Death to all spammers and open relays | Page 2 | Ford Explorer - Ford Ranger Forums - Serious Explorations
  • Register Today It's free!

Death to all spammers and open relays

DocVijay

Meow
Joined
February 8, 2001
Messages
3,486
Reaction score
0
City, State
Tampa, FL
Year, Model & Trim Level
1999 Sport 2WD
Your list is aggressive alright. I noticed some of the servers are from Road Runnner cable in various cities. See, some idiot user leaves his or her PC wide open, and then is surprised when they get al kinds of bouncebacks and other crap. One ruins it for all.
 



Join the Elite Explorers for $20 each year.
Elite Explorer members see no advertisements, no banner ads, no double underlined links,.
Add an avatar, upload photo attachments, and more!
.





Hank

Elite Explorer
Joined
October 19, 1999
Messages
997
Reaction score
2
City, State
Cape Coral, FL
Year, Model & Trim Level
'91 EB
Yep, that is correct.. However if a user on rr.com uses the ISP provided mail servers their mail will get through. For example all attbi.com users come from xxxxx.clientx.attbi.com however the ISP provided SMTP server is smtp.attbi.com

What the stuff on my list blocks is some spammer opening up a free/dialup dynamic account and spewing all sorts of spam off, using one of the many spam blasters, thus bypassing the ISP mail server.

Bottom line, if you are legit, you get through.
 






taxx

Make em say Ugh
Joined
June 11, 2001
Messages
4,128
Reaction score
3
City, State
Indianapolis, IN
Year, Model & Trim Level
73 EB
Question for youz guyz. I know of some sites for testing open ports, but are there any sites that test your mail relay?
 






Hank

Elite Explorer
Joined
October 19, 1999
Messages
997
Reaction score
2
City, State
Cape Coral, FL
Year, Model & Trim Level
'91 EB
You can test it yourself if you have access to another IP outside your address/network.

For example.

telnet mailserver_name.domain.com 25
helo me
mail from: foo@bar.com
rcpt to: spam@icanspamoffyou.com


If you get an ok here, you are an open relay.

E-mail me the req'd ip and I can test for you.

You don't want to end up on the ordb....
 






taxx

Make em say Ugh
Joined
June 11, 2001
Messages
4,128
Reaction score
3
City, State
Indianapolis, IN
Year, Model & Trim Level
73 EB
Originally posted by Hank
You can test it yourself if you have access to another IP outside your address/network.

For example.

telnet mailserver_name.domain.com 25
helo me
mail from: foo@bar.com
rcpt to: spam@icanspamoffyou.com


If you get an ok here, you are an open relay.

E-mail me the req'd ip and I can test for you.

You don't want to end up on the ordb....

Oh Ya. See how lazy I am, don't even open my books. Just tested it from my work server....

and all is good. glad to know.
 






Hank

Elite Explorer
Joined
October 19, 1999
Messages
997
Reaction score
2
City, State
Cape Coral, FL
Year, Model & Trim Level
'91 EB
Good deal, here is a more technically correct example. Names changed to protect the innocent.

220 host.sys.com; ESMTP Wed, 16 Apr 2003 19:42:41 -0400
helo me
250 host.sys.com Hello srv.mmq.com [165.240.126.33], pleased to meet you

mail from:foo@bar.com

250 2.1.0 foo@bar.com... Sender ok

rcpt to:spam@spam.com
551 5.7.1 we do not relay
 






Hank

Elite Explorer
Joined
October 19, 1999
Messages
997
Reaction score
2
City, State
Cape Coral, FL
Year, Model & Trim Level
'91 EB
Hello,

I created a crontab entry to copy over my /etc/mail/deny file to a public directory. As I am always adding to the file I have set this job to execute every three hours.

This file is formated for folks who use sendmail. However if you drop the list into excel you can dink/play with it to make it work for your application.

In the next few days I'm going to modify my program that creates the list to include the offending network address/range in the list that triggered a match. This should make log analysis a bit easier.

Have fun and enjoy. Remember use at your own risk...

Click here for deny list
 






Hank

Elite Explorer
Joined
October 19, 1999
Messages
997
Reaction score
2
City, State
Cape Coral, FL
Year, Model & Trim Level
'91 EB
Update

Effective today the download file from the website includes the address of the offender back in the reply. This makes it useful if you accidently cut someone off that you did not mean to. Like I did yesterday....

example

207.222 We do not accept mail from 207.222, remove this domain from your list.


199.230.23.1 We do not accept mail from 199.230.23.1, remove this domain from your list.


Enjoy


Deny List
 






Howard

Moderator Elite Explorer
Staff member
Moderator
Elite Explorer
Joined
May 17, 2002
Messages
4,183
Reaction score
4
City, State
Milton Keynes
Year, Model & Trim Level
1998 SOHC UK SPEC
Good work Hank keep it up and we'll end up blocking them all. I'm now using a content scanner to block anything that I don't want.
 






Hank

Elite Explorer
Joined
October 19, 1999
Messages
997
Reaction score
2
City, State
Cape Coral, FL
Year, Model & Trim Level
'91 EB
Thanks Howard,

I'm looking at a couple of open source content scanners and hope to get something installed this summer. Been short on free time lately...

