On Sat, 2009-02-07 at 19:03, Aiko Barz wrote: > On Sat, Feb 07, 2009 at 04:18:30PM +0100, Milan P. Stanic wrote: > > On Sat, 2009-02-07 at 12:29, Aiko Barz wrote: > > > And I drop all connections to port 25 from IP addresses, that have a > > > reverse DNS entry like dsl.foo.bar, dynamic.foo.bar, dhcp.foo.bar. > > > There is a 99.999% chance, that a botnet is talking to you. > > Which is totally wrong. A lot of legitimate SMTP servers are on such IP > > addresses. > I want to see the admin who runs a legitimate SMTP server from an ISP > dialup network, an IP address, that annoys others for 99% of the time. > That sounds like trouble anyway.
A lot of annoying "SMTP servers" are on permanent links. Think China spammers. > But I can assure you, that I'm picky about the .foo.bar. Spam statistics > decide who enters the list, which is done manually. You just need > several dozens of those lines and at least 80% of the spam is gone. The > rest is done the usual way. > It would be a hard kickback for botnet operators if all providers would > mark their customer dialup networks in a common way. <sarcasm on> Wouldn't be good idea to mark somehow e-mail from black people because of Nigerian Scam. </sarcasm off> > > A lot of (so called) admins today don't understand Robustness Principle > > (rephrased): > > Be liberal in what you accept, and conservative in what you send > A firewall mailinglist is a good place to talk about this principle. :) Ah, so. I thought we are on firewall list, although Debian specific. :) -- Kind regards, Milan -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
