nanog mailing list archives
Re: Repeated Blacklisting / IP reputation
From: Joe Greco <jgreco () ns sol net>
Date: Wed, 9 Sep 2009 06:37:53 -0500 (CDT)
Show me ONE major MTA which allows you to configure an expiration for an ACL entry. The problem with your opinion, and it's a fine opinion, and it's even a good opinion, is that it has very little relationship to the tools which are given to people in order to accomplish blocking. Kind of the question I was contemplating in my other message of minutes ago. If people were given an option to "block this IP for 30 minutes, 24 hours, 30 days, 12 months, 5 years, or forever" - I wonder how many people would just shrug and click "forever." This may lead to the discovery of another fundamental disconnect - or two. Sigh. ... JGA cron job/schedule task with a script that removes said line would most likely do wonderous things for you. I could see a comment before each listing with a time/date that you use some regex fu on to figure out how long it was there and how long it should be there for. Simple! You could also automate it with a web frontend for noobs so they don't have to manually edit configuration files.
You /COMPLETELY/ missed the point. If this was something that people felt was truly useful, then there would be support for something like this. I mean, we've only had about 15 years of spam-as-a-real-problem on the Internet. The perception by most admins is that when you block someone, you want to block them for a Really Long Time. If this wasn't true, then there would likely be an automatic feature built in to MTA ACL entries to expire. I didn't say you /couldn't/ do it. The problem is that the average spam spewer is a long-term thing, so when you ACL off a host, you've probably deemed the sender to be of no significant value to you, and you're not expecting that they're suddenly going to become whitehat in two weeks, or even six months. Therefore, there's no default support built into MTA's for this, because it /doesn't/ do anything "wonderous" for you. I would agree that in the best case, we would want a default behaviour of ACL removal when an IP block is reallocated by the RIR, but I don't see an easy way to get there as a default behaviour of an MTA. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- RE: Repeated Blacklisting / IP reputation, (continued)
- RE: Repeated Blacklisting / IP reputation Frank Bulk (Sep 09)
- Re: Repeated Blacklisting / IP reputation Jon Lewis (Sep 08)
- Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 08)
- Re: Repeated Blacklisting / IP reputation Jon Lewis (Sep 08)
- Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 08)
- Re: Repeated Blacklisting / IP reputation Valdis . Kletnieks (Sep 08)
- Re: Repeated Blacklisting / IP reputation bmanning (Sep 08)
- Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 08)
- Re: Repeated Blacklisting / IP reputation bmanning (Sep 08)
- Re: Repeated Blacklisting / IP reputation Ronald Cotoni (Sep 08)
- Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 09)
- Re: Repeated Blacklisting / IP reputation Chris Hills (Sep 09)
- Re: Repeated Blacklisting / IP reputation James Cloos (Sep 12)
- Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 12)
- Re: Repeated Blacklisting / IP reputation James Cloos (Sep 12)
- Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 12)
- RE: Repeated Blacklisting / IP reputation Keith Medcalf (Sep 12)
- Message not available
- Message not available
- Re: Repeated Blacklisting / IP reputation JC Dill (Sep 08)
- Re: Repeated Blacklisting / IP reputation Joe Greco (Sep 08)
- Re: Repeated Blacklisting / IP reputation Alex Balashov (Sep 08)
- Re: Repeated Blacklisting / IP reputation JC Dill (Sep 09)