[Exim] identd checks, squid and 'CacheFlow Server' open prox…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Alan J. Flavell
Datum:  
To: Exim users list
Betreff: [Exim] identd checks, squid and 'CacheFlow Server' open proxies
Hi,

In the past, I have reported that identd checks (we use a modest
timeout of 7 secs) were serving a useful role in picking up open
"squid" and "CacheFlow Server" proxies being (ab)used for relaying
spam.

I have to report that in recent weeks the harvest of such simple
rejections has practically dried up. In one recent week we had a
grand total of 1, and the *highest* recent score of rejections has
been only 21 in a week.

And a quick look at the IPs in question shows that most would have
been picked up as an open proxy in a DNSrbl check at, say,
cbl.abuseat.org or your choice of some combination of SORBS, AHBL,
NJABL, Blitzed...[1].

So, to be honest, I'm not sure that the identd is performing any
useful automatic function now; (although it can sometimes be of
interest when looking at the logs, and seeing identd responses like
"nobody", "httpd", "apache" etc, which convey some information to an
admin, even if they aren't being used to reject or rate the item).

Hope that's useful.

[1] no point in mentioning Easynet now, more's the pity. We were
pretty happy with that, and sad that it's going away.