[Mimedefang] FTC asks ISPs to crack down on zombie PCs

Ian Mitchell trash at aftermagic.com
Wed May 25 15:14:08 EDT 2005


> Date: Wed, 25 May 2005 10:50:13 -0400
> From: "James Ebright" <jebright at esisnet.com>
> Subject: Re: [Mimedefang] FTC asks ISPs to crack down on zombie PCs
>
> Where are you located at? We charge $5.00/mo for a single static ip which
> would most likely work in your situation (We are in Sprint/Bellsouth ILEC
> areas), Doesn't matter if you are DSL or Dial-up for that price (but a MTA
> on
> the other side of a dialup.. yuck!). With dedicated circuits we usually
> include a single or small block depending on the circuit (as most ILECS
> will
> as well) after you justify the space allocation (we use ARINs forms since
> thats what we need to fill out as well).

I have two broadband options. Cable and satellite. And it's a matter of
picking your poisons at that point. I looked up dialup and no, I just
could not drag myself to suffering with a 56K connection. Not to mention,
it's damn hard to find Linux modems now-a-days.

> Running an MTA on the other side of dynamic IP space is usually a bad idea
> unless you forward all of it through your providers MTA from your own
> (easy to
> do in sendmail). Otherwise you will end up being blocked by a LARGE number
> of
> providers using DNSBLs for dynamic IP space.

I've been blocked by a few for dynamic DNS, but in general it works ok. I
can get through to the people I want to get through. Likewise, I'm pretty
picky which RBL's I use. If I'm listed, it's not used. The RBL's I use cut
down about 90% of the SPAM, where SA and Mimedefang snag the other 10%.

> Wow, first off, are you rewriting your SPF records every time your IP
> updates
> via the dynamic IP space via mydyndns.org? Your SPF record allows your
> current
> dynamic IP as well as charter.com's SPF record if any (your cable
> provider).

As for dynamic IP's, dyndns works wonders and yes, I do manually update my
SPF record, but that's not very difficult and could theoretically be done
through the same script that updates the IP. But since that only happens
about once a year or so, I'm not that motivated. Ironically, I don't get
many failures from SPF, I guess it's not as widely used as I'd like to
think. I support it, and I recomend others do as well. But my SPF record
was wrong for a long time and I didn't receive a single bounce because of
it.

>
> Honestly, I would bet you are in violation of RFC2821 with regards to
> reverse
> DNS requirements for a SMTP server, you are against the thought that your
> ISP
> (charter) might (and most likely will) start blocking port 25 outbound and
> that you might have to require your private MTA (rogue MTA) to relay all
> of
> its outbound mail through charters mail servers, which is actually how it
> should have been setup in the first place (and again, is pretty easy to
> do,
> just involves a few mc file edits to hide your mta as the opriginator),
> and
> claim all of this due to either your security expertise or to not being
> able
> to afford a static IP assignment? Look at the bigger picture.

Definately in violation of RFC2821. But then again, I haven't seen much
impact on that. Honestly though, I doubt the ISP would be so willing to
release their rDNS record to me anyway ;)

> Also, I do hope you have a business account with charter as they
> specifically
> forbid "servers" in their terms of service agreement for residential
> accounts.

I do not have a business account, and have had servers running on them for
over 5 years now. Several techicians have been over before to test line
quality and each has noted my configuration. In my oppinion, if they wish
to specifically forbid them, then they should enforce it. I'm using their
services responsibly and haven't had an issue with them (other than their
really jacked up accounting department).

> Also, I know Cox Communications and Time Warner here both provide a single
> static for no extra cost if you ask for a business account and pretty much
> all
> of the DSL providers including my ISP do for business level DSL accounts
> and
> can for residential for a small fee ($5.00/mo from us for a single
> static).

Be nice if they were available...

> Sorry, I just can't help but shudder at the thought of running a
> businesses
> MTA and MX of record over a dynamic IP using dyndns or any similar
> service,
> esp since the risks are so high and the cost to do it right is probably
> about
> the same you are paying to dyndns for their service.

Wouldn't it be nice if my domain was business related ;)

Like I said, I can't pay business rates when there isn't a business. It's
a hobby. I get to play with real MTA's (10K+ emails per day) at work, and
yes, I do have technical ownership of the reverse DNS there ;)






More information about the MIMEDefang mailing list