Gary, I could only hope that the spammer who targets me resides in California, as criminal code pertaining to hacking and spamming make what most spammers do within this state a felony, not just some piddly civil offense. As far as I know, the CAN-SPAM Act can only override state civil laws, and not criminal ones.
Fortunately, I have a good attorney, and am not too worried about getting sued by a spammer, let alone an ISP that got tarpitted. I'm sure that I would be the least of their worries if they got their mail server "owned" by a spammer anyway. I don't think that SpamCannibal could possibly "kill" any reasonably designed mail server that was trying to deliver a single message to my server. It would take hitting multiple SpamCannibal servers in order to do any actual "damage", if you want to call it that. My server would only slow them down a bit and stop their spam delivery to me. That's certainly nothing that they could collect any damages for. William Van Hefner Network Administrator Vantek Communications, Inc. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Gary Brumm > Sent: Thursday, January 27, 2005 3:02 PM > To: IMail_Forum@list.ipswitch.com > Subject: RE: [IMail Forum] SpamCannibal (was another topic) > > > William, > > I believe that reporting to a RBL, blocking an IP, or > deleting email that > you classify as spam is relatively "passive" > as opposed to disabling someone's server which is a bit more > of an "active" > approach (IMHO). > I see that you appear to be a small provider (as am I) and > are located in > California. As a fellow Californian I am sure > you are aware that in this state more than just about anywhere else a > lawsuit doesn't have to make sense > to be filed or even won. If you take down a server from a > company with > "deep pockets" they can bankrupt you > even if they don't win just by running up the cost of your > defense. For > the record this is one of the things that I > absolutely hate about this state but it is an unfortunate > reality at this > time. I would give it a great deal of thought > before using doing something that could potentially damage another > companies business. I hope your frustration > with the spam problem doesn't backfire on you. If you ever > receive spam > from one of our servers please forward > the details and we will fix it (we don't like being hijacked > anymore than > we like receiving spam:-)). > > Regards, > > Gary > > > At 01:57 PM 1/27/2005, you wrote: > >Gary, > > > >I think that we vastly differ on what constitutes an > "attack". This is > >not "revenge", as you probably see it. It is pure defense, from my > >point of view. Keep in mind, the spamming server can stop the > >tarpitting AT ANY TIME, simply by stopping the stream of > spam they are > >sending to me. He stops, I stop. Period. No revenge. No vigilante > >party. I am purely reflecting the attack back at them. Just > as my own > >mail servers can be slowed down to a crawl or stopped entirely by > >spammers, I am simply shifting the burden back where it actually > >belongs. I am sending their spam back to them, with postage due. > > > >THEY are the ones launching the "attack" on MY server, not the other > >way around! All I am doing is making them choke on their OWN > messages. > >I am no more blocking the delivery of legitimate e-mail than > blacklists > >or RBLs are. These people are illegally trespassing on my property. > >Anyone reading our anti-spam policies knows that they are > unwanted, and > >the vast majority of spams are in violation of the wussy > CAN-SPAM Act. > > > >In my home, and on my servers, anyone attempting to break-in > is shot on > >sight. Questions asked later. If other admins don't like it, > all they > >have to do is kill the queued spam they are sending to me and to > >others. It's the incompetent admin who is responsible if their other > >subscriber's e-mails don't get through, not me, just as it > is for mail > >admins who run open relays. No jury in the world who has > ever received > >spam would convict me! > > > > > >William Van Hefner > >Network Administrator > >Vantek Communications, Inc. > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of > Gary Brumm > > > Sent: Thursday, January 27, 2005 12:37 PM > > > To: IMail_Forum@list.ipswitch.com > > > Subject: Re: [IMail Forum] SpamCannibal (was another topic) > > > > > > > > > At 11:09 AM 1/27/2005, you wrote: > > > >Gary, > > > > > > > >This is NOT like some arbitrary "DOS" attack. The sending > > > server would > > > >only be choking on their -OWN- spam. As soon as the server > > > admin kills > > > >all attempts to send spam from their server to my server > > > (and others), > > > >everything goes back to normal. The tarpitting ONLY occurs > > > as long as > > > >spam is actively being delivered from their server. > > > > > > Hi William, > > > Yes, but while you are attacking the offending server you > are also > > > interfering with the processing of legitimate email. This action > > > may cause loss of customers and > > > result in legal action. How would you feel if I was crashing > > > your server > > > because > > > IMail had a bug (what are the odds of that :-) ) that someone > > > had exploited > > > and > > > was sending SPAM through your server? I just had someone > > > exploit a statistic server running on one of our machines. > > > We received several reports of spam > > > related > > > to one of our IP's. We were able to track down the problem > > > and fix it > > > quickly. I > > > realize that all providers are not so responsive. If someone > > > had managed > > > to crash > > > the machine it would have taken 100+ websites offline and > > > punished many people who were not at fault (not to mention it > > > would really pizz me off > > > :-)). All a "real" > > > spammer would have to do is block your IP and go back to business. > > > > > > > > > >This is the same premise behind RBLs, in that if everyone > > > used an RBL, > > > >an offensive spamming server would not be able to send > mail (spam > > > >or > > > >legit) to anyone. In this case, the program simply throttles > > > or kills > > > >the servers ability to send spam or other traffic until they > > > have dealt > > > >with the issue and STOPPED SPAMMING. > > > > > > RBL's are elective (we use them) and only affect delivery to our > > > customers. This is a completely different thing than "attacking" > > > someone else's server. > > > > > > > > > >Also, this is a two-step process. A spamming server already > > > has to have > > > >been blacklisted for spamming previously/recently before > the daemon > > > >will be triggered. By the time it gets to that point, an > > > admin should > > > >already know what's going on, and has had an opportunity to do > > > >something about it. As soon as they stop sending spam, the > > > problem goes > > > >away. Seems fair enough to me. FYI, I am only considering > > > >installing this on my secondary MX, where absolutely NO legit > > > >traffic > > > belongs in > > > >the first place. If everyone installed this program on their > > > secondary > > > >MX, the abuse of secondaries would quickly vanish. > > > > > > Believe me, I hate spam and spammers as much as anyone > but I don't > > > want to crash legitimate servers that have been > exploited. If I see > > > a certain source of > > > persistent spam I have no problem with its IP being > blocked (our IP > > > blocking expires > > > after a time so if the problem is resolved the IP becomes > > > useable again) or > > > it being > > > reported to an RBL. But I completely understand how you feel > > > and I used to > > > feel the > > > same way before I had products like Declude (in my case) that > > > have at least > > > made the > > > problem more manageable. > > > > > > Cheers, > > > > > > Gary > > > > > > > > > > > > >William Van Hefner > > > >Network Administrator > > > >Vantek Communications, Inc. > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] > > > > > [mailto:[EMAIL PROTECTED] On Behalf Of > > > Gary Brumm > > > > > Sent: Thursday, January 27, 2005 10:31 AM > > > > > To: IMail_Forum@list.ipswitch.com > > > > > Subject: RE: [IMail Forum] Filanet InterJak 200 > > > > > > > > > > > > > > > At 10:02 AM 1/27/2005, you wrote: > > > > > >Len, > > > > > > > > > > > >Was wondering if you had taken a look at something called > > > > > SpamCannibal > > > > > >at http://www.spamcannibal.org . It is something akin to > > > the Anvil > > > > > >feature you describe, but with a twist. The stated aim of > > > > > the daemon on > > > > > >its website is, "SpamCannibal's TCP/IP tarpit stops spam by > > > > > telling the > > > > > >spam server to send very small packets. SpamCannibal then > > > > > >causes the spam server to retry sending over and > over - ideally > > > > > bringing the spam > > > > > >server to a virtual halt for a long time or perhaps > > > indefinitely." > > > > > > > > > > ....and if you bring down a server that was exploited > through no > > > > > fault of the owner then what? They trace the problem to > > > > > software you intentionally installed > > > > > on your > > > > > server knowing it would crash other peoples > > > servers.....and you are > > > > > reported to your > > > > > upstream provider or you are sued. This is a very bad > > > idea. Delete > > > > > incoming SPAM, > > > > > block the IP, report it to the source, or to > SpamCop, ect., but > > > > > please don't try to crash > > > > > servers that may be victims of exploits without anymore > > > > > information other > > > > > than "SPAM > > > > > was delivered from this address". > > > > > > > > > > > > > > > >I haven't tried setting up a Postfix box for this > yet, but it > > > > > >sounds like fun. :-) > > > > > > > > > > > > > > > > > >William Van Hefner > > > > > >Network Administrator > > > > > >Vantek Communications, Inc. > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: [EMAIL PROTECTED] > > > > > > > [mailto:[EMAIL PROTECTED] On Behalf Of > > > > > Len Conrad > > > > > > > Sent: Wednesday, January 26, 2005 7:22 AM > > > > > > > To: IMail_Forum@list.ipswitch.com > > > > > > > Subject: Re: [IMail Forum] Filanet InterJak 200 > > > > > > > > > > > > > > > > > > > > > > > > > > > > >If you're willing to get your hands dirty and learn a > > > > > bit of *nix I > > > > > > > >recommend pf on OpenBSD which is _very_ flexible and > > > > > will let you > > > > > > > >'tarpit' spammers (with spamd) if you wish. > It's free and > > > > > > > >it'll run very well on a pII 350mhz with 128m of > > > RAM. It is a > > > > > > > >bit of > > > > > > > a learning > > > > > > > >curve if you're a Windows only guy but well > worth it IMHO. > > > > > > > > > > > > > > Even easier is IMGate/postfix's "anvil" feature > which will > > > > > > > dynamically smtp-blocks/rate-limits any IP that connects > > > > > to postfix > > > > > > > more than x times > > > > > > > in y minutes. > > > > > > > > > > > > > > anvilled IPs connect to port 25, postfix sends an > > > > > immediate SMTP 421 > > > > > > > code, and hangs up. postfix can probably do that 200 > > > > > > > times/second without impacting legit operation. > > > > > > > > > > > > > > I would say the majority of msgs to unknown users > come from > > > > > > > subscriber access networks of millions infected > PCs, each of > > > > > > > which doesn't attack any one MX at a high rate of > > > attempts, so > > > > > > > rate limiting is > > > > > not helpful. > > > > > > > > > > > > > > Len > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: > > > > > > > http://www.ipswitch.com/support/mailing-lists.html > > > > > > > List Archive: > > > > > > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > > > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > > > > > > > > > > > > > > > > >To Unsubscribe: > > > http://www.ipswitch.com/support/mailing-lists.html > > > > > >List Archive: > > > > > >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > > > >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > > ComsecNet > > > > > Dedicated Data Services > > > > > Stockton, CA > > > > > Phone:(209) 463-2809 > > > > > Fax: (209) 938-0481 > > > > > Email: [EMAIL PROTECTED] > > > > > Web: www.comsec.net > > > > > > > > > > This message is intended for the use of the individual or > > > entity to > > > > > which it is addressed and may contain information that is > > > > > privileged, confidential, and exempt from disclosure under > > > > > applicable law. If the reader of this message is not the > > > > > intended recipient or an employee or agent responsible for > > > > > delivering to the intended recipient, you are hereby > > > > > notified that any dissemination, distribution or > copying of this > > > > > communication is strictly prohibited. If you have > received this > > > > > communication in error please destroy this message and notify > > > > > the sender by > > > > > reply email. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: > > > > > http://www.ipswitch.com/support/mailing-lists.html > > > > > List Archive: > > > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > > > > > > > > >To Unsubscribe: > http://www.ipswitch.com/support/mailing-lists.html > > > >List Archive: > > > >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > ComsecNet > > > Dedicated Data Services > > > Stockton, CA > > > Phone:(209) 463-2809 > > > Fax: (209) 938-0481 > > > Email: [EMAIL PROTECTED] > > > Web: www.comsec.net > > > > > > This message is intended for the use of the individual or > entity to > > > which it is addressed and may contain information that is > > > privileged, confidential, and exempt from disclosure under > > > applicable law. If the reader of this message is not the intended > > > recipient or an employee or > > > agent responsible for delivering to the intended recipient, > > > you are hereby > > > notified that any dissemination, distribution or copying of this > > > communication is strictly prohibited. If you have received this > > > communication in error please destroy this message and notify > > > the sender by > > > reply email. > > > > > > > > > > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > >List Archive: > >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > ComsecNet > Dedicated Data Services > Stockton, CA > Phone:(209) 463-2809 > Fax: (209) 938-0481 > Email: [EMAIL PROTECTED] > Web: www.comsec.net > > This message is intended for the use of the individual or > entity to which > it is addressed and may contain information that is privileged, > confidential, and exempt from disclosure under applicable law. If the > reader of this message is not the intended recipient or an > employee or > agent responsible for delivering to the intended recipient, > you are hereby > notified that any dissemination, distribution or copying of this > communication is strictly prohibited. If you have received this > communication in error please destroy this message and notify > the sender by > reply email. > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
