nanog mailing list archives
Re: FW: The worst abuse e-mail ever, sverige.net
From: Allan Poindexter <apoindex () aoc nrao edu>
Date: 21 Sep 2004 17:52:12 -0600
Daniel> The only responsible thing to do is filter port 25,
Daniel> smarthost for your users, and inform them about using the
Daniel> alternate submission port with authenticated SMTP in order
Daniel> to work with enterprise mail servers - or IPSec VPNs, for
Daniel> that matter. This is simply the best practice, at this point
Daniel> in time. Using humans ("dedicated staff person") to stop
Daniel> spam isn't scalable - automated processes are sending this
Daniel> stuff, we need systematic ways to fight it - black/white
Daniel> lists, SPF, port 25 filtering, bayesian filtering and other
Daniel> tools.
Let's put this in perspective. Say a hypothetical sysadmin were to
disable any and all authentication on his SSH server. And that
someone then used SSH from your network to run code that sysadmin
didn't like on that machine. Would you then consider it reasonable if
the sysadmin proposed:
The only responsible thing to do is filter port 22, smarthost for
your users, and inform them about using the alternate submission
port with authenticated SSH in order to work with enterprise SSH
servers - or IPSec VPNs, for that matter. This is simply the best
practice, at this point in time.
For that matter would anyone take seriously someone who then proposed
as a solution to the "breakin"[1] that:
we need systematic ways to fight it - black/white lists, SSH
Permitted From, port 22 filtering, bayesian filtering and other
tools
in order to filter out "harmful commands" while allowing anything else
to get through without ever once suggesting enabling passwords or SSH
keys?
If you don't want to accept mail from anyone and everyone then make
them use a password or a key to send mail to you. There are several
ways to do this right now. (For example, procmail is your friend.)
If you don't like something that arrives in your house figure out a
way to put a lock on your door. Don't insist everyone else is at
fault because they wouldn't put bars over their own.
---------
[1] A curious term since it's hard to imagine a way to leave the door
open much wider than our hapless hypothetical sysadmin has.
Current thread:
- Re: The worst abuse e-mail ever, sverige.net, (continued)
- Re: The worst abuse e-mail ever, sverige.net Steven Champeon (Sep 21)
- Re: The worst abuse e-mail ever, sverige.net james edwards (Sep 21)
- Re: The worst abuse e-mail ever, sverige.net Steven Champeon (Sep 21)
- Re: The worst abuse e-mail ever, sverige.net Jon Lewis (Sep 21)
- Re: The worst abuse e-mail ever, sverige.net james edwards (Sep 21)
- Re: The worst abuse e-mail ever, sverige.net james edwards (Sep 21)
- Re: The worst abuse e-mail ever, sverige.net Steven Champeon (Sep 21)
- FW: The worst abuse e-mail ever, sverige.net Daniel Golding (Sep 21)
- Re: FW: The worst abuse e-mail ever, sverige.net Daniel Senie (Sep 21)
- Re: FW: The worst abuse e-mail ever, sverige.net Steven Champeon (Sep 21)
- Re: FW: The worst abuse e-mail ever, sverige.net Mikael Abrahamsson (Sep 21)
- Re: FW: The worst abuse e-mail ever, sverige.net Joe Provo (Sep 21)
- Re: FW: The worst abuse e-mail ever, sverige.net Allan Poindexter (Sep 21)
- Re: FW: The worst abuse e-mail ever, sverige.net Brian Wallingford (Sep 21)
- Re: FW: The worst abuse e-mail ever, sverige.net Steven Champeon (Sep 21)
- Re: FW: The worst abuse e-mail ever, sverige.net Allan Poindexter (Sep 22)
- Re: FW: The worst abuse e-mail ever, sverige.net Daniel Senie (Sep 21)
- Re: FW: The worst abuse e-mail ever, sverige.net Douglas Otis (Sep 21)
- port 25 blocking [Re: FW: The worst abuse e-mail ever, sverige.net] Mikael Abrahamsson (Sep 21)
- Re: port 25 blocking [Re: FW: The worst abuse e-mail ever, sverige.net] Valdis . Kletnieks (Sep 21)
- Re: port 25 blocking [Re: FW: The worst abuse e-mail ever, sverige.net] Douglas Otis (Sep 21)
- Re: FW: The worst abuse e-mail ever, sverige.net Steven Champeon (Sep 21)