On Wed, 10 Jul 2002, Theo Van Dinter wrote: > And accusing all "open relay people" of "abusing your servers" in a > forum doesn't make it true either.
I know who scans us, and I can look at the spam to see if its really something for sale, or just abuse, and where it came from. Why don't you do the same on your spam, and we can compare notes. > You haven't spoken to anyone in Asia ... There's a lot of open relays > there (I block most netblocks in China for this,) mostly unprotected > Solaris boxes with an ancient version of sendmail running. I block some of Asia too. But before I did, I did a lot of scanning, and found that most of the boxes where old linux boxes or old solaris boxes that were easily rooted. Most of the spam coming from them looked very american. Given what I know about the open relay anti-spammers, I think its more likely that they rooted those boxes, than the owners were employed as real spammers. Do you think that someone who runs an unprotected linux 2.0.36 box is really sending spam? Do you think that companies like Data Com Marketing are rooting these boxes? Or is it more likely that anti-spammer script kiddies are trying to annoy people? Analyze your logs, and you'll think the last one is right. Just this week, I've had a spammer in the UK abusing our relay. It was real obvious, and none of it got through. But the last thing he tried was to submit us to a black list. Thousands of messages to hotmail. One solitary message (no body) to [EMAIL PROTECTED] Hmm. Spammer? Open relay guy? > Open relays, on average, are free. Some aren't, they're aborations. Show me one thats free. > > a few non-spammers using our relays without permission. They have said > > they found our relay on the 'net. The only places I could find with our > > servers were the open relay rbls. > > You do realize the RBLs are public, so if someone wants to find an > open relay they can just make a few queries and get listings, right? > I mean, heck: > > lynx --dump http://www.kluge.net/mailfiltering/access.txt | grep 'open relay' | awk >'{print $1}' MAPS RBL is not public. (MAPS RSS is public, though, strangely) RBL's don't need to be public. Making them public quite clearly promotes abuse. > That'll get you a list of over 700 IPs which are open relays. It's not > difficult to find these things if you search around a little. Of course, you are listing an open relay black list, which makes my point. > > Consider these: > > > > Customer has leased line from us. > > so they'll have a certain netblock you can restrict relaying for, don't > need an open relay. Not if they travel, or if they don't get email delivery from us. You deleted the rest. They do need an open relay. > > Customer wants backup domain service for its domain on our servers. We > > won't have accounts for all employees. We just queue any mail for that > > domain until their servers come up. > > That's not an open relay. The best that could be done is domain restriction. The open relay relay black lists consider that to be open relay since its easily spoofed. I also call that an open relay. So they need an open relay. > > Next consider: > > > > Customer has employees who travel, use their clients access, but want to > > send mail with their domain, not clients domain to make sure replies go to > > them not client. > > Customer needs open relay, but doesn't want hassle of protecting open > > relay server. > > We provide customer with open relay. > > Unless they block what mail gets sent out of their network, you don't > need an open relay for this. I await your solution with baited breath. Must not be limited to the 9 clients that support SMTP auth. > > Next consider: > > > > Customer has DSL Line from provider Vzn > > Vzn doesn't give static IP > > Vzn doesn't allow relay for non-vzn domain. > > We provide open relay for Customer. > > In this case, if the customer is one or two people, SMTP Auth could be > > used, or a web client could be used. More than that and its impractical, > > and stupid if you already have open relay. > > Circular reasoning: If I already have an open relay, I don't need to > think about how to solve it without an open relay. That's what I said. But I also said its impractical to add hundreds of accounts and manage those accounts. And I didn't mention that SMTP Auth isn't really acceptable due to lack of client support. This is a business. Its here to make money. Compared with the fact that we still need to have and protect an open relay, the one (very small) case where SMTP Auth could (possibly) work just isn't worth the time or effort. > "Vzn doesn't allow relay for non-vzn domain" implies "Vzn requires mail > to go through their mail server". If so, your open relay is useless. No, it doesn't imply that. They don't block you from using other relays, but if you use theirs, you have to send mail as [EMAIL PROTECTED] > > I'll bet most of the 293 were actually generated by the open relay people. > > I think all 293 were from you. I can't prove it, and you can't prove your > statement either. There's really no point in continuing this discussion. You can too prove it. Nmap is your friend, use the -iL option to feed it the list of 293 ip addresses. I think you'll find that a lot of them aren't really open relays. And if you look very closely at the spam you get from them, you'll find a lot of it isn't really commercial. If you want to figure out whats going on, you have to analyze your logs. If you do that, you'll come to the same conclusions I have. Otherwise, you can believe whatever suits you without regard to facts. You're an american, you can do that. --Dean --- Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'. Mail administrative requests to `[EMAIL PROTECTED]'.
