Hello Brian Just a small note, scanning your server is an illegal action they took. Individuals have been prosecuted for doing far less. I know of one guy that got prosecuted for connecting to the mailserver of some admin to send him an Email that the admin's box was infected with a trojan, and attacking other networks.
I wonder how Roadrunner would respond if you started scanning their networks to determine if they're safe enough to allow them.... In any case, they are clearly violating the law by doing this. Maybe you can also send this story to the Register (http://www.theregister.co.uk). It could make an interesting article in light of the DMCA being used to prosecute hackers that sneeze. I would like to see this put against an arrogant company. Kind regards Guy On Mon, 2002-12-30 at 17:08, Brian wrote: > I noticed in my mail server logs that about a dozen or so scans came > from relay=securityscan.sec.rr.com. They were all attempts to relay > E-Mail through my mail server. > > I contacted them asking what this was. > > They basically said they were going to scan every mail server that sent > mail to anyone at rr.com and I could either allow it or they would block > my mail server from sending mail to anyone there. > > One one hand, I think it's great they are making a stab at stopping spam, > but on the other, I feel their efforts are misguided. They will block > any mail server that allows relaying which, like many attempts at spam > filtering, will also stop legitimate mails as well. > > They also don't seem likely to be helpful to any system they decide to > block by informing them of such. Those blocked systems must just > discover that they were blocked, then attempt to find out why. > > Here's the answer they sent: > > Hello, > > The securityscan.sec.rr.com machine is a Road Runner Security resource that > is used as a tool to assist us in determining if machines being used to > send us mail may be abused from outside sources, allowing them to be used > to spam our customers and role accounts. We fully understand your concerns > surrounding the probing of your machine. This issue has been raised > internally and we hope this email helps you better understand our process. > > The intention of this process is truly not meant to be a "big brother" > system, but we understand that some may view it as such. Our ultimate goal, > however, is to protect our network, our customers, and our role accounts. > > These scans are part of an automated process, and conducted against every > host that connects to our inbound mail gateway servers to transmit mail. > The connecting IP address will be subject to proxy and smtp relay scans to > ensure that the machine at that IP address cannot be abused for malicious > purposes. If found to be an open proxy or smtp relay, the IP address will > be blocked at our mail gateway borders with one of the following error > messages: > > ERROR:5.7.1:550 Mail Refused - See > http://security.rr.com/mail_blocks.htm#proxy > ERROR:5.7.1:550 Mail Refused - See > http://security.rr.com/mail_blocks.htm#relay > > We understand that some entities may not wish to be scanned as part of this > automated process. If you do not wish to be tested by Road Runner, there > are two ways to accomplish this: > > 1. Do not send mail to Road Runner subscribers. > 2. Send an e-mail to '[EMAIL PROTECTED]' with the IP address that > you do not wish to be tested. Understand, though, that all e-mails from > your server will be blocked from that point, until you let us know that we > should begin testing your IP again. > > If you have any further questions, you can visit http://security.rr.com or > contact Road Runner Security via e-mail at '[EMAIL PROTECTED]' > > Regards, > Road Runner Security > > > > > ______________________________________________________________________ > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Guy Van Sanden <[EMAIL PROTECTED]>
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
