OT: Be sure your rDNS is in place...

[Bill Campbell]

On Mon, Jun 28, 2004, Bill Vermillion wrote:
>On Mon, Jun 28 00:05 , while impersonating an expert on the internet, 
>John Esak sent this to stdout: 
>
>> A few weeks back I found I couldn't get mail directly to
>> bill at celestial.com. He told me that it was because I didn't
>> have my rDNS setup correctly (or at all). I was under the
>> mistaken impression that because we buy a managed router from
>> AT&T that this service would have correctly set up our rDNS for
>> us when we gave them the domain we wanted it attached to... no
>> such luck. It says they will do this in their contract, but
>> they didn't!
>
>AT&T has gotten very sloppy in all their businesses in the last
>couple of years.  I even had to go to the Florida PUC about them 2
>months ago after talking to AT&T directly three times.  Needless to
>say when the PUC transfered me directly to the AT&T rep in
>Tallahassee they notice that.

AT&T has to be the worst IP provider I've had to deal with.  We installed a
new system in Michigan several years ago with a T1 to the Internet, and 4
PRIs terminating in their Annex 8000 dialup controllers.  The T1 came up
immediately, but I was having problems getting the PRIs on line.  After a
couple of days of talking to various ``support'' folks at AT&T, I finally
got one with enough clue that he figured out they had configured the dialup
lines as Channelized T1 (CT1) instead of PRI (I had spent at least a half-
hour in a conference call with the customer's phone person and AT&T while
defining the requirements).  It took the AT&T guy about 20 minutes to
reconfigure the lines as PRI, and everything suddenly started working --
imagine that.

The real kicker is that about 60 days later, the customer ordered four more
PRI lines -- and AT&T again configured them as CT1 instead of PRI.

...
>What is really sad about the note you attached [deleted in this
>reply] is that RadidSite/Verio has just started doing this now -
>several years after most responsivle ISPs have been implementing
>this. Most for about 4 years at least.
>
>One site I manage used to get close to 300,000 spams PER DAY.  At
>least 1/2 of those were from IPs that could not reverse and many
>were forged.

No rDNS is probably the 2nd largest cause of rejections I see.  The largest
by far are cases where the connecting machine introduces itself with ``HELO
$my_ip_address'', ``HELO $my_host_name'', or some other HELO variant where
my server is supposed to think it's talking to itself.

>The spam problem we have today is partly because of people like
>RapidSite/Verio who have waited far too long to implement this.

The spam problem (and most other network abuse problems) are due primarily
to the proliferation of insecure Windows systems on the 'Net.  Ten years
ago when we started selling systems to ISPs I refused to install anything
but *nix systems, saying that putting Windows directly on the 'Net was
asking for disaster.  We've turned down a fair amount of business as a
result, but everything I predicted has been proven correct.

>And as to checking for open-relays that has been pretty much
>standard for responsible provders since about 1997.

Open relays are a minor part of the spam problem today.  I've seen numbers
saying that 80 to 90 percent of the spam today comes from zombie servers
running on owned Windows boxes, mostly from large broadband providers
(Comcast is very high on this list).  FWIW, these estimates come from
knowledgeable people at some of the largest ISPs, not from know-nothing
``journalists'' or slash-dotters.

It seems reasonable to assume that many of the latest worms have as their
primary purpose to install zombies that the spammers can use.

Bill
--
INTERNET:   bill at Celestial.COM  Bill Campbell; Celestial Software LLC
UUCP:               camco!bill  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

``Virtually everything is under federal control nowadays except the
federal budget.''
    -- Herman E. Talmadge, 1975