Re: [Exim] Columbian Spammer

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M+\MJames P. Roberts at <-
MMM 
Delete this message
Reply to this message
Author: James P. Roberts
Date:  
To: Matthew Byng-Maddick, exim-users
Subject: Re: [Exim] Columbian Spammer
----- Original Message -----
From: "Matthew Byng-Maddick" <exim@???>
To: <exim-users@???>
Sent: Monday, November 03, 2003 12:43 PM
Subject: Re: [Exim] Columbian Spammer


<snip>
> I didn't say it was a good idea. But blacklisting people who are the
innocent
> third party in such a situation, in such a way that they can't mail your
> postmaster and try to unpick what's going on is not going to help anyone
> in the long run. You should just be rejecting the relay attempt with a
normal
> 550 relay denied type message. Of course, there's a good DoS for anyone who
> attempts to do sender callouts, too.
>
> The former is what the first poster was suggesting doing. This is why he
> loses. Not understanding the implications of his actions in that way
> doesn't make him competent to run a mail system, in my view, but that's
> just me.
>
> As to other people who have accused me of liking spammers, I dislike
> spammers as much as anyone, but more even than spam (because mostly my
> filtering works for my main inbox), I dislike "anti-spam" measures that
> have un-considered collateral damage. (yes, spamcop is included in that
> list). The kind of ``one "relay" attempt and you can't mail anyone,
> including postmaster at our domain'' is among those kind of measures. It
> wouldn't be the first time that I've seen an advertised primary MX for
> a domain return "550 relaying denied" after RCPT.
>
> The net has become a hostile place, there is no denying it, but the bits
> that still work, still do because some cooperation happens, and some
> cooperation is necessary. That's why RCPT TO:<postmaster> has to work,
> as it is the legitimate user's way of saying "you blacklisted me? why? I
> did what the DNS told me to do." If you break the cooperation, you're no
> better than the spammers, in many ways, and I'll know that I don't want
> to accept mail from you, because I'll be unlikely to be able to report
> problems with it to someone who'll listen. Similarly with spammers.
>
> MBM
>
> --
> Matthew Byng-Maddick         <mbm@???>
http://colondot.net/
>

For what it's worth, I have not yet ever blacklisted someone for abusing my
mail server. Of the few IPs I've blacklisted, the vast majority were
automated attacks against my web server.

That said...

I agree with your desire to keep the postmaster address open. I recently ran
into exactly that... Got a "550 relaying denied" from the publicly listed MX
for my cousin's email address. Even to postmaster. Very frustrating. I
can't even find out WHY! Arrrgh.

Right, so, I am making sure I never firewall blacklist someone for hitting my
mailserver, with the exception that I reserve the right to do so for a limited
period of time, in a DOS type situation.

To me, an ideal solution would be to institute a short term (something like an
hour) blacklist when an abuser is detected, simply to interrupt an attack in
progress.

Problems, suggestions, ideas?

Jim Roberts,
Punster Productions, Inc.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Columbian SpammerRe: [Exim] [MEDIA] Exim as reference MTA->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)