<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hoi Zäme,<br>
<br>
Seit einiger Zeit ist unser mailserver auf dronebl gelistet.<br>
<br>
Als Grund ist ein "type 17" vermerkt.<br>
Gehe ich dem nach, so bekomme die herzerwärmende Erläuterung :<br>
<br>
<h2>A message to ignorant sysadmins about type 17</h2>
<p>Dear ignorant system administrators,</p>
<p>Lately I am getting a lot of removal requests with comments in
them that they fixed the email spam source while the reason they
are listed is because their servers are usable as open proxy. The
comment itself already shows you are not reading what the message
above the removal request says and are simply filling in the form.</p>
<p>Lemme explain again what type 17 means. It is a collection of
hosts found by scrapers on several proxy listing sites such as
xroxy, spy.ru, several proxy blogspots, proxynova and similar
sites, they or the submitters have tested your ip and found a way
to use your server as proxy. They did not check if your mailserver
allows relaying! So any excuse stating that you 'fixed' some spam
issue is lame. Ok, it does make the recipients of the spam happy
as they will no longer receive it from your servers, but not us,
as the real issue why you have been listed is NOT spam. We got
other classes for that (6 for example).</p>
<p>If you really can't find additional unwanted proc's on that box,
check your damn apache if you use mod_proxy and check if thats the
culprit by allowing a CONNECT statement. As you could have read in
your apache documentation you should limit it in the following way
(this is the case if you use stuff like
chiliasp/tomcat/jsp/whatever proxied through apache):</p>
<blockquote>
<p><Proxy *><br>
order allow,deny<br>
deny from all<br>
allow from <your network><br>
</Proxy></p>
</blockquote>
<br>
<br>
nun ist es tatsächlich so, dass wir einige zope/plone basierte
webserver auf dem system am laufen haben.<br>
diese haben jeweils einen einen Eintrag analog dem folgenden:<br>
<VirtualHost *:80><br>
...<br>
<Proxy *><br>
Order deny,allow<br>
Allow from all<br>
</Proxy><br>
<br>
Ich bin alle mir bekannten Anleitungen durchgegangen, um einen
anderen Ansatz als diesen zu finden.<br>
Da diese Server von beliebigen Netzen aus angesprochen werden, sehe
ich nicht, wie ich ein einschränkendes "allow from" Statment
formulieren müsste.<br>
<br>
Danke für Eure Hilfe<br>
Robert<br>
</body>
</html>