You are here: Home > Participate > Join a Discussion > Mailman Archives
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [anti-spam-wg@localhost] Anti-spam WG draft minutes RIPE 46

  • To: Petr Nachtmann < >
  • From: Markus Stumpf < >
  • Date: Tue, 23 Sep 2003 17:13:45 +0200
  • Cc: "'RIPE anti-spam WG '" < >
  • Organization: SpaceNet AG, Muenchen, Germany

On Sat, Sep 06, 2003 at 09:47:32PM +0200, Petr Nachtmann wrote:
> Why to do something complicated when you cn do something simple? And don't
> forget about mailservers which cannot be prevented from being open relays
> (or whose administrators or suppliers aren't willing to fix it). You can
> just block any incoming SMTP traffic to that host from whole world except
> the seconrady MX servers. The hole is closed and the mailserver is even
> protected against this type of attack:

Isn't it unsocial to publish records in DNS (best MX) which will /never/
be reachable from the outside?
And as most braindead admins configure the firewall DROP and not REJECT
it is even more unsocial as the mailservers run in a (2 minute) timeout
each time they try to connect to the best MX.

If you have to filter a broken mailserver use a best MX to a working one
and a internal mailserver route to the final destination.


SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>