Re: orbs
On Thu, Jul 19, 2001 at 10:22:24AM -0400, Kurth Bemis wrote: does any one know why orbs is offline? ORBS is closed due to legal problems. There were a thread a few weeks ago here. -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: orbs
On Thu, Jul 19, 2001 at 10:22:02AM -0400, Kurth Bemis wrote: does any one know why orbs is offline? It appears to be because of a) legal troubles and b) the fact that Alan Brown has sold his ISP business. It is highly unlikely at this point that it will ever come back. It has been down, by the way, since early June. If you are still running rblsmtpd querying any of the ORBS lists, be warned: - The lists are no longer being maintained. The information in those list is *fast* becoming outdated; as time passes, you will be rejecting mail from more and more hosts that are not open relays. - The volunteers who provided DNS service to orbs.org are now seeing a significant increase in bandwidth usage because of the way the orbs lists were shut down. One of them has already turned to answering *every* ORBS request with an A and TXT record; this will lead to loss of _at least_ 1/10th of the mail at hosts still using ORBS. It is possible that others will start doing the same; in which case you will lose even more mail. Stop querying the ORBS lists; you're just wasting your own and others' resources. And if you switch to one of the other DNSBL's, please make sure you keep up with the various anti-spam forums. Most of these services are provided for free; making sure you don't waste the resources is the least you can do. Vince.
RE: orbs
There are three new ORBS forks. http://www.orbl.org/ http://www.orbz.gst-group.co.uk/orbs/ http://www.ordb.org/ -Original Message- From: Vincent Schonau [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 19, 2001 11:13 AM To: [EMAIL PROTECTED] Subject: Re: orbs On Thu, Jul 19, 2001 at 10:22:02AM -0400, Kurth Bemis wrote: does any one know why orbs is offline? It appears to be because of a) legal troubles and b) the fact that Alan Brown has sold his ISP business. It is highly unlikely at this point that it will ever come back. It has been down, by the way, since early June. If you are still running rblsmtpd querying any of the ORBS lists, be warned: - The lists are no longer being maintained. The information in those list is *fast* becoming outdated; as time passes, you will be rejecting mail from more and more hosts that are not open relays. - The volunteers who provided DNS service to orbs.org are now seeing a significant increase in bandwidth usage because of the way the orbs lists were shut down. One of them has already turned to answering *every* ORBS request with an A and TXT record; this will lead to loss of _at least_ 1/10th of the mail at hosts still using ORBS. It is possible that others will start doing the same; in which case you will lose even more mail. Stop querying the ORBS lists; you're just wasting your own and others' resources. And if you switch to one of the other DNSBL's, please make sure you keep up with the various anti-spam forums. Most of these services are provided for free; making sure you don't waste the resources is the least you can do. Vince.
Re: orbs
On Thu, Jul 19, 2001 at 06:12:37PM +0200, Vincent Schonau wrote: And if you switch to one of the other DNSBL's, please make sure you keep up with the various anti-spam forums. Most of these services are provided for free; making sure you don't waste the resources is the least you can do. Yes, very good point. For example, beginning Aug 1 of this year, mail-abuse.org (that's the original RBL, MAPS and DUL) will begin charging for access to their DNS servers. If you don't have an account set-up with them before then, you will lose access to them. orbl.org seems to a popular replacement for orbs.org and MAPS. jon
Re: orbs
As I understand it they were shutdown because the ISP was hosting them had made a mandate that ORBS alert systems administrators BEFORE testing thier servers for open relay - Original Message - From: Kurth Bemis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, July 19, 2001 10:22 AM Subject: orbs does any one know why orbs is offline? ~kurth
Re: ORBS, and RFC-ignorant blacklists
On Tue, Jun 05, 2001 at 08:00:00AM +0200, Piotr Kasztelowicz wrote: On Mon, 4 Jun 2001, Alex Pennace wrote: Can you please get over this? The evidence you posted last year was flawed, it did not link ORBS to a few probes from Romania. You have no proof that ORBS is somehow worse than any other list of IPs. 1) My host was by me secured (qmail+tcpserver with no open relay) but A. Brown hasn't removed me form his list So tell us your IP and show it is being listed by ORBS, so we can see for ourselves if this is true. 2) The hacking proof was repeated each time, when tester was active with performing with test Ofcourse. 3) Each hacker can read and such list are for his the great direction, where seek. Problem was, that in this time this server was already secured and all was written to logs No, not each hacker can read the list. Only hosts that have been relays for over 30 days get in a publicly-available list, because relays that stay open that long probably will never get fixed. 4) With A. Brown was no discussion. I have asked him to break test but he has me adviced to turn off my server ORBS can be configured to 'ignore' your netblock, and I've never seen Alan be unwilling to do so for anybody. 5) I have blocked my server with command to tcpserver =.nl:deny and since this time all hacking proof has been finished and no longer has been reported. Since this time all problems with them has been finished The ORBS tester does not have a reverse that ends in .nl. I'm very happy thaht NZ Court has been this same opinion as I. You are also confused about the courtcase, apparently. Greetz, Peter.
