[c-nsp] [ot] SMTP

Alexander Clouter alex at digriz.org.uk
Mon Mar 15 13:30:57 EDT 2010 

Hi,

* Drew Weaver <drew.weaver at thenap.com> [2010-03-15 13:01:31-0400]:
>
> > What is stopping service providers having a bunch of perl scripts 
> > that daily check when IP's they are responsible for get listed?  It 
> > should be simply an extension of their NMS platform.  Once you have
> > detailed WHOIS/PTR records you at least have something to point out
> > to the postmasters, and the blacklist maintainers, to say "hey next
> > time do *your* jobs properly". :)
> 
> Er, are you serious? 
>
Yes.

> Sending 90,000 DNS queries to all the different RBLs on a daily basis 
> is an easy way to get banned your network banned.
> 
Doing that is obviously stupid, however I did not tell you to launch a 
DoS on a RBL :)

To me, it is not asking too much of people to look at re-purposing the 
blacklists they are using already?  As you seem to be in the 
$WE_PUSH_PACKETS biz I guess you *might* already have an rsync feed to 
spamhaus given your size?  Obviously this rule does not apply to 
everyone, but I do not see why not?

Another option is that UCEPROTECT/spamhaus and others seem to provide a 
"subscribe to notifications when we list you" service.  This obviously 
is sub-optimal as it revolves around the concept that every 
postmaster-and-their-dog have to opt-in to be told about their own 
network rather than vice versa.  To be honest, as all the postmasters 
and their mutts have already manually opted in to various blacklistings, 
plus postmaster worth their salt is regularly reviewing their logs and 
visiting the blacklist sites, whilst on the page hardly a huge chore to 
subscribe to notifications too.  Once subscribed you are then looking at 
procmail/sieve recipes to do some of the hard work (work out which 
customer is abusing their AUP, automatic linkies to RRD graphs for the 
user, PPP history, etc etc)....

Roaming off the spam track, there are plenty of downloadable lists out 
there already.  Emerging Threats, Malware Domains, ZeuS tracker, various 
Honeypot projects, etc etc.  Is it really asking too much of service 
providers to munch through those too?

Cheers

-- 
Alexander Clouter
.sigmonster says: Most people deserve each other.
                  		-- Shirley

More information about the cisco-nsp mailing list