Re: tlug: spam

["Stephen J. Turnbull" <turnbull@example.com>]

>>>>> "Ken" == Ken Harada <kenhrd@example.com> writes:

    Ken> Of course, they do not use their real addresses.  Some
    Ken> spammers/ bombers use the smtp server of innocent third party
    Ken> (no, he should not be excused, since he has to protect his
    Ken> server from unauthorized use).

It's not that easy.  I take it you have not had any box you control
abused in this way.  It happened to me---before any of the major Linux
MTAs (except maybe qmail) had spam-proofing capability.

It's only in the last 6 months that Smail has had the capability to
deny such access (and the versions up to 3.2.0.101 were very buggy and
hard to configure).  I spent a very bad week in January patching Smail
3.2.0.99 and 3.2.0.101 before I was satisfied it wasn't going to cost
my users their mail.  By that point my /etc/hosts.deny had 142
entries, each painfully looked up with two host commands and at least
one whois -h arin command, and 1% of the address space of the whole
Internet, blocked for SMTP.

It was only 12 months ago or so that America Online got this
capability on its dedicated mail relay hosts.  (This is a fact; I got
an apology from the admin.)  Earthlink's mail system _still_ doesn't
have it.  (This may be address spoofing; Earthlink has not admitted
it, but I have gotten spam apparently relayed through Earthlink in the
last week or so.)  And you want some poor econ professor to deal with
this?

I don't know when sendmail got this capability; I'm sure it wasn't
distributed that way before a couple of months ago in any of the major
Linux distributions, though.  Even if non-relaying sendmail had been
widely available, I wouldn't have used it anyway---it would have taken
as much time to learn enough about sendmail to be confident that the
switchover wasn't going to cost my users mail.

    Ken> There are recipes available for setting sendmail.cf using CF
    Ken> to avoid such abuse.

It's easy enough to do if you simply don't do any relaying.  What do
you do if you need to support popmail clients from random places on
the Internet?  Most of them use SMTP to send the messages.

What needs to be done is simply that the common carriers (uu.net,
prodigy, compuserve, etc) have to charge for email per address.  This
means that the outgoing firewall will filter unapproved SMTP, of
course.  It needn't be linear (0 for up to 200 addresses per day, then
exponential after that ;-) or the same for all accounts (if you're
willing to post a spam bond of say $50,000, you can send SMTP directly
as much as as you want, but your mail must go out with a "Priority:
SPAM" header in it that can be easily filtered, and if you get caught
breaking the rules, you forfeit the bond).

True, we little guys have to do our part.  I've paid my dues.  But
what really needs to be done is for the big providers to start
accounting for all the packets they spew.  It can be done.  IPv6 will
make it easier.


--------------------------------------------------------------
Next TLUG Meeting: 13 June Sat, Tokyo Station Yaesu gate 12:30
Featuring Stone and Turnbull on .rpm and .deb packages
Next Nomikai: (?) July, 19:30 Tengu TokyoEkiMae 03-3275-3691
--------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp