I have a problem. This message is likely to cause some tempers to flare. But I'm getting utterly pissed off about spam. Not just annoyed, but pissed off so much, that I'm not sure what to do with the anger. You see, I manage the small infrastructure for what is to be an ASP. We have only a tiny number of customers at the moment, but it could grow considerably if we play our cards right. Problem is, that we were using a domainname that was in use for the same business some time ago, but that disappeared off the net a while ago. We had reactivated the domainname and got a sudden torrent of constant hammering from spammers. The dickheads don't even handle bounces and clean up their lists and some even do random or strategic mailing like to [EMAIL PROTECTED] (Pretty stupid, IMO, considering that this mail is likely to go to root who is probably a sysadmin bent tracking down the putz who sent it.) We're using a custom version of sendmail patched with some mysql hooks found on sourceforge. All mail that is undeliverable due to non-existent accounts (a good 99.99%, quite literally) was getting rejected before even being queued, since the recipient check against the mysql database happens during the SMTP conversation. This helped keep the load down, but I still saw spike loads of as high as 18 making the box practically unusuable. I does eventually recover, though. We've since changed domainnames and eliminated the old MX and A records for the domainname which has reduced the spam to a trickle and increased the S/N ratio considerably. Well, before the switch, I had set up smtpblock (http://www.angmar.com/smtpblock/) and it was working quite well. Problem is, that I didn't know how aggressive it was with its relay checking. Apparently, and somewhat understandably, some ISPs frown on relay checking and will cut you off for doing relay checks on them. Fortunately, after my ISP sysadmin sent me mail and got relay-checked as a result, he called me complaining instead of just cutting me off. I've since shut down smtpblock, but am still left with the obvious dilema. I have now seen first hand how ridiculously burdensome spam can be as an ISP/ASP. It's ludicrous to expect an admin to do nothing about it and leave our customers helpless. Filters and the delete key are not good enough, as attacks often so vicious (20% of all email on the net, according to http://www.msnbc.com/news/713079.asp) that they overload our mailservers. Don't even begin to think that I will buy the argument that hardware is so cheap that the cost isn't a good argument anymore (that's what my ISP sysadmin said). It's my TIME that is costing money. What am supposed to do, re-engineer our mail system every time the percentage of spam on the net goes up a point? What happens when it's 80% and mail has become a useless means of commications? My ISP sysadmin tried to argue that open relays are not the problem, it's abuse of open relays. While there is some truth to that, (and I know I am disagreeing with J. Gilmore [http://www.newsbytes.com/news/02/175003.html] himself here), I don't for a second believe there is any place for open relays on the net anymore. There are enough ways to authenticate valid users of relays today and I no longer believe there is any excuse for running an open relay. Problem is, my ISP sysadmin runs open relays and apparently believes the same as Gilmore. Now my question -- where would I go to get an idea of how prevalent Gilmore's view is among admins of ISPs/ASPs? Are any of you ISP admins and, if so, what are your views? We are switching ISPs anyhow, and I'ld like us to pick one that doesn't run open relays and is more on the side of fighting spam instead of making it easier to send it. (My ISP sysadmin also claimed that open relays are only responsible for a small portion of spam, but I now have proof in my sendmail and smtpblock logs that that vast majority of the spam we were getting was coming from open relays.) I think Gilmore's view has *some* merit in that it might not necessarily be right (actually, *certainly* isn't right) for an ISP to blindly filter spam, from open relays or not, from ever reaching it's customers. The end user should be the one to make that choice. But IF that user has made that choice, I, as his provider, should be able to filter mail on his basis during the SMTP conversation. That should include allowing him to specify that he doesn't want to receive mail from open relays. I would, of course, provide a detailed explainations of the opposing points of view, so that he could make an INFORMED decision. But the choice should be his. Where I think Gilmore's argument breaks down is that he claims that Verio is trying to censor him and that he should be able to keep the open relay so he and his friends can send mail through his machines from wherever they are. If I'm not mistaken, if you do not take sufficient security measures on your internet connected systems, your ISP can (and should definitely have a right to) indeed cut you off, particularly if you are aware of the problem and you refuse to take action. I actually got my DSL provider to cut someone off who's machine was obviously infected with NIMDA and kept scanning me (I gave up that crusade, because it's almost as bad as spam, in terms of volume, but does me no real harm at the moment since I don't run M$ software and there's no significant load introduced on my systems -- that's a battle for another day). Gilmore is certainly capable of setting up a VPN, or SMTP AUTH, or *something* to prevent his server from being abused. His refusal to take a different approach strikes me as nothing more than stubborness, as Jay Dyson says in the article referenced above. Crude analogy: if you were my next-door neighbor and you let people into your house without checking to see who they were and they were using your house to peep on me and my family with a pair of binoculars, do you think I wouldn't bitch to you about it? (Hell, for that, I'ld pound your face in.) Do you think I wouldn't call the cops and have them haul you in if you ignored my requests to stop peeping on me? (I don't care who it was, it was coming from your house, so you would be the one I reported.) I don't give a crap if they are your friends or your enemies, they are on your property, you are responsible for what goes on on your property (within limits, of course, but blantant continued abuse isn't acceptable). What I'm basically trying to find out is how people here feel about open relays, and, if there is somewhat of a consensus, what kind of approach you think is appropriate to get these admins who are either irresponsible, ignorant, unskilled, or simply have a different view to shut down their open relays. Incidently, this is most definitely related to my earlier sorta-flamewar I started about rfc2505. I think I finally have the motivation to implement what I was talking about during that discussion. -- -Paul Iadonisi Senior System Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets
***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
