Re: spam SW, EMS/RFMS
- Date: Fri, 27 Mar 1998 08:44:36 +0100 (MET)
>Date: Thu, 26 Mar 1998 20:31:39 +1100
>From: "Sean O'Kelly" sean@localhost
>Message-Id: <199803260931.UAA04330@localhost>
>To: Gunnar Lindberg lindberg@localhost
>Cc: uffe@localhost, anti-spam@localhost, anti-spam@localhost
>>Sorry, I should have been more clear about that. Correct, you cannot
>>ever deny "MAIL From:<>" into your local system, for the reason Ulf
>>mentions. However, you could possibly refuse to act as Mail Relay
>>for that - I've though of it but haven't yet got sendmail to hand
>>out enough information to the Schek* rules. And, what I did was more
>>to use who sent "MAIL From:<>" to manually select what dialup ISPs
>>seems to carry many such EMS/RFMS spammers.
>Don't worry. I can save you time.
><paranoid>They're everywhere</paranoid>
>(at least according to our logs)
Yupp, but mostly they dial in via a responsible ISP, I hope...
...
>Anyone have any alternatives to denying all relaying on our MX hosts
>before I
>have to actually start working on it?
Obviously I haven't. Grateful for any ideas (except "don't do that").
>The next stage in this little war I can see happening is the abuser
>connecting
>directly to the least cost MX and delivering directly from a throwaway
>dialup account.
This has to be an operational/contract issue for the ISPs - after all
it's ISPs that make the money (if there are money to be made) from
dialup accounts, so they have to take the cost as well. If there are
ISPs that simply give away accounts for free and don't care from then
on, we'll have to consider them CyberPromoish and block their networks.
Those of you ISPs who are serious probably need to invent a method
to check whether a newcomer user has a "bad spam reputation", i.e.
has had previous accounts canceled due to spam. Yes, I hear the "Big
Brother" comments comming, but please hold back. If I want to buy a
house, my bank is going to check me out to assure that my finacial
status is OK. This is accepted in society, at least here in Sweden.
If I apply for a drivers license, I will also get checked and not
only that I can drive but other things. Etc, etc. So, there is "only"
technical and financial arguments preventing this for dialup accounts.
>What do we do then? Where do we run? How would mail work in an
>environment
>where you can't accept an SMTP connection from anyone?
It may disappear completely, being useless. Or, it may turn more into
what I think X.400 was intended to do - you have a contract with your
ISP and he delivers your mail to other ISPs custommers through those
ISP's MTAs (fairly similar to IP routing and BGP peering actually).
Since all mail now is physically delivered through ISP's hosts/MTAs
there are log files enough to trace and disconnect spammers and there
are clear rules on who is responsible for doing that. Did I hear any
comments on "Big Brother"?
Now, this is an entirely different mail network and I would hope it
doesn't ever happen. But... sigh.
Gunnar
PS
I'll probably get sued for the domain list, but... here we go, both
with the list and the .cf code. Ignore or enjoy :-).
# In "class D" you enter domains and hosts for two purposes
# 1) You accept to relay mail to them.
# 2) You accept to relay mail from them.
# In both cases, this is "recursive", i.e. foo.se -> *.foo.se
CD chalmers.se
# Class T is temporary and is right now used to keep a set of dialup
# providers that continously use us as Relay, not just MX based. We
# respond 451, which makes it fairly OK to refuse...
FT -o /etc/mail/sendmail.cT
Scheck_rcpt
# first get rid of a%b@localhost type addresses
R< $+ % $+ > < $1 @ $2 >
R< $+ @ $+ @ $+ > < $1 @ $2 >
# "RCPT To" that terminates locally is OK
R< $+ @ $=w > $@ OK
R< $+ @ $=w . > $@ OK
R<$-> $@ OK
#
### Refuse relaying from some specific hosts/domains
R<$*> $: <$1> <$(dequote "" $&{client_name} $)>
R<$*> <$=T> $#error $:"451 T Relaying Denied " <$1> " " $2
R<$*> <$*.$=T> $#error $:"451 T Relaying Denied " <$1> " " $2.$3
R<$*> <$*> $: <$1>
###
# "RCPT To" for accepted domains is OK
R< $+ @ $=D > $@ OK
R< $+ @ $=D . > $@ OK
R< $+ @ $+ . $=D > $@ OK
R< $+ @ $+ . $=D . > $@ OK
###
...
# /etc/mail/sendmail.cT
accesscom.net
dial-access.att.net
hil.compuserve.com
dialup.hkstar.com
us.ibm.net
mia.icanect.net
ici.net
dialup.inconnect.com
scptvl.InfoAve.Net
Litenet.net
Atlanta.mci.net
Boston.mci.net
Sacramento.mci.net
WillowSprings.mci.net
ix.netcom.com
da.uu.net
ca.ms.uu.net
DS