[plug] Abuse report bounces: no DNS record

[Alex Nordstrom]

Monday, 20 February 2006 19:34, Ben Jensz wrote:
> I don't think you'll even get anywhere with them even if you find an
> email address to send your abuse complaint to.

You are probably correct. While reporting in general is somewhat 
effective (I've managed to get about a dozen zombies shut down in the 
last month or so), I have no faith whatsoever that South Korean 
operators (or legislators) will evolve competence any time soon.

>  The box thats hitting you has probably been exploited or is running
> something badly configured anyway, my Postfix server is being hit by
> an IP in a subnet close to that one thats hitting you that appears to
> be an Open Proxy.

If you do not have any business with South Korea and/or China, dropping 
anything from IP addresses known to belong to those countries. I start 
with the Sinokorean list at okean.com[1] and just generalise the rules. 
Apparently this attacker was not included in the list I had, though 
(which might be outdated).

[1] http://www.okean.com/antispam/iptables/iptables.html

I'm considering blocking Taiwan in a similar fashion if they don't show 
any signs of getting their act together.

Of course, if you do this for the general case, and you also have a 
domain name providing abusable services at this domain name, it is 
still an obligation to accept e-mails to abuse and postmaster at that 
domain, even from the axis of network abuse.

-- 
Alex Nordstrom
http://lx.n3.net/
Please do not CC me in followups; I am subscribed to plug.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20060220/e68e8c85/attachment.pgp>