[CLUE-Admin] Re: CLUE-Tech post from admin@clue.denver.co.us
requires approval
Jed S. Baer
thag at frii.com
Mon Aug 4 20:40:18 MDT 2003
On Mon, 04 Aug 2003 18:36:03 -0600
Lynn Danielson <lynnd at techangle.com> wrote:
> >It'd help to see some representative headers.
> >
>
> OK:
>
> Received: from localhost ([142.3.208.203])
> by clue.denver.co.us (8.9.3/8.9.3) with SMTP id QAA10218
> for <clue-talk at clue.denver.co.us>; Mon, 4 Aug 2003 16:51:16 -0600
> Date: Mon, 4 Aug 2003 16:51:16 -0600
> Message-Id: <200308042251.QAA10218 at clue.denver.co.us>
> From: admin at clue.denver.co.us
> To: Clue-talk <clue-talk at clue.denver.co.us>
> Reply-To: admin at clue.denver.co.us
> X-Mailer: The Bat! (v1.61)
> X-Priority: 2 (High)
> Subject: your account crvaavwa
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="----------3254AE670004BE0"
>
> >The first thing that comes to my mind is to use SpamAssasin, or some
> >other bayseian type filtration. The other thing is to require that the
> >From: header domain match the originating machine, or something like
> >that. I know there are some problems with that, though.
> >
>
> Yeah the reverse DNS lookup can be a problem, but I'm beginning to think
> it's an acceptable one. But since they are directly using our own
> sendmail server as their smtp server, it wouldn't do any good in this
> case. I believe
> we're what is referred to as an open relay. Which leaves us open to
> some horrible abuses. I haven't been paying attention to our logs, so
> as far as I
> know our server could be getting used to spam the world. But if we're
> going to offer email aliases as a membership benefit, it needs to remain
> open to some extent.
I'd say we should close that puppy up PDQ, unless there's a compelling
reason to leave it open. Is there anyone who has a legitimate reason to
use the CLUE server for relaying their mail?
We sure don't want to have to deal with any of the problems which result
from being listed on ORBS (or whatever its successor is), or any of the
other blacklists. Or have to deal with abuse complaints resulting from
having an open relay.
Since Dave Hahn has the answer to the membership e-mail benefit, is there
any reason for that SMTP server to be used for anything other than the
mailing lists? (At the moment, anyway.)
jed
--
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list