[Gllug] ping

Ryan Cartwright ryan at crimperman.org
Wed Feb 8 10:36:39 UTC 2006 

Martyn Drake wrote:
<snip>
 > I've *never* liked  MessageLabs.  I had to
> use various RBL checkers to find out whether  the SMTP server was 
> blacklisted and it was ONLY listed in SpamCop.
> 

I was once considering using MessageLabs when I got a phone call from 
them. They claimed a client of theirs had received messages containg 
viruses from an IP address in our range and if I didn't reassure them 
that I was "taking steps" they would have no choice but to blacklist our 
address.
The IP address they quoted was our mailserver and I explained that it 
was unlikely our Linux server would dispatch Windows viruses. They 
couldn't give me many details because they didn't have the messages 
concerned (or their headers) to hand (!). We then had a heated 
discussion where I tried to get some kind of information about the time 
the messages were sent, who they were sent to etc. and they claimed this 
was confidential information. Eventually I got some timestamps from them 
and checked the logs it turned out that we had received messages with 
viruses from a (possibly spoofed) address on their client's domain and 
they were trying to send them to false addresses at our domain. Our 
server bounced[1] them as unrouteable and it was these bounces that 
Messagelabs picked up.

So they phoned me to complain that I was sending their client viruses 
that were actually legitimate bounces, albeit as a result of a spoofed 
sender. They then (after half a day of me sorting this out for them) had 
the audacity to ask if we would consider using their service as it has 
many benefits. I canit remember exactly what I replied but I seem to 
remember phrases like "protection racket" and "bullying" were used.


Ryan
[1] The server was running exim 3.2 at the time. I've since moved to 
Exim 4 and through the wonders of ACL we no longer generate bounce 
messages for unrouteable addresses we just reject the message at smtp 
level. Saves a lot of overhead for our server especially as most of the 
unrouteables were for spoofed (and false) addresses on our domain used 
to send viruses from zombies.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list