[73374] in North American Network Operators' Group
Re: Has postini been taken over?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Fri Aug 20 02:50:45 2004
Date: Fri, 20 Aug 2004 06:49:16 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <4125966D.9060809@outblaze.com>
To: Suresh Ramasubramanian <suresh@outblaze.com>
Cc: Hank Nussbacher <hank@mail.iucc.ac.il>, Ray Wong <rayw@rayw.net>,
nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 20 Aug 2004, Suresh Ramasubramanian wrote:
>
> Hank Nussbacher wrote:
> >
> >> Postini does not originate or forward spam, they filter mail destined for
> >> their customer domains. Some spam gets through their filters, because
> >> spammers are smart and adaptively evil. It's really quite simple.
> >>
> What I can see happening is that Hank's port 25 filtering ACLs are being
> bypassed somehow ...
or delivering email via tcp/465 or tcp/587 to postini? (I can't make
connnections to postini hosts for GCI.NET on these 2 ports though)
>
> Or maybe he doesn't source filter addresses and a spammer controlled
> machine on his network has two interfaces - one on hank's network [say a
> throwaway dialup / broadband account], and another a much fatter pipe.
> Packets (or rather in this case, junk mail) goes out through the fat
> pipe with Hank's IPs spoofed into the source address.
'fantasy mail' is what we call this :( It's a pain and you have to port25
filter in AND out :(
>
> I would recommend that Hank set up port blocks both inbound and
> outbound, and also examine mrtg or other data that he may have about
We've 'fixed' this for dial accounts (mostly) with in/out filters on their
connections as you've suggested.
