DUL (was Re: RBL report..)
I've just sent another, long, message about mail acceptance, blacklisting, and this whole flamewar. Please read that message first; it explains the context of this mail, and without it you might misinterpret this one. This message is about my opinion of the DUL, which I support and use. In fact my software will not usually accept mail from dynamic dialups anyway - even those not on the DUL. It does seem that some people do find it beneficial to send mail direct from their dialups (static or dynamic). I don't understand why they think this is a good idea, and I think it has a number of technical problems. However, I don't think that it's reasonable to effectively forbid people from doing this solely for those reasons, provided they're willing to accept the consequences - which will include excessive retransmissions over their modem, long connect times, and/or extended delays to the delivery of mail. *But*, there is a definite problem with people using _dynamically assigned_ dialup. This is because a dynamic dialup address cannot effectively be blacklisted, and mail sent direct from such an address cannot be monitored or controlled by the connectivity provider. Since much of the net's current spam-fighting infrastructure is based on blacklists of IP addresses and proactivity by ISPs, this is a big problem. That mail direct from dynamic dialups is a problem is recognised throughout the community. Not only did Paul Vixie, the author of BIND, and other leading lights of the Internet, decide to host, support, etc, the DUL. Many ISPs prevent you from doing direct SMTP by having their routers block outgoing SMTP or transparently redirect it to their own mailservers. I think that this is going to become much more common. Use of the DUL is becoming more common too - for example, Cambridge University no longer accept DUL mail. Sites that use DUL blocking report that it has very low false-positive rates - some claim even lower than the MAPS RBL. Now, I agree that for those people who want to do direct SMTP from dynamic addresses it is inconvenient for them to have to change, but I don't think this inconvenience is very great. Furthermore, the number of people inconvenienced in this way is very low, and all the people who are doing this are technically competent and have quite reasonable alternative ways of having their mail delivered. (IMO doing direct SMTP from a dialup accidentally or `by default' almost certainly reflects a bug in the software or documentation or a mistake by the user.) It's clear, though, that the project will have to come to a common decision about this. It's not just about what the project's mailservers will accept. As I said in my other mail, since we all need to communicate with each other, either every developer must be forbidden from using the DUL, or every developer must either not send mail direct from their dynamic dialup, or must be prepared to send it differently if there is a problem. Until a common decision can be arrived (if only by vigorous ranting here until one side feels they can't win), this issue will keep raising its head. We can't punt on it. If we decide that developers are allowed to reject DUL mail then the listmanagers should be allowed to do so too on the central systems. Ian.
Re: DUL (was Re: RBL report..)
On Mon, Apr 03, 2000 at 12:56:05AM +0100, Ian Jackson wrote: That mail direct from dynamic dialups is a problem is recognised throughout the community. Not only did Paul Vixie, the author of BIND, and other leading lights of the Internet, decide to host, support, etc, the DUL. Many ISPs prevent you from doing direct SMTP by having their routers block outgoing SMTP or transparently redirect it to their own mailservers. I think that this is going to become much more common. Use of the DUL is becoming more common too - for example, Cambridge University no longer accept DUL mail. Sites that use DUL blocking report that it has very low false-positive rates - some claim even lower than the MAPS RBL. You appeal to authority, call for bandwagon jumping, and rely upon anecdotal accounts, but have yet to point to an RFC that forbids or discourages the establishment of outbound SMTP connections from dialup machines, whether they have dynamically assigned IP's or not. The best way to force people like myself to do what you want is to get your personal preferences on the standards track. If they as widely shared as you assert, this shouldn't be an insuperable problem. Once you have done that, you won't have to shore up your position with invalid inferences. -- G. Branden Robinson|A celibate clergy is an especially good Debian GNU/Linux |idea, because it tends to suppress any [EMAIL PROTECTED] |hereditary propensity toward fanaticism. roger.ecn.purdue.edu/~branden/ |-- Carl Sagan pgpGPGWELM81K.pgp Description: PGP signature
Re: DUL (was Re: RBL report..)
Hi, I don't like getting spam. I dislike the fact that I am inconvenienced. I have not yet decided to give in, though. And, in my opinion, bouncing mail from people innocent of sending spam is giving in to spammers. I ifnd this phenomena remniscent of may people in the trhoes of a war: they become obsessed by the enemy; and collateral damage is increasingly acceptable in the pursuit of the war. I have not yet gotten that numbed out. The problem with DUL is that they don't care if the people blocked ever sent any spam. The have the wrong color ski^H^H^H^H^H^H^H^H^H type of connection, and must be the enemy. Frankly, it is an arbitrary criteria to reject mail, based on an assumption that people from those kind of net neighborhoodsare more likely to commit crimes, since criminals in them there neighborhoods are less likely to be caught and punished. The Net version of racial profiling. Personally, if I get a bounce from anywhere telling me they have blacklisted me, I return the favour. It's all going to end in heat death anyway. manoj -- Perhaps the most widespread illusion is that if we were in power we would behave very differently from those who now hold it -- when, in truth, in order to get power we would have to become very much like them. (Lenin's fatal mistake, both in theory and in practice.) Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Re: DUL (was Re: RBL report..)
On Mon, Apr 03, 2000 at 02:38:24AM -0500, Manoj Srivastava wrote: It's all going to end in heat death anyway. Of course, so we might as well turn off the computers right now. Cheers Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: DUL (was Re: RBL report..)
On Mon, Apr 03, 2000 at 12:00:52AM -0400, Branden Robinson wrote: You appeal to authority, call for bandwagon jumping, and rely upon anecdotal accounts, but have yet to point to an RFC that forbids or discourages the establishment of outbound SMTP connections from dialup machines, whether they have dynamically assigned IP's or not. RFCs do not forbid or discourage spam either, yet most people do not consider it to be a good idea. Once you have done that, you won't have to shore up your position with invalid inferences. Nor will you. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED] pgpR9F392AgPg.pgp Description: PGP signature
Re: DUL (was Re: RBL report..)
On Mon, Apr 03, 2000 at 02:38:24AM -0500, Manoj Srivastava wrote: The problem with DUL is that they don't care if the people blocked ever sent any spam. The have the wrong color ski^H^H^H^H^H^H^H^H^H type of connection, and must be the enemy. The analogy is flawed. Solutions have been offered several times owner for DUL-listed or potentially DUL-listed users. All of which should not be too difficult to set up for a Debian developer. You see, DUL users don't reject mail from particular people, just from particular addresses. You just have to route your email to me through a trusted mail server. It's a bit like the no junk mail sticker on my letter box; you're not welcome to drop things in my mailbox directly, but if you post them they'll arrive just fine. hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: DUL (was Re: RBL report..)
On Mon, Apr 03, 2000 at 06:09:41PM +1000, Hamish Moffatt wrote: On Mon, Apr 03, 2000 at 12:00:52AM -0400, Branden Robinson wrote: You appeal to authority, call for bandwagon jumping, and rely upon anecdotal accounts, but have yet to point to an RFC that forbids or discourages the establishment of outbound SMTP connections from dialup machines, whether they have dynamically assigned IP's or not. RFCs do not forbid or discourage spam either, yet most people do not consider it to be a good idea. Weak analogy. Specification of a set of circumstances under which Internet hosts are expected to initiate (or accept) SMTP connections is a technical issue well within the scope of the existing RFC's. I'd imagine RFC's don't forbid spam (if in fact they don't -- I don't know) because it is difficult to identify what is spam and what is not based on criteria easily evaluated by alogorithmic processes amenable to computation. Furthermore, that any issue is unspecified in an RFC does not mean that the RFC's already address all issues that need to be addressed. If any DUL users feel that the specification within a standards-track RFC of a set of circumstances under which Internet hosts are expected to initiate (or accept) SMTP connections is an undesirable end, I'd certainly like to hear the reasons why. Once you have done that, you won't have to shore up your position with invalid inferences. Nor will you. You have asserted, but offer no evidence. Please identify the fallacious reasoning or false premise you claim to perceive. -- G. Branden Robinson| Yesterday upon the stair, Debian GNU/Linux | I met a man who wasn't there. [EMAIL PROTECTED] | He wasn't there again today, roger.ecn.purdue.edu/~branden/ | I think he's from the CIA. pgpERoAb1dLiO.pgp Description: PGP signature
Re: DUL (was Re: RBL report..)
On Mon, Apr 03, 2000 at 06:58:18PM +1000, Hamish Moffatt wrote: On Mon, Apr 03, 2000 at 02:38:24AM -0500, Manoj Srivastava wrote: The problem with DUL is that they don't care if the people blocked ever sent any spam. The have the wrong color ski^H^H^H^H^H^H^H^H^H type of connection, and must be the enemy. The analogy is flawed. Solutions have been offered several times owner for DUL-listed or potentially DUL-listed users. All of which should not be too difficult to set up for a Debian developer. You demonstrate limited facility to construe the analogy. The solutions that have been offered effectively result in concealing the fact that the ultimate origin of the mail is a dynamic IP, therefore this is like asking people with the wrong color skin to paint it an acceptable color. What mechanism do you propose that people on dynamic IP's use to identify their mails as non-spam while still making direct SMTP connections to the MX host of the destination domain? -- G. Branden Robinson| The first thing the communists do when Debian GNU/Linux | they take over a country is to outlaw [EMAIL PROTECTED] | cockfighting. roger.ecn.purdue.edu/~branden/ | -- Oklahoma State Senator John Monks pgpcK5XZjFL6K.pgp Description: PGP signature
Re: DUL (was Re: RBL report..)
Branden Robinson [EMAIL PROTECTED] wrote: On Mon, Apr 03, 2000 at 06:58:18PM +1000, Hamish Moffatt wrote: The analogy is flawed. Solutions have been offered several times owner for DUL-listed or potentially DUL-listed users. All of which should not be too difficult to set up for a Debian developer. You demonstrate limited facility to construe the analogy. The solutions that have been offered effectively result in concealing the fact that the ultimate origin of the mail is a dynamic IP, therefore this And that is the whole point of the DUL. When a dynamic IP site is relaying through someone else, the relaying host will be responsible if and when the dynamic IP site misbehaves. If they're sending directly, then no one needs to claim responsbility as the receiver cannot block the sending address easily due to its dynamic nature. OTOH, if a relay doesn't do something about a spammer, it can easily be blocked, thus giving a relay's admin a very strong incentive to act. -- Debian GNU/Linux 2.1 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED] Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: DUL (was Re: RBL report..)
On Mon, Apr 03, 2000 at 06:42:21AM -0400, Branden Robinson wrote: Furthermore, that any issue is unspecified in an RFC does not mean that the RFC's already address all issues that need to be addressed. Yes, exactly. Therefore ommission of any comment about dialup users making direct SMTP connections for mail delivery does not indicate that the RFCs think it is a good idea. They simply do not comment. You are taking this omission as support of your case where it is not. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: DUL (was Re: RBL report..)
On Mon, Apr 03, 2000 at 06:49:17AM -0400, Branden Robinson wrote: What mechanism do you propose that people on dynamic IP's use to identify their mails as non-spam while still making direct SMTP connections to the MX host of the destination domain? None, it is not necessary. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: RBL report..
On Thu, Mar 30, 2000 at 01:12:10PM +0200, Robert Bihlmeyer wrote: | |Before all useful points are lost in the flamage, may I suggest that a |X-Filtered-By: DUL |or similar header be added to all list mail? The problem is, that qmail can't do this easilly. I think this would be a perfect solution. X-Spam-alert-by: DUL (http://..) Please tell me, if you know how this can be implemented with qmail or some other secure MTA (postfix?) --JS
Re: RBL report..
On Thu, Mar 30, 2000 at 01:44:24PM +0200, David N. Welton wrote: Is there any kind of database to filter out time-wasting, vitriolic arguments full of personal attacks, about things that have nothing to do with Debian? Sure: :0: * ^X-Mailing-List: [EMAIL PROTECTED].* /dev/null -- G. Branden Robinson| Debian GNU/Linux | Please do not look directly into laser [EMAIL PROTECTED] | with remaining eye. roger.ecn.purdue.edu/~branden/ | pgpoZgurLvGPn.pgp Description: PGP signature
Re: RBL report..
