Re: An end to spam through Graphnet

[Michael Dillon <michael () priori net>]

> Can anyone elaborate a little more on the "one true" set of procedures
> that one should take to prevent spammers from abusing ones resources.

1. dump sendmail. It can't prevent relaying.

2. install qmail http://www.qmail.org because relaying is disabled right
outr of the box. In fact I had to dig for a while to figure out how to
relay mail to a server behind a firewall.

3. lean *HEAVILY* on the vendors of email client software to *STOP* *THE*
*MADNESS* of using SMTP to send email. They need to do this via the
authenticated POP or IMAP sessions. Standards be damned. If the vendors
can't agree on a standard for doing this then it is less headache to hack
POP and IMAP servers to handle a half dozen proprietary ways of sending
email via POP/IMAP than it is to deal with SPAM relay messes. P.S. get your
customers to lean on their email client vendors as well. In fact, supply
your customers with email addresses at the email client vendors and tell
them to request this enhancement.

IMHO, of course.

Seriously though, don't expect that you can install a simple sendmail
recipe and solve this problem. The best recipe so far comes from Klaus
Assman http://www.informatik.uni-kiel.de/%7Eca/email/english.html but it
requires some upkeep to do it this way.

Point 3 is the ideal solution and I really do believe that if an
information campaign is waged with the vendors, this really could be done
within a month or two.

> The current problem that I have is valid customers who are "on the road"
> and want to sendmail through my SMTP server when they dial into
> att or netcom, before their eudora's used to point their SMTP server
> at me, that ain't happenin' after my spam attach so is there some work
> around that they can use?

Basically, you have to have sendmail allow certain email to be relayed
based on whatever you have to identify those customers. Static IPs are
great, no problem. Small corporate LANs with dialin ports are probably OK
because they probably have their SMTP relaying disabled. But if a customer
is roaming with an AOL account then you can't solve the problem. All you
can do is to tell them to use AOL's SMTP servers when they are dialing in
via an AOL account.

I think this discussion is really pushing the bounds of what is on topic
for this list and unfortunately the Eudora Pro I am using does not seem to
support Reply To headers so here are a couple of better mailing lists to
discuss this on.

inet-access   -  high volume, can be over 200 messages per day, sometimes
                 gets overwhelmed by chit-chat

send a "subscribe" message to inet-access-request () earth com

IAP  - much lower volume list. Some days there is only one or two messages
       but the volume can perk up if there is a hot topic.

send a message reading "subscribe IAP Your Name" to listserv () vma cc nd edu

Please don't reply to this message on the NANOG list. Please change the To
address to either inet-access () earth com or IAP () vma cc nd edu

Thanks.

********************************************************
Michael Dillon                    voice: +1-415-482-2840
Senior Systems Architect            fax: +1-415-482-2844
PRIORI NETWORKS, INC.              http://www.priori.net

"The People You Know.  The People You Trust."
********************************************************