Jef Poskanzer wrote:
..snip...
And finally, if you want to run a check on the HELO string, I find
that just rejecting outside connections that claim a HELO of your own
hostname gets rid of a very high proportion of crapmail. This
very simple check is successful enough that
On Mon, 16 May 2005, Todd Lyons wrote:
From: Todd Lyons [EMAIL PROTECTED]
To: ClamAV users ML clamav-users@lists.clamav.net
Date: Mon, 16 May 2005 10:14:26 -0700
Subject: Re: [Clamav-users] sober.p and german adverts?
Reply-To: ClamAV users ML clamav-users@lists.clamav.net
...
Some ISP's
On May 16, 2005, at 5:43 PM, Dennis Peterson wrote:
Most of the spam I've gotten the last three days is from comcast.net.
Apparently they allow their customers to send out to port 25. They
should
lock that down so that spam goes out through their own servers so they
can
feel the pain when they
One final point here, I know I, and I'm sure many of you, have seen or come
into contact with infected exchange serverson static ip addresses. The
fact that it's static, or in fact, a business connection, speaks not a thing
for the competence of the administrator, or the security of the
On May 17, 2005, at 2:17 AM, Alan Premselaar wrote:
Jef Poskanzer wrote:
..snip...
And finally, if you want to run a check on the HELO string, I find
that just rejecting outside connections that claim a HELO of your own
hostname gets rid of a very high proportion of crapmail. This
very simple
Bart Silverstrim said:
On May 16, 2005, at 5:43 PM, Dennis Peterson wrote:
Most of the spam I've gotten the last three days is from comcast.net.
Apparently they allow their customers to send out to port 25. They
should
lock that down so that spam goes out through their own servers so they
On May 17, 2005, at 8:48 AM, Dennis Peterson wrote:
Bart Silverstrim said:
To me, that price is learning how to do it right. Price isn't always
monetary.
I wouldn't argue with the idea of having to tell your provider that
you
need your particular connection unfiltered and leave it unfiltered
On Tue, 17 May 2005, Bart Silverstrim wrote:
After yet another day of putting up with all this crap from viruses, there's
a part of me that wonders what would happen if someone wrote a virus that
would pull a sober.p infectinfectinfect...sleep...payload trick where
instead of turning the
Bart Silverstrim wrote:
Maybe even do a reverse check to see if there's a mail server on the
sending system...how many systems would break doing a check like that?
The sending server isn't guaranteed to be a MX, so any DNS MX or reverse
connection tests would fail.
Matt
On May 17, 2005, at 12:17 PM, Matt Fretwell wrote:
Bart Silverstrim wrote:
Maybe even do a reverse check to see if there's a mail server on the
sending system...how many systems would break doing a check like that?
The sending server isn't guaranteed to be a MX, so any DNS MX or
reverse
Bart Silverstrim wrote:
On May 17, 2005, at 12:17 PM, Matt Fretwell wrote:
Bart Silverstrim wrote:
Maybe even do a reverse check to see if there's a mail server on the
sending system...how many systems would break doing a check like that?
The sending server isn't guaranteed to be a MX, so any DNS
Matt Fretwell wrote:
Bart Silverstrim wrote:
Maybe even do a reverse check to see if there's a mail server on the
sending system...how many systems would break doing a check like that?
The sending server isn't guaranteed to be a MX, so any DNS MX or reverse
connection tests would fail.
But
On Mon, 16 May 2005, Bill Taroli wrote:
Matt Fretwell wrote:
plenty of legitimate MTA setups running on dynamic IP's. [...] What
really does amaze me though, is that these are generally the admins who
will turn around and say, 'Don't block (variable), you will lose too
much legitimate mail'.
[EMAIL PROTECTED] wrote:
If we can standardize the set of rules and protocols required for an MTA
to accept an email, then spam will reduce. Either that or we need to
build a better mousetrap. This is jut my $0.02.
Your thoughts?
What time is the next rocketship to this planet you have
On Tue, 2005-05-17 at 12:06 -0700, [EMAIL PROTECTED] wrote:
On Mon, 16 May 2005, Bill Taroli wrote:
Matt Fretwell wrote:
plenty of legitimate MTA setups running on dynamic IP's. [...] What
Once upon a time, email was simple. It carried text. Later people got
... ... ...
If we can
On Tue, 17 May 2005, Matt Fretwell wrote:
If we can standardize the set of rules and protocols required for an MTA
to accept an email, then spam will reduce. Either that or we need to
build a better mousetrap. This is jut my $0.02.
Your thoughts?
What time is the next rocketship
On May 17, 2005, at 3:21 PM, [EMAIL PROTECTED] wrote:
On Tue, 17 May 2005, Damian Menscher wrote:
Would the person who implements this do me a favor and make the virus
pretend to be a viagra spam? If we format the hard drives of people
that buy from spammers, and the media picks up on it, then
On May 17, 2005, at 3:39 PM, Dennis Peterson wrote:
[EMAIL PROTECTED] said:
For email transfer and MTA's alike, putting SPF in DNS to help
authenticate the source is a step in the right direction. If SPF
is a
good idea, and it is dns based, then so should forward-and-back
lookups.
If additional
Matt Fretwell wrote:
[EMAIL PROTECTED] wrote:
If we can standardize the set of rules and protocols required for an MTA
to accept an email, then spam will reduce. Either that or we need to
build a better mousetrap. This is jut my $0.02.
What time is the next rocketship to this planet you
Steffen Winther Soerensen wrote:
This seems more like a discussion for another mailing list or a Usenet
group on MTAs/SMTP IMHO
I don't disagree... are there any good ones for SPF or similar debates?
I do think -- much as you'd find in the Amavisd list -- that these
issues do tend to intersect
On Tue, 17 May 2005, Dennis Peterson wrote:
How would you handle the PTR record for an SMTP server that hosts 500
virtual domains?
Yes, I realize that getting everyone to change would be a pain in the
butt and if we can do the following it would certainly reduce spam. We
host many domains
On Tue, 17 May 2005, Bart Silverstrim wrote:
Kill two birds with one stone... I like it.
Nice. That couldn't be cleaner. There are plenty of ways of
harmlessly disabling a system (no lost data, just no boot) and that
would certainly be an awakening call for everyone across the board.
On Tue, 17 May 2005, Bart Silverstrim wrote:
If we can standardize the set of rules and protocols required for an
MTA to accept an email, then spam will reduce. Either that or we
need to build a better mousetrap. This is jut my $0.02.
How would you handle the PTR record for an SMTP
Bill Taroli wrote:
This seems more like a discussion for another mailing list or a Usenet
group on MTAs/SMTP IMHO
I don't disagree... are there any good ones for SPF or similar debates?
Postfix list: SPF practically banned except for implementation questions.
Exim list: Will probably
Bart Silverstrim wrote:
On May 17, 2005, at 3:21 PM, [EMAIL PROTECTED] wrote:
On Tue, 17 May 2005, Damian Menscher wrote:
Would the person who implements this do me a favor and make the virus
pretend to be a viagra spam? If we format the hard drives of people
that buy from spammers, and the
[EMAIL PROTECTED] wrote:
IMO, a sending MTA should never have its smtp port closed unless
it is an end-user.
Once again, a sending server does not have to be a MX. Something within
that domain should be listening on port 25, but not always the machine
which is connecting to yours. Look at
Matt Fretwell wrote:
[EMAIL PROTECTED] wrote:
IMO, a sending MTA should never have its smtp port closed unless
it is an end-user.
Once again, a sending server does not have to be a MX. Something within
that domain should be listening on port 25, but not always the machine
which is
' not the responsible persons.
Eric Wisti
On Tue, 17 May 2005, [EMAIL PROTECTED] wrote:
Date: Tue, 17 May 2005 12:06:53 -0700 (PDT)
From: [EMAIL PROTECTED]
Reply-To: ClamAV users ML clamav-users@lists.clamav.net
To: ClamAV users ML clamav-users@lists.clamav.net
Subject: Re: [Clamav-users] sober.p and german
[EMAIL PROTECTED] said:
On Tue, 17 May 2005, Bart Silverstrim wrote:
If we can standardize the set of rules and protocols required for an
MTA to accept an email, then spam will reduce. Either that or we
need to build a better mousetrap. This is jut my $0.02.
How would you handle the
On Tue, 17 May 2005, Dennis Peterson wrote:
What do you think the PTR for a host with 500 virtual domains might look
like?
It doesn't matter -- as long as it points to some name that points back to
the same IP. mail723.theprovidersdomain.com would work.
On Tue, 17 May 2005, Matt Fretwell wrote:
[EMAIL PROTECTED] wrote:
IMO, a sending MTA should never have its smtp port closed unless
it is an end-user.
Once again, a sending server does not have to be a MX. Something within
that domain should be listening on port 25, but not always
On Tue, 17 May 2005, Bill Taroli wrote:
Matt Fretwell wrote:
IMO, a sending MTA should never have its smtp port closed unless
it is an end-user.
Once again, a sending server does not have to be a MX. Something within
that domain should be listening on port 25, but not always the
On Tue, 17 May 2005, Eric J. Wisti wrote:
What about the users (like me) that have one ip address to play with? Do I
use the ONE ptr record for mail, web, dns, ftp or whatever else I choose
to make available to the world. Generally, only mail has a loose
'requirement' for front to
On Tue, 17 May 2005, Dennis Peterson wrote:
What do you think the PTR for a host with 500 virtual domains might look
like?
dp
If the hosting company is some-hoster.com then (adjusting file pathing
appropriately) it might look like so:
Forward: (/var/named/some-hoster.com)
Dennis Peterson wrote:
What do you think the PTR for a host with 500 virtual domains might look
like?
Big :)
Matt
___
http://lurker.clamav.net/list/clamav-users.html
[EMAIL PROTECTED] said:
On Tue, 17 May 2005, Eric J. Wisti wrote:
What about the users (like me) that have one ip address to play with? Do
I
use the ONE ptr record for mail, web, dns, ftp or whatever else I choose
to make available to the world. Generally, only mail has a loose
[EMAIL PROTECTED] wrote:
Once again, a sending server does not have to be a MX. Something
within that domain should be listening on port 25, but not always the
machine which is connecting to yours. Look at the hostname of my
machine in the headers. You will see it has rDNS and fDNS,
Christopher X. Candreva said:
On Tue, 17 May 2005, Dennis Peterson wrote:
What do you think the PTR for a host with 500 virtual domains might look
like?
It doesn't matter -- as long as it points to some name that points back to
the same IP. mail723.theprovidersdomain.com would work.
On Tue, 17 May 2005, Dennis Peterson wrote:
I guess I'm saying that if I telnet to fw.domain.name on 25, I should see
something like
220 fw.domain.name ESMTP mail relay.
If it doesn't say that, then it is lying to anyone who connects to it.
Forward and back dns should resolve to
Nice. That couldn't be cleaner. There are plenty of ways of
harmlessly disabling a system (no lost data, just no boot) and that
would certainly be an awakening call for everyone across the board.
People would get to reinstall their os and loose at least 2hrs of
time. I really miss the days of
Bill Taroli wrote:
Steffen Winther Soerensen wrote:
This seems more like a discussion for another mailing list or a Usenet
group on MTAs/SMTP IMHO
I don't disagree... are there any good ones for SPF or similar debates?
You're welcome to discuss things related to SPF on spf-discuss:
[EMAIL PROTECTED] said:
On Tue, 17 May 2005, Dennis Peterson wrote:
I guess I'm saying that if I telnet to fw.domain.name on 25, I should
see
something like
220 fw.domain.name ESMTP mail relay.
If it doesn't say that, then it is lying to anyone who connects to it.
Forward and
Bill Taroli wrote:
Eric Wheeler wrote:
[...] For email transfer and MTA's alike, putting SPF in DNS to help
authenticate the source is a step in the right direction. If SPF is
a good idea, and it is dns based, then so should forward-and-back
lookups.
