> On Sat, 2009-02-07 at 12:29, Aiko Barz wrote:
> > And I drop all connections to port 25 from IP addresses, that have a
> > reverse DNS entry like dsl.foo.bar, dynamic.foo.bar, dhcp.foo.bar.
> > There is a 99.999% chance, that a botnet is talking to you.
>
> Which is totally wrong. A lot of legitimate SMTP servers are on such IP
> addresses.
I want to see the admin who runs a legitimate SMTP server from an ISP
dialup network, an IP address, that annoys others for 99% of the time.
That sounds like trouble anyway.
But I can assure you, that I'm picky about the .foo.bar. Spam statistics
decide who enters the list, which is done manually. You just need
several dozens of those lines and at least 80% of the spam is gone. The
rest is done the usual way.
It would be a hard kickback for botnet operators if all providers would
mark their customer dialup networks in a common way.
> A lot of (so called) admins today don't understand Robustness Principle
> (rephrased):
> Be liberal in what you accept, and conservative in what you send
A firewall mailinglist is a good place to talk about this principle. :)
So long,
Aiko
--
:wq ✉
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment