On Tue, 2003-04-22 at 18:13, Ed.Greshko@xxxxxxxxxxx wrote:
> Yes, and one has to ask what is the criteria for "blacklisting". I > suspect that it is either based on the fact that my dynamic IP address > doesn't pass the double reverse DNS lookup test or the fact that my > dynamic IP address is on a range of known DHCP addresses that happen to be > in Taiwan.
Oh, that explains it right there. I'm guessing you're on one of the 209 or 210 or 211 networks. There's a LOT of systems that just block those Class A addresses entirely. It's not fair and it's not "right" but it's the way it is.
<groan> Oh, my God, are you on one of THOSE? Man, I feel for you.
I ran some statistics once on our mail server (roughly 75 domains and 800 users among 30 customers), and found that over 92% of our attacks (worms, portscans, probes, etc.) came from one of those three networks (209, 210, 211), along with 87% of our spam. Jesus. My partner polled our clients (mostly Central American and East Coast USA) and it turned out none had clients/suppliers/ties to the Far East, so by popular demand 209/10/11 got blocked at the firewall and peace descended upon us.
I'll unblock those and some others once I figure out how to:
* Do basic spam/virus checking (for really obvious stuff) for all users * Set up stronger/stricter spam/virus checking on a per-user basis * Allow individual users on my server to choose whether/not to use those
I would rather not create blocks like that, but sheesh... there is a very, very real problem out there. Whosoever writes a good HOWTO on sendmail/spamassasin/some-antivirus (or postfix/spamassasin/some-antivirus) is going to earn my everlasting gratitude.
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx
-- Psyche-list mailing list Psyche-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/psyche-list
