I run my own servers. I like it. I have a few friends and half a dozen clients, mostly for doing DNS tricks spreading servers around the city. Anyway, I also have an excellent mail server, mailenable to be exact, that the old standard versions (the one that were not using the resistry to store stuff) are the best thing in emailing.
I use rdbl's to block spammers, but thats not enough. I spend hours looking at connections and ended-up blocking whole countries. If they dont care, why should I?
The thing that bothers me though, is that spammers, utilizing crackers (i guess) get on my nothing-to-bother-about server to spam their ass off. Its just bandwidth you may say. Its just too muck junk for my 8 allowed connections to the server. I thank them for not having brought down my systems for the past 15 (exact) years, but that does not mean that I respect any of them.
My proposal is that, instead of blocking IP, people that run servers, list to a MAIL-RBL valid only servers. its easier to block and control if somebody wants to spam.
I hate that the net needs some control. I want to fight that control, but some people have no respect and force us to join the 'dark side'. please dont bother me, cause I was -ethically- hacking since the beginning of the 80's and I still do cause this is what a system's person must do for life. I'm not dead yet and shortly I'll have too much time on my hands. I have all the smtp logs since 1993. How hard it is to show some respect? Use your isp's mail server to send your junk if you are a real cracker !!! - I'm switching (its hard, but happens) all my clients to ubuntu and the plan is to totally drop pop3 for pop3s issuing non-ca's (for starters) to all. fellow admins, check stunnel for wherever you cant have ssh. its worth it. I even rdp lately with stunnel where i dont have des/sha vpn. its transparent to the lusers anyway after you configure it.
I blocked a few minutes ago some brazillians, 201.2/16 and 200.223/16 and the connections dropped to 1/5th. Maybe its half the country. Maybe some people down there want to do business here. Dont care since they dont. And some tech info, if you are complaining. For the past year, anything that you Xmit on port 25 gets copied at least once from your isp, safely stored for at least a year. I repeat, ANYTHING over 25 not necessarily directed to valid email servers. Even ssh-ing over remote machines, at some point becomes 25 -that gets copied- and its traceable connection. The isps can run a sinple script with a grep and check - for starters - which ip is smtp-ing viagra par example. They get the IP, get the time, get the user login, block the account and thats it! They can even block the mac from the modem. IF THEY WANTED TO ! (dont try to teach me about mac spoof)
BTW: all this time that i'm typing this, i'm monitoring connections to smtp. they went down to nothing. Guess I'm happy blocking the aforementioned isps.
I only wish that there is a list to block countries by their IP in total not just segments.
goodnight
Εγγραφή σε:
Σχόλια ανάρτησης (Atom)
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου