From: "Dr. Jeffrey Race" <jrace(_at_)attglobal(_dot_)net>
...
I have consulted with the experts on Spam-L and my conclusion from
the vigorous response there is that they have to be closed, for
reasons noted below.
Contributors to Spam-L are not any necessary more expert about spam
than anyone else.
...
I have queried Spam-L experts about this. One of the top technical
people on that list states:
"I have seen more than one "rate limited" open relay being hit badly
by spam - the spammer just throttles down his mailing speed through
the relay. Throttling a mailserver so badly that spam will definitely
not get through will also throttle a lot of legit mail going through
that relay."
That suggests only that your "expert" is more of an "e-spurt" like
some self-professed expert contributors to this list who have made
similarly inaccurate declarations. Sufficiently draconian rate limiting
is always sufficient to stop spam while insufficiently limits are
insufficient. It is simply wrong to claim that anti-spam rate limiting
must "also throttle a lot of legit mail going through that relay."
For example, you can do as some relays have done for many years and
rate limit by stream, for various definitions of "stream" including
fuzzy matching mail bodies.
The claims in this mailing list that all relays must be closed are at
best sloppy wording that omits "open" or "promiscuous." There is no
technical difference between a "smarthost" and a "relay" except the
set of SMTP clients from which the smarthost will accept mail and/or
the sent of SMTP servers to which it will relay mail. For that matter,
in the way most users send mail, there is no technical difference
between their ISP's "mail server" and a "relay." Their PCs as as
clients to send mail to the SMTP server of their ISP. That SMTP server
does exactly the same thing with their outgoing messages as an open
relay, except perhaps for restricting the SMTP clients for which it
will relay.
...
I have verified from Spam-L that many/most open-relay testers only
test whether a sending IP address is an open relay after getting a
spam in hand. However there are indeed open-relay testers that
test routinely without provocation, apparently as a self-defense
measure.
That is another case where your Spam-L e-spurts are inventing facts
or over generalizing from too little experience. Judging from my logs
and most reports I've heard from other people who have logs to read,
most relay tests from self-described white-hat testers are at best
based on unsubstantiated "nominations". All of the major open relay
testers and plenty of others have attacked my SMTP servers, without
ever having had any spam from them. (It's possible to make claims
about never ever having sent any spam if you run an vanity domain.)
"Self-defense" is how most relay testers justify their actions.
Whatever they say, for people running SMTP servers, their actions are
indistinguishable from spammers looking for open relays.
...
If you believe this analysis is incorrect I will be pleased to replay
your reply over there, or you can show up yourself. Please don
flame-resistant suit first; there is a very low tolerance on Spam-L
for fuzzy and wishful thinking. The general attitude toward spammers
and enablers is "heads on pikes" :)
Please do not do that.
Please also do not gateway this mailing list to news.admin.net-abuse.email.
Please do not use arguments based on anonymous authorities.
Please understand that some of the contributors to this mailing list
have histories of technical involvement with SMTP that are equal to any
you might find among contributors to Spam-L.
People offering IDs should also understand that the form of an ID is
not magic. Putting your thoughts into the form of an ID does not
automatically confer accuracy, relevance, or even make them convincing.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg