OOO broken

[John Summerfield]

Andrew Kelly wrote:
> On Wed, 2007-10-24 at 16:09 +0800, John Summerfield wrote:
>> Andrew Kelly wrote:
>>> On Wed, 2007-10-24 at 00:06 -0400, Ric Moore wrote:
>>>> On Tue, 2007-10-23 at 10:11 +0200, Andrew Kelly wrote:
>>>>> On Tue, 2007-10-23 at 01:33 -0500, Renich Bon Ciric wrote:
>>>>>> Does anybody, other than me, suffer from the same problem?
>>>>> Dunno.
>>>>>
>>>>> If your problem is erectile dysfunction, then yes, apparently half the
>>>>> planet shares your problem. Well, at least according to all the mail I
>>>>> get.
>>>> Jeeez Andy! Not you too?? I think my <ahem> "problem" was my yahoo
>>>> account's fault. All those ads you mentioned. I left that account open
>>>> for a year or so to attract and soak in just about all the goobers and
>>>> their spam that exist in the entire world, and I just killed it off
>>>> yesterday. <cackles> Sweet. 
>>> I catch a ton of rubbish to an account I pretty much haven't used in
>>> half a dozen years. And I have to admit, some of the subject lines are
>>> funny as hell. There are between 200 and 500 in my junk folder every
>>> morning; I still can't break the habit of scanning for false positives.
>>> If you let your focal point slide to about 5 inches past your screen so
>>> that things begin to blur just the tiniest bit, let your mind wander
>>> (just the tiniest bit), it all begins to read like a surreal comic book.
>>>
>>> I choked on my tea the first time I read that my new penis was waiting
>>> for me.
>>> ... a riot.
>>>
>>>> Gmail makes me more "confident" you see. 
>>> Gmail.
>>> You know, I think I'm learning that I think gmail really sucks. I've
>>> never actually used web-based e-mail (and I've never really understood
>>> why anybody who has an actual internet connection would in the first
>>> place), so I don't really know what it's enticing feature(s) is/are. But
>>> I sure can say that I get a ***t-load of spam from gmail accounts, and
>>> that gmail either does not have an abuse mechanism in place, or simply
>>> refuses to respond to it's use. 
>> Bear in mind that the "from:" address is supplied by the user, and can 
>> be anything at all.
>>
>> If you look carefully at the received: headers, you can tell whether it 
>> came via gmail's servers. Note that there typically will not be many 
>> hops between gmail's servers and yours, and probably you "know" them all.
> 
> 
> Yeah, yeah, I on it. Before I spend the time writing a notice of abuse
> mail I make sure of details like that. I only make that kind of effort
> in special cases, and let filters handle the rest. It's been my
> experience that mail sent to abuse@ generally gets *at*least* an
> automated response of some kind. In my dealing with gmail I've never
> heard a single peep, not from man nor beast, so to speak. An, of course,
> no actions (that I could perceive, anyway) were ever taken. It's like
> talking to a wall.
> 
> Whatever, I'll live. 
> But I'm certainly not being presented with any opportunities to alter my
> personal opinions about web-based email, or the providers or (with
> exceptions, of course) users thereof.
> 
>>> Whatever the case, gmail is the new hotmail in my admin life. In fact,
>>> aol has fallen to 4th place on my personal list of "The Rings of Hell".
>>> gmail, hotmail, yahoo, aol, in that order.
>> more like .cn and .ko .ru, .es and .mx don't rate highly here either.
> 
> I hear you.
> 
>> I regularly firewall off great gobs of China: if I see spam or ssh from 
>> anywhere in China, I block at least the entire /24 network entirely, 
>> from smpt and ssh.
> 
> For me that's a baby/bathwater thing. SSHD will take any amount of
> activity from my own networks; everybody else gets 1 try at a successful
> login and talks to the hand after that.

I take 5 ssh /hour from anywhere in the world, more from places in .au 
where I might visit.


Apparently the modern botnet shares the job of enumeration, so limiting 
one/IP address could, in principle, be overcome fairly quickly.

I do not expect email from those countries' networks I block. And I 
assume folk chop their networks into blocks: these /24 (or more) 
addresses are for adsl. Those adsl users have a fair chance of getting 
through, if they use the IAP's relay.

Of course, an IAP couldn't do this, and nor could a large organisation.

> For mail, I let postfix and a content scanner deal with things. If the
> connecting host can survive RBL and a reverse DNS lookup and wants to
> send mail to an actual user in a domain I'm catching for, and the mail
> isn't carrying anything that looks like cooties, then it's in the door
> as far as I'm concerned. The receiving end can worry about whether it
> was real mail or not.

Undo the blocks for while, and let them see what a good job you do:-)


> Users whine about all the crap they get, but they REALLY whine when
> critical mail doesn't reach them.
> 

A rule I have is, block the source, but once it's received, deliver it. 
Target folder may be spam or windwoes if I think it's suss.

The only good email that's landed in my spam folder's from etrade. they 
write mail that fails any decent spam test - all-caps subject, talk 
about money ....





-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu

Please do not reply off-list