Actually, if you read my post you will see that I was questioning the way the article was written - I was saying that the article implied Outblaze was running open servers.
No. You did not give that impression at all. You posted: Having received spams relayed by Outblaze servers, I don't think that's what is happening. I think they are running open mail servers, and trying to keep the spammers from using them.
After your 'modern' rules for a non-relaying setup, you make the above comment. You are no where saying the article implied that Outblaze was running open servers. First of all, you give your own interpration of the article that you think that the article is saying (which it is not) that Outblaze servers are RELAYING spam and not being flood by spam destined to accounts within Outblaze. You yourself say that the article reports that the guy had to block off a flood of mail from spammers to his sytem and then you add your interpretation that the mail is not destined for his system but was going through his system and you give the spurious reason that the mail was for relaying because he shouldn't be accepting them in the first place but since he is; it must be for relaying. Then you give your out-dated rules that supposedly tells spammers to go away and then state without proof that you have received spam relayed by Outblaze servers and finally conclude your interpretation that Outblaze is running 'open mail servers' which can only be if they were relaying spam.
Let's see proof of spam being RELAYED by Outblaze servers which you say you have received.
were my rules implemented the only ways a spammer could use the system would be to either spam the users of that system only, or to be a user of that system. Unfortunately, no ruleset will stop a spammer from abusing an SMTP server in that fashion.
Sorry, your rules match one a sendmail box could implement and that would also be an abusable. Coincidentally, Outblaze uses sendmail but not with your kind of rules AFAICT. The portion about if sender is one of my users could be implemented in sendmail as: if sender address domain is one of mine (eg: mail.com RELAY in access table) then accept and relay the mail. Any sendmail box using this configuration can be abused by forging the domain in the sender address and this is quite common among sendmail installations that are abusable. Sendmail is the only MTA that does this too. Oh, Outblaze only provides smtp-auth relay service for paying users and they go through different servers than the ones used to accept mail for its users. I'm sure spammers are ready to lose money paying for an account to send their spam.
Nah, you were not questioning the way the article was written. You were giving your own interpretation of what was reported in the article. Then some Anonymous Coward came along and now you are defending yourself and blaming the article. Nice try.
nah, they didn't overlook anything. You posted your allegation that Outblaze is running 'open mail servers' without any proof to back it and you provided a set of rules that was used by sendmail and which allows spammers to abuse it and you call it 'modern'.
If anything, the posters put things in the clear with proper actions attached too.
Slashdot Mirror
No. You did not give that impression at all. You posted: Having received spams relayed by Outblaze servers, I don't think that's what is happening. I think they are running open mail servers, and trying to keep the spammers from using them.
After your 'modern' rules for a non-relaying setup, you make the above comment. You are no where saying the article implied that Outblaze was running open servers. First of all, you give your own interpration of the article that you think that the article is saying (which it is not) that Outblaze servers are RELAYING spam and not being flood by spam destined to accounts within Outblaze. You yourself say that the article reports that the guy had to block off a flood of mail from spammers to his sytem and then you add your interpretation that the mail is not destined for his system but was going through his system and you give the spurious reason that the mail was for relaying because he shouldn't be accepting them in the first place but since he is; it must be for relaying. Then you give your out-dated rules that supposedly tells spammers to go away and then state without proof that you have received spam relayed by Outblaze servers and finally conclude your interpretation that Outblaze is running 'open mail servers' which can only be if they were relaying spam.
Let's see proof of spam being RELAYED by Outblaze servers which you say you have received.
were my rules implemented the only ways a spammer could use the system would be to either spam the users of that system only, or to be a user of that system. Unfortunately, no ruleset will stop a spammer from abusing an SMTP server in that fashion.
Sorry, your rules match one a sendmail box could implement and that would also be an abusable. Coincidentally, Outblaze uses sendmail but not with your kind of rules AFAICT. The portion about if sender is one of my users could be implemented in sendmail as: if sender address domain is one of mine (eg: mail.com RELAY in access table) then accept and relay the mail. Any sendmail box using this configuration can be abused by forging the domain in the sender address and this is quite common among sendmail installations that are abusable. Sendmail is the only MTA that does this too.
Oh, Outblaze only provides smtp-auth relay service for paying users and they go through different servers than the ones used to accept mail for its users. I'm sure spammers are ready to lose money paying for an account to send their spam.
Nah, you were not questioning the way the article was written. You were giving your own interpretation of what was reported in the article. Then some Anonymous Coward came along and now you are defending yourself and blaming the article. Nice try.
nah, they didn't overlook anything. You posted your allegation that Outblaze is running 'open mail servers' without any proof to back it and you provided a set of rules that was used by sendmail and which allows spammers to abuse it and you call it 'modern'. If anything, the posters put things in the clear with proper actions attached too.