Re: ORBS, and RFC-ignorant blacklists
On Tue, Jun 05, 2001 at 07:59:38AM +0200, Piotr Kasztelowicz wrote: On Mon, 4 Jun 2001, Alex Pennace wrote: Can you please get over this? The evidence you posted last year was flawed, it did not link ORBS to a few probes from Romania. You have no proof that ORBS is somehow worse than any other list of IPs. 1) My host was by me secured (qmail+tcpserver with no open relay) but A. Brown hasn't removed me form his list That's a valid complaint. 2) The hacking proof was repeated each time, when tester was active with performing with test The ORBS tester is not engaging in any form of computer trespass. If you don't want people connecting to your SMTP service, take steps to remove it from the public Internet. 3) Each hacker can read and such list are for his the great direction, where seek. Problem was, that in this time this server was already secured and all was written to logs Publishing a list of IPs is not a crime. 4) With A. Brown was no discussion. I have asked him to break test but he has me adviced to turn off my server Interesting. 5) I have blocked my server with command to tcpserver =.nl:deny and since this time all hacking proof has been finished and no longer has been reported. Since this time all problems with them has been finished I'm very happy thaht NZ Court has been this same opinion as I. The NZ court action has nothing to do with computer trespass if I'm not mistaken.
Re: ORBS, and RFC-ignorant blacklists
On Tue, 5 Jun 2001, Peter van Dijk wrote: So tell us your IP and show it is being listed by ORBS, so we can see for ourselves if this is true. Now it is not possible, because the ORBS is closed The host is sun.lodz.ptkardio.pl [212.51.193.152] relays that stay open that long probably will never get fixed. Since September 2000 relay open has been fixed by me on Dane Bernstein software - qmail, tcpserver. A. Brown will not remove me from list. This is clear, that ORBS uses others, that objectives criteria. ORBS can be configured to 'ignore' your netblock, and I've never seen Alan be unwilling to do so for anybody. NZ Court, as we have heard don't let him do to. I'm the Vicepresident of Polish Medical Internet Society and this same work at security and quality of Polish medical servers. I work as consultant. My statement is clear. Each use SMTP on server, which don't lead to sent or receive mail without a permission of administrator should be taken as inappropriate activity and illegal by any law. I have made many such expertises and in each case do to the law effects. Therefore I don't wonder that NZ High Court take the injunction to remove ORBS list The ORBS tester does not have a reverse that ends in .nl. Dec 4 23:39:09 sun smtp: tcpserver: deny 29386 :212.51.193.152:25 relaytest.orbs.vuurwerk.nl:194.178.232.55::2991 As you can see netblock is effective. Best Wishes Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
[OT] [useless thread] Re: ORBS, and RFC-ignorant blacklists
On Tue, Jun 05, 2001 at 01:29:59PM +0200, Piotr Kasztelowicz wrote: On Tue, 5 Jun 2001, Peter van Dijk wrote: Now it is not possible, because the ORBS is closed The host is sun.lodz.ptkardio.pl [212.51.193.152] relays that stay open that long probably will never get fixed. Since September 2000 relay open has been fixed by me on Dane Bernstein software - qmail, tcpserver. A. Brown will not remove me from list. This is clear, that ORBS uses others, that objectives criteria. You have shown us no proof. That you are unable to for external reasons is too bad, but I suggest that you do not claim the above until you can show us proof. NZ Court, as we have heard don't let him do to. I'm the Vicepresident of Polish Medical Internet Society and this same work at security and quality of Polish medical servers. I work as consultant. My statement So people *pay* you to do silly things like block all of .nl? [snip] The ORBS tester does not have a reverse that ends in .nl. Dec 4 23:39:09 sun smtp: tcpserver: deny 29386 :212.51.193.152:25 relaytest.orbs.vuurwerk.nl:194.178.232.55::2991 As you can see netblock is effective. It indeed effectively blocks .nl hosts. The orbs-tester, however, is not an .nl host. It was back in december, as you clearly demonstrate, but it isn't now. Greetz, Peter.
Re: [OT] [useless thread] Re: ORBS, and RFC-ignorant blacklists
On Tue, 5 Jun 2001, Peter van Dijk wrote: You have shown us no proof. That you are unable to for external reasons is too bad, but I suggest that you do not claim the above until you can show us proof. I don't believe you. Why I should believe you, when A. Brown has presented arrogant behavior to me? So people *pay* you to do silly things like block all of .nl? Post from .nl can be received thus secondaries MX - this works, test no. It indeed effectively blocks .nl hosts. The orbs-tester, however, is not an .nl host. It was back in december, as you clearly demonstrate, but it isn't now. If I have it find - I make block and send protest to Netherlands Embassy in Warsaw. I will say you again, the all activities, which you will perform on my server on port 25, which are not provided to send a post to any user on them is inappropriate using of this port and will be not permitted be me as server administrator. This depends all like ORBS systems, whose owners are participants of this list Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: [OT] [useless thread] Re: ORBS, and RFC-ignorant blacklists
Can you guys please stop feeding this troll? --Adam
Re: [OT] [useless thread] Re: ORBS, and RFC-ignorant blacklists
On Tue, Jun 05, 2001 at 05:10:32PM +0200, Piotr Kasztelowicz wrote: On Tue, 5 Jun 2001, Peter van Dijk wrote: You have shown us no proof. That you are unable to for external reasons is too bad, but I suggest that you do not claim the above until you can show us proof. I don't believe you. Why I should believe you, when A. Brown has presented arrogant behavior to me? Please, please, everyone, let's not let this guy waste another week of the list members' time and energy! Doesn't anyone remember what happened when people tried rational arguments on this guy last time? AFAICT, he's simply a troll -- ignore him... -- Greg White Those who make peaceful revolution impossible will make violent revolution inevitable. -- John F. Kennedy
Re: ORBS, and RFC-ignorant blacklists
On Tue, Jun 05, 2001 at 01:29:37PM +0200, Piotr Kasztelowicz wrote: Each use SMTP on server, which don't lead to sent or receive mail without a permission of administrator should be taken as inappropriate activity and illegal by any law. With that attitude you criminalize: 1. Incomplete SMTP transactions, 2. Poor slobs who load a web page with img src=http://yourhost:25; 3. People who are tracking down mail problems and connect to your SMTP service to check a few things. Your SMTP service isn't harmed by any of those.
