<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Relays, Blacklists, and Laws (was: spam-tools?)

  • From: Anders Andersson < >
  • Date: Mon, 18 Jun 2001 22:00:23 +0200 (MET DST)

Piet Beertema <Piet.Beertema@localhost wrote:
>1) Having port 25 open is an implicit announcement of being
>   open to receive mail. Whether the announcement has been
>   made in public (through DNS) or not is irrelevant. The
>   same holds for the physical mailbox at your door.

The issue was whether any law or AUP could disallow relay testing,
and I mentioned "a host that is not meant to receive mail" just as
an example, not as a criterion on when relay testing just might be
disallowed.  I can widen that to "a host" in general, if that makes
for a better example.  So, does my wish to relay test any machine
(or rather IP address) that comes before my eyes run contrary to
any law or AUP out there?  People claim this from time to time, but
I have yet to see a confirmed statement in any particular case,
which is why my list of "off-limit" hosts is empty.

Still, I'm open to the possibility that a court in China or the
Bahamas might actually rule it illegal for me to relay test any
computers on their territory without the host owner's explicit
consent, and I'm offering the opportunity to have any networks
under the jurisdiction of said court publicly listed, meant as a
deterrent against any such rulings.

As long as the list is empty, there won't be any demand for easy
access to it.  I'll let anti-spam-wg@localhost know if I get any
solid nominations.  Until then, I find the issue rather academic.
Maybe there is already an RFC or other paper written on this
policy issue?  Has the principle been tested in court anywhere?

>2) If port 25 is open for receiving internal mail and no more
>   than that, then the "interface" to the outside world should
>   block access to that port from outside. Failure to do so
>   means that 1) applies.

Blocking access to individual TCP or UDP ports in the border
router is a convenient security measure to cover up for poor
security on the individual hosts.  Whether this access control
is implemented in the router or on the target host, it does not
constitute a definitive policy statement with regard to what
kind of access is allowed in every possible situation.  E-mail
is no exception; our express refusal to tolerate unsolicited
bulk e-mail on our systems depends on our ability to make rules
without implementing them in hardware or software and still
expect those rules to be followed.

This is not to say that I will drag every prankster who finds a
new way to annoy me to court, but if I can identify a pattern, I
will make a complaint and/or take preventive measure against
future cases of abuse.

For instance, whenever I get the time to study our router logs,
I see repeated attempts to connect to TCP port 25 on random IP
addresses (many of which don't even belong to existing hosts).
I suppose these are attempts by spammers to identify new open
relays for them to abuse, though they could possibly be friendly
checks that my network doesn't constitute a threat to others.
If I wasn't so tied up dealing with spam pouring in on our mail
servers, I might actually take the time to report a few of the
more persistent probers to their respective ISP's, asking them
to go play somewhere else.  If they happen to be friendly checks
I'd still like to know a way to avoid them, so that they don't
unnecessarily fill up our logs or trigger intruder alerts.  Such
probes don't serve any useful purpose to either of us.

If someone occasionally tests our mail server for relaying, I
won't even notice unless they tell me about it afterwards.  If
they have found a hole, I'll be more than grateful for them
letting me know.  Threatening them with legal action is the last
thing I would do.  And, I will not insult them by sending them an
automatic form reply saying that I will consider their note but
never tell them whether it was of any help to me.  Fortunately,
I'm not an ISP accidentally letting in another spammer every day,
so I don't get that many complaints to our abuse mailbox.

--
Anders Andersson, Dept. of Computer Systems, Uppsala University
Paper Mail: Box 325, S-751 05 UPPSALA, Sweden
Phone: +46 18 4713170   EMail: andersa@localhost





  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>