Re: [LUG] Orange 3G & SMTP

Wed, 10 Feb 2010 22:04:29 -0800

Hi Ronald,

here it comes, my suggestion for the ISP. Put all your dynamic IP addresses on the available blacklists right away to support the SPF!

Who in earth is using a dynamic IP to set-up a viable MTA services on that? I would encourage any company to use their public MTA with a service provider doing this for a living. How do you get a proper reverse DNS entry for a dynamic IP? (Yet another technique to evaluate the sender). Seriously, I can provide logs of our anti-spam servers ranging back to 2 years. The amount of servers or companies setting up there email server on a dynamic IP is little because it doesn't make sense. The only workaround to the SPF dilemma would be to use a dynamic DNS service and even then, every time you login you might get assigned an IP which is listed on a blacklist.
Also, I can send an email via port 25 and it won't show my public IP as the sender address. This is because I am submitting to the MSA which forwards to the MTA and the MTA's IP would be the one shown as the sender. (double function of port 25). You could send to the receiver's server directly using the email client as a MTA (not recommended) or you use a MSA in the middle. E.g. if you have an internal email server (MTA/MSA) it can be configured to forward the messages to the MSA of an email provider (called smart host) despite of being a MTA internally. You can see all the different stages of the email delivery and the different MTAs the email has gone through in the email header, but the last entry is the most important one.

So, back to the question: port blocking on port 25 vs usability for MUAs using MSAs on port 25 vs achievements of the block to reduce spam. There are a number of comments and articles in the net saying that it has helped a lot. Since I don't have access to traffic logs of ISPs and I can't find any figures or reports supporting the achievements, I can only use our own antispam server logs to come to a conclusion. Which is that it doesn't make a difference if a spam comes from a dynamic IP of an ISP's IP pool or from a static IP of a compromised server.

I personally don't suggest anyone to use port 25 or port 587 for mail submission. I have pointed out the issue with security vs TLS in a post earlier.

Regards,
Rocco

On 2010-02-10 18:52, Muwonge Ronald wrote:
Hi Rocco
The day you will own or work at an ISP that's when you will appreciate what ISP's go through everyday,  war with spammers is like war against terror just that no death is involved "well some kill for spam heard of businesses looking for admins"
 How would you feel when your ISP's IP block is "blacklisted because one customer got a mass mailing worm/trojan and you can't connect to any "normal server" And many ISP's would love to be off this list

http://www.spamhaus.org/statistics/networks.lasso

When it comes to spam I hate it and all ISPs that do block port 25 for users with no mailers on their networks I give them  5-star  as in * * * * *

Those who don't you make me hate mother earth and as long as you are in Uganda it will be like this because we sahll never be on this list

http://www.spamhaus.org/statistics/countries.lasso

But am with you on torrents, am a p2p guy 2 and my ISP doesn't block it ;-)


"The majority of the world's service providers succeed in keeping spammers off their networks and work to maintain a positive anti-spam reputation, but their work is undermined daily by the few networks who, out of corporate greed or mismanagement, choose to be part of the problem."
On Wed, Feb 10, 2010 at 4:49 PM, Chris Wilson <[email protected]> wrote:
Hi Rocco,

On Wed, 10 Feb 2010, IT-Doc24 Ltd. - Rocco Radisch wrote:

> Same here. I do not understand the issue of port 25 in conjunction with
> spamming!

An ISP that allows port 25 out of their network, allows their clients to
indiscriminately spam the world.

An ISP that allows port 587 out, but not port 25, allows their clients to
send mail to submission servers (e.g. their employer) but not to the
general population. Submission often requires authentication and is not
part of the normal mail delivery system (MX records).

> If the ISP forces the user to use their email servers for email delivery:
> a) causes confusion and breaks the idea behind SPF. According to the
> sender policy framework you will have to add the ISPs email server in the
> DNS domain settings (spf record) as Reinier has mentioned. Or you leave
> out the SPF record completely, then there would be no point of having the
> SPF.

Forwarding and mailing lists already break SPF. The only thing it's useful
for in general is for declaring that your domain never sends email, unless
you control all of your outbound mail servers. In this case you would not;
also if you use a blackberry or an ISP that blocks port 25 outbound you do
not. This is a limitation of SPF, not the fault of the ISP.

> Anyway, which average email user knows all that?

Anyway, which average email user writes SPF records?

> b) If the ISP's email server relays without smtp authentication THAT is
> the actual evildoer. Giving spammers a free gateway to send emails
> without any identification.

Very few ISPs allow open relaying as they would be blacklisted by
everybody by now. Most authenticate by IP address which is a start.
Authenticating by username makes life3 more difficult for your users, so
is often not implemented. I agree that it would be better, but most ISPs
don't do it, so it's hard to argue that it's evil not to.

> c) Every time the user changes the ISP/network he has to change the
> settings or maintain two smtp server profiles. I.e. one uses UTL at home
> and at work MTN or Orange. Each ISP forces to use his own email server.
> Congratulations. Good thing we still have port 587 and 465 for SSL. I had
> a number of people working at different locations with a laptop facing
> this exact challenge.

Then stick to a single mail server that accepts email on port 587 with
authentication and relays to everywhere. Job done. This is what most
people do.

> c) Most of the spam comes anyway from dynamic IP addresses of an ISP's IP
> pool. In that way its even easier to distinguish the sender for the
> antispam software. Like:
>
>  pool-71-108-40-184.lsanca.dsl-w.verizon.net
> 551-1-60-93.w86-192.abo.wanadoo.fr
> 213-168-8-183-dsl.est.estpak.ee

Yes, these are not hard to block with Exim and then Spamhaus RBL, but a
lot of spam comes from free email providers like google, yahoo and
hotmail too, and that is hard to block.

> Or did you ever receive a Facebook pishing attack from a Facebook server?
> Very unlikely, more likely you got it from estpak.ee or similar.

I got my first Google Docs spam today, and I've received a lot of spam
from people signing me up to Google Newsgroups without my permission or
confirmation for the express purpose of spamming me.

> Plus, the whole port blocking idea of ISPs actually violates the freedom
> of internet usage and doesn't really make sense either.

Perhaps we should ban firewalls then?

Although I support freedom of speech, I wish ISPs could be forced to
declare which of their IP ranges belong to dynamic customers so that I can
block them. Failing that, I wish they would block outbound port 25
completely. Spam makes email useless. That's not freedom of speech, it's
drowning out the useful speech, so better spam filtering means more
freedom.

> Its not my intention to start such a discussion now, the net is already
> full of these: http://torrentfreak.com/search/isp+blocking

Ditto, but I couldn't help replying at the risk of starting a flame war
that I don't intend to participate in.

> Or like Kyle did, using a random port. The port-service associations are
> recommendations, nobody said we have to stick to them. The internet is
> the world wide wild west.

It doesn't have to be random. Port 587 was allocated for exactly this
purpose.

> Where there is a restriction you create a market.

How does that square with your comment above that "the whole port blocking
idea of ISPs actually violates the freedom of internet usage and doesn't
really make sense either."

> Which raises another question, why do ISPs offer site-to-site
> connectivity for that kind of money here in Uganda? Calling it a
> corporate network data plan or similar, charging each remote site big
> sums per month?

It's easier for companies to work this way, and there's no guarantee that
the persistent connection trick will continue to work, which means they
could wake up to a nasty surprise one day. Some companies prefer peace of
mind (like insurance) and pick the expensive but guaranteed VPN option.

Cheers, Chris.
--
Aptivate | http://www.aptivate.org | Phone: +44 1223 760887
The Humanitarian Centre, Fenner's, Gresham Road, Cambridge CB1 2ES

Aptivate is a not-for-profit company registered in England and Wales
with company number 04980791.
_______________________________________________
LUG mailing list
[email protected]
http://kym.net/mailman/listinfo/lug
%LUG is generously hosted by INFOCOM http://www.infocom.co.ug/

The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way.
---------------------------------------



_______________________________________________
LUG mailing list
[email protected]
http://kym.net/mailman/listinfo/lug
%LUG is generously hosted by INFOCOM http://www.infocom.co.ug/

The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way.
---------------------------------------

  
_______________________________________________
LUG mailing list
[email protected]
http://kym.net/mailman/listinfo/lug
%LUG is generously hosted by INFOCOM http://www.infocom.co.ug/

The above comments and data are owned by whoever posted them (including 
attachments if any). The List's Host is not responsible for them in any way.
---------------------------------------

Reply via email to