Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] state of the art spam filtering



On Thu, 18 Mar 2010 13:47:44 +0100
Francois Cartegnie <fcartegnie@example.com> wrote:

> Le jeudi 18 mars 2010, vous avez écrit :
> > Yes, that's why more and more worms/troyans use the setting of outlook
> > to send mails, so they can go over the ISPs MTA, which makes it legitimate
> > for quite a lot of MXs
> 
> And also legitimate for the ISP to end or put on hold their broadband 
> subscription. Complainers logs aren't enough for that.

I'd be carefull here. In most jurisdictions ISPs count as telco carriers
which gives them special duties. Hence you cannot just cut someone of
just because his computer is misbehaving.
 
> > Judging from the logs of the MPlayer/FFmpeg mailinglist server, that's
> >  about 30% of mail. Most of which are by the developers themself. So if i'd
> >  block dyn IP users, i'd block the people who are the most legitimate users
> >  of the mailinglist.
> 
> It's not about dyn IP users, it's about mtas, doing direct delivery, hosted on 
> dyn ip and showing it in their reverse.
> If they are geeky to run their own mta, then should also prove they can set up 
> a correct reverse dns (which is in some way proving they're in control of the 
> host, not a zombie) or set the mta to forward through their isp.

You might be geeky enough to have your own _sending_ MTA running at home
behind a dyn IP. You might not have the possibility to get static IPs.
And even if you have a static IP, not all ISPs provide you with custom
IN PTR entries.

> > That's the reason why most people consider RBLs a broken as designed
> > solution. It breaks a previously working and legitimate use of the
> >  internet.
> 
> Do you have remote IP or blocks listed in your firewall ?

No. There is no point in having such lists as they give only a false
sense of protection.
 
> > It is possible with multiple MXs too. At least postfix can do that.
> > And it's highly recommended too.
> 
> Large companies/organisations forwards mails to internal mta of subgroups or 
> customers. They usually don't check/can't check that the final account exists 
> on those.

Large companies/organisations usualy use a centralized user managment
over all subgroups that allows such user checking at the border. It's
just that either the IT department is totaly clueless or that they 
didnt bother to implement a checking.

But even without that, the postfix checking i mentioned above is based on
asking the next-hop MX whether the user is a valid recipient. So it would
even work if you dont have any centralized user managment as long as you
know where the mail should go to and all hops participate in this checking.


			Attila Kinali

-- 
If you want to walk fast, walk alone.
If you want to walk far, walk together.
		-- African proverb


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links