gashalot at gashalot.com
Mon Nov 22 20:44:52 UTC 1999
Dean, perhaps I am not fully understanding your logic behind not closing
your relays. I have been a systems administrator for 4 years and I have
not ever found an application where I needed to leave my SMTP relays open
to the world. I do not doubt that you have legitimate business purposes
in mind when opening your relay, but at some point you must decide that
legal action will be too slow to fix anything and that it might be a good
time to close your relays to aleviate other problems. Simply saying "I
shouldn't need locks on my doors because everyone should be
honest and never come into my house without my permission," dosen't cut it
in this world, and I am quite sure that you have
locks on every portal to your house, so why should your SMTP server be any
different? Taking such a stance and refusing to close your
relays is simply a foolish decision.
Closing mail relays isn't very hard, and qmail and sendmail (and probably
the handfull of NT mailers) both have ways of implementing a
POP3-before-SMTP system so you can "allow" relaying from anywhere on the
planet without having to worry about abusers (as long as the abusers don't
have the login information for a POP box). I suggest that you investigate
implementing POP-before-SMTP if you wish to leave your relays open to
everyone, as well as setting up RBL support on your server, in the end it
helps everyone by stopping one more potential spam outlet.
PS- and don't think that just having "private" IPs that are publically
accessible to the net will stop anything. I use a cablemodem at home and
we have co-located equipment where I work, and it is constantly being
scanned for open vulnerabilities (including open SMTP relays, so you can
rest assured that someone will find you out sooner or later).
On Mon, 22 Nov 1999, Dean Anderson wrote:
> These are coming from Mass, Cleveland, Ohio, and Virginia.
> We use our relays for legitimate business purposes. They are not "accidentally left open". We are not going to close them. We are going to pursue abusers civilly and criminally. The FBI assures me that it does not matter criminally that access comes from international sources.
> Much of the activity appears to be comming from alleged ANTI-SPAMMERs such as Chris Neill, and Alan Brown and Ron Guillemette who have been inciting attacks against us, posting to alt.2600 and advertising our service. Inciting criminal acts is a criminal act too, I'm pretty sure. We make sure to mention them prominently.
> Around 11:18 PM 11/21/1999 -0500, rumor has it that Kai Schlichting said:
> >At 09:16 PM 11/21/99 -0500, Dean Anderson wrote:
> >>Can someone send me a list of *all* AOL netblocks? ARIN's whois only gives back a handful.
> >>I want to block _all_ AOL netblocks, but its tough to find out what they are.
> >>Thanks to a few malicious, radical antispammers (Chris Neill, Alan Brown, etc) we are getting hit with a large number of criminal mail relays. Mostly coming from AOL addresses. We have about a half dozen individual criminal complaints underway.
> >Don't kid us, Dan. Close your fucking relays (not that any of them talk to
> >my hosts anyhow). If this has to be drummed into your bonehead again: THEY
> >WILL FIND YOUR RELAYS ON THEIR OWN, AND THEY WILL ABUSE THEM, NO MATTER
> >HOW LOUD YOU SCREAM. THEY SIT IN CHINA, PAKISTAN AND KOREA, AND THERE IS
> >NOTHING YOU CAN DO ABOUT THEM SHORT OF CALLING THE WHITEHOUSE AND GETTING
> >THESE PLACES INVADED. Alternatively, you could come to your senses and
> >shut the literal front door of your house now that you've finally noticed
> >the first unsavory characters passing by. A couple years after the rest
> >of us, no doubt.
> >And they won't need ORBS or any other service to locate you, either.
> >Stop complaining. No more secrets (now that's from Scott Yelich's tagline).
> >kai at conti.nu "Just say No" to Spam Kai Schlichting
> >Palo Alto, New York, You name it Sophisticated Technical Peon
> >Kai's SpamShield <tm> is FREE! http://SpamShield.Conti.nu
> >| |
> Plain Aviation, Inc dean at av8.com
> LAN/WAN/UNIX/NT/TCPIP http://www.av8.com
More information about the NANOG