Re: [swinog] Re: blocking ports?
isn't the most spam comming via compromized Computers ? adsl Dynamic or dialup user you should never trust them if the say the dont spam. they have to send mail the way smtp is thought for, that means send email to the smtp relay next to you. prevent him to send email via any other relay. if this would be consequent done by all ISP most of the spam would dissapear, and we could concentrate to prevent abusing other system for doing their harmfull work. Funny thing is one ISP is switching off his SMTP relay telling the client to use other smtp relay in the wild and call that a first action according to the stop spam campaign. another one is blocking port25 und force the user to use the ISP?s SMTP Relay and even explain this is done due to the stop spam campaign how to believe anything ? confused but still voting to block mail from dialup and adsl ranges ;-) -- Original Message -- From: Scott Weeks [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Thu, 12 Apr 2007 11:19:56 -0700 Hello, : So if a customer proofs that he is able from a technical : Point of view to operate an mail server in a secure manner : and assures not to abuse email for spam then it's not : acceptable that an ISP block anything to him. This is what I was saying to the guys here at my work. We just need a small proof that the customer isn't a spammer and we open it up. However, most of our customers are less-technical savy home folks. Did you have to prove to your ISP that you weren't spamming? If so, how did they have you do that? Thanks, scott --- [EMAIL PROTECTED] wrote: From: Peter Bickel [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [swinog] Re: blocking ports? Date: Thu, 12 Apr 2007 12:03:28 +0200 Scott Weeks schrieb: : You'd be amazed how many companies operate their own : mail servers, even behind dynamic addresses I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this? scott Hi Scott we do exactly this for IDV Network Consulting. We operate our own Mailserver (Solaris with sendmail and iamp) in our internal Network which is connected to Cablecom (DHCP ;-)) In addition we have some Maschines in a hosting environment which have of corse fixed IP addresses which we use to relay to the outside. All hosts use Solaris and sendmail and are protected with IPFilter with very restrictive Rules. Incomming email is going through the external hosts and an IPIP Tunnel directly to the internal mail server. We really don't want to be dependend on an ISPs email SETUP. DNS is the same which helped me in the past a lot where several customers weren't able to use the net everything worked for us. So if a customer proofs that he is able from a technical Point of view to operate an mail server in a secure manner and assures not to abuse email for spam then it's not acceptable that an ISP block anything to him. --- [EMAIL PROTECTED] wrote: From: Markus Wild [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [swinog] Re: blocking ports? Date: Wed, 11 Apr 2007 19:26:39 +0200 Jonathan, Sorry but I disagree with Per. ISPs have a duty to prevent email Spam which is a terrible curse for us all. If they decide that blocking port 25 outbound will help then they should do it. If you are a user, why can't you use the ISPs relay server? If you are a provider you ought to have your own mail server on a fixed IP address. You'd be amazed how many companies operate their own mail servers, even behind dynamic addresses (in which case they usually use some mailbox polling mechanism to feed their server from mail from the outside), but send outgoing mail directly with SMTP. Of course, one day we need a better protocol than SMTP (*Simple* Mail Transfer Protocol) which was never meant as a global email solution. But until then we have to do something to stop people abusing it. But by killing the payload, not the messenger, please... Cheers, Markus ___ swinog mailing list [EMAIL PROTECTED] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list [EMAIL PROTECTED] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- Gruss Pitsch __ Peter Bickele-mail: [EMAIL PROTECTED] IDV Network ConsultingTelefon: +41 1 853 24 16 Gumpenwiesenstrasse 38 Fax: +41 1 853 27 04 CH-8157 Dielsdorf Mobile: +41 79 666 15 50
RE: [swinog] Re: blocking ports?
* Block destination port 25. This prevents bots from sending email directly to the victims MXes. No one wants to (must not) run an MTA in a dialup range: Many MXes dont accept emails orginating from dial-up rages. No one wants to (must not) run an MX in a dial-up range. The risk of delaying or losing email due to a IP change is not acceptable. And what if the successor of the IP runs an MX which accepts all Mail..? thats right. Telia has started as first ISP blocking Port 25 years ago... Given the second point is OK, this whole blocking thing this not a bad idea. And its not that hard to configure fetchmail/authenticated relaying to a smarthost for geeks who want to run their own email infrastructure (in contrary it adds som salt to the whole soup ;) Why not sell some fixed IPs, to customers who want use their own mailserver ? If i receive a request from such a user, that has a dyn IP, i tell him to buy a static one, because of full control and exclusion of DUHL. Furthermore the customer is self responsable, if a IP Adress in his range will be listed. Complaint Mails are also directly sent to the owner of the IP, so the Abuse Team don't need to work on such cases. Greetings Daniele Ladu ___ swinog mailing list [EMAIL PROTECTED] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Re: blocking ports?
: but still voting to block mail from dialup and adsl ranges On DHCP DSL ranges. I see some businesses that have a legitimate email server on statically assigned DSL ranges... scott --- [EMAIL PROTECTED] wrote: From: Schmid [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [swinog] Re: blocking ports? Date: Fri, 13 Apr 2007 10:32:28 +0200 isn't the most spam comming via compromized Computers ? adsl Dynamic or dialup user you should never trust them if the say the dont spam. they have to send mail the way smtp is thought for, that means send email to the smtp relay next to you. prevent him to send email via any other relay. if this would be consequent done by all ISP most of the spam would dissapear, and we could concentrate to prevent abusing other system for doing their harmfull work. Funny thing is one ISP is switching off his SMTP relay telling the client to use other smtp relay in the wild and call that a first action according to the stop spam campaign. another one is blocking port25 und force the user to use the ISP?s SMTP Relay and even explain this is done due to the stop spam campaign how to believe anything ? confused but still voting to block mail from dialup and adsl ranges ;-) -- Original Message -- From: Scott Weeks [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Thu, 12 Apr 2007 11:19:56 -0700 Hello, : So if a customer proofs that he is able from a technical : Point of view to operate an mail server in a secure manner : and assures not to abuse email for spam then it's not : acceptable that an ISP block anything to him. This is what I was saying to the guys here at my work. We just need a small proof that the customer isn't a spammer and we open it up. However, most of our customers are less-technical savy home folks. Did you have to prove to your ISP that you weren't spamming? If so, how did they have you do that? Thanks, scott --- [EMAIL PROTECTED] wrote: From: Peter Bickel [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [swinog] Re: blocking ports? Date: Thu, 12 Apr 2007 12:03:28 +0200 Scott Weeks schrieb: : You'd be amazed how many companies operate their own : mail servers, even behind dynamic addresses I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this? scott Hi Scott we do exactly this for IDV Network Consulting. We operate our own Mailserver (Solaris with sendmail and iamp) in our internal Network which is connected to Cablecom (DHCP ;-)) In addition we have some Maschines in a hosting environment which have of corse fixed IP addresses which we use to relay to the outside. All hosts use Solaris and sendmail and are protected with IPFilter with very restrictive Rules. Incomming email is going through the external hosts and an IPIP Tunnel directly to the internal mail server. We really don't want to be dependend on an ISPs email SETUP. DNS is the same which helped me in the past a lot where several customers weren't able to use the net everything worked for us. So if a customer proofs that he is able from a technical Point of view to operate an mail server in a secure manner and assures not to abuse email for spam then it's not acceptable that an ISP block anything to him. --- [EMAIL PROTECTED] wrote: From: Markus Wild [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [swinog] Re: blocking ports? Date: Wed, 11 Apr 2007 19:26:39 +0200 Jonathan, Sorry but I disagree with Per. ISPs have a duty to prevent email Spam which is a terrible curse for us all. If they decide that blocking port 25 outbound will help then they should do it. If you are a user, why can't you use the ISPs relay server? If you are a provider you ought to have your own mail server on a fixed IP address. You'd be amazed how many companies operate their own mail servers, even behind dynamic addresses (in which case they usually use some mailbox polling mechanism to feed their server from mail from the outside), but send outgoing mail directly with SMTP. Of course, one day we need a better protocol than SMTP (*Simple* Mail Transfer Protocol) which was never meant as a global email solution. But until then we have to do something to stop people abusing it. But by killing the payload, not the messenger, please... Cheers, Markus ___ swinog mailing list [EMAIL PROTECTED] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list [EMAIL PROTECTED] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- Gruss Pitsch
Re: [swinog] Re: blocking ports?
