You are here: Home > Participate > Join a Discussion > Mailman Archives
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: spam SW, EMS/RFMS

  • To:
  • From: Richard Kettlewell < >
  • Date: Thu, 26 Mar 98 10:35:10 +0000 (GMT)

Sean O'Kelly writes:

> Which is our situation.  Largeish ISP with a large number of customers with
> a fair proportion of those other ISPs.  And a couple of _extremely_ well
> known MX hosts, used as secondary/tertiary MX by every man and his dog 
> in .au....
> 
>> BUT, the bottom line is I serously refuse to configure our MX-records
>> and Relaying based on spammers. It's possible, perhaps eveen likely,
>> that I'll eventually have to give up and admit their victory, but
>> that will not go without fight.
> 
> This is what we're considering/working on now.  While the abuse/reporting
> levels haven't reached those of other places, it's enough that I don't want
> to play this "game" any longer.
> 
> Anyone have any alternatives to denying all relaying on our MX hosts before I
> have to actually start working on it?

I can think of a few[1] ways of constructing lists of domains to relay
for, none of which are perfect:

 * scan your logs to see who is using the machines currently.  Hardly
   perfect as some of them may be spammers, while other users may
   happen not to receive any mail via these machines in the period you
   scan for.

 * traverse the DNS for MX records pointing at these machines.  Trying
   to do this for the whole world might well be impractical, but
   perhaps *.au will be do-able.

 * require anyone who wants to use the MX hosts to notify you and
   announce this very widely.

Our backoff MX hosts run the same filters as our primary machines, and
have done since we started filtering.

One recent problem which ought to have been just as obvious: customers
need to be able to send with fairly arbitrary return paths just so
that they can forward mail outside their own network, etc - so you
need to identify the good guys by the host they connect from, rather
than by return path.

ttfn/rjk

[1] two ways ... no three ... soddit, among the ways; nobody expects
    the Spammish inquisition.




  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>