Has postini been taken over?

Suresh Ramasubramanian suresh at outblaze.com
Fri Aug 20 06:13:01 UTC 2004


Hank Nussbacher wrote:
> 
>> Postini does not originate or forward spam, they filter mail destined for
>> their customer domains.  Some spam gets through their filters, because
>> spammers are smart and adaptively evil.  It's really quite simple.
>>

Hank's issue is that he's got ports 25 and 80 blocked for some part of 
his network.  Those IPs are generating spam reports though they 
shouldn't be.  In the example he forwarded, the spam reached a user of 
gci.net, for which postini provides MX services - who then reported the 
email to Hank as spam from Hank's network.

What I can see happening is that Hank's port 25 filtering ACLs are being 
bypassed somehow ...

maybe zombied machines on his network running ip masquerading and spam 
sending proxies on unfiltered ports, or tunneling smtp requests out in 
some other way

Or maybe he doesn't source filter addresses and a spammer controlled 
machine on his network has two interfaces - one on hank's network [say a 
throwaway dialup / broadband account], and another a much fatter pipe. 
Packets (or rather in this case, junk mail) goes out through the fat 
pipe with Hank's IPs spoofed into the source address.

I would recommend that Hank set up port blocks both inbound and 
outbound, and also examine mrtg or other data that he may have about 
that host.  If possible, sniffing the traffic inbound and outbound to it 
would also reveal a whole lot.

	srs



More information about the NANOG mailing list