I totally agree that some solution
On Tue, 17 May 2005, Matt Fretwell wrote:
True, but it could helo with its hostname and then it would match
connecting back to check its 220 string. Even if its a sending server,
it should listen on 25 to verify that it is a mail server, even if it
doesn't accept mail. If it doesn't
On Tue, 17 May 2005, Dennis Peterson wrote:
Christopher X. Candreva said:
On Tue, 17 May 2005, Dennis Peterson wrote:
What do you think the PTR for a host with 500 virtual domains might look
like?
It doesn't matter -- as long as it points to some name that points back to
the same
[EMAIL PROTECTED] wrote:
What I am saying is that if you can't do some type of verification,
whether it is connect-back (remember the old dialup
callback-verification-system?) to the sending server or SPF or some
other type of authentication mechanism, then you can't trust the sender.
On Tue, 17 May 2005, Jef Poskanzer wrote:
Actually, I think a little stealth would be better. Something like
silently intercepting and dropping any attempts at opening an outbound
email connection.
Ohh, you mean the New.net plugin?
--
Eric Wheeler
Vice President
National Security
[EMAIL PROTECTED] wrote:
If they do have a rouge spammer on their network, they might wish to
know about it anyway.
I assume that should have been rogue. ( Unless spammers have a
predilection for make up :)
Matt
___
[EMAIL PROTECTED] said:
On Tue, 17 May 2005, Matt Fretwell wrote:
True, but it could helo with its hostname and then it would match
connecting back to check its 220 string. Even if its a sending
server,
it should listen on 25 to verify that it is a mail server, even if it
doesn't accept
Julian Mehnle wrote:
Bill Taroli wrote:
Eric Wheeler wrote:
[...] For email transfer and MTA's alike, putting SPF in DNS to help
authenticate the source is a step in the right direction. If SPF is
a good idea, and it is dns based, then so should forward-and-back
lookups.
I totally
Dennis Peterson wrote:
[EMAIL PROTECTED] said:
On Tue, 17 May 2005, Dennis Peterson wrote:
I guess I'm saying that if I telnet to fw.domain.name on 25, I should
see
something like
220 fw.domain.name ESMTP mail relay.
If it doesn't say that, then it is lying to anyone who
[EMAIL PROTECTED] wrote:
When our MTA's are rebuilt for the new network some of the strategies
discussed in this thread will be implemented. Others will be
implemented in a test-and-alert-me-only setup to see how effective it
is. If it breaks only 1% of the mta's out there then that is an
On Tue, 17 May 2005, Matt Fretwell wrote:
[EMAIL PROTECTED] wrote:
If they do have a rouge spammer on their network, they might wish to
know about it anyway.
I assume that should have been rogue. ( Unless spammers have a
predilection for make up :)
Hmm. I guess aspell thinks that is
On Tue, 17 May 2005, Matt Fretwell wrote:
Big :)
The 100+ subscribers of this mailing list would prefer not to receive
your meaningless one-word responses to every post. Not even if you're
correcting someone else's typo (rouge-rogue). I don't want to
single you out, though. Others have been
Jef Poskanzer wrote:
I really miss the days of destructive viruses. We just don't
really see 'em like we used to. Remember Michaelangelo? What was his
birthday again?
Actually, I think a little stealth would be better. Something like
silently intercepting and dropping any attempts at
It IS a word...just not the one you wanted. swine spellchekers
On Tuesday 17 May 2005 05:12 pm, [EMAIL PROTECTED] wrote:
On Tue, 17 May 2005, Matt Fretwell wrote:
[EMAIL PROTECTED] wrote:
If they do have a rouge spammer on their network, they might wish to
know about it anyway.
John Jolet wrote:
On Tue, 17 May 2005, Matt Fretwell wrote:
[EMAIL PROTECTED] wrote:
If they do have a rouge spammer on their network, they might wish
to know about it anyway.
