[plug] [Hey Bernd] Re: Undelivered Mail Returned to Sender
Bernd Felsche
bernie at innovative.iinet.net.au
Sun Sep 12 23:22:53 WST 2004
On Sunday 12 September 2004 18:49, Craig Foster wrote:
> > -----Original Message-----
> > [mailto:plug-bounces at plug.linux.org.au] On Behalf Of Bernd Felsche
> > On Saturday 11 September 2004 22:58, Cameron Patrick wrote:
> > > Sorry for sending this to the list :(
> > >
> > > Bernd, your mail server doesn't seem to like me. I'm not sure what
> > It doesn't like Westnet... In March this year, several of
> > their customers (multiple source IP) started flooding my mail
> > server with (hundreds/thousands of) viruses. I have no idea
> > of WestNet's dynamic IP range, nor that of any other ISP, so
> > I have no choice but to refuse mail delivery from their whole
> > netblock by default.
> Wow, I would have thought that heavy handed... (maybe it's just me).
> Blocking ~20% (wild guess) of Perth net users seems a little drastic.
No real choice but to do that, I'm afraid.
> Why not just drop mail with executable / scripting sttachments?
> Spamassasin with vbs/pif/exe attachments +100 will do it.
A 66MHz 486 with 8 MB of RAM can do that?
> You can also use Messagewall to scan and drop Clam AV-positive mail at
> the SMTP level. It's in unstable I think.
Not possible to do that without first receiving the entire message
first. Takes only about 100 significant viruses per hour to DoS my
connection.
And it gets worse if the connection becomes congested because the
secondary MX will accept any shit... a backlog which I'll have to
handle when the initial attack tails off; and which the ISP is more
than happy to blindly allow a DoS to occur when their mail server
tries to deliver 30+ viruses at once! So I don't accept SMTP from
the secondary MX either; unless it's from a "trusted source". Yes; I
block _my_ ISP.
I simply don't get the point of paying for bandwidth, computing
power and my time to handle viruses spewing forth from *hundreds* of
infected machines just in the immediate and near vicinity.
There've been times when I've been on the verge of totally
spitting the dummy and reading the ISP the riot act especially when
I've provided them with evidence of virus activity from particlar
connections, time-logged according to their time server. And then
they have the balls to claim that they can't do anything about it
(despite the clause prohibiting such activity in their standard
agreement)...
Blocking Westnet and other ISP's is not a little drastic. I know "a
little drastic"; and it usually involves impactive maintenance on
the equipment of offenders. People with offending machines should
count themselves lucky not to have their doors broken down by the
Police; and to have their computers confiscated as they face
prosecution for offences under federal law.
And that's not limited to individuals; it includes ISP's who ignore
reports of unlawful activity within their network. That's drastic.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!
More information about the plug
mailing list