Great Circle Associates List-Managers
(February 1998) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Relay Spam (fwd)
From: Mike Nolan <nolan @ celery . tssi . com>
Date: Sat, 14 Feb 1998 09:48:32 -0600 (CST)
To: list-managers @ GreatCircle . com (List Managers)
Reply-to: nolan @ tssi . com 
> > > This is called relaying.  It is caused by older sendmail configs
> > > that allow _anyone_ to connect and send mail from a server.  We've
> > > configured our sendmail for this not to be an issue. :)
> >
> > With a few notable exceptions, most experienced ISP's don't except
> > relays from unknown sources.
> 
> This is a different issue. You're talking about mail relayed through
> 3rd party sites without permission. The original question was about
> mail from his site being rejected as a third party relay when it in
> fact isn't.

I'm glad I'm not the only one who noticed the change in focus in this
thread.  Because I have a slow link to the net, I relay the majority
of my list traffic through my ISP, but because they were used as
an UNAUTHORIZED relay point for some spammers last November or so,
they're on Paul Vixie's 'known spam origination point' list, and some
of my traffic is getting bounced back.  At this point my fix is to
alter my sendmail setup to do direct SMTP connections to sites that
reject my mail when relayed, but of course this requires I learn about 
the site first.  

I rather liked the idea of looking for the 'from' domain in the
Received-By headers (including MX variants), but unfortunately I appear
to have deleted that piece of mail.  I'd be interested in more details,
this sounds like a useful addition to my mail gateway system or my
personal e-mail filter.

And as I understand it my list traffic would NOT get rejected by such a filter,
because it HAS my domain in the Received-By headers.

Here's a question for those with more anti-spam expertise than I have.
For several weeks in early January my firewall system (Linux) was displaying
some kind of 'no source route to host' errors on the console, with IP
addresses that appeared to be in the Compuserve domain space, among
others.  I know this was some kind of attack, but I'm not sure exactly what.  
What was it?

A second question:  If someone were to use my site as a spam relay, would
that show up in the syslogs?  I've not seen any indication of outbound 
e-mail traffic from unknown users or from outside locations.
--
Mike Nolan
nolan@tssi.com
Indexed By Date Previous: Re: NEW: ml-owners - Mailing List Owner's Discussion Group
From: murr rhame <murr@vnet.net>
Next: Re: NEW: ml-owners - Mailing List Owner's Discussion Group
From: jtlist@pigsfly.com (Jerry Trowbridge)
Indexed By Thread Previous: Re: Query: On-Line Directories of Mailing Lists
From: Mark Rauterkus <mrauterkus@sportsurf.net>
Next: I've seen the light!
From: "Bob Bish" <bish@azstarnet.com>
Google
 
Search Internet Search www.greatcircle.com