On Thu, 30 Mar 2000, Bob Nielsen wrote: On Thu, Mar 30, 2000 at 10:34:05AM +1000, Craig Sanders wrote: b) use uucp-over-tcp (requires uucp account somewhere) c) use smtp-over-ssh (requires shell account somewhere) Can someone point me to any references on setting up either of these. I had to give up my static IP and often have problems with my ISP's I use POP and SMTP over SSH. You can do this by using the -L option of ssh, but that means you need to start a new session every time you change IP addresses (which is too painful for me). I have inetd use a special port on localhost (not bound to any IP address other than 127.0.0.1) which runs ssh to my server with a command to run my pass program. Pass is one of the many TCP port redirection programs, it connects to a specified IP address and port (port 25 or 110 on localhost) and passes data back and forth. For this I have a special RSA key which allows passwordless logins to my server which can run the pass program (and not much else). The ssh client program is run from an account which has the private key in question, but which is locked so it can only be accessed from su and inetd. Then I make my ssh server listen on various ports on one of it's IP addresses (such as port 25). This is so that I can use networks where port 22 is filtered for security reasons (IE they don't want security). -- My current location - X marks the spot. X X X
Re: RBL report..
On Wed, Mar 29, 2000 at 03:19:34PM -0800, Lawrence Walton wrote: Craig I meant you need those things to have a smtp HOST. You know; to send and recive email, I was not commenting about DUL in any form. So to say I was spreadding FUD is foolish, maybe you could of asked for more information, or asked me to defined the context better. i read the message in context, i.e. in a thread about blocking spam and DUL and ORBS and other RBLs. Stow your flamethrower for somthing worthy of setting on fire. : like failing to trim excess quoted text, and not wrapping lines at =78 columns? :) craig -- craig sanders
Re: RBL report..
On Wed, Mar 29, 2000 at 04:41:15PM -0700, Jason Gunthorpe wrote: On Thu, 30 Mar 2000, Craig Sanders wrote: debian developers should have the option of a uucp account from one of the debian servers (trivially easy for us to set up). I think we have been over this in various forms, I don't think we can do it without some complications, the hardest complication would be coming up with a policy for reasonable use...i.e. defining the rules under which the privilege is available. it would be inapproriate use of sponsored machines/bandwidth.. why is that? we already have debian developers whose primary email address is @debian.org, and (IIRC) other developers who routinely use smtp over ssh to debian servers to send their mail. It would be better for someone else to provide a service like this. perhaps so. i think it would probably be a good idea for debian to provide the service, but i'm not going to insist on it. i don't see any problem with debian providing the service for debian developers - at least to enable them to post to debian lists no matter where they are dialed in to, if not as a general purpose service. log files are easily summarised, so it would be possible to send a cease and desist message to anyone who abused the privilege (i.e. by sending hundreds of megabytes of mail per day or mail-bombed someone through the uucp service) craig -- craig sanders
Re: RBL report..
On Thu, Mar 30, 2000 at 01:36:37AM +0200, Nils Jeppe wrote: On Thu, 30 Mar 2000, Craig Sanders wrote: yep. the DUL lists dynamic (dialup) IPs, it doesn't list static IPs. that's why it's called the MAPS Dialup User List. Well then I have to agree, DUL is bad, because it's near impossible to kill dial-in spammers, except to have their accounts revoked of course. DUL is very effective in doing that. it prevents spammers from hiding their activities from their ISP...which ensures that they will be caught and their account nuked very promptly. the ISP has a vested interest in taking an active role in preventing spam - if they don't then they will be blacklisted by one of the RBLs (e.g. MAPS RBL) for being a spamhaus. that's the medium-term indirect effect of DUL...the immediately beneficial direct effect is that spam from dialup users is blocked by anyone who makes use of the DUL. Blocking the IPs is really stupid and ineffective and whoever thought of that bright idea should be given a very big Clue. no, it's very effective and the people who thought of it have an enormous clue. what it does is prevent spammers from sending their junk directly...this forces them to use their ISP's mail server, thus increasing the effectiveness of the MAPS RBL because it forces the ISP to take responsibility for their users' actions - it takes away their option to bullshit and say nothing to do with me, i only provide dialup service. most users don't even have the option of sending their mail directly because they are windows or mac dialup users and their mail client insists on using a relay host. so DUL doesn't affect them at all. the tiny percentage of unix users who have a real MTA can, and should, use a legitimate mail relay (or uucp-over-tcp or smtp-over-ssh or one of the many other alternatives). these are also the people who are technically skilled enough to do so - and if they are not skilled enough then they should not be running a mail server on the open internet anyway...novice mail admins are the bane of real mail admins everywhere, their fuckups cause problems all over the net (not the least of which is that novice mail admins often run open relays through ignorance or indifference to the spam problem) This however also means it's different enough from ORBS that I completely fail to see how people can throw them in together. you are right, DUL ORBS are quite different services. only joseph is enough of a moron to equate the two. craig -- craig sanders
Re: RBL report..
On Thu, 30 Mar 2000, Craig Sanders wrote: DUL is very effective in doing that. it prevents spammers from hiding their activities from their ISP...which ensures that they will be caught and their account nuked very promptly. Okay, I see this point, however, I do have a problem with the categoric blacklisting of IPs just because they're dialup. that's the medium-term indirect effect of DUL...the immediately beneficial direct effect is that spam from dialup users is blocked by anyone who makes use of the DUL. Well, hmmm, only direct spam, but you are right. DUL and ORBS do make for a quite potent combination. I just realized this would also take care of that VERY annoying kind of spam where spammers send spam directly to the 2nd highest MX record in a zone. That mailserver looks at the MX and thinks, hey, not for me, but I'm a fallback, let me just forward this, and my MTA thinks hey this is from my fallback, I trust that guy. DUL sounds better by the minute. I apologize for the Clue comment :-) forces them to use their ISP's mail server, thus increasing the effectiveness of the MAPS RBL because it forces the ISP to take responsibility for their users' actions - it takes away their option to bullshit and say nothing to do with me, i only provide dialup service. Any provider who says this should be tarred and feathered anyway ;) anyway...novice mail admins are the bane of real mail admins everywhere, their fuckups cause problems all over the net (not the least of which is that novice mail admins often run open relays through ignorance or indifference to the spam problem) Tell me about it. Had enough troubles with these at work. At least they all take a heavy hint very well. People get very nervous when they might get their Mail access snipped. -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
On Thu, Mar 30, 2000 at 02:17:55AM +0200, Nils Jeppe wrote: On Thu, 30 Mar 2000, Craig Sanders wrote: DUL is very effective in doing that. it prevents spammers from hiding their activities from their ISP...which ensures that they will be caught and their account nuked very promptly. Okay, I see this point, however, I do have a problem with the categoric blacklisting of IPs just because they're dialup. i can see why you have a problem with that and i would agree with you if there weren't any alternatives. however, as has been mentioned many times, there are several alternatives, including (but not limited to) the following: a) use the ISP's mail relay b) use uucp-over-tcp (requires uucp account somewhere) c) use smtp-over-ssh (requires shell account somewhere) d) pop-before-smtp or SMPT-Auth or SSL certificate relaying (requires mail account somewhere) using the DUL is like a no junk mail sticker on your letter box...if someone wants something delivered to your letter box they have to go through the normal channels to do so (i.e. pay the postage). i don't know about other countries, but here in Australia it is illegal to ignore a no junk mail or addressed mail only sign on a letterbox. that's the medium-term indirect effect of DUL...the immediately beneficial direct effect is that spam from dialup users is blocked by anyone who makes use of the DUL. Well, hmmm, only direct spam, but you are right. DUL and ORBS do make for a quite potent combination. personally, i don't use ORBS - too much collateral damage. i use MAPS RBL, MAPS RSS, and MAPS DUL...they make a very effective combination. I just realized this would also take care of that VERY annoying kind of spam where spammers send spam directly to the 2nd highest MX record in a zone. That mailserver looks at the MX and thinks, hey, not for me, but I'm a fallback, let me just forward this, and my MTA thinks hey this is from my fallback, I trust that guy. yep, as long as the secondary MX uses the DUL that will work (and the other RBLs too). craig -- craig sanders
Re: RBL report..
On 29-Mar-00, 15:21 (CST), Lawrence Walton [EMAIL PROTECTED] wrote: Nils: you still need a DNS named, static, route-able IP to be your own host. I have DNS named, *dynamic*, routable IP -- thanks to the good folks at dyndns.org. The only bad thing is that the reverse DNS isn't consistent. I'm still not entirely comfortable getting e-mail sent directly to me, which is why I POP most of it. Branden: You might consider getting a static. That would be nice. Unfortunately, the choices at swbell (DSL) are either one dynamic IP ($40/month), or 5 (!) static IPs, at $80/month + $100 installation + $100 to set up the DNS (no, not register a domain, *just* to configure the DNS). (And yes, they want the $100 installation even though I already have everything set up and all they would have to do is allocate the IP addresses.) Steve -- Steve Greenland [EMAIL PROTECTED] (Please do not CC me on mail sent to this list; I subscribe to and read every list I post to.)
Re: RBL report..
On Wed, Mar 29, 2000 at 04:41:15PM -0700, Jason Gunthorpe wrote: [Providing reliable SMTP services to people on dialup IP, eg UUCP-over-TCP] It would be better for someone else to provide a service like this. I have to say I'm extremely surprised that if ISPs in the US are as incompetant as people seem to find them nobody's providing anything like this. Apparently, it's the standard model in some countries - you buy connectivity from one place, mail from another. I'd also be interested to know how the ISPs are managing to throw away so much outbound mail, although I'm not sure I want to. -- Mark Brown mailto:[EMAIL PROTECTED] (Trying to avoid grumpiness) http://www.tardis.ed.ac.uk/~broonie/ EUFShttp://www.eusa.ed.ac.uk/societies/filmsoc/ pgpkVlFPiocmb.pgp Description: PGP signature
Re: RBL report..
On Thu, Mar 30, 2000 at 07:58:22AM +1000, Craig Sanders wrote: [snip] Why did you CC me? I read the list. Please control yourself. -- G. Branden Robinson| The basic test of freedom is perhaps Debian GNU/Linux | less in what we are free to do than in [EMAIL PROTECTED] | what we are free not to do. roger.ecn.purdue.edu/~branden/ | -- Eric Hoffer pgp3q3PMqdtXn.pgp Description: PGP signature
Re: RBL report..
On Thu, Mar 30, 2000 at 01:25:03AM +0200, Nils Jeppe wrote: Branden: You might consider getting a static. The only way to live, imho. ;-) You guys can stop CC'ing me any day now; I read the lists. And BTW, I've stated several times that I *do* have a static IP. I suppose you guys are too busy disregarding my messages and spamming my inbox to have noticed that. -- G. Branden Robinson|Experience should teach us to be most on Debian GNU/Linux |our guard to protect liberty when the [EMAIL PROTECTED] |government's purposes are beneficent. roger.ecn.purdue.edu/~branden/ |-- Louis Brandeis pgplZmFwlWEoi.pgp Description: PGP signature
Re: RBL report..
On Thu, Mar 30, 2000 at 10:34:05AM +1000, Craig Sanders wrote: On Thu, Mar 30, 2000 at 02:17:55AM +0200, Nils Jeppe wrote: NILS JEPPE, CRAIG SANDERS: PLEASE STOP CC'ING ME ON LIST MAILS. -- G. Branden Robinson| The greatest productive force is human Debian GNU/Linux | selfishness. [EMAIL PROTECTED] | -- Robert Heinlein roger.ecn.purdue.edu/~branden/ | pgpkywWHZ3wJG.pgp Description: PGP signature
Re: RBL report..
On Wed, 29 Mar 2000 17:15:56 -0600, you wrote: Couldn't the original Received: headers be renamed to X-Received: (or something like that; although I could figure out how to make that happen with formail I don't know my mail headers well enough to know if X-Received is already used by something else). One site I use uses Old-Received: to keep Received:-Headers generated before a forward operation. OTOH, I feel that an MTA choking on too many Received: headers is broken is the maximum number of Received: headers processed correctly is well below 30. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fax: *49 721 966 31 29
Re: RBL report..