I assume that should have been rogue. ( Unless spammers have a
predilection for make up :)
Hmm. I guess
On Tue, 17 May 2005, Dennis Peterson wrote:
What I am saying is that if you can't do some type of verification,
whether it is connect-back (remember the old dialup
callback-verification-system?) to the sending server or SPF or some other
type of authentication mechanism, then you can't
On Tue, 17 May 2005, Bill Taroli wrote:
If I have a server with 500 virt hosts you could get a helo from any one
of them. If you telnet back to it on port 25 what do you think you might
see? One of about 499 liars, maybe?
Well I am assuming that you would be doing a
On Tue, 17 May 2005, Dennis Peterson wrote:
Damian Menscher said:
Since you are speaking for all of us what do we think of your 5 line sig?
I bet some of us think it sux.
As do I. But I think you'll agree it is about as dense as possible
given the amount of information (I work two jobs, and my
Damian Menscher said:
On Tue, 17 May 2005, Dennis Peterson wrote:
I found Stephen Gran's comment interesting, in that he beat me to
finding the bug (I'd wasted time looking in clamav-milter.c first).
The rest of the posts, including your arrogant ramblings, were
worthless.
I'll be damned.
Matt Fretwell wrote:
SAV probes are little less than content free spam. I have firewall rules
for offenders who don't cache their SAV results for a reasonable amount of
time.
We get hammered by these non-stop. We don't have rules targeting them
specifically, but the badly-behaved ones dig their
On Tue, 17 May 2005, Dennis Peterson wrote:
Damian Menscher said:
I found Stephen Gran's comment interesting, in that he beat me to
finding the bug (I'd wasted time looking in clamav-milter.c first).
The rest of the posts, including your arrogant ramblings, were
worthless.
I'll be damned. And here
Damian Menscher wrote:
And did you not find the clamd log permissions debugging segment in
another thread educational? I did.
I found Stephen Gran's comment interesting, in that he beat me to
finding the bug (I'd wasted time looking in clamav-milter.c first).
The rest of the posts,
Damian Menscher said:
On Tue, 17 May 2005, Dennis Peterson wrote:
Damian Menscher said:
I found Stephen Gran's comment interesting, in that he beat me to
finding the bug (I'd wasted time looking in clamav-milter.c first).
The rest of the posts, including your arrogant ramblings, were
On May 17, 2005, at 4:03 PM, Bill Taroli wrote:
Steffen Winther Soerensen wrote:
This seems more like a discussion for another mailing list or a Usenet
group on MTAs/SMTP IMHO
I don't disagree... are there any good ones for SPF or similar
debates? I do think -- much as you'd find in the Amavisd
On May 17, 2005, at 7:06 PM, Damian Menscher wrote:
On Tue, 17 May 2005, Dennis Peterson wrote:
Damian Menscher said:
Since you are speaking for all of us what do we think of your 5 line
sig?
I bet some of us think it sux.
As do I. But I think you'll agree it is about as dense as possible
given
Bart Silverstrim wrote:
On May 17, 2005, at 4:03 PM, Bill Taroli wrote:
Steffen Winther Soerensen wrote:
This seems more like a discussion for another mailing list or a Usenet
group on MTAs/SMTP IMHO
I don't disagree... are there any good ones for SPF or similar
debates? I do think -- much as
I am also getting inundated with German gibberish spam. Would you mind
explaining the significance (if any) of the email address that you posted? I
am finding that the German Gibberish garbage is spoofing a different email
address with each posting.
Thanks
Mike
On 5/16/05, Bart Silverstrim
On May 16, 2005, at 9:00 AM, Mike Blonder wrote:
I am also getting inundated with German gibberish spam. Would you mind
explaining the significance (if any) of the email address that you
posted? I
am finding that the German Gibberish garbage is spoofing a different
email
address with each
Bart Silverstrim wrote:
Are there any analysis papers out on sober.p yet? And can anyone else
corroborate the theory I have, or am I totally off-base here? I'm
still trying to figure it out from what I can piece together between
phone calls for other tasks here :-)
If I remember
OK.
I think I get it. You had identified the oncbuv.com
http://oncbuv.comaddress as a source for the
sober.p garbage earlier and now it is showing up with the German gibberish
garbage.
