Hey List,
I have a warning for those of you who implemented John Sievert's wicked cool
IP Block list that can be found at:
http://www.customer1st.com/AntiSpam
Our backup mailserver was happily delivering much (if not all) of the
blocked spam to us anyway!
This problem only happens when you have a backup mailserver. Repeat, this
problem happens when you implement an IP Block list and also maintain a
backup mailserver. Since most people have a backup mailserver, listen up.
When an SMTP connection is attempted and the IP Block responds "No Spammers
Allowed!", the message is bounced back to the spammer. Then the message is
routed to the backup mailserver where it tries again to get in. Here's where
the IP blocking fails for us, and in fact compounds the spam problem!
Our backup mailserver is hosted by our ISP who doesn't have the IP block
list that we do, so it happily accepts mail from the spammer and queues it
to be delivered to the main mailserver. That results in a Received header
stamped onto the message with the innocuous IP address of our backup
mailserver. Our main mailserver that has the IP block list accepts the
message because how could it reject a message passed on from the backup
mailserver? The answer is it can't reject mail from the backup mailserver!
So, as you can see, the spam message now sneaks past our SMTP filters
because it has a nice friendly IP address in the most recent Received header
(the one used by the DynSrc RBL lookup).
Since we catch about 60% of spam through the use of 7 RBLs, this is a major
problem.
I thought y'all should be aware of this.
Just for illustration, (and I hope you don't mind, John!, don't flame me for
telnet-ing to your mailservers) and for the learning experience I did a dig
on Mr. Sievert's mx records to see how they were configured:
--------------------------
[shell:~]% dig mx customer1st.com
; <<>> DiG 8.3 <<>> mx customer1st.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; customer1st.com, type = MX, class = IN
;; ANSWER SECTION:
customer1st.com. 4H IN MX 10 mail.customer1st.com.
customer1st.com. 4H IN MX 20 minnesota.customer1st.com.
---------------------------
Mr. Sievert's backup mail server is minnesota.customer1st.com (running Web
Crossing Simple Mail Transfer Service), and if it doesn't have an IP Block
list that is the same one as the mail.customer1st.com machine (running
Post.Office v3.5.3 release 717 ID# 1001-56150U100L10S0V35), the spam
messages will try to get in through the backdoor.
John, would you (for the sake of the group's AntiSpam efforts) comment on
whether you implemented AntiSpam IP blocking on the minnesota host?
Cheers,
dan
---------
Tenon Intersystems' Post.Office Mailing List
To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
with the body only containing:
unsubscribe
Find the searchable mailing list archives at:
http://postoffice.computeroil.com/
|
