Re: [Declude.JunkMail] Stop one IP address

[Matt]

SPEWS is exactly the type of list that would take the MX server and blacklist them as well.  SPEWS is influential as far as some other minor lists go so there could also be a chance of it spreading.  If I were this client, I would be more concerned about my domain blacklisted, and possibly never being able to get off such lists. I can't think of a good reason why a list would all of a sudden go from 20,000 addresses to 200,000 addresses unless they were harvesting/buying addresses from some source, paired with the fact that they don't care about cleaning their list suggests to me that they also have little regard for the recipients and the administrators that have to deal with this stuff, including Goran who's server gets pounded by this stuff.  In other words, it sounds like what might be considered to be spam. Here's my take on people like this and why I don't want their business.  The vast majority of people don't want anything to do with spamming, yet this small minority of people, many of whom care very little for others or put profits above everything else, have created a situation where spam outnumbers ham by 6 times.  So instead of looking the other way at some seemingly minor infractions, you must consider what would happen if every list out there had a 15% NDR rate with no attempt to clean, and an interest in growing to 10 times the size through some likely questionable means.  If you don't draw the line there, where do you draw it?  I don't claim to be perfect, but I'm quite sick of self-centered/greedy people making decisions that benefit themselves at the expense of others. Matt Kevin Bilbee wrote: There are lists that will list a server for not having a double-op-in system. With out this you can not control who signs up and it the address is valid as you already know. And yes you can be listed for hosting the server that receives the NDR records.   Maybe someone else can chime in and give an example of an RBL that lists server that host the NDR and list for not having a double-opt-in system.   I understand that you are not hosting the mail list but you may be supporting a spammer. If your client is not getting these email address in a reputable way or getting a list from a third party that could mean trouble for you and your mail system. You may not be able to block the NDRs based on ip address. I the mail is delivered to a gateway that does not have the intelligence to authenticate the email address then the NDR is going to come from that server not the sending server.     Kevin Bilbee -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Goran Jovanovic Sent: Monday, September 27, 2004 4:10 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address I did not think that if I was simply the MX record for the domain that I would get blacklisted. I thought that it would be the broadcast e-mail service provider.   The flood of NDRs certainly puts a strain on our server and while it seems that I was able to keep up with it today I am told that this list is going to grow from the 20-30 thousand e-mails that are on it today to over 200,000 e-mails. This list is something that people sign up for but there is no verification of their e-mail address so they can type in anything they want (or make a legitimate typo).   I think I am going to have a stronger word with them about this and tell them that they must clean up their act.   Thanx to all for the info          Goran Jovanovic      The LAN Shoppe     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Bilbee Sent: Monday, September 27, 2004 2:52 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address   This is one of your customers saying they do not care. I would boot them for abusing your servers or at least charge them for the headaches. If they continue you will end up on black lists for continually sending to non existent email addresses. You may think that because the emails are not being sent from your server that you will not be bleck listed but there are lists out there that will black list you because the NDRs are being delivered to your server.   We are on AT&T and had a customer doing just this. We told them to stop or we would terminate there service, we did this after AT&T theratened to terminate our service after they received complaints to their abuse address. The source of the email was not our server but they used an email on our server for the NDRs.       Kevin Bilbee     -----Original Message----- From: Goran Jovanovic [mailto:[EMAIL PROTECTED]]On Behalf Of Goran Jovanovic Sent: Monday, September 27, 2004 11:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address Andrew,   According to the IMail manual you can only put e-mail addresses into the KILL.LST file. It does not say anything about IPs.   I have told them that they need to clean up their lists but they say that it is too much trouble and they don't care.   Matt - do you have the name of that product that collects NDRs and cleans the list?   Thanx Goran   From: [EMAIL PROTECTED] on behalf of Colbeck, Andrew Sent: Mon 9/27/2004 1:56 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] Stop one IP address You can hide the problem by going into your IMail configuration under SMTP, then the SMTP Security tab and adding the IP address to the IMail Kill File.  When IMail sees a connection from that IP, it drops it, without returning an error to the sender, and without logging the action in your sysMMDD.txt file.   I say that this is hiding the problem, because it doesn't address the problem directly, and you won't have any idea how many times they're retrying.  Because the connection is just dropped, they should try again, and will.  Whether that is more of an impact than "swallowing them" like you're doing now is up to you!   Another sneaky way of dropping the traffic is to disallow routing entirely, right there on your server.   route add -p 1.1.1.1 mask 255.255.255.255 127.0.0.1   replace the 1.1.1.1 with the address of the bad host.   Andrew 8) -----Original Message----- From: Goran Jovanovic [mailto:[EMAIL PROTECTED]] Sent: Monday, September 27, 2004 9:59 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Stop one IP address Hi,   From what I can see the imail kill.lst works on the MAIL FROM recipient. I am looking for a way to specifically disallow one IP address. The reason I need to do the IP is because the sender is NULL. The messages are bounce backs from an e-mail campaign of one of the domains that I forward (you know all the messages email address is no longer valid etc etc).   This domain uses a service somewhere out there and gives them a list. Unfortunately they do not clean or verify the list at all so a lot of bouncebacks. They will do a broadcast to 25-30 thousand and I will see a 2000 to 3000 incoming e-mail spike in an hour or 2.   As a temporary measure I have whitelisted the IP so that I do not spend as much processing time but I would really like to kill the connection as it comes in so I so not have to process much of it.   Any other thoughts on what I can do?   Thanx            Goran Jovanovic      The LAN Shoppe -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================

<<image/gif>>