>Here's an interesting twist though, these spam programs are becoming more
and more >"intelligent."
Not intelligent, most likely they just read their logs.
Putting on a puritanical hat ^ running an open relay to allow users through
who use other ISP's should not be necessary. I'm going to over generalise
here (for a change :-), but many medium/large ISP's will not allow any body
off their network to post to their mail servers.
i.e. they will accept SMTP connections from the outside world if the
recipient address matches a valid user. However they will not relay for
anybody that is not in their IP range. They may also use MAPS or RBL, though
the infighting between these two organisation and in particular RBL's
questional methods of 'black holing' sites means that they are not the
ultimate solution.
If your customers use a different ISP then they should use that ISP's
posting servers. Again another generalisation but ISP's tend to know that
checking the domain is a valid local domain is pretty pointless when
deciding whether to relay. They normally allow their customers' IP addresses
to relay on their servers irrespective of the sending domain name as long as
it is a valid one (i.e. exists in a dns lookup and perhaps has mx records).
The only people this effects are those users who insist on using many
different ISP's as they have to change the outgoing post server for each
ISP.
For the customers that can not work in this scheme then SMTP auth is the
answer.
Hope this doesn't cloud the issue.
Steve
Steven Moore
Internet Development Engineer
Research Machines
+44 1235 823522
-----Original Message-----
From: Rich [mailto:[EMAIL PROTECTED]]
Sent: 30 July 2000 17:30
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] STOP SPAM 2
I'll have to pull the archive out. Here's an interesting twist though,
these spam programs are becoming more and more "intelligent."
Apparently a-e addresses died at 100, the error was max message count or
something along that line, however f-z started coming in in groups of 50
with different from addresses. It was like the program figured out it was
being denied access by the error message sent back so it adjusted
accordingly.
The log was archived at midnight, so I'll have to go into the office to get
the exact wording.
That will probably be Tuesday or so, I'm supposed to be on Vacation :)
[EMAIL PROTECTED]
http://www.kendra.com
----- Original Message -----
From: "Len Conrad" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, July 30, 2000 2:24 AM
Subject: Re: [IMail Forum] STOP SPAM 2
>
> >http://support.ipswitch.com/kb/IM-19990805-DM02.htm
> >
> >We set ours to 100, and already today there's been one attempt stopped.
>
> Could you show us the logs on the attack and the SMTPD server's behavious
> when hitting the 100 limit?
>
> Thanks,
> Len
>
>
> http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 installable binary for NT4
> http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
STANDARD DISCLAIMER: This message is confidential. You should not copy it or
disclose its contents to anyone. You may use and apply the information only
for the intended purpose. Internet communications are not secure and
therefore RM does not accept legal responsibility for the contents of this
message. Any views or opinions presented are only those of the author and
not those of RM. If this email has come to you in error please delete it and
any attachments.
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