Re: ORBS, and RFC-ignorant blacklists
On Fri, 1 Jun 2001, Johan Almqvist wrote: * Alex Pennace [EMAIL PROTECTED] [010601 04:25]: http://www.orbs.org/ says Due to circumstances beyond our control, the ORBS website is no longer available. http://www.dorkslayers.com/ seems to be the successor in some ways. But the first statement It is our intention to never list IP addresses which have any of the following characteristics: - a physical location within the United States of America (USA) [...] makes me wonder a bit... they just don't want to bother with lawsuits. - ask -- ask bjoern hansen, http://ask.netcetera.dk/ !try; do(); more than 100M impressions per day, http://valueclick.com
Re: ORBS, and RFC-ignorant blacklists
On Tue, 5 Jun 2001, Piotr Kasztelowicz wrote: [...] I'm very happy thaht NZ Court has been this same opinion as I. Well, they don't. The court didn't tell him to shut down ORBS, only to remove a few defamatory listings. - ask -- ask bjoern hansen, http://ask.netcetera.dk/ !try; do();
Re: ORBS, and RFC-ignorant blacklists
On Sun, 3 Jun 2001, Peter van Dijk wrote: Furthermore, Alan Brown's activities are not illegal - the ORBS relaytester runs in The Netherlands, where this is not illegal by any law. Maybe in Netherlands is not illegal, but in Netherlands even euthanasia is legal by any law, in other countries not! The tester is in Netherlands but it otucomes follow results in other countries, where performing such lists and testing, which seeks the vulnerabilities in servers and helps hackers at attacks, is illegal. From corespondence on this list can be considered, that in US, NZ is illegal, in my country (Poland) too. So, if Netherland will be right to others, probably shall give this same injunction as NZ High Court - this want only a lot time Best Wishes Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: ORBS, and RFC-ignorant blacklists
On Mon, Jun 04, 2001 at 09:17:28AM +0200, Piotr Kasztelowicz wrote: On Sun, 3 Jun 2001, Peter van Dijk wrote: Furthermore, Alan Brown's activities are not illegal - the ORBS relaytester runs in The Netherlands, where this is not illegal by any law. Maybe in Netherlands is not illegal, but in Netherlands even euthanasia is legal by any law, in other countries not! The tester is in Netherlands but it otucomes follow results in other countries, where performing such lists and testing, which seeks the vulnerabilities in servers and helps hackers at attacks, is illegal. From corespondence on this list can be considered, that in US, NZ is illegal, in my country (Poland) too. So, if Netherland will be right to others, probably shall give this same injunction as NZ High Court - this want only a lot time Can you please get over this? The evidence you posted last year was flawed, it did not link ORBS to a few probes from Romania. You have no proof that ORBS is somehow worse than any other list of IPs.
Re: ORBS, and RFC-ignorant blacklists
On Mon, Jun 04, 2001 at 09:17:50AM +0200, Piotr Kasztelowicz allegedly wrote: On Sun, 3 Jun 2001, Peter van Dijk wrote: Furthermore, Alan Brown's activities are not illegal - the ORBS relaytester runs in The Netherlands, where this is not illegal by any law. Maybe in Netherlands is not illegal, but in Netherlands even euthanasia is legal by any law, in other countries not! The tester is in Netherlands but it otucomes follow results in other countries, where performing such lists and testing, which seeks the vulnerabilities in servers and helps hackers at attacks, is illegal. From corespondence on this list can be considered, that in US, NZ is illegal, in my country (Poland) too. So, if Netherland will be right to others, probably shall give this same injunction as NZ High Court - this want only a lot time I'm confused. Isn't the use of ORBS entirely voluntary? I don't see how any site on the Internet is obliged to accept any traffic at all. So, if a site chooses to reject traffic based on a list - regardless of how flawed it may be - what's the big deal? But I fail see the relevance to qmail... Regards.
Re: ORBS, and RFC-ignorant blacklists
Besides, ORBS is dead! http://www.orbs.org/ Or, is that the wrong site? David Mark wrote: On Mon, Jun 04, 2001 at 09:17:50AM +0200, Piotr Kasztelowicz allegedly wrote: On Sun, 3 Jun 2001, Peter van Dijk wrote: Furthermore, Alan Brown's activities are not illegal - the ORBS relaytester runs in The Netherlands, where this is not illegal by any law. Maybe in Netherlands is not illegal, but in Netherlands even euthanasia is legal by any law, in other countries not! The tester is in Netherlands but it otucomes follow results in other countries, where performing such lists and testing, which seeks the vulnerabilities in servers and helps hackers at attacks, is illegal. From corespondence on this list can be considered, that in US, NZ is illegal, in my country (Poland) too. So, if Netherland will be right to others, probably shall give this same injunction as NZ High Court - this want only a lot time I'm confused. Isn't the use of ORBS entirely voluntary? I don't see how any site on the Internet is obliged to accept any traffic at all. So, if a site chooses to reject traffic based on a list - regardless of how flawed it may be - what's the big deal? But I fail see the relevance to qmail... Regards.
Re: ORBS, and RFC-ignorant blacklists
On Mon, 4 Jun 2001, Alex Pennace wrote: Can you please get over this? The evidence you posted last year was flawed, it did not link ORBS to a few probes from Romania. You have no proof that ORBS is somehow worse than any other list of IPs. 1) My host was by me secured (qmail+tcpserver with no open relay) but A. Brown hasn't removed me form his list 2) The hacking proof was repeated each time, when tester was active with performing with test 3) Each hacker can read and such list are for his the great direction, where seek. Problem was, that in this time this server was already secured and all was written to logs 4) With A. Brown was no discussion. I have asked him to break test but he has me adviced to turn off my server 5) I have blocked my server with command to tcpserver =.nl:deny and since this time all hacking proof has been finished and no longer has been reported. Since this time all problems with them has been finished I'm very happy thaht NZ Court has been this same opinion as I. Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: ORBS, and RFC-ignorant blacklists
On Mon, Jun 04, 2001 at 05:06:52PM -0400, David Means wrote: Besides, ORBS is dead! http://www.orbs.org/ Or, is that the wrong site? That is the right site, and ORBS is indeed currently dead. Greetz, Peter.
Re: ORBS, and RFC-ignorant blacklists
Hello Alan Brown, operator of ORBS, was served 2 New Zealand High Court injunctions ordering the removal of several OBRS listings. The compalies who filed for these injunctions are Actrix and NZ Telecom. I have written to this list one year ago, Allan Brown activity is illegal, moreover hi helps hackers more than normal peoples. Also good decision of NZ Court. Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: ORBS, and RFC-ignorant blacklists
On Sun, Jun 03, 2001 at 11:25:10AM +, Piotr Kasztelowicz wrote: Hello Alan Brown, operator of ORBS, was served 2 New Zealand High Court injunctions ordering the removal of several OBRS listings. The compalies who filed for these injunctions are Actrix and NZ Telecom. I have written to this list one year ago, Allan Brown activity is illegal, moreover hi helps hackers more than normal peoples. Also good decision of NZ Court. I hate starting a flamethread (and hope you all are smart enough not to), but ORBS does not help hackers. Furthermore, Alan Brown's activities are not illegal - the ORBS relaytester runs in The Netherlands, where this is not illegal by any law. Greetz, Peter.
Re: ORBS, and RFC-ignorant blacklists
* Alex Pennace [EMAIL PROTECTED] [010601 04:25]: http://www.orbs.org/ says Due to circumstances beyond our control, the ORBS website is no longer available. http://www.dorkslayers.com/ seems to be the successor in some ways. But the first statement It is our intention to never list IP addresses which have any of the following characteristics: - a physical location within the United States of America (USA) [...] makes me wonder a bit... -Johan -- Johan Almqvist http://www.almqvist.net/johan/qmail/ PGP signature
Re: ORBS, and RFC-ignorant blacklists
-BEGIN PGP SIGNED MESSAGE- Alex Pennace wrote: http://www.orbs.org/ says Due to circumstances beyond our control, the ORBS website is no longer available. That seems pretty abrupt. Anyone know why they vanished? -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQEVAwUBOxdEQ71ZYOtSwT+tAQH2cAgAg1ScHjgE6LLgiSirhqf+P8MvWBUR++Gk YcHOXAuB9t0wyA1dmfFmL/9Id1Lz54euavDrZsZ22+ikqhd3ov+uPPzTsP5vdE8l tFwNTHugvIEKzwH0fxsyu/3sujeO/B3oCnfX13e0NaGTq1x8V8SFYw9Qt7GjOVz+ x+AL0cvYEB1+FAPY8TiEMbHG13BV0fcOKn3YTeSlCdDA4bmcsRhx5ChIrHO3nmQB M9ZCoMYFEfN46fVSE3ygSj0/CdgC52oxh8aeHb969G3OEOOeHeG2GFK71pxg1+Zs EkaU91OYAj17FpmHZR358LUQ2p5ianaNK4kYYgghPsaUtiLxIOxa9A== =AdHz -END PGP SIGNATURE-
Re: ORBS, and RFC-ignorant blacklists
