[37777] in North American Network Operators' Group
RE: Stealth Blocking
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Thu May 24 01:18:04 2001
Date: Wed, 23 May 2001 23:10:58 -0400 (EDT)
From: <jlewis@lewis.org>
To: Roeland Meyer <rmeyer@mhsc.com>
Cc: "Paul Vixie (E-mail)" <vixie@mfnx.net>, <nanog@merit.edu>
In-Reply-To: <9DC8BBAD4FF100408FC7D18D1F0922860E466C@condor.mhsc.com>
Message-ID: <Pine.LNX.4.30.0105232301060.3328-100000@redhat1.mmaero.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 23 May 2001, Roeland Meyer wrote:
> I hate to be pendantic here, but from your own email and what other sources
> have told me, this is inaccurate. MAPS does NOT do pre-emptive open-relay
> testing. I consider this to be a very important distinction. If I thought
> this was the case, I would stop using MAPS five minutes ago.
What's so bad about pre-emptive open-relay scanning? What's the
difference between an open-relay found/used by a spammer and added to the
RSS and an open-relay found by pre-emptive scanner and added to the RSS?
Both sites are likely sources of relay spam. I recently upgraded a busy
set of mail servers from using only the DUL to the DUL/RBL/RSS, and the
number of messages being rejected/day has gone up about 20x. I still get
relay spam and report a handful of open relays to MAPS every day. If
there were a list like ORBS run more the way MAPS is run, I'd probably
give that a try too.
The only complaint I have about MAPS is that recently someone has been
making some SWAGs regarding what blocks of our IP space are dial-ups and
whoever oversees the DUL has added blocks of non-dial-ups apparently
blindly, causing trouble for our customers and support calls to our NOC.
--
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
