> On Sat, Feb 07, 2009 at 04:18:30PM +0100, Milan P. Stanic wrote:
> > On Sat, 2009-02-07 at 12:29, Aiko Barz wrote:
> > > And I drop all connections to port 25 from IP addresses, that have a
> > > reverse DNS entry like dsl.foo.bar, dynamic.foo.bar, dhcp.foo.bar.
> > > There is a 99.999% chance, that a botnet is talking to you.
> > Which is totally wrong. A lot of legitimate SMTP servers are on such IP
> > addresses.
> I want to see the admin who runs a legitimate SMTP server from an ISP
> dialup network, an IP address, that annoys others for 99% of the time.
> That sounds like trouble anyway.
A lot of annoying "SMTP servers" are on permanent links. Think China
spammers.
> But I can assure you, that I'm picky about the .foo.bar. Spam statistics
> decide who enters the list, which is done manually. You just need
> several dozens of those lines and at least 80% of the spam is gone. The
> rest is done the usual way.
> It would be a hard kickback for botnet operators if all providers would
> mark their customer dialup networks in a common way.
<sarcasm on>
Wouldn't be good idea to mark somehow e-mail from black people because
of Nigerian Scam.
</sarcasm off>
> > A lot of (so called) admins today don't understand Robustness Principle
> > (rephrased):
> > Be liberal in what you accept, and conservative in what you send
> A firewall mailinglist is a good place to talk about this principle. :)
Ah, so. I thought we are on firewall list, although Debian specific. :)
--
Kind regards, Milan
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment