On Sat, Mar 05, 2005 at 08:28:55PM -0800, Marc Perkel said:
> I had a friend make an interesting suggestion. He said, "Why not check
> the sending IP to see if it can receive anything on port 25?" The idea
> being that a spammer might be sending on port 25 but can't receive
> anying on port 25.
That check will fail for most of the outbound mail systems I administer.
A few of them do have prot 25 open (or maybe just submission) for
roaming users, but the vast majority are closed to everything but their
LAN. This is also fairly common for large organizations with
complicated mail routing.
And really, what do you expect to see? Regular DSL customer who has a
trojaned box - most ports closed or filtered due to ISP firewalling, and
no services listening. Outbound mail server for large organization -
all ports closed due to firewalling and lack of listening services on
public interfaces. What does that buy you?
It seems as though your FUSSP is becoming more and more about just
rejecting all mail, and as a sideline, preventing the flow of spam
through your open relay. Have fun,
--
--------------------------------------------------------------------------
| Stephen Gran | Equal bytes for women. |
| steve@??? | |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------