(Updated) Trouble Sending e-mail? Check this...

With all the current spam, we're taking a number of pro-active steps to help minimise it while trying to ensure genuine (legitimate) mail is not affected. Unfortunately, a few people (and systems) who are not RFC-compliant are experiencing problems, most of which can be easily fixed.

We don't run "spam filters" as our experience has been that most of them tend to generate an unacceptable "false positive" hit rate, and discard legitimate mail. There are also serious and unanswered legal issues about accepting mail on behalf of someone and then discarding it. The telecommunications act appears to preclude us (in this case as a Carriage Service Provider) from doing this. The Privacy act also appears to prevent us from "inspecting" your private e-mail in order to determine if its contents are spam or not.

What we do instead, is to refuse to accept mail from certain hosts. By rejecting the mail before it gets delivered keeps us in compliance with all RFCs and as far as we can tell, all relevent laws in this country.

We refuse to accept mail from hosts under a number of conditions, including:
* Hosts that are listed in one of several published Real-time Blacklists
* Hosts that try to send to 4 or more non-existant users an hour (usually dictionary attacks)
* Hosts that try to send to any of our "trap" addresses (usually illegally harvested addresses)
* Hosts that try to relay through us 4 or more times an hour (misconfigured mail clients, hopeful spammers)
* Hosts who send mail with unresolvable sender addresses
* Hosts whos smtp "helo" or "ehlo" greeting is not RFC compliant and contains only a hostname
* Hosts whos smtp "helo" or "ehlo" greeting claims to be one thing but the actual FQDN of the host is nothing like that (eg, "ehlo" greeting says "yahoo.com" but the host is dsl.pigpond.com.au)
* Mail with specific patterns in the Subject: header
* Mail from specific domains, hosts or addresses known to have been offenders

Apart from simply rejecting mail, many of the above will trigger a particularly effective mechanism, whereby we de-route (add a firewall rule to drop all packets from) the offending host for a number of hours. Depending on the offence, we will de-route (block) a site for between 1 and 24 hours. In cases where a number of different hosts with different IP addresses but all in the same network block have all been offending, we will upgrade the filter to drop their whole /24 address range. Genuine e-mail is not generally affected by this technique, as ISPs queue and re-try mail generally every 30 minutes for up to 5 days. Spammers generally "hit and run", and rarely retry. Thus, blocking a host will generally only slightly delay valid mail.

If you are experiencing delivering mail to our server, and you've been "de-routed" because of bad "HELO" greetings, please visit http://www.faqs.org/rfcs/rfc2821.html and particularly section 3.6 which says:
The domain name given in the EHLO command MUST BE either a primary
host name (a domain name that resolves to an A RR) or, if the host
has no name, an address literal as described in section 4.1.1.1.
You can check if your address is de-routed at the form at http://www.albury.net.au/netstatus/derouted.html

Update:With the proliferation of mass-mailing worms and virii which include their own SMTP engine, effectively bypassing any filtering on ISP mail servers, we are filtering outbound connections to port 25 for all dial-up customers. Customers should be sending mail through our mail server anyway, and all software and configuration instructions for our users have done this since 1995. There are very few legitimate reasons for users to need to send mail out directly, and in those cases we make exceptions. If you are affected, please call our support department. This filtering is our contribution towards the global reduction of spam.


(Published on 29-Apr-2004 16:54 by RossW, read 993 times)
Missed an article? Check the archives