RE: relay spam

Mitch Wagers ( mwagers@ocsnet.net )
Sat, 31 Jan 1998 23:38:21 -0800

Well, I just converted our system over to Post.Office and thought I had it
locked pretty tight, but obviously not. So I reread the manual, several
times until I can configure the server in my sleep if need be (my digitizer
tablet isn't like a mouse, I know exactly where the cursor is! hahahha).
What I did was restrict ALL relay mail in the beginning, but this makes it
so *no one* can send mail to any address besides our local domains, they
can't even connect! So, then I modifed it to allow relay mail from only our
network blocks+local domains. Also, if any relayed mail happens to get in
our system, it can *only* be delivered to local addresses. In order to
spoof things now, you would have to spoof one of our IP's and our domains.
Easy you say? Maybe if you are a complete expert at IP Packet production,
as Post.Office can check not only the Source IP, but the source mask as
well, which most spoofers don't seem to modify the subnet mask. I'm
experimenting with other ways now, so I guess we'll find out. I will not
allow this to happen again, though!

Watch for mail from mymail.net as well as ni.net...

----------
From: Brad Albrecht
Sent: Saturday, January 31, 1998 6:35 PM
To: ntisp@emerald.iea.com
Subject: Re: relay spam

Actually, if you see REAL spam from hotmail, they are very responsive about
removing that user. Unfortunately, since it is so big (like aol.com), most
people just put a bogus reply email from AOL.com or hotmail.com. nothing
you can do about that. Watch the headers and block the people that support
spam. You will find a suprising trend in what servers it really comes
from...

On a similar note, if you allow your customers to send mail as if they are
from another account (like if I want to send mail, with a return address of
my hotmail account), then what stops anyone from saying they are from
hotmail? Who's ligit? If you find a way to block it, there will be a way
around your block. I don't think that even legislation can help at this
point.

Brad Albrecht
Computer Innovations Online
http://www.cio.net/
Skagit Valleys' Premier Internet Service Provider

-----Original Message-----
From: Kurt A. Butzin, DDS <kurt@molar.net>
To: ntisp@emerald.iea.com <ntisp@emerald.iea.com>
Date: Saturday, January 31, 1998 5:58 PM
Subject: Re: relay spam

>It got so bad with spam from hotmail that we have blocked the whole
domain.
>I've received exactly two complaints after doing from clients you said
they
>couldn't send them mail from home where they have hotmail accounts. We
have
>also noticed an increase in the use of incrementing numbers for name and
>domain both, I don't know how to eliminate these, any ideas?
>
>Kurt A. Butzin, DDS Molarnet Technologies, Inc
>President 1936 Bay Street
>kurt@molar.net Saginaw, MI 48602
>http://www.molar.net (517) 249-4638
>
>Authorized iPSwitch WebVar (http://www.molar.net/ipswitch/index.html)
>
>-----Original Message-----
>From: John Barrett <john@asacomp.com>
>To: ntisp@emerald.iea.com <ntisp@emerald.iea.com>
>Date: Saturday, January 31, 1998 3:35 PM
>Subject: Re: relay spam
>
>
>>Mitch Wagers wrote:
>>>
>>> Members,
>>>
>>> I just thought I would try and be informative...we got hit *hard* last
>>> night with nearly 3000 emails that were relayed through our system.
Now,
>>> we are getting messages from the people that were recipients seriously
>>> complaining about the SPAM originating from us! However, it didn't
>>> originate from us and we now have a block put on *.mymail.net because
>that
>>> is one of the locations it originated from. I've also locked down all
>relay
>>> mail except from our local hosts/domains so hopefully nothing like this
>>> will happen again. I encourage ALL of you that run mail servers to do
>this!
>>> Individuals/companies that do this make me incredibly angry, but what
can
>>> you do?
>>>
>>> The message pertained to "MAKE MONEY FAST" schemes, of course.
>>> Owners were ronh@hotmail.com, whether that is a valid address I have no
>>> idea, but he's blocked too.
>>>
>>> Regards,
>>> Mitch
>>>
>>> ----------------------------------------------------------
>>> NTISP Mailing List listserver@emerald.iea.com
>>
>>Good luck with this one Mitch, The ones we got used an incrementing
>>address. We've tried but he always finds a way back in. He does not
>>relay off of us but he sends junk to our users regularly. We get the
>>bounce off of AOL and Hotmail both. It's not like I can block the whole
>>domains...
>>--
>>John T. Barrett
>>Sr. Engineer / Webmaster
>>ASA Network Computing
>>(614)476-9876
>>john@asacomp.com
>>webmaster@asacomp.com
>>
>>http://www.asacomp.com
>>"Bringing the world a little bit closer, One Customer at a time."
>>
>> ----------------------------------------------------------
>> NTISP Mailing List listserver@emerald.iea.com
>>
>>
>
>
>
> ----------------------------------------------------------
> NTISP Mailing List listserver@emerald.iea.com
>

----------------------------------------------------------
NTISP Mailing List listserver@emerald.iea.com

begin 600 WINMAIL.DAT
M>)\^(A<'`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`0V ! `"`````@`"``$$
MD 8`) $```$````,`````P``, (````+``\.``````(!_P\!````20``````
M``"!*Q^DOJ,0&9UN`-T!#U0"`````&YT:7-P0&5M97)A;&0N:65A+F-O;0!3
M3510`&YT:7-P0&5M97)A;&0N:65A+F-O;0`````>``(P`0````4```!33510
M`````!X``S !````%@```&YT:7-P0&5M97)A;&0N:65A+F-O;0````,`%0P!
M`````P#^#P8````>``$P`0```!@````G;G1I<W! 96UE<F%L9"YI96$N8V]M
M)P`"`0LP`0```!L```!33510.DY425-00$5-15)!3$0N245!+D-/30```P``
M.0`````+`$ Z`0````(!]@\!````! ````````(&-@$$@ $`#P```%)%.B!R
M96QA>2!S<&%M`-\$`06 `P`.````S@<!`!\`%P`F`!4`!@!-`0$@@ ,`#@``
M`,X'`0`?`!<`( `B``8`5 $!"8 !`"$````X13@Y,$%%,CE!.4%$,3$Q03,U
M-S P-C P.#%#1D4U-0`8!P$#D 8`8 X``!0````+`",```````,`)@``````
M"P`I```````#`"X```````,`-@``````0 `Y``!)(5_D+KT!'@!P``$````/
M````4D4Z(')E;&%Y('-P86T```(!<0`!````%@````&]+N1?'.(*B8^:FA'1
MHU<`8 @<_E4``!X`'@P!````!0```%--5% `````'@`?# $````3````;7=A
M9V5R<T!O8W-N970N;F5T```#``808!]9#@,`!Q!Z#P``'@`($ $```!E````
M5T5,3"Q)2E535$-/3E9%4E1%1$]54E-94U1%34]615)43U!/4U1/1D9)0T5!
M3D142$]51TA424A!1$E43$]#2T5$4%)%5%195$E'2%0L0E543T)624]54TQ9
M3D]44T])4D5210`````"`0D0`0```-X,``#:# ``6!D``$Q:1G5R+ @W_P`*
M`0\"%0*D`^0%ZP*#`% 3`U0"`&-H"L!S973N,@8`!L,"@S(#Q@<3`H,2,Q,/
M9C0/>FAE;-$#($1L9P* ?0J ",_%"=D[%Y\R-34"@ J!@PVQ"V!N9S$P,Q0@
MEPL*$O(,`6,`0"!7%C& +"!)(&IU<P5 J06@;G8$D'0)@" (8<@@<WD=(&5M
M'> =@4 @=&\@4&\=("["3PW0:6-E( !P'=#D=&@(8&=H!4 <X!' 31W0:05
M%S!C:QW!<&L7H ) >1[@:2!A',!B0G4%0&]B=FD(8'/2;"'P;F\?4" &`!\`
M?QS@%Z 7H"#1(" ?P .!=7\'0!S $? =@0= (@$'@G5W`C #$1S@8P.1'5$?
MD&?O"' ?P"2"$?!R'K(+@"2PUR'P(R )X' @\&8C4 G@U1W08A_ *"AA9"(@
M(0!\:7H>P@&@** %0 0`;GHG(1%I(6 ?T"2P(P%E31S":R-@!^!E> #0=*TC
M,7<6("=58PAP<P6Q700`(2"Q+G$1P"DCD%?/$< @@BG@'=!W800@%Z#/'2 %
M$"S0$W!,3"0!"V!_(? `P ,1*#$D@BEP*@!N_P,`&J B9" @! `DL2%@!"!S
M(0$M\" J(V =X"D@*O\FDQ'P'_$Q,Q[Q`' A\"#0_F0P`00@*7 `D VP!" =
