Monitoring RBLs in Exchange 2003
|
From: Cliff Galiher - MVP on 11 Apr 2010 01:19 A mail client does not have the DNS capabilities to send mail directly. Thus *anybody* who is sending mail from a dynamic IP is doing so because they've set up a mail *server.* Don't confuse a client like outlook or thunderbird with a server like postfix or Exchange. The FAQ is written for sysadmins who are setting up mail filtering and thus there is *some* assumption that this distinction is understood. -Cliff "Milhouse Van Houten" <btvs(a)myrealbox.com> wrote in message news:#Y8KbOT2KHA.1016(a)TK2MSFTNGP02.phx.gbl... > "Cliff Galiher - MVP" <cgaliher(a)gmail.com> wrote in message > news:B54AEDF7-6ED0-4359-87A8-F2AAFCBD3966(a)microsoft.com... >> >> Non-businesses, similarly, still apply. If ta user sends through gmail >> then the gmail servers handle final delivery, and that is static. The >> only way the mail will appear to come from their dynamic address is if >> they set up an email server in their home *AND* are not sending through >> an authorized relay/mail-forwarder. >> >> ...now, remind me again why I should trust mail coming from a random >> home-user who decided to set up a mailserver from his home? Why should I >> assume that it isn't spam??? >> > > Thanks. I think that's the crux of it: you're saying that a user needs to > be running their own SMTP server, in the way you mentioned, to run afoul > of PBL? If that's the only way, this doesn't seem like a big deal then. > But I really don't get that sense from the FAQ, which lists different ways > to get caught by this, mainly centered around client authentication > settings. Considering that "all" dynamic IPs are on this list, and surely > many people still use local mail clients and haven't delved into > ultra-obscure optional sections of their mail account properties (you > can't even use port 25, apparently, for "true" authentication, even though > that port is still supported for sending mail from many ISPs), this still > seems like a great way to catch legitimate mail. > > The FAQ does make a point to say that PBL "should not affect anyone > sending mail with a normal mail program," because "most people use such a > client to send their mail out through their company or ISP's mail server > or webmail [and] they authenticate their access to those servers with a > username and password." Most? Maybe, maybe not. > http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20PBL
From: Joe on 11 Apr 2010 06:56 On 11/04/10 05:58, Milhouse Van Houten wrote: > > The FAQ does make a point to say that PBL "should not affect anyone > sending mail with a normal mail program," because "most people use such > a client to send their mail out through their company or ISP's mail > server or webmail [and] they authenticate their access to those servers > with a username and password." Most? Maybe, maybe not. > http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20PBL It may depend on where you are. In the UK, some ISPs don't offer email at all, and expect you to use a webmail service, but most do provide POP/IMAP and SMTP servers for their customers. Demon, for example, provides the servers and does not require authentication for SMTP via their network (i.e. from the location of the account, through Demon dial-up or DSL), but some do require it. I think when people speak of 'most email users', they mean domestic customers, not businesses. There are many primarily domestic ISPs who offer a 'business' service which is simply a domestic account with higher charges and 'no commercial use' removed from the T&C. They don't realise that businesses may have greater requirements, though to be fair, many small businesses don't. The common domestic email clients, Outlook Express/Windows Mail, Outlook and Thunderbird/Icedove are not MTAs, but connect to smarthosts to send email, using port 25, and will not be affected by blacklists. I really don't see any great obstacle to ISPs blocking port 25 from their dynamic/domestic clients to anywhere other than their own smarthosts. A point in the great static/dynamic argument: most 'static' addresses are in fact reservations in dynamic ranges, for the same reasons as in a typical SBS network. Normally the whole range is designated 'static', but it's not impossible to find ISPs charging extra per month simply for making a reservation in an otherwise 'dynamic' range. One of my former clients had such an address, which certainly never changed, but was in a SORBS blacklisted 'dynamic' range. The ISP was not interested in fixing this (yes, BT, you know who you are) despite charging for a 'business' account with a 'static' IP address. -- Joe
From: Leythos on 11 Apr 2010 10:31 In article <#83fYWW2KHA.3568(a)TK2MSFTNGP04.phx.gbl>, joe(a)jretrading.com says... > A point in the great static/dynamic argument: most 'static' addresses > are in fact reservations in dynamic ranges, for the same reasons as in a > typical SBS network. Normally the whole range is designated 'static', > but it's not impossible to find ISPs charging extra per month simply for > making a reservation in an otherwise 'dynamic' range. One of my former > clients had such an address, which certainly never changed, but was in a > SORBS blacklisted 'dynamic' range. The ISP was not interested in fixing > this (yes, BT, you know who you are) despite charging for a 'business' > account with a 'static' IP address. > In reality, your ISP device is getting a dynamic IP from lookup based on MAC and you're being assigned that IP/Range.... So, you could look at it as though all IP are dynamic, sort of.... The issue is when a vendor provides the range listed as Dynamic to the RBL groups, or, when the reverse lookup shows Dynamic and so many spammers have been seen in that scope.... A business class connection won't be listed in Dynamic ranges, if it is, well, you need to find a company that actually provides BUSINESS CLASS service. Many DSL providers give business clients static IP's, but, they are just reservations in the Dynamic pool used for residential customers, which means they are not really business class service. Always check, BEFORE you purchase service, the IP ranges the provider has against lookups to see if the provider is a problem. That said, I will always block Dynamic Ranges from all email servers for my company and clients. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address)
From: Russ SBITS.Biz [SBS-MVP] on 11 Apr 2010 15:04 Having a Dynamic IP doesn't stop you from sending email out it just stops the people who don't know how to get around it. There are legit ways around getting the Dynamic IP on a business. So IMO Block all Dynamic and the Businesses that have a Dynamic IP, will have a SMART Technical Advisor that will know how to get by this limitation. I currently have 2 Clients that a Dynamic IP is all they can get. (one in the UK) And they have NO issues with SBS sending email or Receiving (And they don't use the POP3 Connector) It comes to a matter of the IT Advisor knowing what to do. SO use Zen.SpamHaus.org And it will block the dynamic IPs with the illegitimate servers and in reality, isn't that the goal? Russ -- Russell Grover - SBITS.Biz [SBS-MVP] MCP, MCPS, MCNPS, SBSC Small Business Server/Computer Support - www.SBITS.Biz Question or Second Opinion - www.PersonalITConsultant.com BPOS - Microsoft Online Services - www.Microsoft-Online-Services.com http://www.twitter.com/SBITSdotBiz "Leythos" <spam999free(a)rrohio.com> wrote in message news:MPG.262ba74584f21c7b98a2bc(a)us.news.astraweb.com... > In article <#83fYWW2KHA.3568(a)TK2MSFTNGP04.phx.gbl>, joe(a)jretrading.com > says... >> A point in the great static/dynamic argument: most 'static' addresses >> are in fact reservations in dynamic ranges, for the same reasons as in a >> typical SBS network. Normally the whole range is designated 'static', >> but it's not impossible to find ISPs charging extra per month simply for >> making a reservation in an otherwise 'dynamic' range. One of my former >> clients had such an address, which certainly never changed, but was in a >> SORBS blacklisted 'dynamic' range. The ISP was not interested in fixing >> this (yes, BT, you know who you are) despite charging for a 'business' >> account with a 'static' IP address. >> > > In reality, your ISP device is getting a dynamic IP from lookup based on > MAC and you're being assigned that IP/Range.... So, you could look at it > as though all IP are dynamic, sort of.... > > The issue is when a vendor provides the range listed as Dynamic to the > RBL groups, or, when the reverse lookup shows Dynamic and so many > spammers have been seen in that scope.... > > A business class connection won't be listed in Dynamic ranges, if it is, > well, you need to find a company that actually provides BUSINESS CLASS > service. > > Many DSL providers give business clients static IP's, but, they are just > reservations in the Dynamic pool used for residential customers, which > means they are not really business class service. Always check, BEFORE > you purchase service, the IP ranges the provider has against lookups to > see if the provider is a problem. > > That said, I will always block Dynamic Ranges from all email servers for > my company and clients. > > -- > You can't trust your best friends, your five senses, only the little > voice inside you that most civilians don't even hear -- Listen to that. > Trust yourself. > spam999free(a)rrohio.com (remove 999 for proper email address)
From: Milhouse Van Houten on 11 Apr 2010 17:21
OK, great. The last question is how it is that the following warning doesn't seem to be applicable to SBS. Isn't Exchange at least one of these things? "Caution: Because ZEN includes the XBL and PBL lists, do not use ZEN on smarthosts or SMTP AUTH outbound servers for your own customers (or you risk blocking your own customers)." "Russ SBITS.Biz [SBS-MVP]" <russ(a)REMOVETHIS.sbits.biz> wrote in message news:D1CCC999-3D9D-41DC-AAA9-2B72CCBA29E1(a)microsoft.com... > Having a Dynamic IP doesn't stop you from sending email out > it just stops the people who don't know how to get around it. > > There are legit ways around getting the Dynamic IP on a business. > > So IMO Block all Dynamic and the Businesses > that have a Dynamic IP, will have a SMART Technical Advisor > that will know how to get by this limitation. > > I currently have 2 Clients that a Dynamic IP is all they can get. > (one in the UK) > > And they have NO issues with SBS sending email > or Receiving (And they don't use the POP3 Connector) > > It comes to a matter of the IT Advisor knowing what to do. > > SO use Zen.SpamHaus.org > And it will block the dynamic IPs with the illegitimate servers > and in reality, isn't that the goal? > > Russ > > -- > Russell Grover - SBITS.Biz [SBS-MVP] > MCP, MCPS, MCNPS, SBSC > Small Business Server/Computer Support - www.SBITS.Biz > Question or Second Opinion - www.PersonalITConsultant.com > BPOS - Microsoft Online Services - www.Microsoft-Online-Services.com > http://www.twitter.com/SBITSdotBiz |