FW: The worst abuse e-mail ever, sverige.net

• Previous message (by thread): FW: The worst abuse e-mail ever, sverige.net
• Next message (by thread): FW: The worst abuse e-mail ever, sverige.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  Daniel> The only responsible thing to do is filter port 25,
  Daniel> smarthost for your users, and inform them about using the
  Daniel> alternate submission port with authenticated SMTP in order
  Daniel> to work with enterprise mail servers - or IPSec VPNs, for
  Daniel> that matter. This is simply the best practice, at this point
  Daniel> in time. Using humans ("dedicated staff person") to stop
  Daniel> spam isn't scalable - automated processes are sending this
  Daniel> stuff, we need systematic ways to fight it - black/white
  Daniel> lists, SPF, port 25 filtering, bayesian filtering and other
  Daniel> tools.

Let's put this in perspective.  Say a hypothetical sysadmin were to
disable any and all authentication on his SSH server.  And that
someone then used SSH from your network to run code that sysadmin
didn't like on that machine.  Would you then consider it reasonable if
the sysadmin proposed:

   The only responsible thing to do is filter port 22, smarthost for
   your users, and inform them about using the alternate submission
   port with authenticated SSH in order to work with enterprise SSH
   servers - or IPSec VPNs, for that matter. This is simply the best
   practice, at this point in time. 

For that matter would anyone take seriously someone who then proposed
as a solution to the "breakin"[1] that:

   we need systematic ways to fight it - black/white lists, SSH
   Permitted From, port 22 filtering, bayesian filtering and other
   tools

in order to filter out "harmful commands" while allowing anything else
to get through without ever once suggesting enabling passwords or SSH
keys?

If you don't want to accept mail from anyone and everyone then make
them use a password or a key to send mail to you.  There are several
ways to do this right now.  (For example, procmail is your friend.)
If you don't like something that arrives in your house figure out a
way to put a lock on your door.  Don't insist everyone else is at
fault because they wouldn't put bars over their own.

---------
[1] A curious term since it's hard to imagine a way to leave the door
open much wider than our hapless hypothetical sysadmin has.

• Previous message (by thread): FW: The worst abuse e-mail ever, sverige.net
• Next message (by thread): FW: The worst abuse e-mail ever, sverige.net
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]