RE: [Exim] BACKUP smart host?

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Mike 'Fraz' White
Ημερομηνία:  
Προς: 'Matthew Byng-Maddick', exim-users
Αντικείμενο: RE: [Exim] BACKUP smart host?

> -----Original Message-----
> From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On
> Behalf Of Matthew Byng-Maddick
> Sent: 17 May 2004 10:35
> To: exim-users@???
> Subject: Re: [Exim] BACKUP smart host?
>
> On Mon, May 17, 2004 at 09:00:24AM +0100, Mike 'Fraz' White wrote:
> > knowingly running SMTP servers this can cause a few problems. My
> > personal experience from my previous job is that customers knowingly
> > running mail servers are very rarely, if ever, a problem.
>
> Please can you explain to me (something that noone has yet been able

to do
> to my satisfaction): how can I tell that you are "knowingly running a

mail
> server" as opposed to either
> a) running exchange in open-relay mode (one of the more common support
> calls
>    to a friend of mine at his previous ISP job was "my ADSL is going
> slowly".
>    His first diagnosis question was always "Are you running

Exchange?")?
> b) some random compromised box sending out spew (probably a windows

box
> with
>    a virus)?

>
> These are, after all, most of what emanates to my port 25 from

networks
> with
> dynamically-assigned hosts.
>
> If you are "knowingly running a mail server", then IMO, you should
> knowingly
> be running it on an IP address with a reasonable reverse DNS, and

where
> your
> IP addresses don't have the potential to move around every 7 days.
>
> Cheers
>
> MBM
>
> --



I fully agree with you, there is no easy way of telling and
unfortunately the minority of responsible users are handicapped because
of the clueless majority. Again from personal experience, businesses on
ADSL/Cable connections with an "inhouse IT person" tend to be the big
culprits when it comes to open relays whereas your residential customers
tend to be more virus infected (or running third party proxy software
which defaults to being insecure to serve a home LAN).

The reason that many people (including myself) run their own mail
servers is because ISPs mail servers aren't always as reliable as you
may like them to be although their 'raw' net connection may be
absolutely superb (Off the top of my head I've had less than 72 hours
downtime in nearly 5 years and that includes moving home twice!!)(. Yes
I could configure my system to send out everything via my ISP and still
receive mail directly but I choose not too. I just have to accept that
there are certain limitations and where possible work around them.

On the IP front I've actually had my current IP for nearly 18 months and
previous to that I had the same IP for over 24 months :-) On the static
IP front I know that some ISPs allocate static IPs to their business
customers from the same ranges as those assigned dynamically so in some
cases even if you're on a fixed IP you can still be flagged up as
'dynamically assigned' although in fairness some ISPs such as AOL do
take this into account and will allow such customers to be
'whitelisted'.

Oh before you say it, yes, ideally static IPs would be assigned from a
totally different range so this confusion doesn't occur but hey its not
an ideal world :-)


What would be nice I suppose (wishful thinking time) is if the
maintainers of the various RBLs had a system whereby responsible home
users could have their mail servers automatically checked on a regular
basis and assuming that they pass these tests then they could be added
to a whitelist/removed from the existing blacklists. ie by default all
dynamically assigned IPs would be blacklisted unless they specifically
applied to have themselves tested & removed.





--
Mike 'Fraz' White
www.smartowner.co.uk