On Thu, Jul 27, 2006 at 03:03:06PM +0200, Peter Klavins wrote: > Now the ISP I use is one of the biggest European-wide ISP's, and I am > pretty certain that for me it would be very difficult bureaucratically > to get them to do anything like configure an rDNS or raise or lower > TTL's and so on. So, I haven't tried. And my servers and SSH and VPN > connections work fine. I think the problem in your case is mostly that Tiscali does not bother to document properly publically your block. It is too big and too uncaring as company to follow best practices in network management. I have in the past had a lot of trouble with spam originating from the Tiscali network and apparently so have many others. I would not even be surprised to find Tiscali on a lot of local custom blacklists (though I have not blacklisted it). I understand that from your perspective Tiscali's business ADSL is ok and it may even be the only reasonably priced solution in some parts of Europe. The problem from for example my point of view is that I have only your word about the nature of you connection. To the whole world it looks like just some generic desktop addresses somewhere. If Tiscali bothered to tell Sorbs officially about their address space, you would not have this problem. Also if they bothered to properly acknowledge your authority about the address by setting a real reverse name (or even better your own delegation), you would not have any problems. The problem with large ADSL providers often is that they do not care to follow best practices. > Except for mail. Mail is different than the rest of the services because with most other services there is much less chance of misuse. A web server on a dynamic address is rarely causing any damage to anyone else and a ssh server will rarely flood to other people's servers (though ssh brute force attacks used by spammers are starting to get there). But mail sent from hacked desktops and such is actually causing people a lot of problems. That is why it is starting to be important to filter outgoing email at smarthosts. If the spam is accepted from any address, it can only be filtered when it has already been delivered across the net. And my personal DUHL-check blocks upto several hundreds of spams per day. > But you're saying that the one type of server I shouldn't connect is a > mail server? Because I couldn't cope? No, not because you could not but because the receiver can not distinguish you from a spammer or a trojan. I agree that relying on reverse names and such issues to distinguish properly maintained email servers from infected hosts is a really bad "hack", but it is currently one of the very few hacks we have. And it works most of the time. I suppose a nicer way to prevent false positives would be to have a dns whitelist of known trustworthy mail hosts. But maintaining such a list has so far been too difficult. (Though I have some ideas that I plan to experiment with.)
Attachment:
signature.asc
Description: Digital signature