Re: exim or postfix

To: Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>
Cc: debian-isp@lists.debian.org
Subject: Re: exim or postfix
From: Craig Sanders <cas@taz.net.au>
Date: Fri, 12 Nov 2004 20:48:41 +1100
Message-id: <[🔎] 20041112094841.GP4592@taz.net.au>
In-reply-to: <[🔎] 200411121009.37051@fortytwo.ch>
References: <[🔎] 418D944C.2030900@rcrcomputing.com> <[🔎] slrncp8hi2.rfe.jgoerzen@christoph.complete.org> <[🔎] 20041112064717.GO4592@taz.net.au> <[🔎] 200411121009.37051@fortytwo.ch>

On Fri, Nov 12, 2004 at 10:09:36AM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Friday 12 November 2004 07.47, Craig Sanders wrote:
> > On Fri, Nov 12, 2004 at 05:12:34AM +0000, John Goerzen wrote:
> 
> > > >       4 ETRN
> > >
> > > Weird, people are just sending ETRN commands to you?
> 
> me too. One is a mail server of a respected company that is apparently 
> misconfigured, and has been for a few years.  I've written the postmaster, 
> I've written the IP block owners etc. - they just don't care.
> 
> I probably should flood them with bogus email when they call in next time, 
> perhaps that would make them pay attention... :-]

i just ignore it, same as i ignore all the probe attempts on various ports.

they're annoying, and i wish they wouldn't happen, and i have to take steps to
protect my systems against them, but they happen far too often to get too upset
about them.  block it, log it, and move on.

> > > >      26 RBL Dynablock.njabl.org
> > >
> > > My own static DSL IP is on this one.  Lots of people have legit reasons
>            ^^^^^^
> > > for not using their ISP's sucky, crappy mail servers.
> 
> > viruses that come from dynamic IPs.
>                          ^^^^^^^
> 
> Craig, you seen that? 

sorry, i didn't notice that first time around.  thanks for pointing it out.

> Dynablock seems to include some static IPs.

IIRC, dynablock notes that this can happen on their web site.  they say it's
typically because the ISP concerned does something like:

1. allocates static IPs from the same pool as dynamic IPs
2. has reverse DNS entries that imply dynamic IP
3. maybe some other similar reasons, i forget...

unfortunately, there's nothing the end-user can do to resolve this.  the only
people they will listen to for requests to remove such possibly-bogus dynamic
listings are the owner(s) of the netblock (i.e. the ISP).  presumably that is
because spammers are not above lying if it suits them and have no qualms about
claiming that they are a legit mail operator on a really, truly,
honest-i-tell-you static IP.

possibly also because it's a way to encourage slack-arse ISPs to adopt better
practices.

personally, i'm inclined to still use dynamic blocks even with these errors,
and add whitelist entries to my rbl_override map if and when i need to.

> (I guess John is at one of those ISPs who mix static IPs and dynamic IPs in 
> the same IP range, or at least use the same xxx.dsl... reverse DNS.)

possibly.

craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)

Reply to:

References:
- exim or postfix
  - From: Rodney Richison <rodney@rcrcomputing.com>
- Re: exim or postfix
  - From: John Goerzen <jgoerzen@complete.org>
- Re: exim or postfix
  - From: Craig Sanders <cas@taz.net.au>
- Re: exim or postfix
  - From: Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>

Prev by Date: Re: exim or postfix
Next by Date: Re: exim or postfix
Previous by thread: Re: exim or postfix
Next by thread: Re: exim or postfix
Index(es):
- Date
- Thread