M\MLA,2619 -Q"X!S', D@?\A\":A*R$E42;#*2 LT"Y0_R/ -^,#H!S@!&$&
MD!W!(0'_-6(60"QQ,-D#4C0A(S$=\FDI('1W!;!K(G A,G/F*S<(Y%!;"WP
M', H\9\UDC#3'<$Q,Q' <' )\/L$(![Q9RK"`Z =^#]!'3']`Y$J/((T8"EQ
M#; K4!V!OQW!'O$W%#75!Y CD$E!H<,+(![$<W!O;RD`,N'O&J $("QA',!Y
M"& M$ A@_FP=T!' '8!%^#0Q'>!(L?$>`4E0)P0@'^(=\CYHKD4OT"'P1U)S
M,0`_(Z#^33$`*7$H\4=2"L K@@6@_FT+4!(`'\ LH$#0`" ?T/T@@5 ?$ #0
M(6 %0"&@!'#V=2S0(O!N', OT1\J)J/_%B A4"-2/'0D@B/ "' ?L=])@#*&
M)Z%2% # <SUP+]'N=QR3+2 ?H&@KL1TA1C/_!) $(#=P*Q(1\!YQ'O$Z0W%1
MI'-U8CT14Y-%42?_'H!-HP=Q)C$:H"T0(0!4P/\C<"TQ+[$>0$;T,\$<X"<P
M^S825" G%D$?D$GC(X(<X/\#\!9!43([)#+C'O% I!_0;F<+<3?B($(A"H4*
MA5=_+S!4L0(0!< [Z"A@,3(NWU>"4_5/D@,`8;(N8Q!?/",*]"M0,3@P`M%I
M+7@Q-#0-\ S092,+63'>-@J@`V =L#!A+6='"H?79?L,,&&1@-A.FA.9L:Y
M#((@0B6 '= _`&(7H/T1L'1G[VC]!F ",&HO:SNU!A!T"'!D,0`<P$HDTA)R
M(? S,1S ,3DY0#@@-CHS-1\03?-LWVC]5&]O'VL[)C%&,"9 'G E<F0N")!A
M+N]-$7,?;>Y78&HY074_:SO<4F5ZT##41C!A>%9CO;PS-F7'%"(,`6;&02S0
MOR3Q(S _0TM#"> '\$4PD/=]0SPD(#!T,3(WY4RR'8'_/[)&,0"!2!$!H%OQ
M"H47H+\$8"+@61$@("\Q*^%R(Y'^52<`%T$F("\P%C!Q80"0WFX?L2$!,P$S
MP6(B("F0]RM4!O!X(BD<P%3B"H5 T/9O34$<]' BD2N@!N G,!\OX@M0(? >
M<#OW04],_W@B19&"QG@B(Y$C84:B"H7_1U(FHC=PA.2&,R.18!0D@O\6("#0
M58(?XCV3)'.*U89#OU=00, 700J%?5(CD5E'8O]<@ENC*Z"4$040A_&&(1>@
M_Q_Q*#$M()/B)],S<R0Q@.'?30('D J%`U)C'T]>,8?A_FT#$ K!(V$L`4Q&
M.S-'4?\%P"W '2"9$5611@(TUR_1_RCQ@V:961_1690`T 6@)B'_B14H\5Q1
M`' ZTS3'5&%94O\KH"&Q"'!>,37E1F *A2AAOX+5H.:)\3G3EY0>\'!)LO]'
M4$CA/#-+@88$@X4#4@J%]X+52[$O$&])H2M0*@%+L?Y)3%25]5GQ'N*2M"$`
M-^/_)U%<<REQK$,*A0K H2$=T/^=$SV37"-5Q$:2DO(O,3BS_RB@*@`C("\P
M3U$FDQ8A*-#W+S$RXHIF;PN 'U!?/&P/?PK!"%!-,"*0'L%%<"-@=G^R,P0@
MFQ K4"D@J98"0'#P.B\O=[D0>" B\&&RLB\*A5-K7E A`58[(?DX(',G'Q"%
ML0B116&VT?]7@@9A(N ?L;M A>$$@5\\W6=#3P40,A$ED4TV$5Y0=F5GFFGD
M2PAP,'$CD$(E(I!Z7H)$1 7P/&O=P+% !&"H6&R/@J%=1*[=Q^-DSS#GW@B
MPM9$AX''>M!P_W((-3HU<H!R]T]Z9WR_7VD*A3Y)!4!G_U%!B+(@T5E#@C^&
M-%0@1^3_/9-$`B21+2 &\$-Q-X-C-NW,@"=($6R!94/!'= LIO<],4T$"W%T
M2;$!@![!-W#[60(\,V,K4%C1!"!+1"^1_S@"S!:A$4? 5>0?\QYQ.^C_(# '
