[CLUE-Tech] Mail Delivery (failure
clue-tech@clue.denver.co.us)
Charles Oriez
coriez at oriez.org
Thu Jul 8 15:10:53 MDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 02:26 PM 7/8/2004 -0600, Jed S. Baer wrote:
>On Thu, 8 Jul 2004 14:54:22 -0400
>"Roy J. Tellason" <rtellason at blazenet.net> wrote:
>
> > > FWIW, I've had a considerable lack of success reporting e-mail abuse.
> > > Regrettable, but true. Since this is a virus, maybe the ISP would be
> > > willing to do something about the user? Or, maybe already has.
> >
> > It's interesting how so many ISPs seem to view keeping you from
> > _downloading_ spam or viruses to be a "good thing" (I guess it is from a
> > marketing point of view) but they don't seem to bother with any
> > consideration whatever about people _upoading_ the damn things.
>
>Actually, a couple weeks ago, there was news going around about Comcast
>actually blocking SMTP from infected machines. (Or maybe it wasn't quite
>that drastic?)
yep. they blocked port 25 on any client machine sending out abnormally high
volumes of email. I had their dynamic space blocked for awhile, and I
think I still do. At one point, it was accounting for 25% of my spam
blocks on a week to week basis. There has since been a dramatic drop. I'm
not the only one seeing it, but in my case I would say that the drop has
been in the 90% plus range.
For any comcast customer who is suddenly finding legit traffic to be
blocked, they need to point their outbound mail thru smtp.comcast.net which
routes it through 1 of about 4 or so servers. However, the server ID that
hits your server does not always identify itself as smtp.comcast.net. Best
solution is to use comcast.blackholes.us as a dnsbl, then whitelist their
legit smtp servers in your access.db with the following entries:
connect:smtp.comcast.net OK
connect:rwcrmhc11.comcast.net OK
connect:sccrmhc11.comcast.net OK
connect:sccrmhc12.comcast.net OK
connect:sccrmhc13.comcast.net OK
another workable alternative appears to be to blacklist
.client.comcast.net REJECT
So far, everything I bounce coming from their trojaned machines has that
pattern
Charles Oriez coriez at oriez.org
39 34' 34.4"N / 105 00' 06.3"W
**
"Drag God into politics, and you'll ruin his reputation in no time." -
Molly Ivins
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: created 6/26/04 expire 6/25/05 stored MIT & PGP.COM
iQA/AwUBQO24XLiLNnC0cMkdEQL6CQCg2b5kUlbXH3CbFR1Ec71Ua+ehgBYAoIt2
YhTtngv3maVJrUqKzv/Dcgsm
=VxJf
-----END PGP SIGNATURE-----
More information about the clue-tech
mailing list