So, you aren't happy when I build a poisoned cake for spammers, you want me to use your specific recipe... even if mine works (better?). Tell me how a MAPS-blocked system can relay spam. Yes, I'll concede that your approach may work, albeit at higher HW cost than my approach. BTW, the MHSC answer to our ORBS listing last year is to drop sendmail and build an MS-Exchange server so that we can authenticate with Win2K Domain logins. But, that's very expensive and doesn't scale well. We also support both PPTP and SSH VPN tunnels. There are obvious problems with both, as I've discovered in practice. 1. Seat license costs with Exchange (scaling issues). 2. Unless very carefully run, Exchange has serious security issues. 3. Exchange is good groupware for corps and way too much for normal users. 4. Many firewalls block any and all tunneling technology. 5. POP-based solutions demand widespread deployment of POPs. If a user is out of POP range, they have to make LD calls. Plus there is an incremental HW cost per POP. If one has a largish number of POPs this is significant addition to the out-of-range LD charges that one still incurrs.
From: E.B. Dreger [mailto:eddy@noc.everquick.net] Sent: Sunday, May 27, 2001 9:54 AM
Date: Sun, 27 May 2001 09:11:39 -0700 From: Roeland Meyer <rmeyer@mhsc.com>
[ snip ]
I don't buy the "we need open relay for nationwide users" argument, either. Build a cheap MX that does nothing but take mail from a given
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
POP, and send it to the world. Anti-spoofing at the border, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ don't accept mail from the outside world, and you're done.
You must not have a roaming staff or are willing to keep telcos wealthy.
Or I might know a better way.
Again, put a simple MX at each POP. Want a constant IP address for the SMTP server? Each POP's border router redirects the SMTP server's IP address to the local machine, which only allows inbound SMTP from the local POPs.
Nothing new here.
And then there are VPNs for roaming staff...
Date: Sun, 27 May 2001 10:24:57 -0700 From: Roeland Meyer <rmeyer@mhsc.com>
So, you aren't happy when I build a poisoned cake for spammers, you want me to use your specific recipe... even if mine works (better?). Tell me
Explain how yours works on the same level or better.
how a MAPS-blocked system can relay spam.
Nobody claimed that it could. Tell me what percentage of open relays are listed in MAPS. MAPS does not probe like ORBS does. By its more conservative nature, much more spam gets by MAPS than ORBS. Is this good? Is it bad? Judgement call.
Yes, I'll concede that your approach may work, albeit at higher HW cost than my approach.
Let's factor in the cost of wasted bandwidth when one gets hijacked, and the cost of having an MX handle the extra spam traffic. Eddy --------------------------------------------------------------------------- Brotsman & Dreger, Inc. EverQuick Internet Division Phone: (316) 794-8922 --------------------------------------------------------------------------- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.
participants (2)
-
E.B. Dreger -
Roeland Meyer