Thanks
Mike
I will check the next batch I receive (I hope I don't) for the same address
On 5/16/05, Bart
-users] sober.p and german adverts?
OK.
I think I get it. You had identified the oncbuv.com
http://oncbuv.comaddress as a source for the sober.p garbage earlier and
now it is showing up with the German gibberish garbage.
Thanks
Mike
I will check the next batch I receive (I hope I don't
On May 16, 2005, at 9:59 AM, Mike Blonder wrote:
OK.
I think I get it. You had identified the oncbuv.com
http://oncbuv.comaddress as a source for the
sober.p garbage earlier and now it is showing up with the German
gibberish
garbage.
Sort of. I can't find oncbuv.com so it's spoofed. The IP
On May 16, 2005, at 10:52 AM, Rainer Zocholl wrote:
[EMAIL PROTECTED](Bart Silverstrim) 16.05.05 08:51
Maybe you should have simply entered it into google?
I'm quite sure that google would have lead you to the right place.
Yes, google can search for german strings too! IMOH ;-)
I did enter it in
Block all mails from dynamic IP.
They are 99,99% spam.
No they aren't that rule causes quite a few of my customers a
headache, as the (linux) mailserver I often install sends the email
direct, irrespective of whether there Ip is dynamic or static. Some
ISPs charge an arm and a leg for
Sent: 16 May 2005 16:05
To: ClamAV users ML
Subject: Re: [Clamav-users] sober.p and german adverts?
On May 16, 2005, at 10:52 AM, Rainer Zocholl wrote:
[EMAIL PROTECTED](Bart Silverstrim) 16.05.05 08:51
Maybe you
should have simply entered it into google?
I'm quite sure that google
On May 16, 2005, at 11:08 AM, Randal, Phil wrote:
It's easy to block.
Check the handler's Diary at http://isc.sans.org/ and follow the links.
Thank you, that's my next task when I get a block of time today.
Thanks again!
___
Brian Read wrote:
Block all mails from dynamic IP. They are 99,99% spam.
No they aren't that rule causes quite a few of my customers a
headache, as the (linux) mailserver I often install sends the email
direct, irrespective of whether there Ip is dynamic or static. Some
ISPs charge an
Bart Silverstrim schrieb:
That address had been hammering us over and over for awhile with
sober.p. Now it's become quiet.
Yes. Now the infected hosts are sending out spam containing (very)
right-wing political propaganda.
Perhaps we now know what happened to sober.p?
Yes. The same thing
Todd Lyons wrote:
You should make their ISP's mail servers be the smarthost or
relayhost for that customer's mail server.
Oh yes, really.
Some ISP's don't allow you to relay mail through them if it's not for
@ispdomain.com.
They don't allow you to do that so that they can charge you
Matt Fretwell wrote:
Brian Read wrote:
Block all mails from dynamic IP. They are 99,99% spam.
No they aren't that rule causes quite a few of my customers a
headache, as the (linux) mailserver I often install sends the email
direct, irrespective of whether there Ip is dynamic or
[EMAIL PROTECTED](Bart Silverstrim) 16.05.05 11:05
I did enter it in when I first discovered it, but there were no hits.
Ok, next time mention it ;-)
I thought perhaps it was too new at the time, and then turned to the
lists to corroborate what I was seeing.
Many of them are pointing to
[EMAIL PROTECTED](Brian Read) 16.05.05 16:08
Once upon a time Brian Read shaped the electrons to say...
Block all mails from dynamic IP.
They are 99,99% spam.
No they aren't that rule causes quite a few of my customers a
headache,
Thats the missing 0.01% i know.
as the (linux) mailserver
[EMAIL PROTECTED](Todd Lyons) 16.05.05 10:14
Brian Read wanted us to know:
Block all mails from dynamic IP.
They are 99,99% spam.
Agreed.
No they aren't that rule causes quite a few of my customers a
headache, as the (linux) mailserver I often install sends the email
direct, irrespective of
On May 16, 2005, at 11:06 AM, Thomas Hochstein wrote:
Bart Silverstrim schrieb:
That address had been hammering us over and over for awhile with
sober.p. Now it's become quiet.
