Re: VOLKER--Re: Kids bypassing firewall via web proxy sites

In article <Xns978A95B35CD12juergennieveler@xxxxxxxxxxxx>
Juergen Nieveler <juergen.nieveler.nospam@xxxxxxxx> wrote:

No Spam <nospam@xxxxxxxxxxxxx> wrote:

That server, if it has guess-able aliases like "webmaster", "abuse",
...etc, and there is no protection against mass spamming and flood, you
will suffer, if you are the recipient of the emails to those addresses.

RFC2142-compliant role account aliases should be used if applicable,
though - so you should at least have postmaster@ and abuse@


You are reading challenged, aren't you?
Where did I say that I don't have such aliases on my servers?
Next time do your homework before looking stupid like this.

An while you are at it, read this:


____________________________________________________________
From: No Spam <nospam@xxxxxxxxxxxxx>
Newsgroups: comp.security.firewalls
Subject: Re: VOLKER--Re: Kids bypassing firewall via web proxy sites
Date: Fri, 17 Mar 2006 08:50:09 -0800
Organization: No Spam.
Message-ID: <irpl12pmm6j9utk3ql1n5ravg8md36jlgf@xxxxxxx>


I filter all the "There was a virus in your message" bounces.

Any emails sent to postmaster, abuse, ....etc generally
known/guess-able/required addresses have a Challenge/Response mechanism
enabled on them, and all email servers that I administer have strong
anti-spam/security/RBL filtering installed and enabled.


I hate Challenge/Response systems, but there is no way of getting a
legitimate message at the postmaster, abuse, and other valid addresses
without such implementation, on a popular and busy servers like the ones
that I am responsible for.
A person sending a complaint, is expecting a response, therefore a
Challenge/Response usage is justified in this case, nowhere else it can
be used without adding major annoyance.

____________________________________________________________


I guess you are now exposed for being a person who can't read if his
life depended on it.


You and your fellow "Volker" character suggested that having an email
address like nospam@xxxxxxxxxxxxx is bad because anyone forging an
address like "president@xxxxxxxxxxxxxx" and sending a spam to
nospam@xxxxxxxxxxxxx will cause "president@xxxxxxxxxxxxxx" to receive
the bounce since nospam@xxxxxxxxxxxxx is not valid address.

Yes, and that's still true as long as the mailservers are set up
normally (and without breaking RFCs).


What has RFCs got to do with the above?
Nothing.
You're losing your marbles again?
Yes.

And while you are reading this:

There are no RFCs forcing you to:
1. Use a valid email address on usenet.
2. Accept connection from sources trying to send an email to an invalid
address.
3. Not a DNS lookup before you accept the connection.




You both also claimed the same thing would happen for any
webmaster@xxxxxxxxxxxx being forged, sending spam to
nospam@xxxxxxxxxxxxx which means webmaster@xxxxxxxxxxxx will receive the
bounced email.

Which is exactly the same as the above, of course.


No it is not, because not everyone is as incompetent as you and your
fellow clueless friend "Volker" to setup an email server which is wide
open for any abuse.


The flaw in this weak and in fact pitiful argument is:

1. Almost all SMTP servers would NOT parse invalid addresses like
nospam@xxxxxxxxxxxxxx

What would they do with it then?


Connection refused at the SMTP level, before even the transmission
begins, clueless.
Learn how to setup your email server properly before whining like this.

A vanilla installation of any email server software will accept the
connection and the would send the response back to source, but NOT a
properly setup server with proper protection.

Yes - they'll respond with an error
message. That goes where?


I can suggest few places, but you won't like the answer.


The problem with you and your type, is that you are blinded by your own
ignorance.

You should learn how to:
1. Force DNS and reverse DNS checking before accepting connections.
2. Use Block lists.
3. Use MTA level filtering, before your LDA level filtering.
4. Protect your common and guess-able aliases to prevent being flooded
with emails that have spam/virus/malicious content in them.

If you are running a server without AT LEAST the above precautions, then
you should not be even handling such a task, and you are an incompetent
admin.

The above is the absolute MINIMUM, any competent admin with a clue will
have much more added to his list.



2. Almost all spam software which are out there would NOT send an email
to an address like nospam@xxxxxxxxxxxxx, they check email address
format, and then act on it.

I bow to your superior experience in running spam software ;-)


Yes I know a lot about them, and you should bow.
It is part of my work in 2 places to investigate them, and work with our
programmers in coming with better defense mechanism.

Working in IT security in a fortune 500 corporation is not something for
the clueless and the ignorant like yourself.
Sorry kiddo, but you will eventually grow up and learn.


In my experience, however, spammers often don't bother with any checks
like that.


Because your experience is limited and in fact almost non-existent.

Why should they... it's not a problem for them if a few
thousand undeliverable mails are in the spam run.


Almost all spamming software collect the email address, run syntax
check, remove duplicates, categorize, ....etc.

You should do your homework before looking foolish like this.


3. If you have an email server with guess-able aliases like webmaster
and alias and do not run a server side protection against spam and
flood, then you deserve what you get.

If you don't have at least postmaster@ and abuse@, you deserve to be
listed on the RFC-Ignorant-RBL.


Speaking of the ignorant, why can't you read before you respond?
Where did I say that you should remove such aliases, clueless?

Reading comprehension seems to be challenge for you.

Read few lines above, what I posted about handling such aliases.
Do you see me anywhere suggesting that anyone should remove those
aliases?
No, clueless, I said you should protect them.




4. Protecting yourself from spam is YOU responsibility, not mine.
I will NOT endure spam and maintain a valid email address to catch spam
to accommodate you and other clueless users who don't understand email
basics nor can grasp facts about spam and email server setups.

Fine, I'll just killfile every non-existing TLD from now on - problem
solved.



Translation: "I got educated and schooled, and now I have to run away,
trying to find a graceful exist after being humiliated for being an
arrogant dickhead who doesn't know what he is talking about"


You should also follow the links that you were given about how to alter
your From: address to avoid getting spammed.
Funny, none of those links suggested using a valid, throw away address
to accommodate spammers and clueless email admins like you and "Volker"
are suggesting.

Which proves that there's a lot of garbage out there.


Which proves that you can't read, period.


There's also
people who suggest using stuff like Mailwasher - which actively sends
out fake bounces to the faked From-adresses. I think you'll at least
agree that this is a bad idea.


That is a bad idea, nobody with a clue would say that it is not.
Any email bounce, in my opinion is a bad idea, but it is necessary for
notification purposes, and is getting abused by clueless software
authors that implement such a feature in their software and put it in
the hands of clueless people to flood others of meaning less bounces.
But that's the nature of the beast.
Everything can be abused.

The same thing is said about clueless McAfee and Symantec server side
spam and virus protection, as the default installations sends a bounce
message "Your email has a virus in it" and similar crap to the From:
address, while it is known that virus emails usually are showing a
random address picked up from the victim's address book.

Consider yourself educated again.

Good for you, because that is as graceful as it can be for your exit.
Any further discussion on this would show how clueless you are.

Actually, I'll spare the world


You speak for the world?You think that the world is waiting for you to
protect it?
More evidence that you are delusional, liar boy.

more demonstrations of how clueless and RFC-ignorant you are.

You couldn't read FAQs and RFCs, assumed that SMPT servers work in some
way that they usually don't, and lied about what I posted, and I am the
one who is "clueless and RFC-ignorant"?
Boy you are thick.


See you again when you choose to use a sensible address...

Not so fast, clueless.
Running away because you can't handle being proven wrong?
No problem with me, as long as you don't lie your way out of this
thread, claiming that I said that abuse@ and webmaster@ addresses should
be removed.

You're resorting to lying, and that's a certified loser's modus
operandi.

Here is a free clue for you, clueless.
Running around obsessively screaming "RFCs" doesn't make you look good
or convince others that you know anything about them, and in fact proves
that you managed to find them through your google search, desperately
trying to find something to counter after being proven wrong.


Now I will leave you to drown in your own ignorance, clueless boy.
I am done with you, and I am adding you to kill file, since you are so
obsessively lying trying to win an argument that you already lost.

I wasted enough time on educating you, and that is not working with you,
since you are so dense and thicker than a brick.


Go play in the traffic, junior.
Consider growing up, it is much better than being stuck in that teenager
mentality that you are doing now.


*PLONK*!


.

Loading