Re: SV: SV: SV: SV: Blocking TLDs
less the country in question have special rules for SMTP traffic, which I > find unlikely. SMTP is TCP/IP like website traffic, IRC traffic, Skype > traffic, DNS traffic or whatever. > > > -Ursprungligt meddelande- > Från: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] För Robert Schetterer > Skickat: den 20 februari 2016 13:49 > Till: postfix-users@postfix.org > Ämne: Re: SV: SV: SV: Blocking TLDs > > Am 20.02.2016 um 12:01 schrieb Sebastian Nielsen: >> Why are you people so negative against DISCARD, and wants to use >> REJECT > Silent discard mail is not allowed in many EU countries, youre the postman > you dont have to deliver bombs ( virus ), you may react on marketing letters > (spam ) by sort them or simply reject at the start when you recieve it, and > only if your customer ordered you to do so but in general you are not > allowed to burn otherones letters > > > Best Regards > MfG Robert Schetterer > > -- > [*] sys4 AG > > http://sys4.de, +49 (89) 30 90 46 64 > Franziskanerstraße 15, 81669 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer > Aufsichtsratsvorsitzender: Florian Kirstein >
SV: SV: SV: SV: Blocking TLDs
I readed that on wikipedia, and readed the sources, and one thing I can say, is that the source is heavily misinterpreted. They refer to physical mail, and telecommunication, where a set of rules apply to physical mail, and some other set apply to telecommunication. Of course, you are not allowed to tamper with third-party communication, but if you run a mail server, then you are "in the loop" and are permitted to do whatever you want. Nobody forces you to accept whatever you don't want into your network. If you want to toss all HTML mail destined for your company into /dev/null, its up to you. This provided that you didn't unauthorizedly insert yourself into the loop. If a end user select to use you as mail service, they have to abide by your rules, including that some mails might get tossed away. But if you force somebody, which aren't using your network, to use your mail service, for example via ARP spoofing or fake Wifi AP's, then its computer intrusion. Also, the law does not make any difference on reject or discard, either you are allowed to block, and then it will apply to both reject and discard, or you are not allowed to block, and then it apply to both reject and discard. Theres no difference in rejecting or discarding, its still considered distruption, if you do it in the wrong situation. If I receive a call from somebody asking me to forward information to person D, even if I say "yes, I will do", its not illegal to ignore that and not forward the phone call. Its my phone, if someone calls my phone, they have to abide to my rules. Note the wording "electronic communication", which also apply to website traffic and such. The ruling is more aiming on hackers, for example "distrupting communications between 2 parties" is meant to target DoS, not someone blocking certain email traffic into their network. What I have understand, E-mail does not have any special catering, not either in german law or swedish law. Maybe some single EU country does pay special attention to E-mails, but normally, E-mail is same as website traffic is same as for example Skype, and is just TCP/IP packets over the internet. And TCP/IP packets its up to you if you want to accept, reject, or drop packets destined for your network. Simple as this: The mail server you run for a company, or for some user or whatever, can be seen as your post-box outside the house. Of course, even if you receive physical mail for other people in same house, you are fully permitted to regulate that mail and toss mail you don't want, even if its adressed to someone else at that adress. Compare with for example a parent that toss away porn magazines adressed for their child, without telling either the magazine company or the child. Of course, a ISP mailserver is bound by much more strict rules, and here it might be regulation prohibiting when you are allowed to reject's/discard's, but I suspect none on this mailing list are running a ISP mailserver. (An ISP is defined as someone who runs a access network of a specific minimum size, wired, wireless or cellular, that people can access for a fee, where no prior internet access is required - so VPNs don't count. A hotel wifi wont count, it must be something larger, and being a ISP requires a special license from the government, like a bank, because being a ISP is a community service and must meet some minimum quality standards) So to put it short, if you block mail in the wrong situation, it don't matter if its reject or discard. Either you may block, then reject=allowed, discard=allowed, or you may not block, and then reject=prohibited, discard=prohibited. Unless the country in question have special rules for SMTP traffic, which I find unlikely. SMTP is TCP/IP like website traffic, IRC traffic, Skype traffic, DNS traffic or whatever. -Ursprungligt meddelande- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Robert Schetterer Skickat: den 20 februari 2016 13:49 Till: postfix-users@postfix.org Ämne: Re: SV: SV: SV: Blocking TLDs Am 20.02.2016 um 12:01 schrieb Sebastian Nielsen: > Why are you people so negative against DISCARD, and wants to use > REJECT Silent discard mail is not allowed in many EU countries, youre the postman you dont have to deliver bombs ( virus ), you may react on marketing letters (spam ) by sort them or simply reject at the start when you recieve it, and only if your customer ordered you to do so but in general you are not allowed to burn otherones letters Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein smime.p7s Description: S/MIME Cryptographic Signature
Re: SV: SV: SV: Blocking TLDs
Am 20.02.2016 um 12:01 schrieb Sebastian Nielsen: > Why are you people so negative against DISCARD, and wants to use REJECT Silent discard mail is not allowed in many EU countries, youre the postman you dont have to deliver bombs ( virus ), you may react on marketing letters (spam ) by sort them or simply reject at the start when you recieve it, and only if your customer ordered you to do so but in general you are not allowed to burn otherones letters Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
SV: SV: SV: Blocking TLDs
What I meant with REJECT vs DISCARD, is that with REJECT, the spammers just switch to a new domain. And new domain, and new domain. Like they have some script or API that instantly purchases a new domain once their current domain gets banned in spam filters. (And yes, they do really have valid addresses because they often write in the payload like "Reply to sign up" and so on), and the links inside spam goes to the domain listed after @. Thats the bad thing with registrars that allow domain purchasing via a API. I have witnessed it in realtime, when I continually added banned domains to my banfile and the spammer just, nearly instant on the second I reloaded files, switched to some new domain that was similar to the banned. And in the log file I saw the reject, so I understood the spammer was adapting to the spam filter. After like 5-6 domains I got fed up, changed everything into DISCARD, and once that, all the spam from that particular source have vanished, while I can see in logfiles that the spammer still thinks they get something through when they really don't. Either they are using some domain generator algoritm, or they are just randoming domains up using some dictionary. They also seem to know when to change TLD, like when they got rejected on like X different banned domains without getting a single piece through. If everyone would use DISCARD on all the static spam filters (where you are sure not getting false positives), then spammers will never know if they get their spam delivered, and will not be able to optimize when to "instant-purchase a new domain and switch to that" to maximize effectiveness of spam campaign. But you make a valid point about the payload. Only way to completely get rid of payload is to use greylisting on all senders, so the spammer can't find a "valid" domain that aren't banned, eg every domain will result in a temporary reject. But greylisting also delays legitimate mail. Why are you people so negative against DISCARD, and wants to use REJECT, if we disregard that the payload goes through the wire? Because most spams are pretty small to not trigger through scans, so its just a few kilobytes. -Ursprungligt meddelande- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Benny Pedersen Skickat: den 20 februari 2016 10:40 Till: postfix-users@postfix.org Ämne: Re: SV: SV: Blocking TLDs On 2016-02-20 00:52, Sebastian Nielsen wrote: > 1: REJECT tells the spammer "Hey, your spam got stuck in the spam > filter. Wanna try again?". if thay do, so what ?, its not possible for spammers to make remote administoring on postfix this would be in vain anyway, and the point on discard is accepting more payloads on recieved data, where reject stop the payloads > Better to DISCARD it so the spammer think they got the spam through, > then they won't switch to a new domain. fair, but read above > I don't think anyone ever will receive legitimate mail from any of > those spammy TLDs listed in the rules file I gave. this is another problem smime.p7s Description: S/MIME Cryptographic Signature