To continue with this subject, I'll try to explain how this server handles e-mail.
Only valid users on this system are allowed to use the server as an SMTP server. SMTP servers send mail. Since there is no way to login to this system such as by modem the way a dial-up ISP would work, the best option for validation and the right to send mail through is with a process called POP-before-SMTP. This system requires that a valid system user check their mail here before they will then be allowed to send any out. The server logs the requesting user's IP number for a very limited time when they POP for their personal mail. When that time limit is up, they must POP again before they can send any more mail. Given all this, I usually tell new users to use the SMTP server that their dial-up/broadband ISP provides. Those servers validate user rights through the direct connection to the user.
In some cases, a dial-up/broadband ISP user MUST use the ISP provided SMTP server. I face this very requirement from Earthlink, my ISP. Earthlink requires their users to use earthlink SMTP servers and they block access to external SMTP servers. (I could get around this with tunneling/port forwarding tricks, but there is no reason to since I don't SPAM, nor do I need to hide where I'm from) As long as Earthlink continues to allow me to put my own domain name in the Reply To header, I don't mind using their SMTP server. Some ISPs (Verizon for example) even require that all their users use their verizon addresses in the reply to header. This policy can really hurt a business that wants to promote their own domain name so many businesses fled verizon when they implemented this policy. As far as I know, they still do this, but maybe they've wised up.
If you're not bored yet, please read on.
This server also blocks e-mails based on an access file that I maintain. If I get loads of spam from one domain or IP, I can add this bad stuff to the access file with a reject message and that mail will be refused. Recently, rogue machines on broadband have been attempting to send mail to/through this server. The server rejects all mail from domains that don't resolve. Meaning, if the domain isn't valid or doesn't answer when called, the mail is refused. Spammers often use made up domains in their headers.
The problem is, the machine that is asking mine to allow mail in/through is the only one I can block. If a bad/previously blocked spammer can get another machine that isn't on my block list to send the mail, my/this machine will still accept it. Mail is blocked based on the machine my server talks to...the last hop in effect.
Recently, (past six months of so) there has been a huge increase in mail coming from rogue SMTP servers on broadband IPs. I haven't found a list of all the broadband dynamically assigned IPs, or I would just add them all to my block file. No one should be sending e-mail with their own personal SMTP servers. Everyone should be using their ISPs SMTP server. These rogue machines on broadband are often, though not always, a machine that a spammer has hacked. Spammers plant these SMTP servers on hackable machines then run the spam through as fast as possible. The person who's broadband account is misused like that becomes the one accountable to the ISP..and they may not even know what is going on. Blocking these dynamic IPs wouldn't hurt legitiment users since they are using valid SMTP servers. Open wireless networks are also vulnerable to spammers. "War-spamming" is a new problem whereby spammers drive around looking for open wireless networks. WHen the find one, they park and use a laptop to send hundred/thousands of messages through these misconfigured wireless networks. Again, the wireless network owner is the one held responsible. If you have a wireless network, make sure you're not leaking access outside of your controllable area. Strange car parked out front? Your router going nuts?...check it out!
If an IP is particulary pushy and persistent, I'll just "de-route" them so that the server becomes completely invisible to that IP.
Remember the "finger" episodes? Those in that club were de-routed. They knew what it was like when TS became invisible to them.
So in the example Jennie posted showing the spam from AOL, that was a broadband user who's machine probably has a rogue SMTP server installed. It bypassed AOL's strict SMTP servers, but the route through the AOL system was still logged since they were logged into AOL. My machine excepted that piece of spam because all the headers appeared to be valid and that broadband IP wasn't in the block file. VILE SPAMMERS!
(NOTE: unlike Earthlink, AOL does _not_ block access to other SMTP servers. If they did, the spam Jennie got would have been trapped by AOL's outbound spam filters)
I also keep an eye out for user installed webmail scripts with known vulnerabilities that allow spammers to abuse this server. So far, no one has installed one, but if I found one, it would be removed. I keep upto date with newly found Sendmail vulnerabilities, and I've also disabled system banners that would tell a prober what version of Sendmail I'm running.
oh what I would give to have a server system that the whole world could agree to use and maintain in such a way as to deny ALL spammers...but as long as there is money to be made, either by the spammers or the system admins that allow them to use or pass through their machines, I don't see it happening. I also despair of any law that will be effective.
If anyone has questions or I've made a mess of this attempt to explain, please let me know and I'll try to clarify.
see ya
