[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Frank Carmickle and Marco Paganini must die

Michelle Konzack [u] wrote on 20/09/2004 15:38:
Am 2004-09-20 08:05:05, schrieb John Goerzen:

On Sunday 19 September 2004 5:53 pm, Russell Coker wrote:

Please stop using this brain-dead blacklist.

What is wrong with it?  End-user machines should not send email
directly, they should use the mail server from their ISP.


That makes no sense. Plenty ISP mail servers are poorly configured.

Yes, this is why SPAMers can not use it...

Pardon me? I know at least three big ISPs in Germany who had their poorly configured mail servers (which they enforced on their users by blocking outgoing port 25) abused as spam relays more than once. My home mail server which is currently running on a dynamic IP ADSL line has of yet never been used as a spam relay (though several tried to do so).

Known to drop mail. Deliver mail too slowly to be useful. Force users

Yeah, droping all the SPAM

Not only spam.

to use their e-mail address from that ISP.  Unreliable.

Not right. Most ISP's allow sending with other E-Mails

Most: Yes.
All: Certainly not.

The list goes on.

If someone has their own mail server, that makes perfect sense to me.

Good for SPAMers ?

Sorry, but most spam isn't send by regular MTAs like Exim/Postfix or sendmail these days, but by trojans on some end user's machines. And many (though not most) of those actually come along with a virtually static IP (NAT in a company network).

Why are some nodes on the Internet more deserving than others? Why do you discriminate against those with cheap Internet access? Why is a T-1 user more deserving to exchange mail with you than a dialup or DSL user?

For SPAMers you will get them very quickly if they use T1/E1 or
something like this, and they can be stoped bei RIPE for example.

RIPE isn't easily blocking any IPs. But you are still right in some way: It is far easier to track down who sent the SPAM if it came from a static IP.

SPAMers from Dynamic IP's are different.


Now, we know, that most SPAM does not come directly from the ADSL-
Account owner, because most of them are infected with Viruses which do
the SPAMjob.


Blocking MAIL from DUL/DSL is the right thing.

Wrong. For two reasons:
1) You force people on DUL/DSL to use email servers which they might
   not want to use. At least one of the three ISPs mentioned above is
   regularly listed in various open relay block lists. This is also
   true for various (sic!) other providers which offer but don't enforce
   use of their mail server as a relay for their users.
2) The DUL/DSL blacklists are often wrong. My former static IP was more
   often than not listed in one or more of those blocklists just because
   it was in a subnet near a dynamic DUL/DSL IP subnet. Even though a
   whois on that IP returned my person object and not the providers
If we were in a perfect world, mail from DUL/DSL users would use the secure mail servers of their ISP.

In August it was very silent, have only 2300 SPAMs gotten. Now we have
the 2004-09-20 and I have already 56.000 SPAMS.
Most (97%) coming directly to my address linux4michelle@freenet.de and
around 80% of the SPAM is coming from DUL/DSL

SO? Do you have any idea how many non-spam mails you have blocked?

Please note, that I have only an ADSL 1024/128kBit and my Fileserver
(Duron 1600) with fetchmail, procmail and courier-imap must handel it.

Hmm. I have no idea how you reached that amount of spam. 56000 Spams in 20 days is 2800 spams a day. Hell, I get only one fourth of that at best (hmm, worst), and that is with 20 open-to-any-poster mailinglists which consist mostly of spam these days.

But still, IMHO it is wrong to block MTAs just because they (appear to) send from a dynamic IP range (DUL/DSL). I would however agree that sending from dynamic IP is an additional hint that it might be spam.


Reply to: