On Tue, Jul 09, 2002 at 06:49:39PM -0400, Dean Anderson wrote:
> You problably don't realize that blocking open-relays means that you have
> misconfigured your spam filters to allow _more_ spam, rather than less.
Someone else has already coveyed my response, but I'll send it anyway:
"Hubba-whaaaaaa?" Somehow filtering mail to stop people from sending
me messages means I'll get more messages ...?
> Its more because by doing so you can't block spam sent through closed
> relays, even though the source IP address of the abuser has been reported
> to RBL.
Well, if I understand what you're saying: If a spammer sends through
a proper mail server (ie: closed relay,) then I won't be able to block
them because they're not an open relay ... ? Correct?
If so, that still doesn't mean I'll get more spam since the spammers
will have to find servers that allow them to relay. That's a smaller
set of machines than the open relay set. Not to mention the fact that
the open relay blocks are just one of many layers I use to stop spammers.
> Also, ISP's cannot block open relays since this violates 18 USC
> 2701(A)(2), which prohibits ISP's from blocking authorized email. Some
What do you mean by "authorized email"? Not being an ISP, I haven't
heard of this before.
> Also, many of the open relays are operated by ISPs, such as us. I won't
> explain the many situations where Open Relay is necessary, and why SMTP
> AUTH is dead, and such. That much is either obvious by now, or you don't
> need to know it, since you might not ever need open relay yourself.
Well, if you operate an open relay, and I get spam from your mail server,
you're going to be blocked from sending me (and many others) mail.
There is no good reason to allow open relays in this day and age.
If you're looking to let "customers" (actual customers or employees)
relay through your server, that's fine, there are many ways to allow
selective relaying such as the relay after pop/imap schemes.
> Only relays listed in the O.R. black lists are ever abused. The Open
> Relay Black Lists are the spammers sending abuse through open relays.
That depends on your choice of black list I suppose. There are hundreds
(thousands?) out there. I'm sure some of them are fronts for spammers.
How many? Don't know, but it's unlikely to be the majority. I only
use 3 or 4 which I've had good experience with.
> So, use content based spam filtering, and avoid the open relay black
> lists.
Good, there's at least something we can agree on -- use content based
filtering! I can see you've had bad experience with some set of black
lists (there are more than just open relay lists of course,) but that's
not a reason to discredit them all.
At a minimum, I would use SpamAssassin and have it tag spam as it
comes through. Then let the user decide what to do with it, what their
threshold scores should be, etc.
If you're doing personal filtering, I would layer more filtering on
top -- block things at the SMTP level which are very unlikely to have
false positives. I also use a personal blacklist (aka: accessdb)
which works very well. Over 10100 entries now. :)
A few quick stats since Sunday morning:
609 (100%) Total blocked messages at SMTP level
---
293 ( 48%) Blocked by open relay blacklists
316 ( 52%) Blocked by other filtering (mostly accessdb)
116 spams were reported since Sunday morning, leading to 76 new entries
in my personal accessdb.
--
Theo Van Dinter, [EMAIL PROTECTED][EMAIL PROTECTED]
Consultant, Collective Technologies (www.collectivetech.com)
Systems Administrator, bblisa.org/kluge.net
---
Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'.
Mail administrative requests to `[EMAIL PROTECTED]'.
