I noticed in my mail server logs that about a dozen or so scans came from relay=securityscan.sec.rr.com. They were all attempts to relay E-Mail through my mail server.
I contacted them asking what this was. They basically said they were going to scan every mail server that sent mail to anyone at rr.com and I could either allow it or they would block my mail server from sending mail to anyone there. One one hand, I think it's great they are making a stab at stopping spam, but on the other, I feel their efforts are misguided. They will block any mail server that allows relaying which, like many attempts at spam filtering, will also stop legitimate mails as well. They also don't seem likely to be helpful to any system they decide to block by informing them of such. Those blocked systems must just discover that they were blocked, then attempt to find out why. Here's the answer they sent: Hello, The securityscan.sec.rr.com machine is a Road Runner Security resource that is used as a tool to assist us in determining if machines being used to send us mail may be abused from outside sources, allowing them to be used to spam our customers and role accounts. We fully understand your concerns surrounding the probing of your machine. This issue has been raised internally and we hope this email helps you better understand our process. The intention of this process is truly not meant to be a "big brother" system, but we understand that some may view it as such. Our ultimate goal, however, is to protect our network, our customers, and our role accounts. These scans are part of an automated process, and conducted against every host that connects to our inbound mail gateway servers to transmit mail. The connecting IP address will be subject to proxy and smtp relay scans to ensure that the machine at that IP address cannot be abused for malicious purposes. If found to be an open proxy or smtp relay, the IP address will be blocked at our mail gateway borders with one of the following error messages: ERROR:5.7.1:550 Mail Refused - See http://security.rr.com/mail_blocks.htm#proxy ERROR:5.7.1:550 Mail Refused - See http://security.rr.com/mail_blocks.htm#relay We understand that some entities may not wish to be scanned as part of this automated process. If you do not wish to be tested by Road Runner, there are two ways to accomplish this: 1. Do not send mail to Road Runner subscribers. 2. Send an e-mail to '[EMAIL PROTECTED]' with the IP address that you do not wish to be tested. Understand, though, that all e-mails from your server will be blocked from that point, until you let us know that we should begin testing your IP again. If you have any further questions, you can visit http://security.rr.com or contact Road Runner Security via e-mail at '[EMAIL PROTECTED]' Regards, Road Runner Security
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
