Cal Thixton - President - ThoughtPort Authority of Chicago put this into my mailbox:
In an effort to research from where we get spammed, we get a daily report (see below) of the sites that spammed us, who they were trying to spam and from where they came from. The most frequent pattern we are seeing are spams from simple dialup PPP accounts purchased all across the country; AT&T, UUNET, SWBell, BellSouth, etc... I know where they came from and yet knowing that does not help. We cannot block all of UUNET just because some ppp customer used our servers to spam.
This has been my experience too. Is there a good reason why the throwway folks (those mentioned above) haven't blocked port 25 from their dialups to the outside internet? It seems that this would help stop the hijacking of other SMTP relays that occurs, and limit abuse to that ISP's own servers, where it can be better controlled. The only reason I can think of that would stop this would be if a user subscribes to earthlink, but uses a UUnet dialin, that customer's software would be set up to use the Earthlink SMTP servers. Keep in mind again I don't yet know much about how this would impact router performance..but wouldn't one be able to set up access-lists, then, that would allow port-25 connections to a defined list of SMTP servers (say, UUnet, MSN, and earthlink SMTP servers), and prohibit everything else? Why aren't they doing this? I've currently blocked all of UUnet and PSInet from my mail server - spam about dropped in half. But I'm still getting spam through what appear to be unsuspecting relays - and the source is one of those dialup, throwaway accounts. -dalvenjah -- Dalvenjah FoxFire (aka Sven Nielsen) "It brought me a Mr. Potato Head, Founder, the DALnet IRC Network Scully. It knew that I wanted a Mr. Potato Head!" e-mail: dalvenjah@dal.net WWW: http://www.dal.net/~dalvenjah/ whois: SN90 Try DALnet! http://www.dal.net/