North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Has postini been taken over?
On Fri, 20 Aug 2004, Suresh Ramasubramanian wrote: > > Hank Nussbacher wrote: > > > >> Postini does not originate or forward spam, they filter mail destined for > >> their customer domains. Some spam gets through their filters, because > >> spammers are smart and adaptively evil. It's really quite simple. > >> > What I can see happening is that Hank's port 25 filtering ACLs are being > bypassed somehow ... or delivering email via tcp/465 or tcp/587 to postini? (I can't make connnections to postini hosts for GCI.NET on these 2 ports though) > > Or maybe he doesn't source filter addresses and a spammer controlled > machine on his network has two interfaces - one on hank's network [say a > throwaway dialup / broadband account], and another a much fatter pipe. > Packets (or rather in this case, junk mail) goes out through the fat > pipe with Hank's IPs spoofed into the source address. 'fantasy mail' is what we call this :( It's a pain and you have to port25 filter in AND out :( > > I would recommend that Hank set up port blocks both inbound and > outbound, and also examine mrtg or other data that he may have about We've 'fixed' this for dial accounts (mostly) with in/out filters on their connections as you've suggested.