* David Talkington [EMAIL PROTECTED] [010601 09:29]: Alex Pennace wrote: http://www.orbs.org/ says Due to circumstances beyond our control, the ORBS website is no longer available. That seems pretty abrupt. Anyone know why they vanished? legalese Alan Brown, operator of ORBS, was served 2 New Zealand High Court injunctions ordering the removal of several OBRS listings. The compalies who filed for these injunctions are Actrix and NZ Telecom. /legalese http://groups.google.com/groups?q=news.admin.net-abuse.email -Johan -- Johan Almqvist http://www.almqvist.net/johan/qmail/ PGP signature
Re: ORBS
On Thu, 25 Jan 2001, Marcilio Jorgensen Cassella wrote: How to fix it, please ? does support your server open relay throu smtp? Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: ORBS
On Thu, Jan 25, 2001 at 03:18:53PM -0200, Marcilio Jorgensen Cassella wrote: My SMTP server is in the ORBS list because: X-Token: qlyzkfjxdlcfhlrh X-Envelope-Sender: MAIL FROM:[EMAIL PROTECTED] X-Envelope-Recipient: RCPT TO:orbs-relaytest%manawatu.co.nz@[200.18.178.4] You might be listed in ORBS, but I doubt this is why. If you're running qmail and haven't enabled percenthack, then this won't get you into ORBS. Chris
Re: ORBS
On Thu, Jan 25, 2001 at 03:18:53PM -0200, Marcilio Jorgensen Cassella wrote: TO:orbs-relaytest%manawatu.co.nz@[200.18.178.4] How to fix it, please ? You probably have a control/percenthack file. Remove it. \Maex
Re: ORBS
On Thu, Jan 25, 2001 at 03:18:53PM -0200, Marcilio Jorgensen Cassella wrote: Hi, My SMTP server is in the ORBS list because: X-Token: qlyzkfjxdlcfhlrh X-Envelope-Sender: MAIL FROM:[EMAIL PROTECTED] X-Envelope-Recipient: RCPT TO:orbs-relaytest%manawatu.co.nz@[200.18.178.4] Headers for a relayed message look like: -- CUT HERE Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 81844 invoked from network); 25 Jan 2001 18:01:41 - Received: from unknown (HELO cronopio.ibase.org.br) (200.18.178.15) by massive.dataloss.net with SMTP; 25 Jan 2001 18:01:41 - Received: from alternex.com.br (ax.alternex.com.br [200.18.178.1]) by cronopio.ibase.org.br (8.8.7/8.8.7) with ESMTP id PAA24946 for [EMAIL PROTECTED]; Thu, 25 Jan 2001 15:59:23 -0200 (EDT) From: [EMAIL PROTECTED] Received: from shadow.alternex.com.br (shadow.alternex.com.br [200.18.178.4]) by alternex.com.br (8.8.7/8.8.7) with SMTP id PAA27300 for [EMAIL PROTECTED]; Thu, 25 Jan 2001 15:59:15 -0200 (EDT) Date: Thu, 25 Jan 2001 15:59:15 -0200 (EDT) Message-Id: [EMAIL PROTECTED] Received: (qmail 19929 invoked by alias); 25 Jan 2001 17:58:01 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 19915 invoked from network); 25 Jan 2001 17:57:52 - Received: from router-office.vuurwerk.net (HELO moi) (62.250.3.59) by shadow.alternex.com.br with SMTP; 25 Jan 2001 17:57:52 - To: "undisclosed-recipients:;"@alternex.com.br test -- CUT HERE Message comes into your qmailbox (shadow), is delivered to ax.alternex.com.br (a sendmail box) through something you do with the alias user. This box then sends it to cronopio.ibase.org.br, which delivers the message to it's final recipient. Both of these sendmail boxes are misconfigured - they treat the address 'peter%dataloss.net@[someIP]' as '[EMAIL PROTECTED]'. Ask your sendmail admin to disable that ugly percenthack. Greetz, Peter.
Re: ORBS
On Thu, Jan 25, 2001 at 12:52:35PM -0500, Chris Johnson wrote: On Thu, Jan 25, 2001 at 03:18:53PM -0200, Marcilio Jorgensen Cassella wrote: My SMTP server is in the ORBS list because: X-Token: qlyzkfjxdlcfhlrh X-Envelope-Sender: MAIL FROM:[EMAIL PROTECTED] X-Envelope-Recipient: RCPT TO:orbs-relaytest%manawatu.co.nz@[200.18.178.4] You might be listed in ORBS, but I doubt this is why. If you're running qmail and haven't enabled percenthack, then this won't get you into ORBS. It does in his case, because he relays to misconfigured sendmailboxes. Greetz, Peter.
Re: ORBS - NOT!
Hello On Mon, 27 Nov 2000 [EMAIL PROTECTED] wrote: I don't know what sort of qmail install you are running but qmail does run without ORBS. In fact the default qmail does not have any ORBS testing. What must have happened is that someone specifically added the ORBS test on your server. A standard settings presented in /var/qmail/boot does not provide using ORBS, also if you will chosen appropriate for your box/dir format rc file, shall all be OK. I has gone more wait and I had added to smtp settings on tcpserver lines orbs.relay.nl:deny manawatu.co.nz:deny thus I have rejected all proofs of tests, if ORBS would perform Best Wishes Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: ORBS helps hackers to break into srevers
Piotr Kasztelowicz writes: Qmail is one MTA only, which suports and propagates ORBS "moral" Who does this? Not me. If anybody asks about ORBS, I tell them not to use it. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | The best way to help the poor 521 Pleasant Valley Rd. | +1 315 268 1925 voice | is to help the rich build Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | up their capital.
Re: ORBS - NOT!
I don't know what sort of qmail install you are running but qmail does run without ORBS. In fact the default qmail does not have any ORBS testing. What must have happened is that someone specifically added the ORBS test on your server. You need to tell us more about your system. Specifically the startup script for qmail-smtpd. If it's done in the usual manner, then it's a one line change. Regards. On Mon, Nov 27, 2000 at 06:28:42PM -0600, Chris Olson wrote: How do I configure qmail to *NOT* use ORBS.org for spam filtering? I tried to remove the line in the startup scripts relating to ORBS, and the SMTP server refuses to run without it. I don't want to start a flame war, but this outfit (ORBS) is blocking IP addresses unnecessarily - please read the following that I received from Road Runner... A rr user tried to send email to a domain that I host and it bounced because of ORBS and the 'HISTORY' outlined here. I called Mark Herrick today and talked to him directly on the phone. This is how I found out that qmail does this (uses ORBS) by default. I *DO NOT* want my mail server using this outfit to filter spam..Mark had to use a hotmail address to contact me because of this 'filter' that ORBS has on their server. Any suggestions would be greatly appreciated. -- Chris Begin pasted message ** Subject: jerland.com blocking rr.com/mediaone.net via ORBS Date: Mon, 27 Nov 2000 10:30:16 -0500 From: "W. Mark Herrick" [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Hello, We are currently experiencing problems delivering email to jerland.com. This is due to a manual block from the ORBS system of which jerland.com subscribes. Although we have a thorough anti-SPAM policy and properly address these issues, Road Runner has been manually added to the ORBS list due to a request we made to the ORBS administrators. (see HISTORY) With analysis and discussions with other providers, we believe that the impact of the ORBS block is very minimal and easily corrected on a case-by-case basis. We are currently only hearing 1 or 2 reports per week from our entire customer base. We will take the information provided and work with each provider to correct it with them directly. I can assure you that the IP address that ORBS is currently blocking is in no way an open relay, and that it is being blocked solely due to ORBS' testing servers being refused at our border routers. Road Runner takes the issue of open relay servers very seriously, and, in addition to immediately closing them as they are detected, performs proactive relay detection checks on its own network. Likewise, Road Runner also takes the issue of unauthorized probes very seriously, and as such has taken steps to minimize potential abuse from outside sources. Many other major Internet Service providers, such as Above.net, have taken this stance along with us. You may wish to take a look at http://www.orbs.org/hallofshame.html to see who else is "spite listed" by the ORBS project. ORBS is currently blocking Road Runner IP Addresses with a DNS "A" record of 127.0.0.4 - These are, according to the ORBS web site, considered "untestable netblock entries" (see HISTORY). ORBS has, however, recently made available a number of different "zones" that providers can currently utilize to block unwanted SPAM mail from open relay sources, but that will not block those "untestable netblock entries" sites such as Road Runner, Above.Net, and Carnegie Mellon University. More information regarding these "zones" can be found at http://www.orbs.org/usingindex.html - All that is necessary to make this change is to modify your mail server to query the ORBS database at "outputs.orbs.org" instead of "relays.orbs.org". This will NOT affect the amount of SPAM that your servers block, only the amount of false positives that are affecting our combined users. I would sincerely hope that you reconsider and/or restructure your use of the ORBS project. I can be directly reached at 703-345-2477 if you wish to discuss this further. Sincerely, W. Mark Herrick, Jr. [EMAIL PROTECTED] Operations Security Manager Team Lead - Usenet Operations Road Runner Security - 703.345.2477 [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] HISTORY: Road Runner customers and Affiliates initially contacted us with a security issue. They were concerned with their privacy and security when an unknown entity (to them) began scanning them without permission. We initially tried to address this case by case and later contacted the ORBS administrators and requested this unwelcome scanning terminated. This is analogous to someone requesting they be removed from a list that they did not subscribe to. With this request, all Road Runner IP space was unexpectedly added to the ORBS list
Re: ORBS - NOT!
