Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)

• Previous message (by thread): Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)
• Next message (by thread): Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Valdis.Kletnieks at vt.edu [mailto:Valdis.Kletnieks at vt.edu] wrote:

> On Mon, 26 Aug 2002 21:12:40 +0200, Jeroen Massar 
> <jeroen at unfix.org>  said:
> > IMHO, Paul's idea is quite a good one, but all servers will need to
be
> > upgraded, and all dns entries installed.
> 
> Given the number of providers who seem to think ingress and/or rfc1918
> filtering shouldn't be done, what makes you think that "all servers"
> will be upgraded to support THIS proposal?

Read my sentence again, because I really won't see everybody install/use
it.
One can also simply see so by the problems related to the fact of
installing security updates.
Some 'companies' and individuals are simply too sleezy/lousy or whatever
to do it.
And thus open spam relays will be kept alive which is why there are
RBL's.

This will only help a bit, and tools like SpamAssasin/Razor will keep a
load of stuff of your servers.
But unfortunatly one will never be able to block it all.

> (If you don't want to re-start the RFC1918 war, feel free to 
> substitute ANY OTHER thing that most people think is a Good Thing, but
we've 
> seen some sizable minority not deploy for reasons they consider 
> perfectly valid).

8<-----------
RESERVED="0.0.0.0/7 1.0.0.0/8 2.0.0.0/8 5.0.0.0/8 23.0.0.0/8 27.0.0.0/8
\
        31.0.0.0/8 72.0.0.0/5 96.0.0.0/3 \
        128.66.0.0/16 191.255.0.0/16 \
        197.0.0.0/8 201.0.0.0/8 224.0.0.0/3 240.0.0.0/8"
MISC="127.0.0.0/8 128.0.0.0/16 169.254.0.0/16"
RFC1918="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16"

# Setup block against reserved, rfc1918 and other nets
for i in ${RESERVED} ${MISC} ${RFC1918}; do
        RULE -A INPUT -i ${IF} -s ${i} -j LDROP
        RULE -A OUTPUT -o ${IF} -d ${i} -j LDROP
done

---------->8
In the filtering language you want, and yes one sees a load of crap in
your logs...
There is a way of making people apply rules though:
depeer/disconnect/...
Unfortunatly one can't easily do that to a party far far away, thus one
blocks at their end (spamassasin/razor and IP based rules)..

Making it harder to get into your house is better than putting the doors
wide open...
Every bit helps...

Greets,
 Jeroen

• Previous message (by thread): Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)
• Next message (by thread): Paul's Mailfrom (Was: IETF SMTP Working Group Proposal at smtpng.org)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]