[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Banning dynamic IPs (Was: *SPAM* Tuerkei in die EU)

El 2005-05-23 a las 12:27 +0200, Rainer Duffner escribió:

> Carlos,
> it's not about blocking dynamic ips sending mail (or surfing the web).
> Just dynamic ips sending mail without going through a mailserver that is not
> an MX!

Dana Hudes said just that, block all traffic:

|> Your issue is permanent blocking. This is controversial.
|> The idea has been to exert pressure on ISPs whose users complain.
|> This is of limited success. the idea is that if dialup and dhcp (cable,
|> dsl) users found they could not access major portions of the internet
|> -- not just for e-mail but web browsing as well -- then they would be
|> motivated to complain to their ISPs who would act more forcefully and
|> quickly against spammers etc. . If somoene could get yahoo and hotmail
|> and google to "sign on" to such a program then yes there would be a
|> dramatic amount of complaints.

> Normaly, it should go like this:
> | customer with dyn.IP|------>|MX of provider/hoster/whoever|------>|my
> | MX|<-----|me myself via IMAP on dynamic IP|
>                      (SMTP)................................(SMTP)
> I myself do SMTP-AUTH to allow relaying.
> OK, so I have my own mailserver - but if I didn't have that, I'd subscribe to
> some online mail-service that allowed me to relay through their MX via

The problem, or problems, are several. For one thing, the smtp relay
servers my ISPs provide are not reliable: they may fail to send an email,
and worse, they don't inform me of that, or they do several days late.

But even if I use the relay, they have policies that impede my use of them
seriously, like only accepting email with a "From" address of theirs.
Therefore, I can not send all my email through only one relay server, or
not at all for redirection accounts (like sourceforge).

Unfortunately, Postfix transport file does not has rules to select which
relay server to choose based on the FROM address, only on the TO part. I
need that feature.

I was told (thanks, Arjen) to try 'esmtp' (http://esmtp.sourceforge.net/)
- I've downloaded it, waiting for compilation -but a comment I read makes
me afraid that it will not work well with non permanent connections.

Thus, I have no alternative (yet?) but to use Postfix for direct sending.

  In my opinion, the best solution would be a method to really identify
  who is sending, regardless of the type of IP he is using. A
  cryptographic signature, probably, for the "FROM" header, not the
  contents (signing the contents is a problem with domainkeys with lists
  like SuSE's)

  At least in Spain, with a court order, it is possible to identify the
  spammer with the IP, because there are listings correlating each IP and
  timestamp to the phone used, and thus, the person responsible.

> Please don't cc to the SuSE-list.

Ein? You mean, email you direct, without a CC to the list? :-o

I'll try, but I'm sure your server will reject my dynamic IP server.
Impossible, it rejected me:

  (host mail.** [*.*.*.26] said: 451 Dynamic IP Addresses 
  See: http://www.dnsbl.sorbs.net/lookup.shtml? (in reply to RCPT TO command))

Thus, I resend to the list instead. Sorry.

       Carlos Robinson
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here