Thoughts & questions about responsibility for network traffic

J C Lawrence claw at kanga.nu
Sun Dec 2 09:31:44 PST 2001


On Sun, 2 Dec 2001 07:14:13 -0800 (PST) 
David Wolfskill <david at catwhisker.org> wrote:

> And when I try to report spam to postmaster@ a domain in question,
> I tend to react rather negatively if said mail bounces.  Indeed, I
> read RFCs 822 & 2821 to indicate that failure to accept such mail
> (with rare exceptions granted in the more recent 2821) is a
> violation of the specification (as well as intent) of the RFCs in
> question.  In such a situation, when it has been clearly
> demonstrated to me that no one is acting as being responsible for
> the email that emanates from the domain, I tend to place an entry
> in sendmail's access.db, rejecting any attempt from any machine in
> the domain to connect to the SMTP server I control, with a message
> such as

> 	550 You need a postmaster to send mail

Instead, you may want to simply configure your MTA to use
rfc-ignorant.org's services to save you the time.

> So at this point, I'm wondering if it might be appropriate to
> consider blocking access from the netblocks in question -- not
> just to the SMTP server, but at the firewall, with an ICMP
> "administratively prohibited" response.  It may reasonably be
> considered that this is a rather extreme response; on the other
> hand, I believe that we need a bit more responsibility in the
> Internet.

I do something similar to this (tho via Portsentry), and null route
traffic from the IP for a ..  The advantage is that its now
an automated system and the null routes are added and removed
without my express attention.  The disadvantage is that it spams the
hell out of my logs and I never do check WHOIS etc.

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw at kanga.nu               He lived as a devil, eh?		  
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.



More information about the Baylisa mailing list