Yes. Now the infected hosts are sending out spam containing (very)
right-wing political propaganda.
Don't read German,
On May 16, 2005, at 1:41 PM, John Jolet wrote:
This email, for instance was sent from a properly configured mta
running antispam and antivirus scanning in BOTH directions, from a
dynamic ip. If my wife sends email from her computer, it goes to the
isp's mta, which does inbound only scanning.
On May 16, 2005, at 1:54 PM, Rainer Zocholl wrote:
[EMAIL PROTECTED](Bart Silverstrim) 16.05.05 11:05
I did enter it in when I first discovered it, but there were no hits.
Ok, next time mention it ;-)
Here I thought it was common sense now! :-)
Apparently it will be very hard to block if it's
John Jolet said:
Matt Fretwell wrote:
This email, for instance was sent from a properly configured mta running
antispam and antivirus scanning in BOTH directions, from a dynamic ip.
If my wife sends email from her computer, it goes to the isp's mta,
which does inbound only scanning. I
that would be a good blacklist: real-time-morons.org. I'd even toss in
systems that NDR after the connection is closed as they have no idea at
that point whe the sender is.
Which means all sites running qmail! Yay!
___
On Monday 16 May 2005 04:43 pm, Dennis Peterson wrote:
John Jolet said:
Matt Fretwell wrote:
This email, for instance was sent from a properly configured mta running
antispam and antivirus scanning in BOTH directions, from a dynamic ip.
If my wife sends email from her computer, it
Dennis Peterson wrote:
Nobody should send mail directly unless it is filtered outbound. In
fact, that would be a good blacklist: real-time-morons.org. I'd even
toss in systems that NDR after the connection is closed as they have no
idea at that point whe the sender is.
That, I cannot argue
Matt Fretwell said:
Dennis Peterson wrote:
Nobody should send mail directly unless it is filtered outbound. In
fact, that would be a good blacklist: real-time-morons.org. I'd even
toss in systems that NDR after the connection is closed as they have no
idea at that point whe the sender is.
John Jolet said:
On Monday 16 May 2005 04:43 pm, Dennis Peterson wrote:
John Jolet said:
Nobody should send mail directly unless it is filtered outbound. In
fact,
that would be a good blacklist: real-time-morons.org. I'd even toss in
systems that NDR after the connection is closed as they
Dennis Peterson wrote:
That was my point. My mail IS filtered outbound. So I should have to
pay double for the privilege of controlling my own email?
How am I to know that you are filtering your mail? If your IP is in the
middle of a block of dynamic IP's you are fair game for me to
Matt Fretwell said:
Dennis Peterson wrote:
That was my point. My mail IS filtered outbound. So I should have to
pay double for the privilege of controlling my own email?
How am I to know that you are filtering your mail? If your IP is in the
middle of a block of dynamic IP's you are
Dennis Peterson wrote:
Here's how it works, Matt - if you have a dynamic IP, even one that has
a long life time, other people will still block mail from your IP block.
That seldom happens if you have a true fixed IP, all other things being
equal. And you know what? You have no say in it. It
Matt Fretwell said:
Dennis Peterson wrote:
Here's how it works, Matt - if you have a dynamic IP, even one that has
a long life time, other people will still block mail from your IP block.
That seldom happens if you have a true fixed IP, all other things being
equal. And you know what? You
Dennis Peterson wrote:
There is no need to block outright from the outset.
As I mentioned earlier, I'm getting slammed from comcast.net from relays
all over the US. It is far easier to block by obvious dsl/cable host
identifiers than to spend hours trying to figure out what /24 IP ranges
to
Matt Fretwell wrote:
There is no need to blanket ban every other providers dsl yet, though
:)
Just as a side note, here are a couple of links for Postfix header checks
for this german spam outbreak.
http://archives.neohapsis.com/archives/postfix/2005-05/1377.html
1 - 100 of 105 matches
Mail list logo
