On Sun, Mar 10, 2002 at 06:09:27PM -0500, Derek D. Martin wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > At some point hitherto, Paul Iadonisi hath spake thusly:
[snip] > > Obviously, this isn't a *wide open relay*, but it does allow relaying *from* > > anywhere. And as the provider offers secondary MX to more and more domains, > > the server may never be a truly wide open relay, but the effect might end > > up being the same, or pretty close. > > Hardly. [snip] > > One point though: While I'm definitely against open relays, closing > them up will not really eliminate the problem. All it will do is > cause spammers to have their own Linux box running sendmail that will > allow them to send their spam. Or become otherwise more resourceful. > > What eliminating open relays really does is make it easier to find out > where the spam is really coming from, and go after the bastards that > are sending it out. As I said in my original post, I now have some proof that the vast majority of spam we were getting was coming from open relays. Your right, though, that if we can get admins to close their open relays or otherwise bounce them off the net, the spammers will most certainly set up their own machines to spew their salty-pink-meat. But at least in that case, we've made it a lot harder for them to open accounts for one blast and then close them down or let ISPs cancel the account for violating terms of use. Open relays allow them to send one message to them which will happily process the message for them while the spammer's software disconnects and goes onto the next relay. Forcing them to do the processing themselves means that they now have limited processing bandwidth that they must pay for themselves. It's also a lot easier for an ISP to quickly identify them by the large amount of traffic coming from port 25 and shut them down for violating terms of use. Open relays allow them to keep the amount traffic coming from their own connection considerably, making it hard for their providers to detect them and shut them down. So faced with being shut off much sooner in their spamming cycles, what are spammers to do? Colocation won't help much, since that just moves the problem away from their house -- ISPs can still shut him off. The only alternative I can think of is to enlist the services of those who own IP address blocks that specifically use them for spamming operations. But these are MUCH easier to filter out as nothing useful comes out of them. They're listed as known spamming operations tied to specific *humans* (ugh, I hate even lumping into that category) in the spews.org database. Filtering those addresses causes little, if any, colateral damage. > A possible alternative solution for small businesses is pay some Colo > to house a back-up web/mail server, and not use your ISP for secondary > MX at all. All but the poorest businesses should be able to afford Hmm, like the business I work for ;-) Actually, currently we have NO secondary MX. If we're down, we're down :-(. > such a service, and it's a good idea to have something like this from > a disaster recovery perspective anyway... Yup. > None of these defeat a spammer who uses their own mail server, or > legitimately uses the mail server of their ISP. The mail will all be > delivered to you directly, regardless of where your secondary MX is. Except that now it is much easier for their ISPs to detect and shut them down quickly. There's also now an incentive to do so. They're *own* network is being over-utilized. With open relays, it can easily be offloaded to the relay owners' networks. Why bother pursuing abusers if they are paying customers and they are not using much bandwidth on your network? -- -Paul Iadonisi Senior System Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
