[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SPAM Tuerkei in die EU

To: Rainer Duffner <rainer@xxxxxxxxxxxxxxx>
Subject: Re: [suse-security] *****SPAM***** Tuerkei in die EU
From: Ariel Sabiguero Yawelak <asabigue@xxxxxxxxxxx>
Date: Thu, 19 May 2005 06:06:17 -0300
Cc: Dörfler Andreas <Andreas.Doerfler@xxxxxxxxxx>, suse-security@xxxxxxxx
Delivered-to: mailing list suse-security@xxxxxxxx
In-reply-to: <428C3840.3080703@xxxxxxxxxxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <D73F884883CCED428D90FEAABBD166F009EECD@xxxxxxxxxxxxxxxxxxxxxxxxx> <428C3840.3080703@xxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.2 (X11/20050317)

Rainer Duffner wrote:

Hi Andreas,

to the contrary.
Why would a dynamic IP need to talk to my mailserver directly?

IPs themselves are not dynamic, maybe the client gets some sort of a"lease" for a period of time.... but the address is always the same ;-)

Are you really sure that the machine "behind" that number REALLY change?

It's a zombie with almost 100% probability (and the rest are cluelessidiots or broken software).
10-20% of my RBL-hits are dynamic ips.

I am not sure if I fall within the 100% probability of being zombie orbeing a clueless idiot... (I think I am not broken software)In my country, Uruguay, the National Telephone Operator (ANTEL /ANTELDATA) sells fixed IPs within blocks of dynamic addresses and/ordomainnames (.com.uy) without a reverse resolution. We have been able tomake them change the reverse DNS in some cases and in other not (answer:"technical reasons").Sometimes you simply believe it is a dynamic IP, but really it is aresponsible site well administered but with an operator that might needto provide a better service.

You think it is "dynamic" because you get a

   r200-40-yyy-xxx.adinet.com.uy.

after a "dig -x" but maybe the address has been allocated for the samecustomer for several years, without any spam incident, without evenbeing an open relay.... not even a single problem...

The first Sober.Q that hit my mailbox came right through thismailinglist (and then some through the Squirrelmail-list). I didn'tget a single one directly.

I am sure that if you only allow mail from your own host you will beeven safer!

Remember that until IPv6 happens, many countries don't have enoughaddresses to provide such an "ordered" and "neat" addressing scheme thatmeet your high-standards.But let me tell you that such a policy (I am not refering to youparticularly but to all those who use it) is quite segregationist, asyou are banning people out without being even taking care of it!


If you oversimplify things you tend to do this kind of mistakes.

I am not taking it personal that you call me zombie or cluelessidiot..... but I would appreciate that you re-consider your securityrules, in a way that support and promote the "free speech" and universalaccess that Internet shall provide to all of us.


Best regards

Ariel "clueless idiot"

cheers,
Rainer



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

References:
- RE: [suse-security] *****SPAM***** Tuerkei in die EU
  - From: Dörfler Andreas
- Re: [suse-security] *****SPAM***** Tuerkei in die EU
  - From: Rainer Duffner

Prev by Date: Re: [suse-security] *****SPAM***** Tuerkei in die EU
Next by Date: RE: [suse-security] *****SPAM***** Tuerkei in die EU
Previous by thread: Re: [suse-security] *****SPAM***** Tuerkei in die EU
Next by thread: Re: [suse-security] *****SPAM***** Tuerkei in die EU
Index(es):
- Date
- Thread

Re: [suse-security] *****SPAM***** Tuerkei in die EU

Re: [suse-security] SPAM Tuerkei in die EU