Its a business, I believe a bar. The connection was for their gaming machines, which have their own fortigate VPN solution behind their router which is a mikrotik. I had to get them set up because their tech screwed up the mikrotik, I told them all I was doing was getting their masquerade and routing up, they needed to have their IT get anything else done
I dont believe theyre running a mailserver and they needed the static for the illinois gaming thing. Im assuming a call will get them to address it, just curious if they dont. We are always Law Enforcement compliant On Wed, Apr 27, 2016 at 9:46 AM, Ken Hohhof <[email protected]> wrote: > More info please. Is this a business or residential customer? Do they > run their own mailserver? And is the static IP at their request or your > convenience? (I’m assuming they are not using your mailserver to send > their spam.) > > If it’s a business with their own mailserver, they may unknowingly have an > open mail relay or something. Or sending bulk mail may be central to their > business. Or they may be sending legit or borderline legit mail that > others flag as spam (back when I did more hosting, I found it odd that most > of my spam problems were from churches or companies marketing to churches). > > On the one hand, many spam blacklists will automatically remove the IP > address after a month or so if nefarious activity ceases. Some you will > have to request removal. > > On the other hand, there is some risk of having your entire IP block > blacklisted if they decide you are a spam-friendly ISP. > https://en.wikipedia.org/wiki/Pink_contract > > If it’s a business, I would work with them to see if they maybe just need > to close off an open relay or something. Or if they send bulk mail, inform > them of the CAN SPAM Act. I usually push those customers toward a bulk > mail service, which can do a much better job of handing bounces and removal > requests. Some people don’t realize that a high percentage of bounces will > get you blacklisted by large domains like yahoo, gmail, aol, etc., on the > assumption if you have that many bad addresses on your list, you must be a > spammer. And of course honoring removal requests is a requirement of the > CAN SPAM Act. > > If it’s a residence, or a business not operating their own mailserver, > block traffic from their IP address to destination port 25. The only > reason they would need that is (1) they are operating a mailserver, or (2) > they are hosting a spambot. > > If they are violating your TOS, and especially if they are doing things > even worse then sending spam, and they refuse to work with you and make a > good faith effort to solve the problems, then you should dump them as a > customer. Yes, the next step might be a warrant, but the LEA serving the > warrant might bust down the door of your NOC and seize all your equipment, > depending on what this customer is doing or suspected of doing. That would > be a very bad day. > > > > *From:* mailto:[email protected] <[email protected]> > *Sent:* Wednesday, April 27, 2016 9:16 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] abuse reports on customer IPs > > Reach out and let them know. Tell them you have been informed that someone > is trying to steal their > identity, looking to use their debit cards, rapists are viewing pics of > the lady of the house online and > pedophiles have been interested in molesting their kids. But, hey, you are > just letting them know > and not tell them how to protect their kids or family. > > > On Wed, Apr 27, 2016 at 10:09 AM, That One Guy /sarcasm < > [email protected]> wrote: > >> We have a particular customer, We have been getting tons of abuse reports >> on their static IP, I assume we will never be able to wash this sullied IP >> clean. Theyre not really doing any harm to our network, or impacting others >> on the network, they are in full breach of our TOS, thats for sure. >> suprisingly, its primarily spam and botnet activity, but no DMCA. >> >> Is there any liability on us as an ISP to not address this affirmatively >> with the customer. Im going to contact them, may offer a leased fortigate >> UTM option. But if there isnt a resolution, other than their static IP >> residing on every blacklist can we get nailed? >> >> Its a good customer, pays their bill on time, worked with us through a >> service issue without the usual "gimme discounts and free shit or im going >> elsewhere" I dont want to HAVE to disconnect them if im not required to and >> theyre not impacting others if they cant or wont resolve the issues >> >> -- >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
