Nixsys Public Access UNIX System

Unsolicited Commercial E-mail Policy

Contents

Overview

Mail servers, client software, or anything else wishing to interface with the Mail System here must conform to the following guidelines. Most of these specifications are RFC requirements, so this system does nothing but enforce them. There was a reason these standards were created - they've been around for awhile - and there's no excuse for developers and administrators not following them. The administration of this system is not responsible for mail rejected or permanently lost when others fail to follow this policy.

Bogon Filter

If the IP address of the NS or MX server for the host resolves to any address in the following list, it will not be permitted to interact with the Mail System here. Refer to the following sections for when these restrictions are applied. This list defines an address, in CIDR notation, and the reason why the address will be rejected. If, for some reason, some of these addresses have been released for public use and we haven't noticed or there's any further questions, please contact the postmaster: postmaster -AT- nixsyspaus -DOT- org

208.64.38.0/32
smurf attack
208.64.38.255/32
smurf attack
0.0.0.0/8
reserved for hosts on "this" network. See RFC3300 and RFC1700
10.0.0.0/8
reserved for private use. See RFC1918
100.64.0.0/10
reserved for Shared Address Space in RFC6598
127.0.0.0/8
reserved for host loopback address. See RFC3300 and RFC1700
169.254.0.0/16
reserved for the "link local" block. See RFC3300
172.16.0.0/12
reserved for private use. See RFC1918
192.0.0.0/24
reserved for IETF protocol assignments
192.0.2.0/24
reserved for "test net." See RFC3300
192.168.0.0/16
reserved for private use. See RFC1918
198.18.0.0/15
reserved for Network Interconnect Device Benchmark Testing
198.51.100.0/24
reserved for documentation
203.0.113.0/24
reserved for documentation
204.152.64.0/23
IANA reserved space
224.0.0.0/3
reserved for IPv4 multicast. See RFC3300

Message Body Filtering

Any message containing an exploit for one of many vulnerabilities in a certain company's poorly written web browser will be rejected. Please read US-CERT Vulnerability Note VU#842160 for more information. Get Firefox.

Data Restrictions

Requests will also be rejected when clients send SMTP commands ahead of time (data pipelining).

Client Restrictions

These restrictions apply to machines sending mail to this system. Clients sending mail to this system will be rejected if:

HELO / EHLO Command Restrictions

These restrictions apply to the hostname specified in the HELO / EHLO command sent from mail servers to this system. Clients are required to send a HELO / EHLO command to begin a mail transfer. Mail will be rejected if:

Sender Restrictions

These rules apply to the address sent by the client machine specifying the origin of the mail. Mail will be refused if:

Recipient Restrictions

These rules apply to the address sent by the client specifying the recipient of the message. Messages will be returned if:

Additional Notes

This policy has been published to acknowledge the importance of the RFC requirements in regards to the transfer of mail over the internet. This document may also serve as a reference for system administrators who wish to understand why mail from their systems was rejected by this one. If an administrator feels a site has been unfairly denied access to send mail to this system, the administration of Nixsys PAUS suggests contacting the Postmaster: postmaster -AT- nixsyspaus -DOT- org.

Every effort will be made by the Postmaster to contact the administration of sites who are denied access based on misconfigurations of their DNS settings. This will happen only if those sites are denied multiple times by the UCE restrictions on this system. Mail will still be rejected until the administration of the denied sites fixes their DNS settings. Sites who choose to not mend their broken DNS settings will continue to be denied access to send mail to Nixsys PAUS and possibly be added to the permanent REJECT list.

Back to the top!