North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: while i'm on the subject of filtering, here's today's list of spammers

  • From: Karl Denninger
  • Date: Wed Feb 19 23:42:40 1997

> 
> I am confused, how would filtering at the smtp port on source address
> work?  

What you do is return a 421 error if you don't "like" the source address
(this is checked very early on).  You can also return a 500-series error,
but that generates an immediate bounce, which is "nice" to the spammer.  
I prefer to be nasty and eat their resources instead.

> If delivery fails, does not the sender often use MX records and
> send via an intermediary host?  

Not if you return a 400-series error.  The host doing the sending will
retry.  If you block at the packet level, then yes, the sender will go 
to a secondary MX *IF* there is one and it can be reached.

The 421 response is the best possible one, because it screws the sender,
is cheap compute-wise for you, and has the desired effect without causing
other disruption.

> If so the source address is lost unless
> all the MX hosts have the same filter list.  And in any case I believe
> that typically sendmail will accept email from anyone for delivery to
> anyone.  So a spammer could scatter his emails all over the Internet thru
> thousands of intermediate hosts, if he used the right software to do it. 
> 
> Best Regards,
> Robert Laughlin

He has to be able to inject it in the first place.

As more potential relays implement this, that becomes much harder.

--
-- 
Karl Denninger ([email protected])| MCSNet - The Finest Internet Connectivity
http://www.mcs.net/~karl     | T1's from $600 monthly to FULL DS-3 Service
			     | 99 Analog numbers, 77 ISDN, Web servers $75/mo
Voice: [+1 312 803-MCS1 x219]| Email to "[email protected]" WWW: http://www.mcs.net/
Fax:   [+1 312 803-4929]     | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
- - - - - - - - - - - - - - - - -