nanog mailing list archives

Re: ARIN whois

From: Robert Gash <gashalot () gashalot com>
Date: Mon, 22 Nov 1999 15:44:52 -0500 (EST)


Dean, perhaps I am not fully understanding your logic behind not closing
your relays.  I have been a systems administrator for 4 years and I have
not ever found an application where I needed to leave my SMTP relays open
to the world.  I do not doubt that you have legitimate business purposes
in mind when opening your relay, but at some point you must decide that
legal action will be too slow to fix anything and that it might be a good
time to close your relays to aleviate other problems.  Simply saying "I
shouldn't need locks on my doors because everyone should be
honest and never come into my house without my permission," dosen't cut it
in this world, and I am quite sure that you have
locks on every portal to your house, so why should your SMTP server be any
different?  Taking such a stance and refusing to close your
relays is simply a foolish decision.

Closing mail relays isn't very hard, and qmail and sendmail (and probably
the handfull of NT mailers) both have ways of implementing a
POP3-before-SMTP system so you can "allow" relaying from anywhere on the
planet without having to worry about abusers (as long as the abusers don't
have the login information for a POP box).  I suggest that you investigate
implementing POP-before-SMTP if you wish to leave your relays open to
everyone, as well as setting up RBL support on your server, in the end it
helps everyone by stopping one more potential spam outlet.

-Robert Gash

PS- and don't think that just having "private" IPs that are publically
accessible to the net will stop anything.  I use a cablemodem at home and
we have co-located equipment where I work, and it is constantly being
scanned for open vulnerabilities (including open SMTP relays, so you can
rest assured that someone will find you out sooner or later).

 On Mon, 22 Nov 1999, Dean Anderson wrote:


These are coming from Mass, Cleveland, Ohio, and Virginia. 

We use our relays for legitimate business purposes. They are not "accidentally left open".  We are not going to close 
them.  We are going to pursue abusers civilly and criminally.  The FBI assures me that it does not matter criminally 
that access comes from international sources.

Much of the activity appears to be comming from alleged ANTI-SPAMMERs such as Chris Neill, and Alan Brown and Ron 
Guillemette who have been inciting attacks against us, posting to alt.2600 and advertising our service.  Inciting 
criminal acts is a criminal act too, I'm pretty sure. We make sure to mention them prominently.

              --Dean

Around 11:18 PM 11/21/1999 -0500, rumor has it that Kai Schlichting said:


At 09:16 PM 11/21/99 -0500, Dean Anderson wrote:

Can someone send me a list of *all* AOL netblocks?  ARIN's whois only gives back a handful.

I want to block _all_ AOL netblocks, but its tough to find out what they are.

Thanks to a few malicious, radical antispammers (Chris Neill, Alan Brown, etc) we are getting hit with a large 
number of criminal mail relays. Mostly coming from AOL addresses. We have about a half dozen individual criminal 
complaints underway.


Don't kid us, Dan. Close your fucking relays (not that any of them talk to
my hosts anyhow). If this has to be drummed into your bonehead again: THEY
WILL FIND YOUR RELAYS ON THEIR OWN, AND THEY WILL ABUSE THEM, NO MATTER
HOW LOUD YOU SCREAM. THEY SIT IN CHINA, PAKISTAN AND KOREA, AND THERE IS
NOTHING YOU CAN DO ABOUT THEM SHORT OF CALLING THE WHITEHOUSE AND GETTING
THESE PLACES INVADED. Alternatively, you could come to your senses and
shut the literal front door of your house now that you've finally noticed
the first unsavory characters passing by. A couple years after the rest
of us, no doubt.

And they won't need ORBS or any other service to locate you, either.
Stop complaining. No more secrets (now that's from Scott Yelich's tagline).

bye,Kai

--
kai () conti nu             "Just say No" to Spam            Kai Schlichting
Palo Alto, New York, You name it             Sophisticated Technical Peon
Kai's SpamShield <tm> is FREE!                 http://SpamShield.Conti.nu
|                                                                       |
LeasedLines-FrameRelay-IPLs-ISDN-PPP-Cisco-Consulting-VoiceFax-Data-Muxes
WorldWideWebAnything-Intranets-NetAdmin-UnixAdmin-Security-ReallyHardMath

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
           Plain Aviation, Inc                  dean () av8 com
           LAN/WAN/UNIX/NT/TCPIP          http://www.av8.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Current thread:

ARIN whois Dean Anderson (Nov 21)
- Re: ARIN whois Kai Schlichting (Nov 21)
  - Re: ARIN whois Forrest W. Christian (Nov 21)
    - spam from aol (was Re: ARIN whois) Jared Mauch (Nov 22)
    - Re: spam from aol (was Re: ARIN whois) Michael Shields (Nov 22)
    - Re: ARIN whois jlewis (Nov 23)
- <Possible follow-ups>
- Re: ARIN whois Dean Anderson (Nov 22)
  - Re: ARIN whois Ehud Gavron (Nov 22)
  - Re: ARIN whois Robert Gash (Nov 22)
    - RE: ARIN whois Roeland M.J. Meyer (Nov 22)
  - Re: ARIN whois Joe Shaw (Nov 22)
    - RE: ARIN whois Roeland M.J. Meyer (Nov 22)
    - RE: ARIN whois Bruce Campbell (Nov 23)
    - RE: ARIN whois Roeland M.J. Meyer (Nov 23)
    - Relaying to non-standard TLD's (was Re: ARIN whois) J.D. Falk (Nov 23)
    - Re: ARIN whois Henry R. Linneweh (Nov 23)
    - RE: ARIN whois John Fraizer (Nov 24)
    - RE: ARIN whois Roeland M.J. Meyer (Nov 25)
    - Re: ARIN whois Etaoin Shrdlu (Nov 25)

(Thread continues...)