----- Original Message -----
From: "Matthew Byng-Maddick" <exim@???>
To: <exim-users@???>
Sent: Monday, November 03, 2003 12:43 PM
Subject: Re: [Exim] Columbian Spammer
<snip>
> I didn't say it was a good idea. But blacklisting people who are the
innocent
> third party in such a situation, in such a way that they can't mail your
> postmaster and try to unpick what's going on is not going to help anyone
> in the long run. You should just be rejecting the relay attempt with a
normal
> 550 relay denied type message. Of course, there's a good DoS for anyone who
> attempts to do sender callouts, too.
>
> The former is what the first poster was suggesting doing. This is why he
> loses. Not understanding the implications of his actions in that way
> doesn't make him competent to run a mail system, in my view, but that's
> just me.
>
> As to other people who have accused me of liking spammers, I dislike
> spammers as much as anyone, but more even than spam (because mostly my
> filtering works for my main inbox), I dislike "anti-spam" measures that
> have un-considered collateral damage. (yes, spamcop is included in that
> list). The kind of ``one "relay" attempt and you can't mail anyone,
> including postmaster at our domain'' is among those kind of measures. It
> wouldn't be the first time that I've seen an advertised primary MX for
> a domain return "550 relaying denied" after RCPT.
>
> The net has become a hostile place, there is no denying it, but the bits
> that still work, still do because some cooperation happens, and some
> cooperation is necessary. That's why RCPT TO:<postmaster> has to work,
> as it is the legitimate user's way of saying "you blacklisted me? why? I
> did what the DNS told me to do." If you break the cooperation, you're no
> better than the spammers, in many ways, and I'll know that I don't want
> to accept mail from you, because I'll be unlikely to be able to report
> problems with it to someone who'll listen. Similarly with spammers.
>
> MBM
>
> --
> Matthew Byng-Maddick <mbm@???>
http://colondot.net/
>
For what it's worth, I have not yet ever blacklisted someone for abusing my
mail server. Of the few IPs I've blacklisted, the vast majority were
automated attacks against my web server.
That said...
I agree with your desire to keep the postmaster address open. I recently ran
into exactly that... Got a "550 relaying denied" from the publicly listed MX
for my cousin's email address. Even to postmaster. Very frustrating. I
can't even find out WHY! Arrrgh.
Right, so, I am making sure I never firewall blacklist someone for hitting my
mailserver, with the exception that I reserve the right to do so for a limited
period of time, in a DOS type situation.
To me, an ideal solution would be to institute a short term (something like an
hour) blacklist when an abuser is detected, simply to interrupt an attack in
progress.
Problems, suggestions, ideas?
Jim Roberts,
Punster Productions, Inc.