[Dshield] ISP's blocking dynamic IP address mail servers

Sam Bashton sam at ipsupport.co.uk
Thu Apr 22 04:48:49 GMT 2004


On Wed, Apr 21, 2004 at 10:44:46AM -0500, Laura Vance wrote:
> Hello,
> 
> I'm not sure if this is the right list, but I believe it is a result of 
> all of the attacks to port 25 that have been happening.
> 
> I am a very responsible mail administrator both at work and at home.  I 
> run a mail server at home, because I like having more control over my 
> email account than I would have with an online mail provider such as 
> yahoo mail. (there are several other reasons too)  As a result, my home 
> server is on a dynamic IP address (cable modem).  I'm sure there are 
> others that run their own mail server for the same reasons that I do.

I too am a responsible mail administrator, and one that blocks SMTP from
dynamic ranges.

> I've seen discussions on here about email blacklists, and based on the 
> threads, it seems like responsible mail providers should not block IP 
> ranges simply because they are dynamic, but they should be able to make 
> checks based on the individual mail server. (such as how they handle 
> bounce vs reject, do they allow relay, etc.)  My mail server at home 
> (and at work) does not allow relay and uses the "reject" method for 
> unknown local accounts as has been deemed the more Internet-friendly way 
> of doing business.

I'm sure your mail server is extremely well set up, however, as it's on
a dynamic address how am I, as an administrator of another mail server,
to know the connection is from you, and not the usual worm spew we get
from dynamic ranges?  HELO is hardly any guide to the server that's
connecting, and your IP could be any one of tens of thousands.
If you want to run your own mail server then by all means do, but please
also smarthost all mail via your ISP's mail servers or another server
which is on a static IP address.

> I wonder if this was the goal that the smtp virus writers had in mind:  
> eliminate all trust for dynamic IP mail servers.

I very doubt this was their motive.  Propagation via ones own SMTP
engine is probably going to be more effective than using the ISP's relay,
which is almost certainly why many viruses do this.

-- 
Sam Bashton
Systems Administrator
IP Support 



More information about the list mailing list