TDC Song Postmaster wrote:
Listing was caused by a single zombie host on a residental customer, even though we are rate-limiting to 60 msgs per hour with such customers it was enough to get us listed temporarily.
Just to emphasize here that the SpamCop listing was 100% legitimate, even though the Dovecot list was a classic innocent bystander. If, instead of rate-limiting, the Song.fi network instead blocked port 25 completely except from their own mail servers (for residential customers), this problem wouldn't have come up at all. There is no reason whatsoever to allow random machines (on non-static IP addresses) to send out SMTP traffic directly.
As a corporate entity, our firewalls block _all_ outbound SMTP traffic except from known mail servers. If implemented by all ISP's, the same policy would go a long way towards eliminating the effect of zombies worldwide. And if the zombies started relaying via the ISP servers, it should be straightforward to write IDS rules to locate and block the zombie traffic. Actually, for residential customers, I would require SMTP-AUTH for outbound relay, which would go even farther towards eliminating unauthorized traffic.
My 2 cents
John
-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4720 Boston Way Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5747