Has postini been taken over?
Suresh Ramasubramanian
suresh at outblaze.com
Fri Aug 20 06:13:01 UTC 2004
Hank Nussbacher wrote:
>
>> Postini does not originate or forward spam, they filter mail destined for
>> their customer domains. Some spam gets through their filters, because
>> spammers are smart and adaptively evil. It's really quite simple.
>>
Hank's issue is that he's got ports 25 and 80 blocked for some part of
his network. Those IPs are generating spam reports though they
shouldn't be. In the example he forwarded, the spam reached a user of
gci.net, for which postini provides MX services - who then reported the
email to Hank as spam from Hank's network.
What I can see happening is that Hank's port 25 filtering ACLs are being
bypassed somehow ...
maybe zombied machines on his network running ip masquerading and spam
sending proxies on unfiltered ports, or tunneling smtp requests out in
some other way
Or maybe he doesn't source filter addresses and a spammer controlled
machine on his network has two interfaces - one on hank's network [say a
throwaway dialup / broadband account], and another a much fatter pipe.
Packets (or rather in this case, junk mail) goes out through the fat
pipe with Hank's IPs spoofed into the source address.
I would recommend that Hank set up port blocks both inbound and
outbound, and also examine mrtg or other data that he may have about
that host. If possible, sniffing the traffic inbound and outbound to it
would also reveal a whole lot.
srs
More information about the NANOG
mailing list