On Thu, Jun 10, 2004 at 09:21:07PM -0700, Hallam-Baker, Phillip wrote:
I am unable to support MTAMARK because the present proposal is
incoherent. If I control an IP address I can block port 25, so why
would anyone implement a rube goldberg scheme that allows me
to say 'i should have blocked port 25 but did not'?
- We, as an ISP, sell Internet Access. Our contracts don't allow us
to block ports as we wish and I am sure most other contracts of
other ISPs don't, also. Those who do will loose customers to ISPs
that don't. (I know of ISPs that tried to block P2P networks,
they no longer do, guess why).
- Filter lists have a large impact on the speed and managability of
routers. You don't want lists of 65000 entries and more for 65000
hosts in all/most, not even in some of your routers.
- We shut off spammers (we had one, a dialin customer, back in 1995) and
relaying hosts immediately as we notice them. This is according to our
AUP and the German Law.
However with MTAMARK and a default of MTA=no we and our customers could
tell others that we don't think they should accept eMails from that IP
address, so infected machines could not cause harm, like they do now
not even until we get aware and shut them off.
- Blocking port 25 will also cut off users that only run incoming SMTP
servers for local networks that have roaming users that want to
"phone home" and inject some authenticated emails.
As I and many others have said before, blocking ports at will is
not a solution for anything.
Ask the ISPs to do something coherent such as using the reverse
DNS to advertise contact addresses
MTAMARK suggests adding RP (Responsible Person) records along
with the MTAMARK records. RP records are there since RFC 1183
(October 1990). I have never seen one in the wild except the ones
I have added myself.
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"