while i'm on the subject of filtering, here's today's list of spammers
Karl Denninger
karl at Mcs.Net
Thu Feb 20 04:26:04 UTC 1997
>
> I am confused, how would filtering at the smtp port on source address
> work?
What you do is return a 421 error if you don't "like" the source address
(this is checked very early on). You can also return a 500-series error,
but that generates an immediate bounce, which is "nice" to the spammer.
I prefer to be nasty and eat their resources instead.
> If delivery fails, does not the sender often use MX records and
> send via an intermediary host?
Not if you return a 400-series error. The host doing the sending will
retry. If you block at the packet level, then yes, the sender will go
to a secondary MX *IF* there is one and it can be reached.
The 421 response is the best possible one, because it screws the sender,
is cheap compute-wise for you, and has the desired effect without causing
other disruption.
> If so the source address is lost unless
> all the MX hosts have the same filter list. And in any case I believe
> that typically sendmail will accept email from anyone for delivery to
> anyone. So a spammer could scatter his emails all over the Internet thru
> thousands of intermediate hosts, if he used the right software to do it.
>
> Best Regards,
> Robert Laughlin
He has to be able to inject it in the first place.
As more potential relays implement this, that becomes much harder.
--
--
Karl Denninger (karl at MCS.Net)| MCSNet - The Finest Internet Connectivity
http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service
| 99 Analog numbers, 77 ISDN, Web servers $75/mo
Voice: [+1 312 803-MCS1 x219]| Email to "info at mcs.net" WWW: http://www.mcs.net/
Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
More information about the NANOG
mailing list