Re: [anti-spam-wg@localhost] Anti-spam WG draft minutes RIPE 46
- Date: Tue, 23 Sep 2003 17:13:45 +0200
- Organization: SpaceNet AG, Muenchen, Germany
On Sat, Sep 06, 2003 at 09:47:32PM +0200, Petr Nachtmann wrote:
> Why to do something complicated when you cn do something simple? And don't
> forget about mailservers which cannot be prevented from being open relays
> (or whose administrators or suppliers aren't willing to fix it). You can
> just block any incoming SMTP traffic to that host from whole world except
> the seconrady MX servers. The hole is closed and the mailserver is even
> protected against this type of attack:
Isn't it unsocial to publish records in DNS (best MX) which will /never/
be reachable from the outside?
And as most braindead admins configure the firewall DROP and not REJECT
it is even more unsocial as the mailservers run in a (2 minute) timeout
each time they try to connect to the best MX.
If you have to filter a broken mailserver use a best MX to a working one
and a internal mailserver route to the final destination.
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"