[plug] Blacklisted mail server?

Alex Nordstrom lx at se.linux.org
Sat May 6 00:24:08 WST 2006 

Friday, 5 May 2006 20:59, Adrian Woodley wrote:
> A further, scarier stat; after quick calculation (again, from 1 out
> of 8 mail filter servers), 34% of email sent from our customers is
> spam or virus (and is dropped by our filters). Hasn't Windows been
> great for the Internet!

I hope you don't just drop those mails and forget about it. If a machine 
is spewing things that you are able to detect, it's probably not long 
before it spews something you don't detect, or before the system moves 
to a less vigilant ISP.

I'm actively reporting attacks against my mail server (surprisingly 
few), against my SSH server, and against my HTTP server (mostly weakly 
DDoSing Windows machines with UDP port 1900 open to the world, but also 
Horde and XML RPC exploits these days), and its frightening to see the 
complacency amongst ISPs.

Many organisations are www.rfc-ignorant.org and fail to provide abuse or 
postmaster facilities. As an example, SBC Global currently bounces 
messages because they're blocking 144.160.112.9. Yep, that resolves to 
sbcsmtp1.sbc.com, their own internal relay. America's finest.

Most of the time, the messages go through, though, but I wonder if any 
action is ever taken. I've been nagging several ISPs, including II Net, 
to drop UDP 1900 at their network borders, and you can tell they don't 
listen, because the zombie HTTP pings just keep coming.

The only attacks I'm not reporting are the ones from China, South Korea, 
and Taiwan, because I'm dropping all connections outright; I've given 
up on reporting anything to any organisation in those countries. If I 
didn't have a few legitimate requests from there, I would also drop 
connections from the former baby Bells, which have now grown up to 
become disorderly teenagers, Comcast, and Shaw Cable.

-- 
Alex Nordstrom
http://lx.n3.net/
Please do not CC me in followups; I am subscribed to plug.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20060506/1f5c0d5c/attachment.pgp>

More information about the plug mailing list