[103681] in North American Network Operators' Group
RE: Problems sending mail to yahoo?
daemon@ATHENA.MIT.EDU (Raymond L. Corbin)
Thu Apr 10 16:58:48 2008
From: "Raymond L. Corbin" <rcorbin@hostmysite.com>
To: Chris Stone <cstone@axint.net>,
"Raymond L. Corbin"
<rcorbin@hostmysite.com>
CC: "nanog@merit.edu" <nanog@merit.edu>
Date: Thu, 10 Apr 2008 16:21:04 -0400
In-Reply-To: <47FE7391.4090407@axint.net>
Errors-To: owner-nanog@merit.edu
In a large multi-datacenter environment you can't login to each users serve=
rs and tail their logs to see who's forwarding :( .
I'm more of a windows person, but when working with a client on Linux using=
EXIM I think I did
fgrep yahoo.com /etc/valiases/* > yahoo-fwds.txt
Something like that to get a list of all of the addresses that forward to Y=
ahoo...I think they used CPanel on their server too. Other then that I beli=
eve I was grepping through other clients logs for the most popular Yahoo em=
ail addresses...
I think that if they are going to do CIDR blocks they should at least keep =
logs as to what caused them to escalate it to that not simply say 'it's you=
r network you figure it out..'
-Ray
-----Original Message-----
From: Chris Stone [mailto:cstone@axint.net]
Sent: Thursday, April 10, 2008 4:08 PM
To: Raymond L. Corbin
Cc: nanog@merit.edu
Subject: Re: Problems sending mail to yahoo?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Raymond L. Corbin wrote:
> Yeah, but without them saying which IP's are causing the problems you can=
't really tell which servers in a datacenter are forwarding their spam/abus=
ing Yahoo. Once the /24 block is in place then they claim to have no way of=
knowing who actually caused the block on the /24. The feedback loop would =
help depending on your network size. When you have a few hundred thousand c=
lients, and those clients have clients, and they even have client, it simpl=
y floods your abuse desk with complaints from Yahoo when it is obviously fo=
rwarded spam. So it's more of pick your poison deal with customer complaint=
s about not being able to send to yahoo for a few days or get your abuse de=
sk flooded with complaints which hinders solving actual issues like comprom=
ised accounts.
I look at all my mail server log files and see which logs show obvious spam
being forwarded (a lot of times the MAIL FROM address is a dead giveaway) o=
r
I tail -F the mail log for a bit and watch the spam coming in and forwardin=
g
back out. When I see the forwarding domain that's who I have contacted to
upsell some spam filtering. But, we're a small ISP, so I don't have
thousands, let alone hundreds of thousands of clients, to deal with...
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
iD8DBQFH/nORnSVip47FEdMRCi+HAJ9CJoJ/VAkEssv6TznwcYQVGVWkIACfRwhI
VYw0v4HWI8mWs2SHEF3jnq0=3D
=3DYMQR
-----END PGP SIGNATURE-----
