Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2b

Rich Freeman on 6 Sep 2018 09:39:21 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Date: Thu, 6 Sep 2018 12:39:05 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Thu, Sep 6, 2018 at 12:08 PM Ron Guilmet <ronpguilmet@gmail.com> wrote:
>
> When it comes to an email server they are very protective. For example,
> I can't setup an email server, and have it running tonight. I have to
> fill out all kinds of forms showing how I intend to handle spam, and it
> has to be approved before they will lift the smtp restrictions that
> every EC2 instance comes with.
>...
> Is there a way to get IPs that are not involved in email spam penalized?

This is already a solved problem, and this is WHY they are so
protective about outgoing email.  Their SES service (mail forwarding)
is likewise very protected.  If Amazon didn't tow the line they'd end
up spam reputation lists and then half the planet would be bouncing
their mail, including all the major ISPs/etc.

I imagine they have email-approved netblocks they coordinate with the
reputation services, and ones that are blacklisted.  They don't let
servers use the reputable netblocks without a lot of control, because
they lose all their business if those blocks get a bad reputation.

The reputation services are all third-party, and tend to be run by
folks with more of rsk's mindset.  If you get on the bad side of them,
you're basically done.  No appeals to ICANN or whatever, they have no
official standing, but everybody uses them.  Your only appeal is to go
to every ISP and work out a side deal to whitelist traffic.  Amazon
probably could do that, but wouldn't want to, largely since those ISPs
would just put the same conditions on them anyway.

Do similar reputation services exist for services other than email?
The problem is that you probably do want to accept ssh from dynamic
blocks/etc, which is usually the first thing that spam filters go
after.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
  - From: Fred Stluka <fred@bristle.com>

References:
- Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
  - From: Rich Kulawiec <rsk@gsp.org>
- Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
  - From: Ron Guilmet <ronpguilmet@gmail.com>

Prev by Date: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Next by Date: Re: [PLUG] Fwd: iDRAC
Previous by thread: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Next by thread: Re: [PLUG] Linux tip: Log IP addresses, not hostnames, for use by fail2ban...
Index(es):
- Date
- Thread