M@"T8I5%(`J5]/L(<@/^IED@!S!8'0#/!(V$?H98A_P.@B $D,1'P,78KX4D"
MW9/_6,8DX ;058)@<H=PV.$?X?_,%C=TB^$@(!S"5<0L4R P_UU!'P!#H9N
MAW(D<BOR-9+[-H$OT#_,%LP6P*_!L>>/]TO!PE)7@E1LD2-@%S J`/\'D!S!
MB!#,%KM!-G*A0>M_O^R/(Z!R4'[PM3 Q`5.7`?\2`,P6P?SLO_#)!A"^LD<A
MTDT<X#0X?P`RS!:XJ0/OC_3:*#4Q-RD@`#(T.2TT-C,X?>5>02*0(# %$"I
M(.%0[E-9052Q'(!BNK %P"F0__-ON9(%( /A8#'ZT!_P+*#B+B!P;6PIY5Z^
M/[].LCYIY$IOZ8#N`7(ALO7!T&K_L4 OT*#P32'&&GX^PU_$;\5_S#3&WW&N
M,SURNS[)S\K;Y<?,%CY-U_BTOU%5D7=FTCH+%PL(]C[]\=_S+ S?#>(<Y2 H
M_T>4,# UL9*"W@)@<:6@(A"_'8":`<\QS,(R\&N0*B\@_QLP-& ;<(I'#>(R
M0"!B64/7*2!XH",Q,V3 ,(RD00'_SO0G43_6HW"O(2!@'>EC-OY.1Q$-><\Q
M3+)!45CS)>&_OT+@,3Q"DQX7-;E0<-5$?R?!(O0->=-F60*0AE'A4/Q!3461
M_9-8\SPSBU N4/P@2"QP)5)"8R^!*Q$->?\A5J?EC"%)TL\QXO-(`HO1]Y+#
MBY*R82KT`&%H*7!$@/\KX<P6AD(->3,!2-63$C<2_[=TNH$DAUO0F<-8$83"
MW*+[S\4W<'>(6)0S!8PTPUY]Z6C^Z!08'!KD#PT-N<0<'F+8',O-W4SLA!P
M7A!F_T>P%?&.]:KQB5&S61I37()_7>I%45A0B!!!P;]1C5!,[X(01F%'4H9#
M<MK0GG27YO\Z\3Y@*-BS<%\F#[.O4(2P_^3P@,$R`$T2HC#IX;$DD%'_76.E
MH(E1X+'=DR-PK- 1@OYG<>!2E)>2>&60$0UY1U+W2E#E1PU;5),A&X6*P8=
M!W]1T *08")-04M%(4O03TY%66G005/\5"(8L%#1&X'J$#=A-J+WW?#1-PWQ
M3RXP##,70U%P_&A CAE48L*P6;*&0UV!_XO0MU!D@)8AI$4/\,]CF^#_*9KE
M`5*4LM"JT<^W55!&.?\->0DP7F &0 Z*#A#XLDW//PWB9SE2CU.?5(Q1.DY4
MWDDA``X0SJ%9`DRS</2=OV2 ,>&7\W=O"R8+%T=-D/G0$&QU)O'-<UUC*G(+
MH__J$$)B*G%B$LRSAI'=2-]5_PL7I#6&T-M T=(18.G@$<'_3(.<H:YQX#'[
M<4FRK&+-,/NM`C8Q2-"R&^&X0L7"73_I+ JP#=AC"%A):*BT_"+0/^Q`I!@
M&(*&DHPRC!"H17P_V!"&O(<4@L7A0&($F3UC6'?)9,BL*64X@(LX72JT9OA
M_S/D#_"0$I*XT',+%S(EF@AW"X!5>?^C5,$!``0+%U/=AL%%/G"X`:#!+_CR
MI:#O&.&]1@N 1,!!&9#"L!$`#G*M$+:$7QHH-C$TX"DT-S8MR+!V$ L7_P".
M"Q<=8'+5=U]:2[BI>4_]"W$BM4"&`:B%$/$5X)8B_TH0N+"+$8C@B[#5(#'0
M(P+[FQ")8$.==;,2)J AP."P_"XB>?\.`%2/@T^$7U4N_U9/5U]8;UE_BB^+
M3\PE@C__CD^/7X5NAG^'CXB?B:[+/_^NTHU/E_^9#X5MD7^2CY.?9XFMKJ65
MPF1<2A#MX# CE<#3HEQF,J"P<S*OH$$,@@CPRY9]KJ `HG ```,`$! `````
M`P`1$ ````! ``<PL*<\D.,NO0% ``@PL*<\D.,NO0$>`#T``0````4```!2
113H@``````,`#33]-P``7W0N
`
end