[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Removal of IP

To: "'Brian Candler'" <B.Candler at pobox.com>,"'Sunday Folayan'" <sfolayan at skannet.com.ng>
Subject: RE: Removal of IP
From: "Mark Tinka" <mtinka at africaonline.co.ug>
Date: Sun, 4 May 2003 13:17:54 +0300
Cc: "'Mensah Komla Agbessitse'" <mensahk at ghana.com>,<afnog at afnog.org>, <ispan at ispan.org.ng>, <admin at skannet.com.ng>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset="US-ASCII"
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog-outgoing at afnog.org
Delivered-To: afnog at afnog.org
Importance: Normal
In-Reply-To: <20030504092715.GA45105 at uk.tiscali.com>
Organization: Africa Online Uganda Limited
Reply-To: <mtinka at africaonline.co.ug>
Sender: owner-afnog at afnog.org

Just to add on what Brian said, about the transparent redirection of SMTP
traffic, you can do it with a router too, using route maps.

The route map would match the SMTP traffic type, and set a next-hop for your
smart host. This is if you don't have a Layer 7 switch.

Regards,

Mark Tinka - CCNA
Network Engineer
Africa Online Uganda
5th Floor, Commercial Plaza
7 Kampala Rd,
Tel:   +256-41-258143
Fax:   +256-41-258144
E-mail: mtinka at africaonline.co.ug
Web:     www.africaonline.co.ug

-----Original Message-----
From: owner-afnog at afnog.org [mailto:owner-afnog at afnog.org] On Behalf Of
Brian Candler
Sent: Sunday, May 04, 2003 12:27 PM
To: Sunday Folayan
Cc: Mensah Komla Agbessitse; afnog at afnog.org; ispan at ispan.org.ng;
admin at skannet.com.ng
Subject: Re: Removal of IP

On Thu, May 01, 2003 at 07:52:30AM +0100, Sunday Folayan wrote:
> > I have to say that I have tried complaining to Nigerian ISPs in the 
> > past about "419" scam mails, and never had any response. I don't 
> > bother any more.
> 
> Its a hopeless situation and we recognise it. Most Nigerian ISPs are 
> helpless. The spammers mutate, and are Normadic.  They only use the 
> local ISPs for their last-mile connection.  We Scan outgoing SMTP 
> mails with Spamassasin and kill those $38.4m rich ones, the problem is 
> with HTTP POSTs. Not helping the matter is the fact that there are 
> very many Free webmail sites in the world.

Sounds like you're doing a good service. Mail which are being sent via
someone else's webmail service will have a source IP which belongs to them,
so you're not at risk from being blacklisted.

But did you block port 25 outbound? Otherwise spammers can just deliver mail
directly to the recipient, bypassing your smarthost, as many spam programs
seem to do.

You could also use a layer-7 switch to transparently forward any port 25
traffic to your local smarthost (arguably more user-friendly, but you'd have
to check that your T&Cs allow this)

Often though, the solutions to behaviour problems are non-technical. If
these people are in breach of Nigerian law (for attempting fraud, not for
spamming) are you able to get the police involved? I realise this is a
difficult area though, particularly to do with releasing information about
your customers and their usage logs - even in the UK the law is still
evolving.

It also doesn't hurt to handle abuse complaints in the normal way - i.e.
track down the account, terminate it, and send back an acknowledgement mail
to the person who reported it - even if it's too late to stop any more being
sent from that account. If your customers pay you for the service then you
should be in quite a strong postion, because presumably you have to check
the identities of individuals when they sign up, so you can stop them
signing up for new accounts in the future. Of course, if the scam is
successful, they probably won't need to :-)

> If there is a method of scanning the contents of POSTs (including SSL
> POSTs) from say a web proxy server, we could build spam sentry boxes.

Unfortunately, you cannot scan SSL content. You'd have to mount a
man-in-the-middle attack, which would fail because you don't have a valid
certificate for the remote site (which is exactly why sites have
certificates in the first place). I'd say it's the responsibility of the
webmail service to control abuse by their users anyway.

On a lighter note, I don't know if you ever saw this:
http://www.theregister.co.uk/content/archive/28561.html

Regards,

Brian.

-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put your
request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

References:
- Re: Removal of IP
  - From: Brian Candler <B.Candler at pobox.com>

Prev by Date: Re: Removal of IP
Next by Date: RE: Removal of IP
Prev by thread: Re: Removal of IP
Next by thread: Re: Removal of IP
Index(es):
- Date
- Thread