On Wed, Aug 6, 2008 at 7:12 PM, Graham Leggett <[EMAIL PROTECTED]> wrote:
> Aaron Wolfe wrote: > > If your network is doing things to get itself blacklisted, fix the >> problem! Filter outbound SMTP, cleanup your network clients, whatever. >> > > Been there, done that, way ahead of you. > > You may not be aware of this, but while filtering outbound SMTP stops > outgoing spam, it does not stop portscans, or various other activities which > will cause that IP to be blacklisted on various networks, as they are free > and should be free to do. You also may not be aware that performing frequent > network scans and cleanups as we do does not make you immune to infection > from new online threats. > Blocking outbound SMTP traffic from sources other than your mail server will prevent you from being blacklisted, plain and simple, unless of course you are sending spam from your mail server. I don't know exactly what you are talking about with the port scans, but if you are scanning other people's networks without their permisson, do expect to be blocked. If you are allowing your users to do the same, expect to be blocked. Why you you not simply block this before it leaves your network, like (almost) everyone else does? > > "Whatever" is not a network abuse strategy, I am afraid. > Seems to be yours. Police your outbound traffic if you don't want to be blocked. If this was a big problem for most admins, we'd all be blocked, no? > > > Don't try to use a different IP to avoid doing the right thing and then >> ask other mail admins for help so your network can continue to pollute our >> networks! >> > > So an ill informed knee jerk reaction from you means that a potential bug > in postfix goes unfixed. > First, I am not a postfix developer, and my postings on this list do not represent the postfix project in any way. Nothing I say will make any difference in anything that happens with postfix. Second, there is no bug in postfix. You have a broken NAT config. If you'd like to argue to the contrary, please provide netstat output and your current NAT configuration. > > Thanks for your help so far, it is appreciated. > I have told you what your problem is. I hope you do appreciate that. > > Regards, > Graham > -- >
