Date: Fri, 24 Sep 1999 03:00:55 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: mark@grondar.za (Mark Murray) Cc: jabley@patho.gen.nz (Joe Abley), current@FreeBSD.ORG Subject: Re: On hub.freebsd.org refusing to talk to dialups Message-ID: <199909241000.DAA02083@gndrsh.dnsmgr.net> In-Reply-To: <199909240738.JAA90307@gratis.grondar.za> from Mark Murray at "Sep 24, 1999 09:38:23 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> > How much mail does the use of the MAPS DUL reject? I think they meant to ask ``how much SPAM mail does ...'' > > Virtually none. The idea is that dial-up users use their own ISP's > smarthosts, in which case the ISP can nail them if they are spammers, > and I don't get their spam if they go for the "direct-to-MX" or > "direct injection" spamming method. Some mail may get temporarily > blocked until the sender added his IPS's smathost to his mailing > configs. It will actually block a very high amount of spam when initially turned on at a site that is known in the spam world to have open relays. Many of the drive by shooters use any dial up account that can get (often AOL freebees) to do this with. The DUL has all of aol's dial up IP space in it, so it immediately kills the drive by shooters. Another thing that ISP coulds start doing (we are in process with this now, but on a monitoring only basis, instead of a deny we just log them) is to block all outbound from AS tcp 25 setup packets. This prevents your customers from being something that could get you on the RBL or the DUL MAP for bad behavior, it also inforces the use of your smart host relay, as it/they is/are the only way to get a tcp port 25 setup completed. So far we have not had to terminated anyone's account for bad habbits, and we have helped several folks correct thier configurations for a much smoother operation. This is especially true for clients that have migrated over from another ISP. They often have old DNS and SMTP servers configured and the logging allows us to quickly track them down, blast them an email and save us a tech support call down the road when there old ISP changes something. If it's the DNS thats wrong they often go ``wowww!! Things are much faster now'' :-). [We monitor all port 53 traffic that is not to/from our DNS servers] > > > How much of that do you think is worth rejecting? > > I wish to reject no legitimate mail. I would fight use of the DUL > _hard_ if there was no (smarthost) alternative. Do you know about the RBL? How do you feel about it? We are using it via DNS and BGP on a test basis right now. I have had legitimate important mail blocked at Freebsd.org due to the source being on the RBL, but that is a price I am willing to pay. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909241000.DAA02083>