Craig Sanders [EMAIL PROTECTED] writes: most of the recent spam would have been blocked by using MAPS RSS (relays.mail-abuse.org), though...and not by MAPS DUL. IMO, we should use both. individually they are quite effective in blocking spam, but they are even better when used together. Before all useful points are lost in the flamage, may I suggest that a X-Filtered-By: DUL or similar header be added to all list mail? -- Robbe
Re: RBL report..
This spam issue is so political. If you're stuck with a service provider who has a crappy mail service, and/or who has your IP listed on the DUL, I'll offer a solution. I run an ISP in Canada. We offer shell accounts, on a machine running Debian Potato, for a reasonable price ($10/month, or $60/year) Then you can use SSH to tunnel mail through my server. The box is running sendmail 8.9.3 I'm pretty anal about people who try to use the shell server for DoS or theft of service (ie spam) I don't expect anyone on this list would do either. A description of our shell service can be found at http://shell.bestnet.org/ Any current Debian developer will get the service for half price on a yearly basis ($30/year) Same goes for people with sponsored packages. Email [EMAIL PROTECTED] if you're interested. As for the list spam issue: spam on the lists is annoying, but not a showstopper (yet) I think the X-Spam header idea is a good one. Politics aside, it allows for a simple and public examination of which of DUL, ORBS etc catch what spam on the list, without stopping any legitimate mail from getting through. I also believe that stripping Received headers is a mistake. They are useful for tracking problems, not just spam. Maybe X-Received is an option for dealing with broken mailers. Cheers! Eric -- Mathematics belongs to God -- Donald Knuth
Re: RBL report..
On Thu, Mar 30, 2000 at 01:12:10PM +0200, Robert Bihlmeyer wrote: Before all useful points are lost in the flamage, may I suggest that a X-Filtered-By: DUL or similar header be added to all list mail? Apparently qmail can't do that out of the box. Yes, we are still being hypocritical and running qmail on murphy (lists.debian.org). Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: RBL report..
On Thu, Mar 30, 2000 at 10:34:05AM +1000, Craig Sanders wrote: b) use uucp-over-tcp (requires uucp account somewhere) c) use smtp-over-ssh (requires shell account somewhere) Can someone point me to any references on setting up either of these. I had to give up my static IP and often have problems with my ISP's smtp server. I notice that the alternate access method I have for reaching my ISP (via uunet) filters so you cannot reach port 25 on any servers other than their own (and I do understand their reason for doing so). One of these methods would get around that (unless they also filter on ports 465 and 540). Bob
Re: RBL report..
Is there any kind of database to filter out time-wasting, vitriolic arguments full of personal attacks, about things that have nothing to do with Debian? I guess there is, but come on people, enough is enough. Just hit the delete key and get over it. There are tons of things to do to make Debian better, go do those instead of wasting your time with this drivel. (rant 'off) -- David N. Welton, Responsabile Progetti Open Source, Linuxcare Italia spa tel +39.049.8043411 fax +39.049.8043412 cel +39.348.2879508 [EMAIL PROTECTED], http://www.linuxcare.com/ Linuxcare. Support for the revolution.
Re: RBL report..
On Wed, 29 March 2000 14:31:50 -0700, Jason Gunthorpe wrote: This is deliberately removed, we had some problems a year or so ago with the received lines getting too long for some mailers. We are looking at putting them back. There are some sites out there that have a limit of 15 and you are able to reach above 15. Heh, the daily listmaster box is fun when someone subscribes with a yahoo.com address that gets forwarded to iname (argh!) which is brought to some ISP in .fr and then there comes a completely fscked fetchmail config that is bouncing every single mail without the self-made admin knowing it, complaining why he got unsub'ed by me after 50 bounces. scnr. I say we go for it and it worth a try. Stay tuned. Alexander, believing in random sigs instead -- Tech support is a fine art which, once mastered, virtually ensures loss of sanity. Joe Thompson [EMAIL PROTECTED] Alexander Koch - - WWJD - aka Efraim - PGP 0xE7694969 - ARGH-RIPE
Re: RBL report..
On Thu, 30 March 2000 05:53:20 -0500, Eric Weigel wrote: If you're stuck with a service provider who has a crappy mail service, and/or who has your IP listed on the DUL, I'll offer a solution. Also uucp over tcp/ip is offered for quite a small monthly charge at cid.net, have whatever hostname you want to have. That service is in Germany, but see after uucp.cid.net for a traceroute, it should be rather well- connected (although nacamar sux big rocks from time to time). Please contact [EMAIL PROTECTED] if you have any questions. Alexander -- Don't think about it. It just works. Grace alone knows why. -- me, in despair... Alexander Koch - - WWJD - aka Efraim - PGP 0xE7694969 - ARGH-RIPE
Re: RBL report..
Hamish Moffatt [EMAIL PROTECTED] writes: On Thu, Mar 30, 2000 at 01:12:10PM +0200, Robert Bihlmeyer wrote: Before all useful points are lost in the flamage, may I suggest that a X-Filtered-By: DUL or similar header be added to all list mail? Apparently qmail can't do that out of the box. What about the list processor? -- Robbe
Re: RBL report..
On Tue, Mar 28, 2000 at 02:02:23PM -0700, Jason Gunthorpe wrote: On Tue, 28 Mar 2000, Alexander Koch wrote: DUL is interesting. I changed my mind on that. I rather say we use it since the amount of spam is certainly increasing the last weeks and DUL is understandable. Yes there is more spam, but I've been looking and I haven't seen that much (if any at all) would be blocked by DUL. I personally think the DUL is most harmless RBL and the most legitimate (bad wording probably) for use. And if it only catches on spam a week it is worth it, methinks. I do not have the exact figures, unfortunately. Alexander
Re: RBL report..
On Wed, Mar 29, 2000 at 09:17:46AM +0200, Alexander Koch wrote: Yes there is more spam, but I've been looking and I haven't seen that much (if any at all) would be blocked by DUL. I personally think the DUL is most harmless RBL and the most legitimate (bad wording probably) for use. And if it only catches on spam a week it is worth it, methinks. Yeah - too bad blacklists your average linux installation right? And even your average linux user who knows how to set up a proper smarthost more often than not knows better. (Let pacbell.net's shoody NT mail server route MY mail? NOT LIKELY!) DUL listed my own (STATIC!) IP until a week ago. I complained loudly to the people responsible and was told by the idiots at pacbell that of course the DSL IPs were listed in the DUL - they wanted you to use their servers since that's what they provide them for. Application of a cluebat was necessary, I'm told that none of the static IP DSL users are DUL listed anymore. So there's at least a margin of error. And don't you EVEN TRY to tell me that if I don't like my ISP that I should get another. There are an awful lot of people out there who simply CAN'T DO THAT. Expecting them to is even more of an example of just how wrong the DUL is from its beginning. RSS and RBL at least are measures taken to combat known spammer friendly sites. DUL discriminates on what kind of connection you supposedly have. ORBS is just rediculous. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 wc red dye causes cancer, haven't you heard? (; Knghtbrd fucking everything causes cancer, haven't you heard? Knghtbrd = archon no, that causes aids
Re: RBL report..
On Tue, Mar 28, 2000 at 11:33:41PM -0800, Joseph Carter wrote: often than not knows better. (Let pacbell.net's shoody NT mail server route MY mail? NOT LIKELY!) Have you ever had mail actually disappear through their server, or do you just distrust it because it's running on NT? Seriously? Hell, Joseph, have you ever stopped to read one of your own posts to see what you really sound like? So there's at least a margin of error. And don't you EVEN TRY to tell me that if I don't like my ISP that I should get another. There are an awful lot of people out there who simply CAN'T DO THAT. Expecting them to is even more of an example of just how wrong the DUL is from its beginning. What is the exact reason why you cannot get another ISP Joseph? Have you been blacklisted by all the others in your area already? Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: RBL report..
On Wed, Mar 29, 2000 at 06:56:47PM +1000, Hamish Moffatt wrote: Hell, Joseph, have you ever stopped to read one of your own posts to see what you really sound like? I agree, knghtbrd, you sound too fanatical(sp?). Calm down, and perhaps people will pay more attention to what you're saying. -- Digital Electronic Being Intended for Assassination and Nullification
Re: RBL report..
On Wed, Mar 29, 2000 at 12:06:19PM +0200, Josip Rodin wrote: Hell, Joseph, have you ever stopped to read one of your own posts to see what you really sound like? I agree, knghtbrd, you sound too fanatical(sp?). Calm down, and perhaps people will pay more attention to what you're saying. I have read them. (I did write them after all.) ORBS and DUL _are_ that bad - or worse! DUL _is_ discrimination based on assumptions about a person's connection type and ORBS _is_ blacklist terrorism. I'm not the only person here who thinks so. Make Debian use all the blacklists you want. You'll find users and developers dropping like flies. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 There is no snooze button on a cat who wants breakfast.
Re: RBL report..
On Wed, Mar 29, 2000 at 06:56:47PM +1000, Hamish Moffatt wrote: often than not knows better. (Let pacbell.net's shoody NT mail server route MY mail? NOT LIKELY!) Have you ever had mail actually disappear through their server, or do you just distrust it because it's running on NT? Seriously? I've read their status page. I check it about twice a day. Very long periods of you cannot send mail and sorry for anything that was lost.. Would YOU trust such a server if those sorts of issues were common? I won't. So there's at least a margin of error. And don't you EVEN TRY to tell me that if I don't like my ISP that I should get another. There are an awful lot of people out there who simply CAN'T DO THAT. Expecting them to is even more of an example of just how wrong the DUL is from its beginning. What is the exact reason why you cannot get another ISP Joseph? Have you been blacklisted by all the others in your area already? First: YOUR SPAM IS NOT MY FUCKING PROBLEM. Second: Broadband providers are not a commodity. And they're usually not cheap. Third: The difference in cost between my DSL service and any other broadband service (even with lest bandwidth!) is almost exponentially more expensive. You've not offered to pay the difference. (Nor do I suspect that you could afford it..) -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 Overfiend Thunder-: when you get { MessagesLikeThisFromYourHardDrive } Overfiend Thunder-: it either means { TheDriverIsScrewy } Overfiend or Overfiend { YourDriveIsFlakingOut BackUpYourDataBeforeIt'sTooLate PrayToGod }
Re: RBL report..
On Wed, 29 March 2000 01:57:45 -0800, Joseph Carter wrote: I'm not the only person here who thinks so. Make Debian use all the blacklists you want. You'll find users and developers dropping like flies. If everything else fails, this is the best argument to bring up, really. Tell me why I should listen to you. It's the way of argueing and (probably) not shouting and what not. You are making a fool of yourself for bringing up this argument, but that is just me. btw - if you really need to find a smarthost that is working well I doubt you have to search for a long time. Mail is not just mail and I can imagine many specials for those like you that need a decent smarthost. It is just the right configuration on a random MTA, all can do it. There are possibilities, after all. But I will not argue with you like before. pmyp. Alexander -- Artificial Intelligence stands no chance against Natural Stupidity. Alexander Koch - - WWJD - aka Efraim - PGP 0xE7694969 - ARGH-RIPE
Re: RBL report..
On Wed, Mar 29, 2000 at 01:57:45AM -0800, Joseph Carter wrote: I have read them. (I did write them after all.) One does not necessarily follow based on the other. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: RBL report..
On Wed, Mar 29, 2000 at 03:07:59AM -0800, Joseph Carter wrote: First: YOUR SPAM IS NOT MY FUCKING PROBLEM. Second: Broadband providers are not a commodity. And they're usually not cheap. Third: The difference in cost between my DSL service and any other broadband service (even with lest bandwidth!) is almost exponentially more expensive. You've not offered to pay the difference. (Nor do I suspect that you could afford it..) Fuck off. Since you really have no idea whether I can afford the difference or not, since you don't know me from a bar of soap, you just prove that you are a dickhead with comments like that. I am on broadband (cable modem) myself. I know how much it costs here, and I'm sure it's more than it costs there. I don't use my provider's mail server. It's a no brainer to find someone to find someone who will relay mail for you. No doubt someone on this list would volunteer if you bothered to ask. Craig Sanders pointed out a bunch of solutions which you've not addressed at all. You're just arguing because you like a good whinge, not because you have anything to say. Typical. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: RBL report..
On Wed, Mar 29, 2000 at 01:16:11PM +, Alexander Koch wrote: btw - if you really need to find a smarthost that is working well I doubt you have to search for a long time. Mail is not just mail and I can imagine many specials for those like you that need a decent smarthost. It is just the right configuration on a random MTA, all can do it. There are possibilities, after all. I have NO INTENTION of using a smarthost. I have a static IP with a verifyable hostname. I WILL NOT route my mail. I flatly refuse to do so unless and until such time as you can provide me with an RFC number which deprecates running a mail server on a static IP address with an identifyable host name. I will not reply to the rest of the flamebait in the original message. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 _Anarchy_ acf: maybe April 1 next year slashdot needs to run Rob Malda accepts new job as head of Debian project 8)
Re: RBL report..
Hamish Moffatt wrote: On Tue, Mar 28, 2000 at 11:33:41PM -0800, Joseph Carter wrote: often than not knows better. (Let pacbell.net's shoody NT mail server route MY mail? NOT LIKELY!) Have you ever had mail actually disappear through their server, or do you just distrust it because it's running on NT? Seriously? Hell, Joseph, have you ever stopped to read one of your own posts to see what you really sound like? So there's at least a margin of error. And don't you EVEN TRY to tell me that if I don't like my ISP that I should get another. There are an awful lot of people out there who simply CAN'T DO THAT. Expecting them to is even more of an example of just how wrong the DUL is from its beginning. What is the exact reason why you cannot get another ISP Joseph? Have you been blacklisted by all the others in your area already? In a lot of areas, if you want DSL or cablemodem you're stuck with only one (usually pretty clueless) ISP to choose. And fyi before I started using uucp over tcp, I used to lose mail going through bellsouth's server. I'd mail home a series of tarballs and get only some of the parts. Now that I switched to Time-Warner and a cablemodem, I still have to route my outgoing mail via uucp to my machine at work because the dynamic ips I get on my cablemodem are spamblocked by the servers at my brother's university. jpb -- Joe Block [EMAIL PROTECTED] CREOL System Administrator Social graces are the packet headers of everyday life.
Re: RBL report..
On 29-Mar-00, 07:16 (CST), Alexander Koch [EMAIL PROTECTED] wrote: On Wed, 29 March 2000 01:57:45 -0800, Joseph Carter wrote: I'm not the only person here who thinks so. Make Debian use all the blacklists you want. You'll find users and developers dropping like flies. If everything else fails, this is the best argument to bring up, really. Tell me why I should listen to you. It's the way of argueing and (probably) not shouting and what not. You are making a fool of yourself for bringing up this argument, but that is just me. A. swbell has frequent problems with their mail-servers, both inbound (POP) and outbound (SMTP). I don't know (or care) what OS they run. B. When I got my DSL line, swbell was the *only* ISP possibile in houston. C. Even though it's now possible to get other ISPs, it would roughly double my current ISP bill. D. DUL is discrimination, pure and simple. If Debian chooses to add a warning header based on it (so that those who choose to can filter), that's fine. If Debian starts to reject list mail based on DUL, I'd strongly consider leaving the project. Joseph's arguments, while occasionally strident, are not foolish. I find it interesting that his opponents devolve into name calling and obscenity. Steve -- Steve Greenland [EMAIL PROTECTED] (Please do not CC me on mail sent to this list; I subscribe to and read every list I post to.)
Re: RBL report..
On Wed, Mar 29, 2000 at 12:42:14PM -0600, Steve Greenland wrote: A. swbell has frequent problems with their mail-servers, both inbound (POP) and outbound (SMTP). I don't know (or care) what OS they run. B. When I got my DSL line, swbell was the *only* ISP possibile in houston. That's part of what is (very) darkly humorous about the blacklisting bigots -- they don't have much of a grasp of realities in the telecom marketplace at the consumer level. For instance, when regulations preventing phone companies from providing both local and long distance service in the same LATA were lifted, part of the agreement said that those same phone companies had to permit competition on the local loops if they wanted to peddle long distance to their local customers. Needless to say, a great many phone companies can now sell you both local and long distance service, but local phone service competition is still almost unheard of. (Just one example: BellSouth here in Louisville has been successfully stonewalling competing DSL providers on their wires for at least a year, and are lobbying the state legislature for exemption from a bill that would compel public utility companies in general to permit competition.) The cable companies are similarly trying to maintain monopolies over their wires. The result of this is that there is actually very little competition among ISP's in any given geographic locality in the United States *except* in the dialup market. So when the bigots tell you to exercise your rights as a consumer and change ISP's, they're either ignorant of this reality, or winking at each other from behind their nailed-up IP's, knowing you'll either be paying a lot for shitty service, and the privilege of getting off the DUL blacklist (but you'd better pray they haven't blacklisted your ISP!). They're like little kids who torture small animals -- as long as they're not getting hurt themselves, it's just good clean fun to fuck with the pathetic little creatures. C. Even though it's now possible to get other ISPs, it would roughly double my current ISP bill. The blacklisters consider price no object, when it's someone else's money. D. DUL is discrimination, pure and simple. If Debian chooses to add a warning header based on it (so that those who choose to can filter), that's fine. If Debian starts to reject list mail based on DUL, I'd strongly consider leaving the project. Agreed. Joseph's arguments, while occasionally strident, are not foolish. I find it interesting that his opponents devolve into name calling and obscenity. Well, he could comport himself in such a way as to make his critics look worse -- and he does have a history of being on the wrong side of some issues :) -- but he's not in the wrong this time. I have noticed that after screeching for statistics that would prove that usage of DUL on murphy would all but eliminate spam on the Debian mailing lists, none of those screechers has bothered to actually reply to the following fact that Jason offered: DUL would seem to effect at most maybe 10 people, but it hasn't actually been shown to stop any spam - so this needs more investigation. No blacklister has offered suggestions for followup on this issue -- they simply continue to reiterate their faith in the righteousness and universal applicability of the DUL blacklist (and wander off on tangents about ORBS). They remind me of Creationists, who will marshal facts in defense of their position, but when those facts are discredited, will simply fallback on repeated blunt assertions of their conclusion, not caring that their premises have been obliterated. -- G. Branden Robinson|When I die I want to go peacefully in Debian GNU/Linux |my sleep like my ol' Grand Dad...not [EMAIL PROTECTED] |screaming in terror like his passengers. roger.ecn.purdue.edu/~branden/ | pgpdBWJx5F14l.pgp Description: PGP signature
Re: RBL report..
Branden, Hey, please leave me out of that ;-) But would you please provide me with a link for DUL so I can finally check out what it's all about? But the points about ORBS are still valid, no matter what DUL is. Being listed in orbs IS something you can change: Fix your server! And if you're dialup, you can change isp's as last result; if you're not dialup but dsl, leased line, or whatnot, you can just stop using any smarthost and thus be responsible for your own server and relaying (or lack thereof), since orbs lists individual ip's only. Nils -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
Rather than contribute to the flame war, I would like to ask a question. Apologies if this is a total rookie question. Why is murphy.debian.org not adding a Received: header to show where messages are originating? This information is useful when trying to track down actual spammers. Is this being deliberately omitted or does qmail just normally not include this info? -- Larry Gilbert Seattle, WA, USA [EMAIL PROTECTED]
Re: RBL report..
On Wed, Mar 29, 2000 at 11:06:19PM +0200, Nils Jeppe wrote: Branden, Hey, please leave me out of that ;-) But would you please provide me with a link for DUL so I can finally check out what it's all about? But the points about ORBS are still valid, no matter what DUL is. Being listed in orbs IS something you can change: Fix your server! And if you're dialup, you can change isp's as last result; if you're not dialup but dsl, leased line, or whatnot, you can just stop using any smarthost and thus be responsible for your own server and relaying (or lack thereof), since orbs lists individual ip's only. Nils -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] Nils: you still need a DNS named, static, route-able IP to be your own host. Branden: You might consider getting a static. -- *--* Mail: [EMAIL PROTECTED] *--* Voice: 425.739.4247 *--* Fax: 425.827.9577 *--* HTTP://www.otak-k.com/~lawrence/ -- - - - - - - O t a k i n c . - - - - -
Re: RBL report..
On Wed, 29 March 2000 12:42:14 -0600, Steve Greenland wrote: Joseph's arguments, while occasionally strident, are not foolish. I find it interesting that his opponents devolve into name calling and obscenity. You can read? Sure, you can. I tried to explain some point to him on irc but I failed, no talk seemed possible. Every word is one word too much, there is no point in ppl saying do this and I will leave as will many others and that was what was making me angry. Have your way, I do not care anymore, let us keep it as it is, no sweat. Damn, I am so lucky not living in the States, we do not have such problems over here in stoneage Europe. ;- Really, I have underestimated your strong-mindedness, I can think and you have more than one point. But it has to do with the continents, methinks. EOT, now. Thanks, Alexander -- Alexander Koch - - WWJD - aka Efraim - PGP 0xE7694969 - ARGH-RIPE
Re: RBL report..
On Wed, Mar 29, 2000 at 11:06:19PM +0200, Nils Jeppe wrote: Hey, please leave me out of that ;-) But would you please provide me with a link for DUL so I can finally check out what it's all about? Leave you out of what? I mailed the list, not you personally. But the points about ORBS are still valid, no matter what DUL is. I wasn't talking about ORBS, I was talking about DUL. I haven't visited the DUL site in quite some time, but IIRC it is http://maps.vix.com/dul/. -- G. Branden Robinson|The errors of great men are venerable Debian GNU/Linux |because they are more fruitful than the [EMAIL PROTECTED] |truths of little men. roger.ecn.purdue.edu/~branden/ |-- Friedrich Nietzsche pgpr0GBrqeTJb.pgp Description: PGP signature
Re: RBL report..
On Wed, Mar 29, 2000 at 01:15:27PM -0800, Larry Gilbert wrote: Rather than contribute to the flame war, I would like to ask a question. Apologies if this is a total rookie question. Why is murphy.debian.org not adding a Received: header to show where messages are originating? This information is useful when trying to track down actual spammers. Is this being deliberately omitted or does qmail just normally not include this info? Some MTA's -- and I don't know which ones -- apparently choke if there is more than n bytes' worth of Received: headers. So, as I understand it, these are stripped out by murphy to help make sure the list mails get to all the recipients. A person who runs an SMTP listener on their own box could, of course, be sure to run a non-broken MTA, but some people don't do that because they've been intimidated into using a smarthost, which might run just such a broken MTA. The anti-spam bigots enjoy seeing catch-22's like this. DoS attacks in the name spam prevention is their favorite sport. After all, no REAL people (read: people with single-user machines and nailed-up IP's) get hurt by such tactics. -- G. Branden Robinson|I must despise the world which does not Debian GNU/Linux |know that music is a higher revelation [EMAIL PROTECTED] |than all wisdom and philosophy. roger.ecn.purdue.edu/~branden/ |-- Ludwig van Beethoven pgp81cnkM57uV.pgp Description: PGP signature
Re: RBL report..
On Wed, 29 Mar 2000, Larry Gilbert wrote: Why is murphy.debian.org not adding a Received: header to show where messages are originating? This information is useful when trying to track down actual spammers. Is this being deliberately omitted or does qmail just normally not include this info? This is deliberately removed, we had some problems a year or so ago with the received lines getting too long for some mailers. We are looking at putting them back. Jason
Re: RBL report..
On Wed, 29 Mar 2000, Branden Robinson wrote: Some MTA's -- and I don't know which ones -- apparently choke if there is more than n bytes' worth of Received: headers. So, as I understand it, these are stripped out by murphy to help make sure the list mails get to all the recipients. Maybe murphy could somehow be made to insert the information into a different header, then? It would be nice to be able to report spam problems to appropriate parties, but an easily-forged e-mail address isn't enough evidence to go on. Does anyone know which mail servers were choking on too many Received: lines, and whether that is still a problem? -- Larry Gilbert Seattle, WA, USA [EMAIL PROTECTED]
Re: RBL report..
On Wed, Mar 29, 2000 at 01:21:52PM -0800, Lawrence Walton wrote: Nils: you still need a DNS named, nope, DUL doesn't care whether you have a DNS entry and a matching reverse lookup. static, yep. the DUL lists dynamic (dialup) IPs, it doesn't list static IPs. that's why it's called the MAPS Dialup User List. route-able IP to be your own host. DUL doesn't care if you are routeable or not (but it's a basic requirement for communicating on the net, anyway) like most of the people arguing against the DUL, you are either wrong in your facts or deliberately spreading misinformation. craig -- craig sanders
Re: RBL report..
On Wed, Mar 29, 2000 at 04:28:39PM -0500, Branden Robinson wrote: On Wed, Mar 29, 2000 at 01:15:27PM -0800, Larry Gilbert wrote: Why is murphy.debian.org not adding a Received: header to show where messages are originating? This information is useful when trying to track down actual spammers. Is this being deliberately omitted or does qmail just normally not include this info? Some MTA's -- and I don't know which ones -- apparently choke if there is more than n bytes' worth of Received: headers. So, as I understand it, these are stripped out by murphy to help make sure the list mails get to all the recipients. they are stripped out by smartlist on murphy. it would be easy enough to stop it from doing so (and has been requested at least once). whether that happens or not remains to be seen. A person who runs an SMTP listener on their own box could, of course, be sure to run a non-broken MTA, but some people don't do that because they've been intimidated into using a smarthost, which might run just such a broken MTA. this is complete bullshit. sending and receiving mail is entirely unrelated - or, more precisely, the relationship between the host(s) you use to relay your outbound mail and the host(s) you use to pick up your incoming mail from is completely and utterly arbitrary. the reason why most dialup users receive mail at a remote mail server (e.g. their ISP or a hotmail/yahoo/whatever account) is because they a) don't have a domain or an MX record, b) get one or more free email addresses along with their dialup account, c) don't bother setting up uucp (which is the only reliable way of receiving mail for a domain on a dialup address - SMTP delivery to dynamic IP addresses just doesn't work reliably, and can not work reliably even if the end-user does make use of one of the dynamic dns services) The anti-spam bigots enjoy seeing catch-22's like this. the anti-DUL bigots love spreading disinformation and bullshit like this to backup their shaky claims. craig -- craig sanders
Re: RBL report..
On Thu, Mar 30, 2000 at 07:58:22AM +1000, Craig Sanders wrote: yep. the DUL lists dynamic (dialup) IPs, it doesn't list static IPs. that's why it's called the MAPS Dialup User List. Unfortunately that is not correct. Both NTL's cablemodems and some of BT's ADSL modems are listed in the DUL. I'm sure it won't effect many people but Alan Cox will probably have problems (after all they are going to be the only options for many people in the UK). Ben Thompson craig -- craig sanders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- It is better to remain silent and be considered a fool, than to speak and remove all doubt. -- Mark Twain
Re: RBL report..
On Wed, Mar 29, 2000 at 11:01:12AM -0500, jpb wrote: Hamish Moffatt wrote: On Tue, Mar 28, 2000 at 11:33:41PM -0800, Joseph Carter wrote: often than not knows better. (Let pacbell.net's shoody NT mail server route MY mail? NOT LIKELY!) Have you ever had mail actually disappear through their server, or do you just distrust it because it's running on NT? Seriously? Hell, Joseph, have you ever stopped to read one of your own posts to see what you really sound like? So there's at least a margin of error. And don't you EVEN TRY to tell me that if I don't like my ISP that I should get another. There are an awful lot of people out there who simply CAN'T DO THAT. Expecting them to is even more of an example of just how wrong the DUL is from its beginning. What is the exact reason why you cannot get another ISP Joseph? Have you been blacklisted by all the others in your area already? In a lot of areas, if you want DSL or cablemodem you're stuck with only one (usually pretty clueless) ISP to choose. And fyi before I started using uucp over tcp, I used to lose mail going through bellsouth's server. this is one of the several methods that have been suggested (numerous times) for dialup/dynamic users to reliably receive and send their mail. other methods suggested include: smtp-over-ssh and relay authentication using pop-before-smtp, SMTP Auth, or SSL certificates as provided by postfix-tls. Now that I switched to Time-Warner and a cablemodem, I still have to route my outgoing mail via uucp to my machine at work because the dynamic ips I get on my cablemodem are spamblocked by the servers at my brother's university. this point has been made before - it doesn't matter whether debian uses the DUL or not, dialup users are going to have to relay their mail through legitimate mail hosts anyway as DUL is a very popular service with mail system administrators, and getting more popular every day. eventually users will have to relay their mail somehow if they want to send any mail at all. you were lucky enough to be able to set up something at work. many others will be able to setup something similar. debian developers should have the option of a uucp account from one of the debian servers (trivially easy for us to set up). other, less fortunate, dialup users will have to beg or buy a mail service from somewhere. providing this service could be done as a commercial venture (there are already commercial services offering uucp accounts), or as a non-profit co-operative. it's not rocket-science. a free (or low cost) uucp mail service is a perfect adjunct to a dynamic DNS service, it's not terribly difficult to set up or to administer...and could be entirely automated just by performing the necessary setup actions at the same time as the dynamic DNS setup is done. it wouldn't cost a lot to run - the price of a nice big machine (say $5000), plus rack-space in a co-lo facility (dunno what it costs in the US - can't be more than what it costs here in Australia which is around $300/month - $AUD300 = $USD183). i'll over-estimate and say $10,000 for the first year, and $3600 per year after that. spread that cost out over 100 initial users, and you have a startup cost of $100/person and $36/person per year after that for a reliable mail service. that's well within the financial reach of a small-medium sized group of peopleand that's even without attempting to get any sponsorship for the project (maybe one of the linux hardware vendors would donate a server for a good cause -- and for good publicity, of course). the only risk here is that someone - or some incorporated association - has to take the risk of putting up the money for the server and the first few months co-lo fees up front. as a commercial venture, it's even easy to see how it could be profitable - you've got low startup costs and low yearly co-location costs. charge $5 or $10 (or perhaps more) per month and you've got enough income to expand the service as needed (i.e. buy more servers and more rack-space) AND make a nice little profit, not enough to retire on but more than enough to pay for itself. provide a good reliable service and you'll keep your customers for years - most people want to keep their email address for as long as possible (forever, if they can). hell, if nobody bothers doing it as a non-profit co-op, i'd be tempted to run it as a commercial service myself. the hardest thing would be screening out spammers from abusing the service - but that may not be such a problem, setting up uucp would be a barrier to entry for most spammersand you could require new subscribers to send a PGP signed scan of a photo id card to prove their identity (just like debian does for new developers). BTW, by using stunnel and openssl you can ssl encrypt the entire uucp session, giving you a secure AND reliable mail service. for a (very brief) mini-howto of how this can be done with taylor uucp and
Re: RBL report..
On Wed, Mar 29, 2000 at 11:16:32PM +0100, [EMAIL PROTECTED] wrote: On Thu, Mar 30, 2000 at 07:58:22AM +1000, Craig Sanders wrote: yep. the DUL lists dynamic (dialup) IPs, it doesn't list static IPs. that's why it's called the MAPS Dialup User List. Unfortunately that is not correct. Both NTL's cablemodems and some of BT's ADSL modems are listed in the DUL. I'm sure it won't effect many people but Alan Cox will probably have problems (after all they are going to be the only options for many people in the UK). read their policy. they explicitly state that if they make a mistake and accidentally list a static IP then they will remove it from the DUL immediately. craig -- craig sanders
Re: RBL report..
On Thu, Mar 30, 2000 at 07:58:22AM +1000, Craig Sanders wrote: On Wed, Mar 29, 2000 at 01:21:52PM -0800, Lawrence Walton wrote: Nils: you still need a DNS named, nope, DUL doesn't care whether you have a DNS entry and a matching reverse lookup. static, yep. the DUL lists dynamic (dialup) IPs, it doesn't list static IPs. that's why it's called the MAPS Dialup User List. route-able IP to be your own host. DUL doesn't care if you are routeable or not (but it's a basic requirement for communicating on the net, anyway) like most of the people arguing against the DUL, you are either wrong in your facts or deliberately spreading misinformation. craig -- craig sanders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] Craig I meant you need those things to have a smtp HOST. You know; to send and recive email, I was not commenting about DUL in any form. So to say I was spreadding FUD is foolish, maybe you could of asked for more information, or asked me to defined the context better. Stow your flamethrower for somthing worthy of setting on fire. : -- *--* Mail: [EMAIL PROTECTED] *--* Voice: 425.739.4247 *--* Fax: 425.827.9577 *--* HTTP://www.otak-k.com/~lawrence/ -- - - - - - - O t a k i n c . - - - - -
Re: RBL report..
On Tue, Mar 28, 2000 at 07:14:58PM +, Alexander Koch wrote: DUL is interesting. I changed my mind on that. I rather say we use it since the amount of spam is certainly increasing the last weeks and DUL is understandable. Craig? obviously, i agree - i've been arguing for us to use the DUL for ages. most of the recent spam would have been blocked by using MAPS RSS (relays.mail-abuse.org), though...and not by MAPS DUL. IMO, we should use both. individually they are quite effective in blocking spam, but they are even better when used together. craig -- craig sanders
Re: RBL report..
On Wed, Mar 29, 2000 at 02:31:50PM -0700, Jason Gunthorpe wrote: On Wed, 29 Mar 2000, Larry Gilbert wrote: Why is murphy.debian.org not adding a Received: header to show where messages are originating? This information is useful when trying to track down actual spammers. Is this being deliberately omitted or does qmail just normally not include this info? This is deliberately removed, we had some problems a year or so ago with the received lines getting too long for some mailers. We are looking at putting them back. Couldn't the original Received: headers be renamed to X-Received: (or something like that; although I could figure out how to make that happen with formail I don't know my mail headers well enough to know if X-Received is already used by something else). -- Nathan Norman Eschew Obfuscation Network Engineer GPG Key ID 1024D/51F98BB7http://home.midco.net/~nnorman/ Key fingerprint = C5F4 A147 416C E0BF AB73 8BEF F0C8 255C 51F9 8BB7 pgpVUXATe6qvd.pgp Description: PGP signature
Re: RBL report..
On Wed, 29 Mar 2000, Lawrence Walton wrote: Nils: you still need a DNS named, static, route-able IP to be your own host. Only for incoming, and with incoming, you decide if you want to use ORBS or not. I'd say most public providers don't use it, for obvious reasons. ORBS only affects you when you send mail, and that you can do from dynamic, too, if need be. Branden: You might consider getting a static. The only way to live, imho. ;-) -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
On Sun, Mar 26, 2000 at 08:56:26PM +1000, Hamish Moffatt wrote: On Sun, Mar 26, 2000 at 02:41:09AM -0800, Joseph Carter wrote: The domain's technical contact. Ideally, yes. In practice, I'd say that's no more likely to work than [EMAIL PROTECTED] a lot less likely. sending to [EMAIL PROTECTED] is the right thing to do as a postmaster account or alias is required by the relevant RFCs. [EMAIL PROTECTED] is the only address which is *required*. all of the other common ones (hostmaster, webmaster, abuse, etc) are either strongly recommended or just common practice/convention. from section 6.3 of RFC-822: 6.3. RESERVED ADDRESS It often is necessary to send mail to a site, without know- ing any of its valid addresses. For example, there may be mail system dysfunctions, or a user may wish to find out a person's correct address, at that site. This standard specifies a single, reserved mailbox address (local-part) which is to be valid at each site. Mail sent to that address is to be routed to a person responsible for the site's mail system or to a person with responsibility for general site operation. The name of the reserved local-part address is: Postmaster so that [EMAIL PROTECTED] is required to be valid. Note: This reserved local-part must be matched without sensi- tivity to alphabetic case, so that POSTMASTER, postmas- ter, and even poStmASteR is to be accepted. this requirement is also mentioned in at least RFC-1123 (Requirements for Internet Hosts -- Application and Support), RFC-1648 (Postmaster Convention for X.400 Operations), and RFC-2142 (MAILBOX NAMES FOR COMMON SERVICES, ROLES AND FUNCTIONS). craig -- craig sanders
Re: RBL report..
On Thu, 30 Mar 2000, Craig Sanders wrote: yep. the DUL lists dynamic (dialup) IPs, it doesn't list static IPs. that's why it's called the MAPS Dialup User List. Well then I have to agree, DUL is bad, because it's near impossible to kill dial-in spammers, except to have their accounts revoked of course. Blocking the IPs is really stupid and ineffective and whoever thought of that bright idea should be given a very big Clue. This however also means it's different enough from ORBS that I completely fail to see how people can throw them in together. -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
On Thu, 30 Mar 2000, Craig Sanders wrote: you were lucky enough to be able to set up something at work. many others will be able to setup something similar. debian developers should have the option of a uucp account from one of the debian servers (trivially easy for us to set up). I think we have been over this in various forms, I don't think we can do it without some complications, it would be inapproriate use of sponsored machines/bandwidth.. It would be better for someone else to provide a service like this. Jason
Re: RBL report..
Nils Jeppe [EMAIL PROTECTED] writes: On Sat, 25 Mar 2000, Jason Gunthorpe wrote: ORBS deserves special mention because of their insane hit count, I don't know what that is about but ORBS would block 10% of the mails we get. I think it is without question that the majority of those blocks are legitimate mails. ORBS is also almost completely inclusive of the RSS and RBL. ORBS blocks all open relays. A lot of people have open relays. Since open relays still do not have any reason for existence other than admin ignorance, the correct way here would be to block all open relays and then fix the mail servers. ORBS really cuts down on spam, the accounts I have protected by ORBS usually only get one type of spam: that is spam resent via mailing lists. ORBS BLOCKS MORE THAN OPEN RELAYS. Sorry to shout, but I've been bitten by ORBS before. It blocks open relays *or machines which relay for open relays*. This means that since my campus's smarthost trusts any machine inside jhu.edu to send mail out (and why shouldn't it?), an open realy anywhere on campus can cause all mail going through the smarthost to be blocked. To repeat: ORBS does not block only mail that came through open relays, it blocks mail that came through servers that have in the past served open relays. It allows a single open relay on a mail network to cause the entire mail network to be blocked. It is to my mind an inordinately severe response to the problem.
Re: RBL report..
On Mon, Mar 27, 2000 at 11:09:42PM -0500, Daniel Martin wrote: ORBS BLOCKS MORE THAN OPEN RELAYS. Sorry to shout, but I've been bitten by ORBS before. It blocks open relays *or machines which relay for open relays*. Yes, it does. I configured all of my exim systems to put warnings in the headers on RBL failures, and configured it to check the MAPS RBL, DUL, RSS and ORBS. ORBS is the most agressive, but every spam I've received in the past two days has failed one of the tests. I have received one legitimate email (from a customer) which failed the ORBS check, so I won't be rejecting based on that. But I see no reason not to reject on RBL (which Debian already does), and probably RSS and DUL too. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: RBL report..
On Mon, 27 Mar 2000, Daniel Martin wrote: ORBS BLOCKS MORE THAN OPEN RELAYS. Sorry to shout, but I've been bitten by ORBS before. It blocks open relays *or machines which relay for open relays*. Which is basically the same. This means that since my campus's smarthost trusts any machine inside jhu.edu to send mail out (and why shouldn't it?), an open realy anywhere on campus can cause all mail going through the smarthost to be blocked. Because you shouldn't relay mail from open relays. Since the problem was identified, block the machine which is local on your campus. Once you fix it, notify ORBS so they will take you out of their list. Relaying mail for open relays effectively makes YOUR SERVER an open relay, too. It HAS to be blocked, because the mail doesn't originate from the real open relay but from the smarthost, and if the smarthost didn't get blocked, it would be really easy to circumvent ORBS. To repeat: ORBS does not block only mail that came through open relays, it blocks mail that came through servers that have in the past served open relays. It allows a single open relay on a mail network to cause the entire mail network to be blocked. It is to my mind an inordinately severe response to the problem. NO IT IS NOT. Spam is evil. Open relays are evil. Close all open relays, they have NO justification for existence. People who like to argue otherwise can get in touch with me, and I will happily let them deal with all Spam I get. ;-) To reiterate, open relays are a serious configuration problem. It's a bug. It's a serious security hole. It has to be fixed. It isn't just a harmless little something, it is costing hundreds of thousands of people all around the world, every day, real money to deal with Spam. ORBS gives you enough time to fix the problem before you get blocked. And if for some reason you cannot fix the open relay, you have to block the open relay from using you as a smarthost. Yes it is that simple. No there is no alternative. Administrators who can not deal with open relays are incompetent fools. Administrators who do not want to deal with open relays are not one iota better than the worst spammers out there. There, I had to say it, now let's close the discussion, ORBS is a reasonable answer to a real problem. Nils -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
On Mon, Mar 27, 2000 at 11:09:42PM -0500, Daniel Martin wrote: ORBS BLOCKS MORE THAN OPEN RELAYS. Sorry to shout, but I've been bitten by ORBS before. It blocks open relays *or machines which relay for open relays*. Yeah... Blacklist this person we've blacklisted or we'll blacklist you. Wonderful tactic. And apparently it's quite effective at getting people to pay attention to their cause of stopping open relays. Crusaders in this war on spam know exactly what they're doing. They must purge the holy land of its heretics at all costs. If a few villages happen to get pillaged and burned... Well, these things happen and the villagers should get better villages. The people who run ORBS are terrorists. And perhaps even worse are the people who actually use ORBS. DUL is immoral sure, but it pales next to the terrorism routinely practiced by ORBS. This means that since my campus's smarthost trusts any machine inside jhu.edu to send mail out (and why shouldn't it?), an open realy anywhere on campus can cause all mail going through the smarthost to be blocked. Don't you know that it is your job to make sure that your campus is locked down? If you can't get some student's relay closed you have an obligation to see that some form of disciplinary action is taken against them or that they are blacklisted by your servers. Those spammers must all die and so must anybody who helps them whether they know they're helping or not! If you can't do it you are scum and everyone at your campus is scum and you don't DESERVE the right to send email to anyone who doesn't like spam! To repeat: ORBS does not block only mail that came through open relays, it blocks mail that came through servers that have in the past served open relays. It allows a single open relay on a mail network to cause the entire mail network to be blocked. It is to my mind an inordinately severe response to the problem. And if an open relay happens to send mail through one smarthost which sends through another which sends through another. It's all for a good cause. The holy land must be purged. Remember that. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 slackware users don't matter. in my experience, slackware users are either clueless newbies who will have trouble even with tar, or they are rabid do-it-yourselfers who wouldn't install someone else's pre-compiled binary even if they were paid to do it.
Re: RBL report..
On Tue, Mar 28, 2000 at 06:16:43PM +1000, Hamish Moffatt wrote: I have received one legitimate email (from a customer) which failed the ORBS check, so I won't be rejecting based on that. But I see no reason not to reject on RBL (which Debian already does), and probably RSS and DUL too. That roughly matches my experience - ORBS blocks far too much to use in more than an advisory manner, but the other RBLs don't create any problem. Of course, neither of us sees the traffic Debian is seeing and that's what any decision needs to be based upon. -- Mark Brown mailto:[EMAIL PROTECTED] (Trying to avoid grumpiness) http://www.tardis.ed.ac.uk/~broonie/ EUFShttp://www.eusa.ed.ac.uk/societies/filmsoc/
Re: RBL report..
On Tue, 28 March 2000 17:03:56 +0100, Mark Brown wrote: That roughly matches my experience - ORBS blocks far too much to use in Did anyone say above.net? ORBS swamped Germany half a year ago with mails, some big ISPs are still in the ORBS database for 1000+ business customers are not really easy to control. They gave one week to fix it all and that was a bad joke. It was found out afterwards there was a port scan for some thousands of host by some .dk ppl. Bad luck, sure, but the XXX with them, imnsho. DUL is interesting. I changed my mind on that. I rather say we use it since the amount of spam is certainly increasing the last weeks and DUL is understandable. Craig? Alexander -- Alexander Koch - - WWJD - aka Efraim - PGP 0xE7694969 - ARGH-RIPE
Re: RBL report..
On Tue, 28 Mar 2000, Alexander Koch wrote: DUL is interesting. I changed my mind on that. I rather say we use it since the amount of spam is certainly increasing the last weeks and DUL is understandable. Yes there is more spam, but I've been looking and I haven't seen that much (if any at all) would be blocked by DUL. Jason
Re: RBL report..
* Joseph Carter ([EMAIL PROTECTED]) [000326 16:45]: On Sun, Mar 26, 2000 at 04:00:54PM +0200, Nils Jeppe wrote: Given every report I've heard to the contrary, I'm not sure I believe that. I've also been told that there are cases where their tests produce false positives. I don't see how you can create a false positive on a relay test. Either the message gets through, and you're an open relay, or it doesn't, and you're fine. It's quite simple, really. Or it appears to have been accepted and goes nowhere. I've seen a setup or two like this specifically for the purposes of tracking who was trying to use the relay... Nope, this can't happen with ORBS. They definitely check that. They figure out wether you are dropping their testmails or relay them. Mike
Re: RBL report..
On Sun, Mar 26, 2000 at 11:05:40AM +0200, Nils Jeppe wrote: On Sat, 25 Mar 2000, Jason Gunthorpe wrote: * Note, once a site is listed in one of these RBLs it becomes impossible for a user to unsubscribe from our lists - no matter what they do they will never be able to communicate a bounce or a unsubscribe request - this is pretty bad. Hmmm actually, I use Exim, and Exim has a way to configure exceptions from RBL blocks. So you could enter an unsubscribe-alias-email-address into these exceptions. I have M4's for sendmail that address this problem as well, and have packaged them... One M4 allows you to select (based on the recipient address) which of the four tests to run for blockage. Another M4, allows you to select (based on the recipient address) which of the four tests to run for inserting X-Spam-* headers. -smj
Re: RBL report..
-BEGIN PGP SIGNED MESSAGE- It is rumored that on 26-Mar-2000 Nils Jeppe wrote: On Sun, 26 Mar 2000, Mark Brown wrote: ORBS also blacklist sites for other reasons, such as if their probes are firewalled out. This will, for example, catch sites that automatically firewall out sites that attempt to relay through them - the site notices the first check, blocks the rest and gets added to the list. Well I didn't know that, however, that's a pretty redundant thing to do - afterall, you can just disable relaying alltogether and be done with it. ;-) If you are on a 64K line and get hit by a spam blast from some well known providers only the rejects fill your line completely. Unfortunately I have seen this quite afew times and been hit a few years ago by it a few times. So this is actually a good policy. Though if you are smart enough to configure something like this yous hould be smart enough to make it avoid the orbs wrath ;-) [snip] - -- Anton R. Ivanov IP Engineer Level3 Communications RIPE: ARI2-RIPE E-Mail: Anton Ivanov [EMAIL PROTECTED] @*** Sociology's Iron Law of Oligarchy *** In every organized activity, no matter the sphere, a small number will become the oligarchial leaders and the others will follow. - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iQEVAwUBON9JjilWAw/bM84zAQEk9AgAjvcaQWoFX9GvpwgYlitlrektqR4OuhYR jgvOWv+hU5IoYpNun9tUeEVbpuhckQqNpLtDoC7OX6lpk7Uim5jKiq3WtTN/LAEg 3u9VJbIydyEI8LUGTruFz5Fl5gaHrF2B1ILPNxcfPK1FVywBXVfM3Rx5CYbH9P8W tcfnpTfS1lX6hiiA0hwPFfiavDe5cAHELKLQczgur1PVfBZdBuYhobfwuMFIEn1T U2dQaBrOmaTzAxh7B6XGkOZ6XcasEENBi5VoqLhd/rK0TTsrhx8/VWGktnjT3Mwi 9qRT1pOfn/cZRdt3qu+B6n+7o2jBHXksSoDVBCuDs+Pob1tfT0udzQ== =531T -END PGP SIGNATURE-
Re: RBL report..
-BEGIN PGP SIGNED MESSAGE- It is rumored that on 26-Mar-2000 Hamish Moffatt wrote: On Sun, Mar 26, 2000 at 02:41:09AM -0800, Joseph Carter wrote: The domain's technical contact. Ideally, yes. In practice, I'd say that's no more likely to work than [EMAIL PROTECTED] I've seen NIC entries with technical contacts called NOC Administrator [EMAIL PROTECTED]; do you think hotmail addresses should be acceptable for domain contacts? I don't but apparently Yes. Think of the case when you are out of connectivity and have to change to new dns servers and your auth scheme happens to be mail from:. If your email was from non-neutral ground you would have had to deal with internic personally. Though after the invention of auth-DES and other more sane auth schemes at the registries this is no longer the case but quite a lot of people still keep their info using an off-site address. ;-) [snip] - -- Anton R. Ivanov IP Engineer Level3 Communications RIPE: ARI2-RIPE E-Mail: Anton Ivanov [EMAIL PROTECTED] @*** Uhlmann's Razor *** When stupidity is a sufficient explanation, there is no need to have recourse to any other. Corollary: It seemed like the thing to do at the time. - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iQEVAwUBON9LailWAw/bM84zAQEjpwf/YuatKapv0VN6mC4xZnO0FJ7JP9BlddDQ dPhUrN+yffECHptkYYHcuPnVFhhiScZboqEarWnWdUGaswIwpXNO/ROxKJWNlb1h 08z0vIlVRVfw5Vx4eAKpRLRpDlh2vo2qkdmzHLk5dk+KDCv/AEIyyxPqmCyXCUuQ xnVaDt0blmhxy+wA0LV91WVhh4JjGB4D72wf9RhmHcwGJMuOIhv3UIQM8Dx9nCkf bD+zT80w95G9LZfsIaoem7EMWl8FnZsOZgtPuL7zf0IbgaeZkfPkrr9Sv9VDDFd1 q89g/4BhDP3XOn4+rSrWYvRm6yjPz5OReVjg8bc9fWFrVT8/uR8+0w== =yVvu -END PGP SIGNATURE-
Re: RBL report..
Nils Jeppe wrote: ORBS blocks all open relays. A lot of people have open relays. Since open relays still do not have any reason for existence other than admin ignorance, the correct way here would be to block all open relays and then fix the mail servers. ORBS really cuts down on spam, the accounts I have protected by ORBS usually only get one type of spam: that is spam resent via mailing lists. Right, and any debian mail server that comes configured as an open relay should have an important bug filed on it. So long as we default to closed relays on all mailers in debian, I see little problem with using ORBS. -- see shy jo
RBL report..
Okay, since everyone really desperately wants to know, I ran the numbers on the effectiveness of RBL, RSS, DUL and ORBS against the mail intake for lists.debian.org. All of this is theoretical and done offline against the log file, we are blocking only via RBL (and now RSS) The period of analysis was 1 week. Stat #1 Of 3054 unique IPs 386 are in one of the RBL's, the breakdown is: RBL - 16 RSS - 45 DUL - 49 [17 rcn.com, 14, psi.net] ORBS - 314 Comparing connections it is found that 3970 out of 40236 connection attempts would have been blocked. This can be roughly considered to be 3970 emails blocked. Stat #2 Cross referencing the IP list against the bad bounce log shows 13 IPs. These are highly likely to be legitimate emails. Stat #3 Cross referencing the IP list against the content filtered spam log shows 0 hits [not surprising, this log is very small]. Stat #4 Taking the list of all subscriber domains and substring matching this against the list (loosly, check for people who are blocked but subscribed to the list) gives 226 matches. Breakdown: RBL - 1 RSS - 12 DUL - 26 ORBS - 196 The RBL and RSS hits show a very good chance of actually being legitimate list subscribers : It is impossible to tell with DUL if the host is a subscriber on a modem or something else. ORBS is to prolific to check by hand. Stat #5 Collecting IPs from all recived and relayed (ie good) list mail and corellating gives 28 matches. Breakdown: RBL - 0[Expected, we are banning RBL] RSS - 1 DUL - 18 [17 from a single user on rcn.com] ORBS - 10 Note, during the 1 week period I estimate that no more than 5 unique spams were recieved. May of the spams were sent to all lists. Also note that aliases like [EMAIL PROTECTED] are not covered by these stats. There seems to be a huge mismatch between messages accounted for and messages taken in, I think these are due to sucessfully processed bounces by the list software, which do not get logged [?] Conclusions I have been unable to conclusively show that any of the RBLs are actually reducing spam, but I have positively confirmed that they *all* (save RBL which I cannot check since we block on it) would result in legitimate messages being blocked. ORBS deserves special mention because of their insane hit count, I don't know what that is about but ORBS would block 10% of the mails we get. I think it is without question that the majority of those blocks are legitimate mails. ORBS is also almost completely inclusive of the RSS and RBL. DUL would seem to effect at most maybe 10 people, but it hasn't actually been shown to stop any spam - so this needs more investigation. DUL has a policy that many people find objectional. A perusal of the DUL ips all suggest they are *all* modems which is a really selective filter swath. No DSL or Cable IPs appear to be listed! RBL has not been conclusively shown to stop spam, but it has such a low impact (3 uniq hits each day) that we use it anyhow. RSS has been observed to list the occasional spam, this is expected since they respond to spammer activity - but it is also shown that it will effect at least 1-2 people. * Note, once a site is listed in one of these RBLs it becomes impossible for a user to unsubscribe from our lists - no matter what they do they will never be able to communicate a bounce or a unsubscribe request - this is pretty bad. Jason
Re: RBL report..
On Sat, Mar 25, 2000 at 11:28:24PM -0700, Jason Gunthorpe wrote: A perusal of the DUL ips all suggest they are *all* modems which is a really selective filter swath. No DSL or Cable IPs appear to be listed! Well, I don't know about the US, but I suspect that's because you can have a dialup account in just a few minutes on the phone or the web, but DSL or cable requires special hardware and there are few providers. Here in Melbourne we have two cable providers and no DSL providers at all; you'd quickly run out of cable providers to spam through :-) Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: RBL report..
* Jason Gunthorpe ([EMAIL PROTECTED]) [000326 08:45]: [...] ORBS - 314 Comparing connections it is found that 3970 out of 40236 connection attempts would have been blocked. This can be roughly considered to be 3970 emails blocked. [...] ORBS deserves special mention because of their insane hit count, I don't know what that is about but ORBS would block 10% of the mails we get. I think it is without question that the majority of those blocks are legitimate mails. ORBS is also almost completely inclusive of the RSS and RBL. ORBS has a slightly different (broader and maybe better) goal then the the others. It actively scans the net for open mail relays, warns the operators of these machines multiple times with exact descriptions of what they are doing, trying to accomplish (ie closing open mail relays) which problems have been found, how to fix them (plus necessary pointers to other sites) and how to get of the list. Only then the machine is added to the list. Mike
Re: RBL report..
On Sat, 25 Mar 2000, Jason Gunthorpe wrote: ORBS deserves special mention because of their insane hit count, I don't know what that is about but ORBS would block 10% of the mails we get. I think it is without question that the majority of those blocks are legitimate mails. ORBS is also almost completely inclusive of the RSS and RBL. ORBS blocks all open relays. A lot of people have open relays. Since open relays still do not have any reason for existence other than admin ignorance, the correct way here would be to block all open relays and then fix the mail servers. ORBS really cuts down on spam, the accounts I have protected by ORBS usually only get one type of spam: that is spam resent via mailing lists. * Note, once a site is listed in one of these RBLs it becomes impossible for a user to unsubscribe from our lists - no matter what they do they will never be able to communicate a bounce or a unsubscribe request - this is pretty bad. Hmmm actually, I use Exim, and Exim has a way to configure exceptions from RBL blocks. So you could enter an unsubscribe-alias-email-address into these exceptions. Nils -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
On Sun, Mar 26, 2000 at 10:49:09AM +0200, Michael Neuffer wrote: ORBS deserves special mention because of their insane hit count, I don't know what that is about but ORBS would block 10% of the mails we get. I think it is without question that the majority of those blocks are legitimate mails. ORBS is also almost completely inclusive of the RSS and RBL. ORBS has a slightly different (broader and maybe better) goal then the the others. It actively scans the net for open mail relays, warns the operators of these machines multiple times with exact descriptions of what they are doing, trying to accomplish (ie closing open mail relays) which problems have been found, how to fix them (plus necessary pointers to other sites) and how to get of the list. Only then the machine is added to the list. ORBS has a tendancy to not take the time to make sure their messages go to the right places and then they are very slow to take sites off the list after problems are fixed. ie, to them making sure spam never happens is more important than what damage they cause in hte process. I rate them in with the DUL. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 Knghtbrd you know, Linux needs a platform game starring Tux Knghtbrd kinda Super Marioish, but with Tux and things like little cyber bugs and borgs and that sort of thing ... Knghtbrd And you have to jump past billgatus and hit the key to drop him into the lava and then you see some guy that looks like a RMS or someone say Thank you for rescuing me Tux, but Linus Torvalds is in another castle!
Re: RBL report..
On Sun, 26 Mar 2000, Joseph Carter wrote: ORBS has a tendancy to not take the time to make sure their messages go to the right places and then they are very slow to take sites off the list after problems are fixed. afaik, ORBS sends to [EMAIL PROTECTED] What other right place could there be? And taking people off the list is automatic. Fix it, enter the IP in their form, it gets re-cehcekd and taken off the list. Works like a charm. ie, to them making sure spam never happens is more important than what damage they cause in hte process. I rate them in with the DUL. If people configured their servers correctly, they'd never get on the list. ;-) Also, ORBS allows for I think 3-5 days warning in advance, which is sufficient to fix a server. Nils -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
Nils Jeppe [EMAIL PROTECTED] writes: And taking people off the list is automatic. Fix it, enter the IP in their form, it gets re-cehcekd and taken off the list. Works like a charm. My recent experience with ORBS backs this up. If people configured their servers correctly, they'd never get on the list. ;-) Also, ORBS allows for I think 3-5 days warning in advance, which is sufficient to fix a server. postmaster at a host I co-admin got mail from ORBS a few days before Christmas of 1999. We were given four weeks to fix our open relay, plenty of logs and a reasonable amount of help from the ORBS website on how to fix it. The only difficult part was finding how to upgrade our mailserver! Having been on the nasty end of the ORBS stick, I still give it a thumbs-up. jason -- \ _/__ ``I need every braincell blazing \X / to fight my invisible enemies!'' \/
Re: RBL report..
On Sun, Mar 26, 2000 at 11:15:42AM +0200, Nils Jeppe wrote: ORBS has a tendancy to not take the time to make sure their messages go to the right places and then they are very slow to take sites off the list after problems are fixed. afaik, ORBS sends to [EMAIL PROTECTED] What other right place could there be? The domain's technical contact. And taking people off the list is automatic. Fix it, enter the IP in their form, it gets re-cehcekd and taken off the list. Works like a charm. Uh, I can find at least one site real quickly whose admin will tell you that he got a message from ORBS, fixed the problem, was blacklisted anyway, and it took him a month to get off that list even though the problem was fixed days before they blacklisted him. ie, to them making sure spam never happens is more important than what damage they cause in hte process. I rate them in with the DUL. If people configured their servers correctly, they'd never get on the list. ;-) Also, ORBS allows for I think 3-5 days warning in advance, which is sufficient to fix a server. Given every report I've heard to the contrary, I'm not sure I believe that. I've also been told that there are cases where their tests produce false positives. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 Knghtbrd it's too bad most old unices turned out y2k compliant Knghtbrd because it means people will STILL BE RUNNING THEM in 30 years =p Knghtbrd it would have been so much nicer if y2k effectively killed off hpux, aix, sunos, etc ; Espy Knghtbrd: since when are PH-UX, aches, and solartus old?
Re: RBL report..
On Sun, Mar 26, 2000 at 02:41:09AM -0800, Joseph Carter wrote: The domain's technical contact. Ideally, yes. In practice, I'd say that's no more likely to work than [EMAIL PROTECTED] I've seen NIC entries with technical contacts called NOC Administrator [EMAIL PROTECTED]; do you think hotmail addresses should be acceptable for domain contacts? I don't but apparently Network Solutions don't mind. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: RBL report..
In article [EMAIL PROTECTED], Joseph Carter [EMAIL PROTECTED] wrote: Uh, I can find at least one site real quickly whose admin will tell you that he got a message from ORBS, fixed the problem, was blacklisted anyway, and it took him a month to get off that list even though the problem was fixed days before they blacklisted him. I can find several sites who swear they fixed their relaying problem properly when in fact they didn't. Especially multi-server relaying is a concept that is hard to grasp for quite a few admins Mike. -- Windows never had any potential for soundness or beauty. If you decide to build a motorcycle, and you start with a bathtub, no good will ever come of it. -- Anonymous Coward
Re: RBL report..
On Sun, Mar 26, 2000 at 11:05:40AM +0200, Nils Jeppe wrote: ORBS blocks all open relays. A lot of people have open relays. Since open relays still do not have any reason for existence other than admin ignorance, the correct way here would be to block all open relays and ORBS also blacklist sites for other reasons, such as if their probes are firewalled out. This will, for example, catch sites that automatically firewall out sites that attempt to relay through them - the site notices the first check, blocks the rest and gets added to the list. -- Mark Brown mailto:[EMAIL PROTECTED] (Trying to avoid grumpiness) http://www.tardis.ed.ac.uk/~broonie/ EUFShttp://www.eusa.ed.ac.uk/societies/filmsoc/ pgph7wmXnQhuf.pgp Description: PGP signature
Re: RBL report..
On Sun, 26 Mar 2000, Mark Brown wrote: ORBS also blacklist sites for other reasons, such as if their probes are firewalled out. This will, for example, catch sites that automatically firewall out sites that attempt to relay through them - the site notices the first check, blocks the rest and gets added to the list. Well I didn't know that, however, that's a pretty redundant thing to do - afterall, you can just disable relaying alltogether and be done with it. ;-) -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
On Sun, 26 Mar 2000, Joseph Carter wrote: afaik, ORBS sends to [EMAIL PROTECTED] What other right place could there be? The domain's technical contact. Might be a good idea to do this in addition to [EMAIL PROTECTED], but I fail to see where this is better - Most domains have quite nonsensical hostmaster tech-c's. Uh, I can find at least one site real quickly whose admin will tell you that he got a message from ORBS, fixed the problem, was blacklisted anyway, and it took him a month to get off that list even though the problem was fixed days before they blacklisted him. Yeah well they probably did NOT fix the problem, then. Given every report I've heard to the contrary, I'm not sure I believe that. I've also been told that there are cases where their tests produce false positives. I don't see how you can create a false positive on a relay test. Either the message gets through, and you're an open relay, or it doesn't, and you're fine. It's quite simple, really. -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
On 26 Mar 2000, Jason Henry Parker wrote: postmaster at a host I co-admin got mail from ORBS a few days before Christmas of 1999. We were given four weeks to fix our open relay, plenty of logs and a reasonable amount of help from the ORBS website on how to fix it. The only difficult part was finding how to upgrade our mailserver! Four weeks? Did they change this? When we got blacklisted coz a customer (open relay) used us as a smart host, they gave us four days ;-). Having been on the nasty end of the ORBS stick, I still give it a thumbs-up. Yeah, me too. They're competent, cool people, and their system works in almost totally eleminating spam, unlike the other RBLs out there. Plus, they're not a blackhole. We had one case where an upstream provider used one of those to block IP traffic - to Real.Com. Now that's overkill. But blocking mail traffic from open relays is perfectly acceptable. -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
On Sun, 26 Mar 2000, Joseph Carter wrote: Or it appears to have been accepted and goes nowhere. I've seen a setup or two like this specifically for the purposes of tracking who was trying to use the relay... Just check your reject log for ip adresses ;-) If someone has some weird setup like that they can blame no-one but themselves. ;) Besides, as a deliberate setup, this is probably the exception. Unfortunately, it demonstrates that ORBS is a little more indiscriminant than perhaps is good. Yes; because innocent people do get caught in the middle of it. But it's the only method to fight open relays. I've said it before and I'll say it again, there is no reason for relays to be open. Just because half the admins out there are too incompetent to take care of their mail servers doesn't justify why the rest of the net has to wade through floods of spam ;-) When I have to chose between using ORBS or sorting out 20-30 spams a day, I'll happily use ORBS. The innocent people getting caught should change to an ISP who has competent admins, or bug their ISP to fix the problem already. Nils -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
On Sun, 26 Mar 2000, Joseph Carter wrote: On Sun, Mar 26, 2000 at 04:00:54PM +0200, Nils Jeppe wrote: Given every report I've heard to the contrary, I'm not sure I believe that. I've also been told that there are cases where their tests produce false positives. This used to be true. The new tests won't false-positive anymore. I don't see how you can create a false positive on a relay test. Either the message gets through, and you're an open relay, or it doesn't, and you're fine. It's quite simple, really. Or it appears to have been accepted and goes nowhere. I've seen a setup or two like this specifically for the purposes of tracking who was trying to use the relay... The failure in a test is now triggered (AFAIK) by the _receipt_ of the probe message in the _target_ address. This allows for no false-positives by the test suite. ORBS is the only thing which is capable of keeping the spam low enough to be acceptable in my home account :-( It doesn't help that spammers have haversted the debian BTS (either the WWW pages or the ML, I don't know) for addresses to spam, either. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: RBL report..
On Sun, Mar 26, 2000 at 04:34:37PM +0200, Nils Jeppe wrote: Unfortunately, it demonstrates that ORBS is a little more indiscriminant than perhaps is good. Yes; because innocent people do get caught in the middle of it. But it's the only method to fight open relays. I've said it before and I'll say it again, there is no reason for relays to be open. Just because half the admins out there are too incompetent to take care of their mail servers doesn't justify why the rest of the net has to wade through floods of spam ;-) The point exactly.. If RBL or RSS blacklists someone, it's a known spammer or a site which has refused to act against spammers abusing their systems. In these instances, the blacklisting happens as a last resort. DUL and ORBS both seem to think they need to punish anyone whose config or origin does not meet their standards (or as someone else noted in the case of ORBS, if they are unable to test you..) There are those who believe such far-reaching pre-emptive strikes against spammers are warranted. I'm not one of them. I believe DUL and ORBS are only making the problems worse by resorting to fighting dirty without regard for the innocent users. These people are typified by Craig Sanders who has said on many occasions now in several forums that people who don't like or are hurt by such blacklists should simply get a better ISP---as if a lot of people even had a choice! Can't make an omelette without breaking some eggs right? That sort of uncaring attitude shows exactly how unethical that view (and IMO the people who hold it) are. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 !netgod:*! time flies when youre using linux !doogie:*! yeah, infinite loops in 5 seconds. !Teknix:*! has anyone re-tested that with 2.2.x ? !netgod:*! yeah, 4 seconds now
Re: RBL report..
On Sun, 26 Mar 2000, Joseph Carter wrote: The point exactly.. If RBL or RSS blacklists someone, it's a known spammer or a site which has refused to act against spammers abusing their systems. In these instances, the blacklisting happens as a last resort. But you can't keep up with the amount of spam out there. DUL and ORBS both seem to think they need to punish anyone whose config or origin does not meet their standards (or as someone else noted in the case of ORBS, if they are unable to test you..) I don't know anything about DUL. ORBS lists people who run open relays, which is a known and real problem. There are those who believe such far-reaching pre-emptive strikes against spammers are warranted. I'm not one of them. I believe DUL and ORBS are only making the problems worse by resorting to fighting dirty without regard for the innocent users. So don't use ORBS on your machines. As for fighting dirty, I think it could also be argued that blocking relay-checks is fighting dirty. By having an open relay, these admins cause a great deal of damage. The bandwidth that spam eats up alone every day must be immense, world wide. These people are typified by Craig Sanders who has said on many occasions now in several forums that people who don't like or are hurt by such blacklists should simply get a better ISP---as if a lot of people even had a choice! Can't make an omelette without breaking some eggs right? That sort of uncaring attitude shows exactly how unethical that view (and IMO the people who hold it) are. I care a great deal, that's why I take a look at the greater picture. And in the long run, everybody is better off if all relays are closed. -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
Nils Jeppe [EMAIL PROTECTED] writes: On Sun, 26 Mar 2000, Mark Brown wrote: ORBS also blacklist sites for other reasons, such as if their probes are firewalled out. This will, for example, catch sites that automatically firewall out sites that attempt to relay through them - the site notices the first check, blocks the rest and gets added to the list. Well I didn't know that, however, that's a pretty redundant thing to do - afterall, you can just disable relaying alltogether and be done with it. ;-) It's just an illustration of the problems of attempting to enforce your preferred policies upon others. -- Craig Brozefsky [EMAIL PROTECTED] Free Scheme/Lisp Software http://www.red-bean.com/~craig Hiding like thieves in the night from life, illusions of oasis making you look twice. -- Mos Def and Talib Kweli
Re: RBL report..
On 26 Mar 2000, Craig Brozefsky wrote: It's just an illustration of the problems of attempting to enforce your preferred policies upon others. I'd call it self-defense, really. -- Kif, if there's one thing I don't need it's your 'I don't think that's wise' attitude. --- Zap Brannigan
Re: RBL report..
On Sun, 26 Mar 2000, Michael Neuffer wrote: * Jason Gunthorpe ([EMAIL PROTECTED]) [000326 08:45]: [...] ORBS - 314 Comparing connections it is found that 3970 out of 40236 connection attempts would have been blocked. This can be roughly considered to be 3970 emails blocked. [...] ORBS deserves special mention because of their insane hit count, I don't know what that is about but ORBS would block 10% of the mails we get. I think it is without question that the majority of those blocks are legitimate mails. ORBS is also almost completely inclusive of the RSS and RBL. ORBS has a slightly different (broader and maybe better) goal then the the others. It actively scans the net for open mail relays, This is misleading. What ORBS does is *test* mail servers to ensure that it *is* an open relay, before adding the relay's address to the list. They do NOT (according to the web page) scan the net for open relays. Rather, the list is generated solely from reports (via web or email) from folks that have been spammed. warns the operators of these machines multiple times with exact descriptions of what they are doing, trying to accomplish (ie closing open mail relays) which problems have been found, how to fix them (plus necessary pointers to other sites) and how to get of the list. Only then the machine is added to the list. However, if a relay remains in their list for some time (I forget how long, but it's on the order of a month or two), the address is moved on to a public list of open relays. Presumably, the spammers know about this list, so the probability of being used as a spam relay increases immensely as time goes on. -Steve
Re: RBL report..
Nils Jeppe [EMAIL PROTECTED] writes: Four weeks? Did they change this? When we got blacklisted coz a customer (open relay) used us as a smart host, they gave us four days ;-). All I can report is my experience. I got four weeks. Yeah, me too. They're competent, cool people, and their system works in almost totally eleminating spam, unlike the other RBLs out there. I don't use ORBS, but I'd be happy to. My experience with them showed them to be quick to respond to requests, but at the same time unyielding in their policy, no matter what (kind of like Star Trek, really). If I set up a mailhost again, I'll be running it past ORBS when I think I have it ready to test for open relays; it looked to me as though they had a very good suite of tests. jason -- \ _/__ ``I need every braincell blazing \X / to fight my invisible enemies!'' \/