Thu Jun 22 13:08:17 PDT 2006
Steer Clear of ClearWire
I know I usually rip on Charter when
I post about rotten ISPs, but I thought I'd give things a change of
pace by ripping on ClearWire for a while instead.
After my latest round of problems at Charter, I thought I'd give ClearWire a try. It turns out that they're even worse; they won't tell you which ports they block, but my experience is that they are at least blocking all service ports below 1025. When I spoke to customer disservice about it, it turns out that they do this even with their "business" class of service. In other words, your idea of business use of the Internet must be pretty much confined to surfing the web in order for you to find ClearWire useful--and I use the word "useful" advisedly.
I have to admit that their Orwellian insistence on saying "Yes, we manage those ports for our customers" every time I used the word "blocked" was an interesting use of new-speak, but not interesting enough to use them as an ISP. I suppose they think that if they say "managed" instead of "blocked" often enough, people will start to think of it as a value-added service instead of a bowdlerization of the Internet.
Anyway, I wanted to save some of my fellow geeks the trouble I went through. YMMV...but in this case, I rather doubt it.
After my latest round of problems at Charter, I thought I'd give ClearWire a try. It turns out that they're even worse; they won't tell you which ports they block, but my experience is that they are at least blocking all service ports below 1025. When I spoke to customer disservice about it, it turns out that they do this even with their "business" class of service. In other words, your idea of business use of the Internet must be pretty much confined to surfing the web in order for you to find ClearWire useful--and I use the word "useful" advisedly.
I have to admit that their Orwellian insistence on saying "Yes, we manage those ports for our customers" every time I used the word "blocked" was an interesting use of new-speak, but not interesting enough to use them as an ISP. I suppose they think that if they say "managed" instead of "blocked" often enough, people will start to think of it as a value-added service instead of a bowdlerization of the Internet.
Anyway, I wanted to save some of my fellow geeks the trouble I went through. YMMV...but in this case, I rather doubt it.
Thu Jun 22 12:53:31 PDT 2006
Say HELO to Less Spam
I haven't updated this blog in a
while, but it's not because there aren't geektastic things going on
in my life. There are only so many hours in the day, after all, and
sometimes blogging is the first thing that has to go when things
get hectic.
I've recently beefed up the anti-spam tactics of my codegnome.org domain. As I may or may not have mentioned before, I take a pretty strong defense-in-depth strategy to spam. My toolbox includes various blocking techniques at the SMTP server level, as well as revocable email addresses, a challenge-response system, and Bayesian filters at the individual account level.
I was recently noticing that my mail server was still accepting way too much obvious spam, so I took a look at my Postfix configuration. The first thing I noticed was that I hadn't updated any of my blacklists in a while, so I added the Exploits Block List to my existing Spamhaus SBL queries to get better coverage.
It's a little hard to quantify, but my off-the-cuff estimate is that the HELO restrictions have reduced the amount of spam allowed in the front door by almost 80% all by themselves. Blocking spam sources before accepting the message for further processing is not only more resource-efficient for the server itself, but it also uses less network bandwidth, which is a good thing for smaller pipes like mine, leaving more of the network available for the fun stuff.
I've recently beefed up the anti-spam tactics of my codegnome.org domain. As I may or may not have mentioned before, I take a pretty strong defense-in-depth strategy to spam. My toolbox includes various blocking techniques at the SMTP server level, as well as revocable email addresses, a challenge-response system, and Bayesian filters at the individual account level.
I was recently noticing that my mail server was still accepting way too much obvious spam, so I took a look at my Postfix configuration. The first thing I noticed was that I hadn't updated any of my blacklists in a while, so I added the Exploits Block List to my existing Spamhaus SBL queries to get better coverage.
smtpd_client_restrictions =
reject_rbl_client relays.ordb.org
reject_rbl_client sbl-xbl.spamhaus.org
I also noticed that a lot of spam comes from non-existent hosts, or
hosts that provide incorrect HELO/EHLO messages when connecting. I
tightened that up, too.
smtpd_helo_required = yes
smtpd_helo_restrictions =
reject_invalid_hostname
reject_non_fqdn_hostname
reject_unknown_hostname
So far, I've had only one legitimate mail source caught up by the
new HELO restrictions, but Postfix allows me to make exceptions in
such cases by using a check_helo_access hash table
lookup as the first item inside the
smtpd_helo_restrictions context.It's a little hard to quantify, but my off-the-cuff estimate is that the HELO restrictions have reduced the amount of spam allowed in the front door by almost 80% all by themselves. Blocking spam sources before accepting the message for further processing is not only more resource-efficient for the server itself, but it also uses less network bandwidth, which is a good thing for smaller pipes like mine, leaving more of the network available for the fun stuff.