Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. NANOG>
  3. users
An end to spam through Graphnet
dhudes at graphnet
Aug 1, 1997, 2:01 PM
Post #1 of 5 (546 views)
Permalink
Hi folks,
Some time back before the latest round of cable cuts and BIND
arguments
you may recall that I notified everyone that Graphnet was being
abused to
transit spam. An ugly mess -- between the bounces and the flood
of 'remove' from
angry recepients plus one wise guy who impersonated our marketing
department
it brought a dual cpu sparc20 to its knees at its height, with
over 100mb on the mail queue awaiting re-delivery or more likely
expiration.

We have put an end to this madness on our systems by building and
configuring the very latest Sendmail v8 and BIND 4.9.6 (attempts
to use v8 failed for being too Berkley,
on a Solaris 2.x system -- but don't start arguing that here
please) in combination with
filters on our gateway router. Load has dropped way down on our
sparc20, and hopefully the spammers will go play with someone
else instead of futilely occupying bandwidth on our circuits .

Let this be an object lesson to those of you out there who have
yet to upgrade:
the spammers will find you sooner or later. They walk down every
A record in every zone until they find a victim. They look in
public databases like RIPE to see what mailboxes are registered
for the zone and they use those names to try to get past your
sendmail filters and launch spam in your name (doesn't work on
us, I thought of that trick).
So go forth to www.isc.org and www.sendmail.org and compile.

Dana Hudes
Graphnet
Re: An end to spam through Graphnet [ In reply to ]
geoffw at precipice
Aug 1, 1997, 2:32 PM
Post #2 of 5 (548 views)
Permalink
On Fri, 1 Aug 1997, Dana Hudes wrote:

> Hi folks,
> Some time back before the latest round of cable cuts and BIND
> arguments
> you may recall that I notified everyone that Graphnet was being
> abused to
> transit spam. An ugly mess -- between the bounces and the flood
> of 'remove' from

yeah,
I got hit the other day.


> We have put an end to this madness on our systems by building and
> configuring the very latest Sendmail v8 and BIND 4.9.6 (attempts
> to use v8 failed for being too Berkley,
> on a Solaris 2.x system -- but don't start arguing that here
> please) in combination with
> filters on our gateway router. Load has dropped way down on our
> sparc20, and hopefully the spammers will go play with someone
> else instead of futilely occupying bandwidth on our circuits .
>
> Let this be an object lesson to those of you out there who have
> yet to upgrade:
> the spammers will find you sooner or later. They walk down every
> A record in every zone until they find a victim. They look in
> public databases like RIPE to see what mailboxes are registered
> for the zone and they use those names to try to get past your
> sendmail filters and launch spam in your name (doesn't work on
> us, I thought of that trick).
> So go forth to www.isc.org and www.sendmail.org and compile.


Can anyone elaborate a little more on the "one true" set of procedures
that one should take to prevent spammers from abusing ones resources.

The current problem that I have is valid customers who are "on the road"
and want to sendmail through my SMTP server when they dial into
att or netcom, before their eudora's used to point their SMTP server
at me, that ain't happenin' after my spam attach so is there some work
around that they can use?
Re: An end to spam through Graphnet [ In reply to ]
jdfalk at priori
Aug 1, 1997, 2:36 PM
Post #3 of 5 (536 views)
Permalink
On Aug 1, Geoff White <geoffw@precipice.v-site.net> wrote:

> > Let this be an object lesson to those of you out there who have
> > yet to upgrade:
> > the spammers will find you sooner or later.

And once they've found you, they will keep on relaying through
you until you make it impossible for them to do so.

> Can anyone elaborate a little more on the "one true" set of procedures
> that one should take to prevent spammers from abusing ones resources.

It varies depending on what your situation is, and how smart
you expect your customers to be.

> The current problem that I have is valid customers who are "on the road"
> and want to sendmail through my SMTP server when they dial into
> att or netcom, before their eudora's used to point their SMTP server
> at me, that ain't happenin' after my spam attach so is there some work
> around that they can use?

The /best/ idea is to have them use a local SMTP server. If
they can't or won't do that, there are a few recipes floating
around that let you exempt messages from specific sources; I
haven't investigated those much, but they're out there.

