I can't spell 'lists.gnac.net' too well...
----- Begin Included Message -----
Date: Wed, 2 Feb 2000 13:06:36 -0800 (PST)
From: Gregory Hicks <ghicks>
To: ghicks, [EMAIL PROTECTED]
Subject: RE: Hey, I DON'T WANT a firewall in front of my network!
Cc: [EMAIL PROTECTED]
Paul Vixie has a spam 'blackhole' list that he distributes that goes
into routers... Take a look at http://mail-abuse.org/rbl This tells
you how to keep it from re-occurring...
Regards,
Gregory HIcks
> From: Kevin Torkelson <[EMAIL PROTECTED]>
> Date: Wed, 2 Feb 2000 12:34:56 -0800
>
> How do we keep it from happening in the first place? (block out the
> spammers)
> I was told that there is a file I need to configure: /etc/sendmail.cf
> and then I have to create another file with the list of people to allow
> through....
> (im looking at this system right now)
>
> Thanks,
>
> Kevin
>
> > -----Original Message-----
> > From: Gregory Hicks [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, February 02, 2000 12:34 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Hey, I DON'T WANT a firewall in front of my network!
> >
> > kill sendmail. Clean out mail queues. (should be in /var/spool/mqueue or
> > something like that) restart sendmail.
> >
> > Regards,
> > Gregory Hicks
> >
> > > From [EMAIL PROTECTED] Wed Feb 2 12:24 PST 2000
> > > Delivered-To: [EMAIL PROTECTED]
> > > From: Kevin Torkelson <[EMAIL PROTECTED]>
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: Hey, I DON'T WANT a firewall in front of my network!
> > > Date: Wed, 2 Feb 2000 12:11:32 -0800
> > >
> > > Speak of the devil,
> > >
> > > I just got a cry for help from someone running BDSI & Sendmail 8.9 who
> > > apparently
> > > has someone relaying a ton of crap through their system and their ISP is
> > > about
> > > to dump them. Anyone know a fast way to turn it off? Thanks,
> > >
> > > Kevin
> > >
> > > > -----Original Message-----
> > > > From: Eric [SMTP:[EMAIL PROTECTED]]
> > > > Sent: Wednesday, February 02, 2000 11:41 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: Hey, I DON'T WANT a firewall in front of my network!
> > > >
> > > > Paul Gracy wrote:
> > > > >
> > > > > I gotta tell ya, the law seems a bit overboard.
> > > >
> > > > The real problem is being able to prove that a specific individual is
> > > > behind it. I've already talked to one judge about the law and he is
> > > > ready to throw the book at anyone brought to his court under the law
> > > > if it can be proved that they are the culprit.
> > > >
> > > > > Also shows a complete lack
> > > > > of understanding of how the Internet works (concepts: shared
> > resources,
> > > > > learn by doing,
> > > >
> > > > Are you suggesting you have to break into systems to learn about
> > > > computing?
> > > >
> > > > > open mail relays are by definition available for public use,
> > > > ^^^
> > > > You mispelled "were". Open relays are no longer necessary for normal
> > > > delivery of e-mail. It would be nice if you could run an open relay
> > > > for the use of your own customers without having to worry about
> > spammers
> > > > hijacking the relay to send junk mail.
> > > >
> > > > > world readable directories and open source, anonymous ftp, etc.)
> > Also,
> > > > > there is a concept (though now seen by some as too conservative -
> > > > whiners)
> > > > > in Anglo - American jurisprudence that if there is no harm, then how
> > > > could a
> > > > > crime have been committed?
> > > >
> > > > What concept is this? Around here, they prosecute people all the time
> > for
> > > > crimes in which there is no harm. In 1997, they arrested and charged
> > a
> > > > student in Texas for using a university computer to develop a web page
> > for
> > > > an outside company. I personally consider that a whole lot less
> > menacing
> > > > than people trying to break into computers.
> > > >
> > > > > Also, if your system is configured properly, it
> > > > > shouldn't cost thousands of dollars to investigate a break-in or
> > > > break-in
> > > > > attempt, you should get it in your email inbox in the morning.
> > > >
> > > > If it only takes $5 worth of time to make sure they didn't get in,
> > > > that's enough damages to move it from a Class B Misdemeanor to the
> > > > Class A Misdemeanor. Also, all they have to do is delete one file
> > > > and it is no longer a Class B Misdemeanor.
> > > >
> > > > > Why should a
> > > > > computer user who played with your open relay (seen by some as a
> > putting
> > > > a
> > > > > swing in the front yard right next to the busy sidewalk without a
> > fence
> > > > or a
> > > > > sign) be punished because your incompetence meant that it took you
> > $5000
> > > > to
> > > > > figure out what happened?
> > > >
> > > > But if someone uses an open relay to send junk mail to thousands of
> > > > people,
> > > > damages will nearly always occur. The damages include
> > > > 1) any denial of service to the owners and legitimate users of
> > the
> > > > machine
> > > > 2) the value of time by the owners to deal with the resulting
> > > > complaints,
> > > > threats, mail bombings, ... .
> > > > 3) the value of the service itself
> > > > 4) the costs incurred as a result of e-mail being blocked as a
> > result
> > > > of the spam run
> > > > 5) for an ISP, the potential loss of customers switching to other
> > > > service
> > > > providers because their e-mail cannot be delivered to some
> > sites.
> > > >
> > > > Thus, using an open relay without proper authorization to send junk
> > mail
> > > > is
> > > > at least a Class A Misdemeanor, probably a State Jail Felony, and
> > > > potentially
> > > > a Category Three (or higher) Felony. Hijacking relays is a criminal
> > act
> > > > and
> > > > I'd love to see the spammers who do that go to prison as a result.
> > > >
> > > > To be perfectly honest, I'm not worried about someone using an open
> > relay
> > > > to send e-mail to their Aunt Sadie. The big problem is determining
> > > > whether
> > > > the relay was from a spammer, a relay test by the anti-relay
> > contingent,
> > > > or a simple misconfiguration by an individual.
> > > >
> > > > What would really be nice is if we could explicitly withdraw any and
> > all
> > > > permission from spammers to access your SMTP server to send spam to
> > > > accounts
> > > > on that machine. That would make the act of spamming anyone using
> > that
> > > > server at least a Class A Misdemeanor since the spammer would receive
> > a
> > > > benefit as a result of delivery of the spam. (Felony would be better
> > so
> > > > we could extradite.)
> > > >
> > > > Eric Johnson
> > > > -
> > > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > "unsubscribe firewalls" in the body of the message.]
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
>
----- End Included Message -----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
