Chris Bartram wrote:
>
>  [log in to unmask] writes:
>
> > Maybe Tivoli's email system won't treat my private service
> > provider's address the same as my employer's and let this pass
> > though this time.
>
> I don't think I'd blame that e-mail bouncing on Tivoli... What
> they're telling you is that your company's mailserver was identified
> (just like Raven/hp3000-l was just caught) as a server that doesn't
> prevent itself from being used to relay spam (or any other messages
> any outsider chooses to send through it).

To clarify a bit (as a fellow victim), these new "features" are very
aggressive (IMHO) means of dealing with spam, as legitimate mail gets
bounced.  I can understand their point, but it is going a step beyond
the traditional administrative responsibility of being accountable
for the immediate origin of the mail item in question.

Early spam forged the "Received:" headers hiding the true origin, and
many mailers never authenticated the origin they were told in the SMTP
HELO (or ESMTP EHLO) opening transaction.  If your mailer was used to
relay spam, and you had no authoritative evidence of where it came
from, it was your fault.  The next stage was to filter obvious sources
of spam, including "open relays" that were frequently targeted.

The current state of affairs appears to be active probing looking for
open relays.  Raven and several other mailers in our netblock suddenly
appeared on the list with a common timestamp, and many of the other
hosts flagged have never been used as a relay.

But for better or worse, I bit the bullet here and locked things down,
much to the chagrin of some laptop users who now have to change their
mailer configurations between the office and their home ISP.

Jeff Kell <[log in to unmask]>