How do I configure qmail to *NOT* use ORBS.org for spam filtering? I
tried to remove the line in the startup scripts relating to ORBS, and
the SMTP server refuses to run without it. I don't want to start a
flame war, but this outfit (ORBS) is blocking IP addresses unnecessarily
- please read the following that I received from Road Runner....... A rr
user tried to send email to a domain that I host and it bounced because
of ORBS and the 'HISTORY' outlined here. I called Mark Herrick today
and talked to him directly on the phone. This is how I found out that
qmail does this (uses ORBS) by default. I *DO NOT* want my mail server
using this outfit to filter spam......Mark had to use a hotmail address
to contact me because of this 'filter' that ORBS has on their server.
Any suggestions would be greatly appreciated.
--
Chris
Begin pasted message
**************************************************
Subject: jerland.com blocking rr.com/mediaone.net via ORBS
Date: Mon, 27 Nov 2000 10:30:16 -0500
From: "W. Mark Herrick" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Hello,
We are currently experiencing problems delivering email to jerland.com.
This
is due to a manual block from the ORBS system of which jerland.com
subscribes. Although we have a thorough anti-SPAM policy and properly
address these issues, Road Runner has been manually added to the ORBS
list
due to a request we made to the ORBS administrators. (see HISTORY) With
analysis and discussions with other providers, we believe that the
impact of
the ORBS block is very minimal and easily corrected on a case-by-case
basis.
We are currently only hearing 1 or 2 reports per week from our entire
customer base. We will take the information provided and work with each
provider to correct it with them directly.
I can assure you that the IP address that ORBS is currently blocking is
in
no way an open relay, and that it is being blocked solely due to ORBS'
testing servers being refused at our border routers. Road Runner takes
the
issue of open relay servers very seriously, and, in addition to
immediately
closing them as they are detected, performs proactive relay detection
checks
on its own network. Likewise, Road Runner also takes the issue of
unauthorized probes very seriously, and as such has taken steps to
minimize
potential abuse from outside sources. Many other major Internet Service
providers, such as Above.net, have taken this stance along with us. You
may
wish to take a look at http://www.orbs.org/hallofshame.html to see who
else
is "spite listed" by the ORBS project.
ORBS is currently blocking Road Runner IP Addresses with a DNS "A"
record of
127.0.0.4 - These are, according to the ORBS web site, considered
"untestable netblock entries" (see HISTORY). ORBS has, however, recently
made available a number of different "zones" that providers can
currently
utilize to block unwanted SPAM mail from open relay sources, but that
will
not block those "untestable netblock entries" sites such as Road Runner,
Above.Net, and Carnegie Mellon University.
More information regarding these "zones" can be found at
http://www.orbs.org/usingindex.html - All that is necessary to make this
change is to modify your mail server to query the ORBS database at
"outputs.orbs.org" instead of "relays.orbs.org". This will NOT affect
the
amount of SPAM that your servers block, only the amount of false
positives
that are affecting our combined users.
I would sincerely hope that you reconsider and/or restructure your use
of
the ORBS project. I can be directly reached at 703-345-2477 if you wish
to
discuss this further.
Sincerely,
W. Mark Herrick, Jr. <[EMAIL PROTECTED]>
Operations Security Manager
Team Lead - Usenet Operations
Road Runner Security - 703.345.2477
<[EMAIL PROTECTED]><[EMAIL PROTECTED]><[EMAIL PROTECTED]>
HISTORY:
Road Runner customers and Affiliates initially contacted us with a
security
issue. They were concerned with their privacy and security when an
unknown
entity (to them) began scanning them without permission. We initially
tried
to address this case by case and later contacted the ORBS administrators
and
requested this unwelcome scanning terminated. This is analogous to
someone
requesting they be removed from a list that they did not subscribe to.
With
this request, all Road Runner IP space was unexpectedly added to the
ORBS
list with a public statement on the ORBS WWW site, as well as the bounce
message which our subscriber has received. As scanning continued against
our
repeated requests, the individual ORBS scanning hosts were filtered out
of
our network.
Although we strongly believe in stopping SPAM on the Internet, as well
as
respect the initial work and charter ORBS has been under in the past, we
have serious concerns at the current methods and actions that are taking
place:
e.g.
- Scanning of private networks without permission from targets
- No REMOVE capability from the ORBS scanner
- When someone tries to stop or block the ORBS scans, they are blocked
by
ORBS.
- No warning, as well as false public statements about the individuals
scanned or their provider. THAT IS: If you have a relay (known, or
unknown
to you) you are called a SPAM supporter publicly without any warning to
correct it before ORBS adds you.
- Misinformation on ORBS' own web site
(http://www.orbs.org/whatisthis.html)
"What is ORBS? The short answer: ORBS is a validated database of open
mail
relays and open mail relay output points, accessable via DNS lookup."
- The addition of Road Runner hosts to a database which are not listed
via
their normal web lookup at http://www.orbs.org/verify_1.html - this is
deceptive to most end users.
Road Runner believes strongly in the fight against SPAM. We have
address it
with strong policies, enforcement and our own relay detection methods.
We
will continue this effort, work together with other providers and the
Internet community (including ORBS) to make a difference. However, we
reserve the right to assess the methods used, by whom and determine the
best
way to accomplish the desired results for our business.
At 04:35 PM 11/22/2000 -0600, you wrote:
> Not sure what this all means to me. What are multiple open relays? What is
> a 451 and why is it untestable? help
Thank you
kathy g.
----Transcript of session follows -------
[EMAIL PROTECTED]
451 untestable - rr.com has multiple open relays and its admins have
demanded that ORBS not test further. Complaints to [EMAIL PROTECTED]
*************************
