[lug] Stopping the New Generation of Spam
bgiles at coyotesong.com
bgiles at coyotesong.com
Mon Dec 4 09:43:17 MST 2006
To be honest, I can't understand why much of this advice is always given
as "tightening your mail server" instead of "applying minimal common
sense".
Imagine you're sitting in a bookstore cafe and somebody joins you. He
also says that he works for your company. Why, he does the very same
thing you do! Only one problem -- you know that you're the only person
doing this job in this territory. Would you listen any further, or would
you tell him to take a hike?
The HELO checks are the same thing. If you claim you're me, via IP
address or host name, then I know, prima facie, that you mean harm to
myself or others. You're out of here.
You're back at the bar and a totally nondescript guy tries to tell you
something that you know only a few people know... how could he know it?
You tell him to take a hike.
The HELO checks are the same. You tell me you're localhost or anything in
127/8, 10/16, etc. and I'll tell you to take a hike. Those are all
perfectly legitimate IP addresses... within an organization. (Well, 127/8
is within a system, but you get the idea.) They're valid addresses within
an organization, but should never be facing the internet at large.
Some of the remaining tests are more subtle, but obvious when you map them
to meatspace. You want me to pass a message on to my friend-of-a-friend
Sally? Sorry, you'll have to find her yourself. You want me to pass a
message on to Bob but you aren't willing to provide at least a seemingly
valid way for him to respond? Sorry, I know that Bob's uninterested in
getting anonymous notes and you'll need to tell him how to reach you if he
has questions.
This may seem like a lot of hand-waving, but the consequences are
immediate and severe when these social rules are broken.
> I've tightened up my mail server using the recommendations here:
>
> http://www.freesoftwaremagazine.com/articles/focus_spam_postfix/
More information about the LUG
mailing list