North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fw: Administrivia: ORBS

  • From: Alex P. Rudnev
  • Date: Sat Jan 15 15:10:14 2000

> > would have MTA turned on.)
> These days I've been unable to find any justifiable need for an
> unprotected relay of any sort whatsoever.  99% of mailers should be the
> final delivery point (or at least the transfer point to some private
> network).  The remaining few are ISPs who need to relay from their
> customers to the world, of course, but so long as they don't make the
> mistake of smarthosting for un-protected customer MTAs they can simply
> block relay by restricting it to their own netblocks.  Even most MX
Their customers != Their blocks, it's the problem. For example, the customers
(mail customers) of ISP-1 can work through dialup or ISDN account of the ISP 2,
etc. And it makes such access lists very long and relays relatively open (I know
ISP whose relays are open for all russion netblocks, not for his own netblocks).

Don't try to do impossible - if you restrict relaying, you restrict access and
service; totally free relay is wrong today; but totally restricted service is
wrong too. In real life there is some balance between them.

> targets are the final delivery point for the MXed domain.  The real
> problem is that people are still installing mailers that do unprotected
> relaying by default.
> > 5) Hosts listening to port 25.
> > 
> > [IMHO, Occams razor would have drawn blood already.]
> Yup -- IMRSS isn't running any more....  It was a pretty interesting
> and revealing survey though.  I hope someone can do it again too,
> without publishing the detailed results of course, just so we can
> measure our progress.
> -- 
> 							Greg A. Woods
> +1 416 218-0098      VE3TCP      <[email protected]>      <robohack!woods>
> Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>

Aleksei Roudnev,
(+1 415) 585-3489 /San Francisco CA/