[Coco] Re: OT: Email services

John E. Malmberg wb8tyw at qsl.net
Fri Feb 20 14:25:35 EST 2004


In article <web-56501830 at forest.net>,
  <jimcox at miba51.com> writes:
> Hi All:
>
> The hosting company where I have my email service is
> getting hit wiht Directory Harvesting Attacks on a regular
> basis and during the day, it is impossible to get to my
> mail.  They are a small company, so resources are thin.

That is what router ACLs are for.  If they are hitting a server
that hard, block the range (in powers of 2) that the attackers are
using.  The odds of someone operating a legitimate mail or web
server on a net range making such an attack are practically NIL.

After the block is in place an e-mail can be sent to the designated
abuse address for the I.P. range(s) as to why the block was put
in place, and that it will not be removed until the problem on
their network is fixed.

If the attacks are coming in from open proxies from various networks,
there really is no reason for a mail server to accept e-mail from a
known open proxy. It will either be sending spam or a directory harvesting
attack.

Most mail server use an open relay list to reject mail from open relays.
An open proxy is worse than an open relay and even less likely to send
a real mail.

Any mail server that is not using an open proxy DNSbl is only increasing
it's workload and potentially it's operational costs.

One popular list of confirmed open proxies and equivalent is the xbl from
http://www.spamhaus.org.

All mail servers should be able to be set to directly reference the
xbl.spamhaus.org in addition to their open relay DNSbl to reject the
spam before the body of it ever reaches the mail server.

There have been no reports of a false positive from the xbl from spamhaus
on any forum that I monitor.

Both the open relay lists and the open proxy lists are pretty much automated
and will remove an IP address when the problem is fixed.  Some may retest on
a periodic basis, and some may require that the owner of an I.P. address
request a retest.

>  Can anyone recommend a good hosting company for email
> services only?

Commercial use, or personal use?

There are probably thousands of them.  Encompasserve.org is free, but
a hobby operation.  Not for commercial use.

The postmaster for it runs http://www.arnold.com, that
offers some services on a commercial basis.  I have no idea on his rates.
But his volunteer work on encompasserve has been far better than the service
that I have ever gotten from a paid ISP.

And when this topic came up before, Dennis pointed out that he has had good
service from pair.com, which is the ISP he uses for the new COCO list.

> I prefer that they have Postini mail filtering.

Why?  If the postmaster is not asleep at the switch, they can easily
maintain effective spam blocking, and do it cheaply.  And when done correctly
cuts the operational cost of the mail server.

-John
wb8tyw at qsl.net
Personal Opinion Only




More information about the Coco mailing list