[Dovecot] [info] Spamcop listing
John Peacock
jpeacock at rowman.com
Sun Oct 30 14:13:23 EET 2005
TDC Song Postmaster wrote:
> Listing was caused by a single zombie host on a residental customer,
> even though we are rate-limiting to 60 msgs per hour with such customers
> it was enough to get us listed temporarily.
Just to emphasize here that the SpamCop listing was 100% legitimate, even though
the Dovecot list was a classic innocent bystander. If, instead of
rate-limiting, the Song.fi network instead blocked port 25 completely except
from their own mail servers (for residential customers), this problem wouldn't
have come up at all. There is no reason whatsoever to allow random machines (on
non-static IP addresses) to send out SMTP traffic directly.
As a corporate entity, our firewalls block _all_ outbound SMTP traffic except
from known mail servers. If implemented by all ISP's, the same policy would go
a long way towards eliminating the effect of zombies worldwide. And if the
zombies started relaying via the ISP servers, it should be straightforward to
write IDS rules to locate and block the zombie traffic. Actually, for
residential customers, I would require SMTP-AUTH for outbound relay, which would
go even farther towards eliminating unauthorized traffic.
My 2 cents
John
--
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4720 Boston Way
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5747
More information about the dovecot
mailing list