Hi This is what I was saying to the guys here at my work. We just need a small proof that the customer isn't a spammer and we open it up. However, most of our customers are less-technical savy home folks. Did you have to prove to your ISP that you weren't spamming? If so, how did they have you do that? There is a passive OS fingerprinting module for iptables (see http://ippersonality.sourceforge.net/). How about treating connections differently depending on the OS they're coming from? if(windows) then block else allow? :) Or is the OS fingerprint lost through NAT? I don't know. Daniel ___ swinog mailing list [EMAIL PROTECTED] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Re: blocking ports?
Jonathan, Sorry but I disagree with Per. ISPs have a duty to prevent email Spam which is a terrible curse for us all. If they decide that blocking port 25 outbound will help then they should do it. If you are a user, why can't you use the ISPs relay server? If you are a provider you ought to have your own mail server on a fixed IP address. You'd be amazed how many companies operate their own mail servers, even behind dynamic addresses (in which case they usually use some mailbox polling mechanism to feed their server from mail from the outside), but send outgoing mail directly with SMTP. Of course, one day we need a better protocol than SMTP (*Simple* Mail Transfer Protocol) which was never meant as a global email solution. But until then we have to do something to stop people abusing it. But by killing the payload, not the messenger, please... Cheers, Markus ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Re: blocking ports?
On Wednesday 11 April 2007 19:26:39 Markus Wild wrote: You'd be amazed how many companies operate their own mail servers, even behind dynamic addresses (in which case they usually use some mailbox polling mechanism to feed their server from mail from the outside), but send outgoing mail directly with SMTP. Which after all is still quite possible if they use the ISP's MX as smart host which they should do anyhow considering how many people outright block mails from dynamic IPs. Seems to me that the benefit of cutting down on Spam would be worth the trouble of using port 587... pgpjjMdrd7Unv.pgp Description: PGP signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Re: blocking ports?
Seems to me that the benefit of cutting down on Spam would be worth the trouble of using port 587... Blocking port 25 is just a quick-n-dirty 'fix'. What will happen when virus-writers are going to spam using 587 (The credentials are stored on the users PC anyway..)? What would people do to stop blog-spamming? Blocking port 80 sounds like fun. Spam will be there as long as you can make money with it. -- RFC 1925: (11) Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Re: blocking ports?
Adrian Ulrich wrote: Seems to me that the benefit of cutting down on Spam would be worth the trouble of using port 587... Blocking port 25 is just a quick-n-dirty 'fix'. What will happen when virus-writers are going to spam using 587 (The credentials are stored on the users PC anyway..)? Well, the point with submission (587) is that it is authenticated. As such it is very easy to pinpoint which exact user is doing this. Of course now they could steal the credentials and send it over their botnet to another host (oh oh I give ideas away ;) but it should be fairly easy for the ISP to block that single account from spamming the world. Much easier than oh that IP, where did that hacked dsl line asking for a new dhcp go to which is also easy with the right management tools but clearly no ISP seem to have that. At least not the ones that need it, the clued ones do have those mechanisms in place and either filter that specific customer directly putting them into a quarantine zone and/or call the customer up. [..] Spam will be there as long as you can make money with it. Yep ;) Greets, Jeroen signature.asc Description: OpenPGP digital signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Re: blocking ports?
: You'd be amazed how many companies operate their own : mail servers, even behind dynamic addresses I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this? scott --- [EMAIL PROTECTED] wrote: From: Markus Wild [EMAIL PROTECTED] To: swinog@swinog.ch Subject: Re: [swinog] Re: blocking ports? Date: Wed, 11 Apr 2007 19:26:39 +0200 Jonathan, Sorry but I disagree with Per. ISPs have a duty to prevent email Spam which is a terrible curse for us all. If they decide that blocking port 25 outbound will help then they should do it. If you are a user, why can't you use the ISPs relay server? If you are a provider you ought to have your own mail server on a fixed IP address. You'd be amazed how many companies operate their own mail servers, even behind dynamic addresses (in which case they usually use some mailbox polling mechanism to feed their server from mail from the outside), but send outgoing mail directly with SMTP. Of course, one day we need a better protocol than SMTP (*Simple* Mail Transfer Protocol) which was never meant as a global email solution. But until then we have to do something to stop people abusing it. But by killing the payload, not the messenger, please... Cheers, Markus ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog