Re: Has postini been taken over?

["Christopher L. Morrow" <christopher.morrow () mci com>]

On Fri, 20 Aug 2004, Suresh Ramasubramanian wrote:

> Hank Nussbacher wrote:
> > > Postini does not originate or forward spam, they filter mail destined for
> > > their customer domains.  Some spam gets through their filters, because
> > > spammers are smart and adaptively evil.  It's really quite simple.


> What I can see happening is that Hank's port 25 filtering ACLs are being
> bypassed somehow ...

or delivering email via tcp/465 or tcp/587 to postini? (I can't make
connnections to postini hosts for GCI.NET on these 2 ports though)

> Or maybe he doesn't source filter addresses and a spammer controlled
> machine on his network has two interfaces - one on hank's network [say a
> throwaway dialup / broadband account], and another a much fatter pipe.
> Packets (or rather in this case, junk mail) goes out through the fat
> pipe with Hank's IPs spoofed into the source address.

'fantasy mail' is what we call this :( It's a pain and you have to port25
filter in AND out :(

> I would recommend that Hank set up port blocks both inbound and
> outbound, and also examine mrtg or other data that he may have about

We've 'fixed' this for dial accounts (mostly) with in/out filters on their
connections as you've suggested.