Russ Allbery writes:
> Russ Nelson <[EMAIL PROTECTED]> writes:
>
> > Unfortunately for the legitimate users, dialup users have proven
> > themselves untrustworthy, because they are at the moment of connection
> > anonymous. How can they generate the necessary trust? Well, for one,
> > by having a DNS record which identifies them as trustworthy. Their ISP
> > can issue them a address from a pool which is trusted, once they have
> > proven their trust. Or vice-versa, a new or trial user would be given
> > an address in a pool which is not trusted.
>
> There's a problem with this method of going at things. The problem is
> that people really don't have a clear idea of which pools at an ISP are
> trusted and which aren't, so they just block everything that looks like a
> dialup to them. The result is that there is absolutely no incentive for
> an ISP to go to the work of setting up two separate pools, since the
> people blocking spam would just block them both anyway.
That's why the ISP names the one pool .dialup.isp.com, and the other
.trusted.isp.com. Then we can use qmail-smtpd modified by my
BOUNCEMAIL patch found in http://www.qmail.org/rbl, *or* Dan's
rblsmtpd as-is. Use tcpserver modified by Chuck Foster's patch to
lookup names, and add
.dialup.isp.com:allow,BOUNCEMAIL="521 I do not accept mail from dialups"
or
.dialup.isp.com:allow,RBLSMTPD="-I do not accept mail from dialups"
Note: it's insecure to use Chuck's patch to *allow* services by name.
It's perfectly fine to use it to *deny* services, though. Who would
bother breaking security to deny themselves service?? Auto-DOS attack. :)
"Stop me before I stop myself again!"
The other thing the ISP can do is add their untrusted dialups to the
DUL.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