Best regards.
Hank
 






Howard

Moderator Elite Explorer
Staff member
Moderator
Elite Explorer
Joined
May 17, 2002
Messages
4,183
Reaction score
4
City, State
Milton Keynes
Year, Model & Trim Level
1998 SOHC UK SPEC
It sure does save all that typing. I scan for things like "sell" and "buy" as well as all the usual things.

All the best

Howard
 






taxx

Make em say Ugh
Joined
June 11, 2001
Messages
4,128
Reaction score
3
City, State
Indianapolis, IN
Year, Model & Trim Level
73 EB
It gets bad. Everyday I find more words and phrases to block. One of these days there wont be much left that users can put in the subject field to get through.:(
 






Raceit

Elite Explorer
Joined
August 28, 2000
Messages
1,043
Reaction score
4
City, State
Overland Park, KS
Year, Model & Trim Level
'91 Explorer 2DR 4WD XL
Am I correct to assume everyone here uses a Linux/Unix based mail server?

I using a 2K box and am having a helk of a time securing it. (Big surprise I know) Anyways I have a mail program called Raiden MailD. It's a small program that's written overseas and seems to be pretty stable and works great for my low volume needs for my own server. I never had a problem with being a relay until I installed the Interscan line of products. They gave me virus protection and content management of all the emails going in and out of the system, but now that program has opened me up since Interscan and my mail server software have to talk to each other.

I have rules and filters set up, so no email goes outside of my mail server if I don't want it too. But it doesn't leave me with a good feeling since I'm just doing it with filters and the sort.

You guys have any thoughts on those Windows based products?


TIA
 






ShadowA2J

Well-Known Member
Joined
February 3, 2003
Messages
762
Reaction score
0
City, State
Fort Gratiot, MI
Year, Model & Trim Level
'01 Sport, '80 Vette
This thread would be cool.....................if I understood WHAT in the world you guys were talking about. Oh well.
dunno.gif
dunno.gif
dunno.gif
 






matey

Aussie Dude
Joined
March 21, 2003
Messages
835
Reaction score
2
City, State
Sydney NSW Australia
Year, Model & Trim Level
Black 01 xlt explorer
do you have zone alert its quite effective inblocking people who are hacking your connection and for those of you with a permanent connection it will stop you getting constantly bombarded with advertising popups
 






Raceit

Elite Explorer
Joined
August 28, 2000
Messages
1,043
Reaction score
4
City, State
Overland Park, KS
Year, Model & Trim Level
'91 Explorer 2DR 4WD XL
Originally posted by matey
do you have zone alert its quite effective inblocking people who are hacking your connection and for those of you with a permanent connection it will stop you getting constantly bombarded with advertising popups

Actually I use BlackICE Server Edition. It does a good job too of catching the suspicious stuff.
 












Howard

Moderator Elite Explorer
Staff member
Moderator
Elite Explorer
Joined
May 17, 2002
Messages
4,183
Reaction score
4
City, State
Milton Keynes
Year, Model & Trim Level
1998 SOHC UK SPEC
Am I correct to assume everyone here uses a Linux/Unix based mail server?

No

Using Novell Groupwise running on Netware 6 works great and is not effected by any of the scam viruses. Getting the mail server to talk to the scanning software should not open up anything. Run them your side of the firewall and scan incoming separately from outgoing mail (two boxes).
 






Alpha_Geek

Active Member
Joined
December 18, 2002
Messages
62
Reaction score
0
City, State
Shenandoah Valley, VA
Year, Model & Trim Level
'99 2dr 4x2
Also a "no" here to the Unix question. We're running MS exchange here.

Just implemented Xwall last week and simply adding the common rbl's has cut our spam to a mere trickle. I may not even need to use the other bells and whistles the product offers, but it's nice to know I can clamp down more if needed. :)

A_G
 



Join the Elite Explorers for $20 each year.
Elite Explorer members see no advertisements, no banner ads, no double underlined links,.
Add an avatar, upload photo attachments, and more!
.





taxx

Make em say Ugh
Joined
June 11, 2001
Messages
4,128
Reaction score
3
City, State
Indianapolis, IN
Year, Model & Trim Level
73 EB
Originally posted by Raceit
Am I correct to assume everyone here uses a Linux/Unix based mail server?

I using a 2K box and am having a helk of a time securing it. (Big surprise I know) Anyways I have a mail program called Raiden MailD. It's a small program that's written overseas and seems to be pretty stable and works great for my low volume needs for my own server. I never had a problem with being a relay until I installed the Interscan line of products. They gave me virus protection and content management of all the emails going in and out of the system, but now that program has opened me up since Interscan and my mail server software have to talk to each other.

I have rules and filters set up, so no email goes outside of my mail server if I don't want it too. But it doesn't leave me with a good feeling since I'm just doing it with filters and the sort.

You guys have any thoughts on those Windows based products?


TIA

Again no. I run a Domino Server on a 2k server. Most of your attacks out there are aimed at MS Exchange. Domino runs pretty well. Only problem we run into is spam. i run CMS Praetor before the mail server to filter it, but loads still get through. I tend to believe there it no way to block it all. Blocking domains is only so good. A lot of the spam I am getting now is from msn.com hotmail.com yahoo.com.... the list goes on. I can't block all of those domains. Just can scan for words and phrases. SOme of these are HTML and have image attachments that you can't scan the text in anyways..... Its a never ending battle. I just wish they could come up with something like the no call list we have in Indiana, I get no telemarketing calls at home. But this is email and is worldwide so how would it be inforced?:confused:
 






Top