Corking the Spam Fire-hose

Panthera tigris

Panthera tigris (Photo credit: rubund)

Happy Dance! Happy Dance! See me dance the Happy Dance!

Our crack IT team have just uncovered a leak through which a lot of spam was flowing. Corking … NOW!

Expected results: less spam! Yay!

Possible unintended side effects: some legitimate email may be blocked. Specifically, if some part of your mail system ignores “DNS MX records,” you could be affected. If your email to Tigris has suddenly started bouncing (time-outs, connections refused), ask your mail-server admins about “DNS MX.” Or comment here, and I’ll try to help out by private, non-Tigris email. (I’d suggest you email feedback, but if you can’t email Tigris, I guess you can’t!)

3 Responses to “Corking the Spam Fire-hose”


  1. 1 Anders Larsen January 5, 2013 at 7:51 am

    Not sure what you mean by “if some part of your mail system ignores DNS MX records” – if that were the case, I wouldn’t be able to send any e-mail at all, would I?
    At any rate, my e-mails to tigris addresses seem to get silently blackholed.

    A quick test from here shows:
    $ smtp-source -v cylon1.sjc.collab.net
    smtp-source: name_mask: all
    smtp-source: vstream_tweak_tcp: TCP_MAXSEG 1360
    smtp-source: <<< 554 cylon1.sjc.collab.net
    smtp-source: fatal: rejected at server banner: 554 cylon1.sjc.collab.net
    $ smtp-source -v cylon2.sjc.collab.net
    smtp-source: name_mask: all
    smtp-source: vstream_tweak_tcp: TCP_MAXSEG 1360
    smtp-source: <<< 554 cylon2.sjc.collab.net
    smtp-source: fatal: rejected at server banner: 554 cylon2.sjc.collab.net
    So I'm being blocked.

    Funny enough, mxtoolbox (http://mxtoolbox.com/SuperTool.aspx?action=mx%3Atigris.org) has no problem communicating with the a/m collab mail-servers.
    Are you blocking IP addresses based on geography or something like that?

    • 2 jrep January 7, 2013 at 11:08 am

      No, ignoring MX doesn’t mean you can’t send mail, it only means you send mail directly to the host named in the address rather than to the intermediate mail handler. In the case of Tigris, MX records lead “user@tigris.org” to the “cylon{1,2}” mail gateways, but an MTA that “ignores MX records” would send directly to Tigris anyway. This violates standards, but is a common dodge among spammers, enabling them to bypass spam filtration on mail gateways, like our cylons.

      What we’ve done is block port 25 for Tigris itself (unless coming from the cylons). So MX records should lead your email to the cylons, they do some spam filtering, and then pass the message on to Tigris itself.The cylons block (silently drop) messages based on several criteria, some having to do with content, some having to do with point of origin.

      The fact that you smtp-sourced the cylons, rather than Tigris itself, suggests you yourself are obeying MX. I’m not sure, but I suspect your smtp-source attempts failed because you effectively addressed a message to cylon{1,2}. The cylons don’t accept mail for themselves, only for the protected systems, like Tigris. I’m not familiar with this tool, but after checking the man page I’m not sure how to use it to test this configuration; possibly “smtp-source tigris.org” would follow the MX trail to the cylons?

      I’ll work with our IT folks to fix your blockage.


Comments are currently closed.



tigrisdotorg on Twitter

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 168 other followers

Tigris.Org is powered, hosted, and managed by CollabNet, Inc.

Tigris.Org is powered, hosted, and managed by CollabNet, Inc.


Follow

Get every new post delivered to your Inbox.

Join 168 other followers

%d bloggers like this: