On Fri, 20 Aug 2004, Suresh Ramasubramanian wrote:
Hank Nussbacher wrote:
Postini does not originate or forward spam, they filter mail destined for their customer domains. Some spam gets through their filters, because spammers are smart and adaptively evil. It's really quite simple.
What I can see happening is that Hank's port 25 filtering ACLs are being bypassed somehow ...
or delivering email via tcp/465 or tcp/587 to postini? (I can't make connnections to postini hosts for GCI.NET on these 2 ports though)
Or maybe he doesn't source filter addresses and a spammer controlled machine on his network has two interfaces - one on hank's network [say a throwaway dialup / broadband account], and another a much fatter pipe. Packets (or rather in this case, junk mail) goes out through the fat pipe with Hank's IPs spoofed into the source address.
'fantasy mail' is what we call this :( It's a pain and you have to port25 filter in AND out :(
I would recommend that Hank set up port blocks both inbound and outbound, and also examine mrtg or other data that he may have about
We've 'fixed' this for dial accounts (mostly) with in/out filters on their connections as you've suggested.