How will czfree.net prevent/deal with/handle warspamming?
It's surely only a matter of time before some "spina chlap" connects to czfree.net, finds an open simple mail transfer protocol port and starts Doing The Nasty Thing all the while remaining completely anonymous, as well as avoiding bandwidth costs.
Sorry, we don't have spammers here it's american feature ;-) We don't have their business war, so no spamming is necessary. Those who spam do it from their own computers - I mean serious business letters for own customers. Sending bullsh** to people makes no sense - it isn't mainstream. It would cost more resources to try to defend against it than to ignore it.
At the current time there is no public SMTP server in CZFree. I think that having one available for the members on each internet gateway would be nice.
If we want to set them up, we indeed need to think of a policy that will keep the spina chlap away ;-)
But I don't see that as too much of a problem. Why not having an account on the server for every member wishing to use it? And have the server either authenticate users throught SMTP or one of the hacks like "Relay-after-POP" ?
Accounts used for spamming will simply be deleted...
However, TgNet is the only internet gateway so far, and there is not a SMTP server on it yet, .... so until one is set up, we don't have to worry.
it takes two thing to effectively spam: have an internet connection - ok, freenet gives away 32kbps. But another is necessary: find an open SMTP relay which acquire your mail and resends it to thousands of users listed in RCPT TO: in smtp protocol. Spammers trying to abuse correctly configured server are refused by that server. So, the only thing "spina chlap" guys can do is to use free internet connection - which they can from other places as well. I hope nobody will set his smtp relay to be open.
The debate is worthwile - how can czfree reject saboteurs? We can identify a user's ARP address (factory set, unique) - but some clever guys with modified drivers can override it (but clever guys do not generally waste their talent by spamming).
I think that yes, it is a matter of time, but until czfree is very well known amongst spammers we can setup some general guides for users regarding this. You can write one!
oops - just realized - we DO have a problem already!
In fact, the spammer sitting on the Petrin hill can start spamming by running a mailserver directly on her notebook!
Her only limitation will be the speed, because she'll be delivering the mail directly to the destination mail servers.
So with the 32 kbps she won't be able to do much. But still, this is a problem, potentially resulting in our shared IP being put on blacklists.
The only thing we could do would be blocking all traffic going to port #25, and making our mail go through a smtp relay at the gateway, which could check permissions. But that is not really FREE, is it? :-(
OK, this is of course possible. But he (spammer) would not sit on petrin hill, but somewhere else with 24dBi antenna on roof. Is it really worth to invest in this equipment to become a WiFi spammer? 32kbps is shared, of course.
I have a solution. Proxy port 25 to local mailer daemon, with some preset limitations: some 1 mail/per minute limit, 30 mails per hour limit. Only for shared bandtwidth, of course (shared has different IP from regular users AFAIK).
Or 30 destinations instead of 30 mails.
Do you thing it is enough restraining or not? Our goal is to make it not feasible to spam thru shared inet connectivity.... not impossible.
24.09.2002 v 19:16
