implications of his actions in that way
> doesn't make him competent to run a mail system, in my view, but that's
> just me.


And if he's like me, the only user of the mail server?

> As to other people who have accused me of liking spammers, I dislike
> spammers as much as anyone, but more even than spam (because mostly my


I haven't actually.

> filtering works for my main inbox), I dislike "anti-spam" measures that
> have un-considered collateral damage. (yes, spamcop is included in that


I use spamcop and a few others on my personal server to solely base
blocking. I don't often get mail personally (Just mailling lists mainly)
unless it's like this. If I loose a legit message this way, that's ok with
me. I can whitelist as needed (which in the years I've been doing this,
I've never needed to).

> list). The kind of ``one "relay" attempt and you can't mail anyone,
> including postmaster at our domain'' is among those kind of measures. It
> wouldn't be the first time that I've seen an advertised primary MX for
> a domain return "550 relaying denied" after RCPT.


I've seen some of those. Usually the spammer domains where they don't relay
for the domain anymore (or host it, which ever)

> The net has become a hostile place, there is no denying it, but the bits
> that still work, still do because some cooperation happens, and some
> cooperation is necessary. That's why RCPT TO:<postmaster> has to work,
> as it is the legitimate user's way of saying "you blacklisted me? why? I


Tell me, other than the people like users on this list and others, who's
going to be 'smart' enough to do this? Out of the blocking that was done at
work, a very very small percent actually read the error message and emailed
asking why. They'd either call or fax us. Fact is, people are simply
stupid.

> did what the DNS told me to do." If you break the cooperation, you're no
> better than the spammers, in many ways, and I'll know that I don't want
> to accept mail from you, because I'll be unlikely to be able to report
> problems with it to someone who'll listen. Similarly with spammers.


"my inbox my rules". Just happens this is a 1 inbox server =)

--
Lab tests show that use of micro$oft causes cancer in lab animals