On 2010-06-25, at 08:07, Jay Daley wrote:
On 25/06/2010, at 12:47 PM, Nathan Ward wrote:
Of course, you should probably not be using port
25 for submission, or if your mail provider has RBLs running on their submission port then
something isn't quite right.
In this case it was 587, authenticated over SSL. See below as to why the RBLs.
Also, surely RBLs should be consulted to decide
whether to accept mail from an unauthenticated client, as opposed to you, who is
presumably an authenticated client.
Not sure I agree. Infected + authorised is a deadly combination if you assume the
authorisation always confers legitimacy. That would mean that a compromised host can send
with impunity one it authorises.
I don't think anybody sane would argue that giving your users free reign to send spam
(intentionally or otherwise) is a good idea. At the very least, this is a self-correcting
problem since any mail relay that acted that way would soon find it difficult to relay
mail to any other system.
My impression from those who spend much of their time with this stuff is that the right
thing is to authenticate your users and check each outbound message against a useful set
of heuristics to avoid spam being relayed by your servers. "The client address is in
a blacklist" by itself does not sound like a useful set of heuristics, to me (as you
Whilst it might be expedient to refuse connections from anonymous people in the Internet
based on something as crude as "client address is in a blacklist", in the case
of an authenticated user it seems far better to let them connect and deal with any
apparent infection they have (drop mail, proactive phone call, whatever fits the budget)
than it does to refuse to talk to them. The latter is almost guaranteed to cost you money
in your helpdesk budget.
If the public connection is not actively managed,
including receiving and responding to notifications then yes I imagine it will quickly be
listed. But if someone there is paying attention then they should be able to pick on any
listing and sort it out. I've done that many times in the past and it is not
Cleaning up public hotspots as spam sources sounds very much like whack-a-mole, even more
so in a place where it's near guaranteed that the spam sources will have left the
country by the time you try to follow up :-)