Re: Which Spam Block List to use for a network?

To: Niccolo Rigacci <niccolo@rigacci.org>
Cc: debian-isp@lists.debian.org
Subject: Re: Which Spam Block List to use for a network?
From: Russell Coker <russell@coker.com.au>
Date: Tue, 22 Jun 2004 20:57:36 +1000
Message-id: <[🔎] 200406222057.36742.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 20040622093741.GA2925@paros.rigacci.org>
References: <[🔎] 20040618142958.GA19680@let.rug.nl> <[🔎] 200406221759.54384.russell@coker.com.au> <[🔎] 20040622093741.GA2925@paros.rigacci.org>

On Tue, 22 Jun 2004 19:37, Niccolo Rigacci <niccolo@rigacci.org> wrote:
> > I second this.
> >
> > A user has no business making direct connections to mail servers.
>
> I disagree.
>
> You say that because unwanted mail comes often from a dynamic
> address, you will block all dinamic addresses. What do you tink
> if I block all the mail originated from a Windows machine, simply
> because many Windows machine are infected and send viruses/spam?

Blocking mail from Win95, Win98, etc is a good thing to do.  I plan to do so 
as soon as practical.  The only reason why I haven't done it is that my 
kernels for mail servers already have enough patches and it's too difficult 
to manage more.

> I work for a firm and we ave about 150 Debian servers installed
> to customers sites, they are connected with adsl. The IP ranges
> are owned by the largest Italian provider and they are listed as
> dynamic ones, despite the fact that they are assigned in a static
> way. Our customers run their own mail server with SMTP, POP3,
> IMAP, and webmail.

That's unfortunate.  The best thing to do is to obtain an IP address that's 
correctly listed and use it as an outbound mail relay.  Other people have 
done this to solve the same problem, there is no reason why you can't do it 
too.

> You have to explain to me why you are blocking their mails.

Bad luck for them.  Most legit mail is sent from server machines that are 
known as such.  Most legit mail that is sent from machines that aren't known 
as servers is because the administrators are too stubborn to work around the 
problem.

> You also have to explain to me why do you want to force them to
> use a smart host for their outgoing mails.

I'm not forcing them to use a smart host.  If their actions get their email 
classified as spam then it's their choice.  They can always use a webmail 
system such as hotmail or yahoo mail.

> They have purchased bare adsl connectivity, why do you want force
> them to purchase also smtp service from an ISP?

The usual practice is to get SMTP service along with DSL.

> You are following an unexistant cause-effect link and you are
> wasting your time.

Not wasting my time, successfully blocking lots of spam and viruses and taking 
no time to do it.  The only time it takes me is explaining it to other 
people.

> For a virus writer it is a metter of an hour 
> to change his code to post to the isp's smtp server instead of
> posting directly.

However they have not done so, and there is a simple reason.  If you run an 
ISP with a million customers you can't block port 25 selectively on machines 
that send viruses, it's too much work to consider.  If the policy of the ISP 
is to allow customers to make outbound port 25 connections (a bad policy 
IMHO) then you just have to live with tens of thousands of your customers 
being infected because more machines get infected faster than you can inform 
them and get them fixed.

However adding a virus scanner to the outbound mail relay is easy.  Making the 
outbound mail relay not allow more than X recipients per email, making it 
delay a few seconds for each RCPT TO line, and making it not allow more than 
one TCP connection from each customer IP address are not so difficult to do.  
So an ISP mail server becomes a serious bottleneck to any virus or spammer, 
and complaints about the small volume of spam and virus going through it are 
taken very seriously.  Anyone who wants to send spam or viruses has to 
connect directly.

I'm speaking from personal experience in running an ISP with >1M customers and 
dealing with these issues.

> Now you have an huge infrastructure (dynaddr 
> lists) perfectly useless that do big harm to the network.

You can believe that if you wish.  I'll keep blocking dialup's.  If you want 
your customers to be able to send mail to machines I run then YOU will have 
to solve YOUR problem.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: Which Spam Block List to use for a network?
  - From: Niccolo Rigacci <niccolo@rigacci.org>

References:
- Which Spam Block List to use for a network?
  - From: Francisco Borges <frandebo@latt.if.usp.br>
- Re: Which Spam Block List to use for a network?
  - From: Russell Coker <russell@coker.com.au>
- Re: Which Spam Block List to use for a network?
  - From: Niccolo Rigacci <niccolo@rigacci.org>

Prev by Date: Re: Which Spam Block List to use for a network?
Next by Date: Re: Which Spam Block List to use for a network?
Previous by thread: Re: Which Spam Block List to use for a network?
Next by thread: Re: Which Spam Block List to use for a network?
Index(es):
- Date
- Thread