A few days ago while looking through the e-mail rejection logs, I was
surprised to find some e-mail blocked by virtue of being in an RBL list and
coming from a host in the FAA.GOV domain. The e-mail was obvious spam, as
I'd blocked the same sender (from a domain in the UK) from various other
addresses.
Being a new private pilot and with the recent of September events fresh in
my mind, I quickly investigated. Sure enough, there was a host on their
network, loaded with software from that outfit in Redmond, and happily
spewing relayed mail. (I tested whether it would relay mail from anywhere
to anywhere else by telneting to its smtp port.)
Furthermore, to get on this exclusive RBL list, the e-mail relay must've
been in operation for some time.
Imagining scenarios where relaying e-mail through the FAA system might at
best be an embarrassment, and at worst might be some kind of a security
threat, I immediately e-mailed whatever addresses I could find on their
website as well as the usual postmaster@faa.gov etc. So far, no response,
and according to my log files, I'm still rejecting spam from them.
While many US Federal Government agencies are discovering the virtues of
Open Source for security, I'm dismayed to find that the FAA is still using
software well known for insecurities on their website as well as other hosts
connected to the Internet. Getting junk e-mail relayed through the FAA might
be just an annoyance, but it might also point to other security issues
there.
So if you get any e-mail from the FAA, be careful. It's probably just
SPAM, but it might be worse.
Follow-up: Mon, 5 Nov 2001 15:41:11 -0500 (EST)
I didn't want to include the identifying IP address in the original
submission, to protect the guilty, but it looks like they took it off this
morning. I tried pinging the address and they are no longer there. The
last SPAM which was sent my way from that address was at 1:15 this morning
EST.
Although I e-mailed about 4 addresses at the FAA, including one for emergency
response, I've received no replies as yet. But I guess the message finally
got through this morning. Maybe they'll take it as a wakeup call, which I
didn't think they'd really need after the recent events...
Here's the last log entry from my mail log, with the local address changed.
I'm using Exim.
2001-11-05 01:15:18 recipients from atos.faa.gov [204.108.10.130] refused
2001-11-05 01:15:18 recipient refused
from atos.faa.gov [204.108.10.130]
sender= (host_reject_recipients)
Bill Duncan, VE3IED http://www.beachnet.org bduncan@BeachNet.org
+1 416 693-5960 [Bill Duncan via risks-digest Volume 21, Issue 73]
0:00
#
G!
