[120104] in North American Network Operators' Group
Re: Arrogant RBL list maintainers
daemon@ATHENA.MIT.EDU (Michael Holstein)
Wed Dec 9 15:54:00 2009
Date: Wed, 09 Dec 2009 15:53:10 -0500
From: Michael Holstein <michael.holstein@csuohio.edu>
To: John Levine <johnl@iecc.com>
In-Reply-To: <20091209203035.81823.qmail@simone.iecc.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> All of the DNSBLs I know are about outbound mail hosts, not inbound
> ones. What are your sending hosts called?
>
Outbound goes through the same 4 boxes. We used to split it up (2 at
MX10, 2 at MX20 .. reversed for outbound) but for capital
(licensing/hardware) reasons we decided to do in/out through the same
system. This is just "first touch" on the way in and "last touch" on the
way out.
We also have spfv1 records defined (albeit a rather permissive "ptr
~all") .. but as I mentioned, the firewall disallows smtp to anywhere
but appropriate hosts. We do still allow smtps and submission to
accommodate folks that travel, as we haven't (yet) had a problem with
bots using either of those services.
My beef with Trend was that they were in essence telling us to re-do DNS
on our /16 because they didn't like the way we did it .. despite the
mail part (the one that matters) being technically correct by most
everyone else's standards. Personally, I think this is just so they can
have a "big list" when they sell it (.. our DNSBL has $x million more
entries than $competitor..).
Cheers,
Michael Holstein
Cleveland State University