*********************************************************
J.D. Falk voice: +1-415-482-2840
Supervisor, Network Operations fax: +1-415-482-2844
PRIORI NETWORKS, INC. http://www.priori.net
See us at ISPCON '97, booth #501
"The People You Know. The People You Trust."
*********************************************************
Re: An end to spam through Graphnet [ In reply to ]
dhudes at graphnet
Aug 4, 1997, 8:58 AM
Post #4 of 5 (536 views)
Permalink
J.D. Falk wrote:

> On Aug 1, Geoff White <geoffw@precipice.v-site.net> wrote:
>
> > > Let this be an object lesson to those of you out there who
> have
> > > yet to upgrade:
> > > the spammers will find you sooner or later.
>
> And once they've found you, they will keep on relaying
> through
> you until you make it impossible for them to do so.

Believe it folks! These characters are persistent and once one
finds you the rest follow.

> > Can anyone elaborate a little more on the "one true" set of
> procedures
> > that one should take to prevent spammers from abusing ones
> resources.
>
> It varies depending on what your situation is, and how
> smart
> you expect your customers to be.
>
> > The current problem that I have is valid customers who are
> "on the road"
> > and want to sendmail through my SMTP server when they dial
> into
> > att or netcom, before their eudora's used to point their SMTP
> server
> > at me, that ain't happenin' after my spam attach so is there
> some work
> > around that they can use?
>
> The /best/ idea is to have them use a local SMTP
> server. If
> they can't or won't do that, there are a few recipes
> floating
> around that let you exempt messages from specific
> sources; I
> haven't investigated those much, but they're out there.
>
>

If someone had a fixed IP address I could theoretically allow
that one through my router filters but that's just begging for IP
spoofing.

> *********************************************************
> J.D. Falk voice: +1-415-482-2840
> Supervisor, Network Operations fax: +1-415-482-2844
> PRIORI NETWORKS, INC. http://www.priori.net
> See us at ISPCON '97, booth #501
> "The People You Know. The People You Trust."
> *********************************************************
Re: An end to spam through Graphnet [ In reply to ]
nordlund at ccstaff
Aug 4, 1997, 11:41 AM
Post #5 of 5 (536 views)
Permalink
> Date: Fri, 01 Aug 1997 14:32:34 -0700 (PDT)
> From: Geoff White <geoffw@precipice.v-site.net>
> Subject: Re: An end to spam through Graphnet
> To: Dana Hudes <dhudes@graphnet.com>
> Cc: nanog@merit.edu

>
>
> On Fri, 1 Aug 1997, Dana Hudes wrote:
>
> > Hi folks,
> > Some time back before the latest round of cable cuts and BIND
> > arguments
> > you may recall that I notified everyone that Graphnet was being
> > abused to
> > transit spam. An ugly mess -- between the bounces and the flood
> > of 'remove' from
>
> yeah,
> I got hit the other day.
>
>
> > We have put an end to this madness on our systems by building and
> > configuring the very latest Sendmail v8 and BIND 4.9.6 (attempts
> > to use v8 failed for being too Berkley,
> > on a Solaris 2.x system -- but don't start arguing that here
> > please) in combination with
> > filters on our gateway router. Load has dropped way down on our
> > sparc20, and hopefully the spammers will go play with someone
> > else instead of futilely occupying bandwidth on our circuits .
> >
> > Let this be an object lesson to those of you out there who have
> > yet to upgrade:
> > the spammers will find you sooner or later. They walk down every
> > A record in every zone until they find a victim. They look in
> > public databases like RIPE to see what mailboxes are registered
> > for the zone and they use those names to try to get past your
> > sendmail filters and launch spam in your name (doesn't work on
> > us, I thought of that trick).
> > So go forth to www.isc.org and www.sendmail.org and compile.
>
>
> Can anyone elaborate a little more on the "one true" set of procedures
> that one should take to prevent spammers from abusing ones resources.
>
> The current problem that I have is valid customers who are "on the road"
> and want to sendmail through my SMTP server when they dial into
> att or netcom, before their eudora's used to point their SMTP server
> at me, that ain't happenin' after my spam attach so is there some work
> around that they can use?

Just get your customers to use an Email client that knows how to use MX
records and does not need a "forwarder"! Frontier Technologies sells the
Super TCP/NFS suite with an Email client that works just fine. It even
has internal IDs and Passwords so that more than one person (or you if
you have to look like more than one person) can use the same machine.
www.frontiertech.com

>
>
>
>
>

Dave Nordlund d-nordlund@ukans.edu
University of Kansas 913/864-0450
Computing Services FAX 913/864-0485
Lawrence, KS 66045 KANREN

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal