<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: spam SW, EMS/RFMS

In message <199803201124.MAA10343@localhost>, Gunnar Lindberg wri
tes:
>Sorry, I should have been more clear about that. Correct, you cannot
>ever deny "MAIL From:<>" into your local system, for the reason Ulf
>mentions. However, you could possibly refuse to act as Mail Relay
>for that - I've though of it but haven't yet got sendmail to hand
>out enough information to the Schek* rules. And, what I did was more
>to use who sent "MAIL From:<>" to manually select what dialup ISPs
>seems to carry many such EMS/RFMS spammers.

Don't worry.  I can save you time.  

<paranoid>They're everywhere</paranoid>

(at least according to our logs)

>>Why use secondary MX?
>>The sending MTA will keep the mail in any case until 1'MX is up...
>
>To get the mail "closer" to us so that we - chalmers.se - can see
>that some subdomain's mail server is down and have them take action
>(often we notice before they do). This is probably a difference
>between my university, where we are all one happy family (hm :-),
>and an ISP with customers.

Which is our situation.  Largeish ISP with a large number of customers with
a fair proportion of those other ISPs.  And a couple of _extremely_ well
known MX hosts, used as secondary/tertiary MX by every man and his dog 
in .au....

>BUT, the bottom line is I serously refuse to configure our MX-records
>and Relaying based on spammers. It's possible, perhaps eveen likely,
>that I'll eventually have to give up and admit their victory, but
>that will not go without fight.

This is what we're considering/working on now.  While the abuse/reporting
levels haven't reached those of other places, it's enough that I don't want
to play this "game" any longer.

Anyone have any alternatives to denying all relaying on our MX hosts before I
have to actually start working on it?

The next stage in this little war I can see happening is the abuser connecting
directly to the least cost MX and delivering directly from a throwaway 
dialup account.  

What do we do then?  Where do we run?  How would mail work in an environment
where you can't accept an SMTP connection from anyone?

Cheers(?)

Sean
<<< Chronological >>> Author    Subject <<< Threads >>>