[Dshield] security.scan.sec.rr.com

Rick Leske rick at jaray.net
Thu Jun 19 01:44:04 GMT 2003


Doug,

Here's the most current list, that I know of, that shows all the blacklist
servers.

http://www.declude.com/Junkmail/support/ip4r.htm

cheers,

~Rick

----- Original Message ----- 
From: "Doug White" <doug at dwhite.ws>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Wednesday, June 18, 2003 5:51 PM
Subject: Re: [Dshield] security.scan.sec.rr.com


> I am not sure what they are trying to accomplish.   The boilerplate reply
is
> somewhat generic, however, My point is that they should spend at least
that
> amount of effort on closing open relays within their own net block - this
is
> where the failure seems to be.
>
> As for me, I provide a commercial email gateway, set up explicitly for the
> purpose of filtering spam for many domains, then forward the cleaned mail
on to
> the customer's mail server.  I use a combination of analysis, and some of
the
> open relay block lists and an anti-virus scanner.    I have to be
selective as
> to which block list I use, because so many of them are not only slow to
update,
> but some return far too many false positives,   What I don't want to do is
to
> stop even one legitimate email message from being delivered to the
customers'
> inbox.
>
> My own log analysis reveals the open relay rape that goes on constantly,
and
> currently there are 6 in the RR system (all in either NY or FL) which have
been
> open for at least six months on static IP numbers. These six machines are
> cranking out several million spam emails every 24 hours, according to
reports.
> I am also experiencing multiple scans from the rr network every 5 days.
When
> they come in they are intensive. Thus far, they have not been able to
penetrate
> my system, it does make me wonder just how many they are able to
"discover."
> Most spammers move from relay to relay, and originate from many accounts.
By
> the time an ISP shuts one down they are already two or three accounts
ahead of
> them and continue the spew.  I have seen as many as 20 spams per hours
just to
> my server, all identical but transmitted through different open relays.  I
think
> it reasonable that these are all the same spammer, and transmitted from
the same
> source, which is not always accurately reported by the relay machine.
>
> Your own experience is evidence of the harm it does to legitimate users,
because
> of the abuse by spammers. and I don't use Osirusoft.
>
> ======================================
> Stop spam on your domain, use our gateway!
> For hosting solutions http://www.clickdoug.com
> ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
> ======================================
> If you are not satisfied with my service, my job isn't done!
>
> ----- Original Message ----- 
> From: "TQMcube" <TQMcube at verizon.net>
> To: "General DShield Discussion List" <list at dshield.org>
> Sent: Wednesday, June 18, 2003 4:40 PM
> Subject: Re: [Dshield] security.scan.sec.rr.com
>
>
> | On Wed, 2003-06-18 at 16:38, Doug White wrote:
> | > I can understand what RR is trying to do, but it seems like a sledge
hammer
> is
> | > being used to break watermelons.  All they seem to be doing is to be
adding
> to
> | > the congestion on the net.
> | >
> | Judging from your posts you are considerably more knowledgeable than I
> | am. Frankly, I support RR's policy since they are relying upon actual,
> | tested data - in contrast to using Osirusoft. They only scan me when I
> | send mail through their SMTP gateway.
> |
> | OK. To be fair I have an ax to grind. In spite of having the same static
> | IP for more than five years I'm listed as part of a dial-up pool.
> | Osirusoft won't make an exception (in spite of the fact that I have
> | provided them with ample proof) and VOL is, well, post Bellatlantic
> | Verizon. So, for me, the RR system enables me to send mail via MX where,
> | perhaps, I might not otherwise be able to. I suspect that by denying
> | access to open relays they are doing a real service for their
> | subscribers.
> |
> | _______________________________________________
> | list mailing list
> | list at dshield.org
> | To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> |
> |
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
> ___________________________________________________________________
> Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
>
>

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list