Re: ** Forged spamming going on

[Robert Tarrall <tarrall () ecentral com>]

alex () nac net wrote:
-> some luser off of AT&T DIalup is using mailme.com (my domain) for relaying
-> mail:
-> Received: from mailme.com (146.st-louis-71-72rs.mo.dial-access.att.net
-> [...]
-> He is sending thousands of emails to AOL users, who is then bouncing them
-> to me.
-> [...]
-> Thinking about this, there is no solution; here are my options:
-> 
-> 1) blackhole AT&T, which does nothing, since the mail is bounces coming
-> from AOL.
-> 
-> 2) blackhole AOL, which would fix my attack, but would break all
-> legitimate mail from/to AOL.
-> 
-> 3) temporarily blackhole mailme.com, which would prevent me from getting
-> the bounces, but then I can't send/get legit mail.

You forgot:

4) Deny relaying, which sendmail 8.9.1a will do by default (has worked
  great for us so far), and
5) Deny access to dial-access.att.net (and dialsprint.net, da.uu.net,
  pub-ip.psi.net, etc) which is what we're doing here just because we
  get so much spam directly from such dialup accounts these days.

Anyone have a list of legitimate outgoing SMTP servers for the big dialup
companies (UUnet, PSI, Concentric, AT&T, Sprint, etc)?  So far I haven't had
any complaints about blocking stuff like da.uu.net, but I'd like to make sure
that legitimate email can still get through.

                        -Robert Tarrall.-
                        System/Network Admin
                        E Central