[EMAIL PROTECTED] (Tony Sleep) writes: > Help me out here please! How 'screwed'? I am not running an open > relay according to testing via > http://www.abuse.net/cgi-bin/relaytest. and no spam has ever > emanated from my SMTP server (212.47.80.97 if anyone wants to try > their luck).
That IP address is not listed in any RBL that I know of. (My Perl script for querying RBLs is available upon request.) That said, there are blocklists whose policies would permit listing you, such as dynablock.easynet.nl. I am in a ranting mood today. So, here is my Brief History of Spam. For most of the 90s, spam only originated from three sources: 1) Spam-friendly ISPs 2) Throw-away dialup accounts 3) Open mail relays All of these are fairly easy to identify. In particular, open relays are easy to test. So many blocklists appeared, whose stated purpose was to list one or both of these sorts of systems. Also, open mail relays do not really hide the source of the spam, because even the worst MTA (Exchange) adds a Received: header before relaying the mail. Some admins objected to open relay probes on the theory that they themselves are network abuse. The argument is long and irrelevant, but the upshot is that some mail server owners started blocking open relay probes while still running open relays. This angered the maintainers of some blocklists, who started listing hosts even when they passed the relay tests. This was irresponsible, but not surprising, since many blocklist owners are volunteers (i.e., immature children with an axe to grind). This behavior, among other things, gave blocklists a bad name. Now, this is where many people's knowledge of the story ends. Even today, you can still find lots of Web pages and articles and sysadmins talking about "open relays" and blocklist wars and so on. But today, essentially zero spam is sent via open relays. And dialup accounts are too slow for most spammer's purposes. Today, almost all spam originates from: 1) Spam-friendly ISPs 2) Open *proxies* For several reasons, open proxies are much more insidious than open relays. First, since they are just forwarding a raw TCP/IP connection, they add no headers to the message. So it is impossible to identify the actual originating IP address. Second, it is harder to test for an open proxy, since they can be running a variety of software and could be listening on any port. And while a blocklist operator needs to find *all* open proxies, a spammer needs to find only one. And finally... Sobig. Beginning in January of 2003, the Sobig family of Email worms (Sobig.A through Sobig.F) have converted every infected machine into a Wingate proxy. This means there are now hundreds of thousands of open proxies in the world, waiting to be abused at any spammer's pleasure. (Indeed, some security experts believe Sobig was invented by spammers.) Something like 80% of all spam today is sent via open proxies. Most of these open proxies are running on an unsuspecting user's dialup, DSL, or cable modem connection. Testing all of them is essentially impossible, although some blocklists (e.g., list.dsbl.org) are still trying. But practically speaking, there is no way to tell the difference between an infected machine and an uninfected one. The solution? Block all cable/DSL/dialup address ranges. (This is what dialups.easynet.nl is for.) Done. Why does this work? Because cable/DSL/dialup providers all tell their customers to use "mail.isp.net" or somesuch as their outbound SMTP server. So mail from those customers never comes directly from the dynamic address range; it always comes from the ISP's mail hub. So blocking the dynamic range does not affect ordinary users' mail. ...which brings us back to you, Tony. Presumably, your DSL provider has a mail hub which you are authorized to use. Why not configure your MTA to relay all mail via that hub, and rely on the ISP to keep that hub out of the blocklists? - Pat _______________________________________________ Gossip mailing list [EMAIL PROTECTED] http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip
