Author: David Daniels Date: To: exim-users Subject: Re: [exim] Report of new spam technique
There may be some good news.
A year ago I had about 1000 class c's blocked in a rbl that belonged to
SWBELL.
They all had dsl... or something like that in their reverse.
Recently SWBELL has begun to block port 25 outbound from their networks.
I have no idea if any other Bell applied the same rule. One could hope :)
Cox Internet has been blocking outbound port 25 from their network for a
long time.
Maybe if other ISPs start controlling their own customers by restricting
outbound port 25, it will get a little tougher on the spammers.
I just feel duty bound to pat SWBELL on the back for actually doing
something.
David Daniels
Edgar Lovecraft wrote:
>Bill Hacker wrote:
>
>
>..[snip]...
>
>
>>So; I am still looking for the 'smoking gun' w/r ISP relay
>>vulnerability.
>>Spammers may be trying harder, but so are the rest of us.
>>We have the advantage of operating in the open, cooperatively, and with
>>a better 'trust' model.
>>
>>Ergo, the article(s) still look(s) like sensationalism and FUD to me.
>>But I remain paranoid enough to ask 'what have I missed', what do we
>>need to now change // make sure we have already changed // do not forget
>>to check ..... to stop such a risk?
>>
>>
>>
>
>The article is snesatinalistic, but the 'problem' is that most ISP's
>do not force their users to use ASMTP, let alone use encryption for
>the SMTP transaction. So... it is really easy to fix, ISP's just need
>at the very least, to move from IP based relaying to authenticated relay,
>or authenticated relay only from their IP ranges, etc. Add that to
>restricting the client IP ranges connecting on TCP 25 outside the ISP
>network, and we can 'correct' most of the zombie machine behavior.
>
>I believe that come a few years from now, there very well could be some
>ISP's that choose to run 'open' systems and networks that get entirely
>blacklisted just because they refuse to help clean up the erroneous
>traffic.
>
>
>
