Autor: W B Hacker Data: Dla: exim users Temat: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
Chris Edwards wrote:
> On Tue, 17 Oct 2006, David Woodhouse wrote:
>
> | On Tue, 2006-10-17 at 16:09 +0100, Ian Eiloart wrote:
> | > 1. People who bounce viruses with warning messages (actually, that's fine).
> |
> | It's not fine to _bounce_ them -- they should be rejected. Generating
> | bounces in responses to viruses is bad.
>
> I think Ian meant listing of people who bounce viruses is fine.
>
>
> | Yeah, this is just the UCEPROTECT folks being muppets. I'm with Nigel;
> | they're best ignored.
>
> The classic DNSBL argument! Assuming they are muppets, they will
> ultimately be ignored, with few mail admins using them to block. If
> however enough mail admins are using them to block as to cause pain to
> those listed, then one might at least sit and think whether or not their
> listing policy has some merit afterall.
>
Not as they presently 'package' it. NFW!
One - or even *many* bad-actors in a netblock *cannot* justify listing the
entire block *unless* the block-holder has speciifed that MX shall not be run
from within that block.
Many *DSL / cable residential/SME bandwidth providers pre-emptively DO just that
- see SORBS - as their ToS prohibits operating MX (and/or certain other) servers
from those blocks anyway - (grant firewall rules would be better yet..)
SORBS is, in this case doing both the ISP and the community at large a visibly
useful service.
Jugenbund UCEPROTECT, OTOH, is listing entire netblocks in a very different, and
ultimately harmful, 'Catch-22' manner, as the responsibility for clearing the
problem - and keeping it clear - cannot ordinarily be readily resolved with
single-ISP or central-router firewall rulesets. Too many diverse 'necks' on
their chopping block.
One scheisspot hit every 6 days 23 hrs 59 minutes should take down a netblock
for the next 7 days? Or 50 Euros per each go?
Anybody here ever mis-type an IP?
If you want 'draconian' just drop all rDNS fails, HELO mismatches, and
(remaining) dynamic-IP sources - harming no one but your own user base.
WTH - a bit of delay per each such hit and you won't even have to tell them
*why* - most spambots will drop off the teat on their own.