On Mon, Nov 27, 2000 at 06:28:42PM -0600, Chris Olson wrote: How do I configure qmail to *NOT* use ORBS.org for spam filtering? I tried to remove the line in the startup scripts relating to ORBS, and the SMTP server refuses to run without it. There's no such thing as "the" line in the startup script relating to ORBS, and nobody has any idea what your particular startup line looked like before or what it looks like now. Why don't you tell us? Chris
Re: ORBS - NOT!
Chris Johnson wrote: There's no such thing as "the" line in the startup script relating to ORBS, and nobody has any idea what your particular startup line looked like before or what it looks like now. OK. I assumed that all installations of qmail used this. I'm running a Corel Server Version (Debian) Linux box and qmail 1.03 came with the distribution. This is a fresh install and the script has not been modified. The startup script is /etc/init.d/qmail Here's a copy of the startup script for your review. -- Chris #!/bin/sh if [ -f /var/qmail/control/qmail_environment ]; then /var/qmail/control/qmail_environment fi QMAILDUID=`id -u qmaild` QMAILDGID=`id -g qmaild` case "$1" in start) echo -n "Starting qmail: qmail-send" csh -cf '/var/qmail/rc ' killall supervise /dev/null killall tcpserver /dev/null supervise /var/lock/qmail-smtpd tcpserver -v -x/etc/tcp.smtp.cdb -u$QMAILDUID -g$QMAILDGID 0 25 \ rblsmtpd -rrelays.orbs.org /var/qmail/bin/qmail-smtpd 21 | setuser qmaill accustamp | \ setuser qmaill cyclog -s500 -n5 /var/log/qmail/qmail-smtpd echo "." ;; stop) echo -n "Stopping mail-transfer agent: qmail" killall -TERM qmail-send echo "." ;; restart) $0 stop $0 start ;; reload|force-reload) echo "Reloading 'locals' and 'virtualdomains' control files." killall -HUP qmail-send ;; *) echo 'Usage: /etc/init.d/qmail {start|stop|restart|reload}' exit 1 esac exit 0
Re: ORBS - NOT!
On Mon, Nov 27, 2000 at 07:01:20PM -0600, Chris Olson wrote: Chris Johnson wrote: There's no such thing as "the" line in the startup script relating to ORBS, and nobody has any idea what your particular startup line looked like before or what it looks like now. OK. I assumed that all installations of qmail used this. I'm running a Corel Server Version (Debian) Linux box and qmail 1.03 came with the distribution. This is a fresh install and the script has not been Great. Yet more Frankinmail... Change this line: rblsmtpd -rrelays.orbs.org /var/qmail/bin/qmail-smtpd 21 | setuser to: /var/qmail/bin/qmail-smtpd 21 | setuser then restart. Regards.
Re: ORBS - NOT!
On Mon, Nov 27, 2000 at 07:01:20PM -0600, Chris Olson wrote: OK. I assumed that all installations of qmail used this. I'm running a Corel Server Version (Debian) Linux box and qmail 1.03 came with the distribution. This is a fresh install and the script has not been modified. The startup script is /etc/init.d/qmail Here's a copy of the startup script for your review. snip supervise /var/lock/qmail-smtpd tcpserver -v -x/etc/tcp.smtp.cdb -u$QMAILDUID -g$QMAILDGID 0 25 \ rblsmtpd -rrelays.orbs.org /var/qmail/bin/qmail-smtpd 21 | setuser Two options: replace "-rrelays.orbs.org" with "-routputs.orbs.org" or delete "rblsmtpd -rrelays.orbs.org" from the line, leaving the rest intact. The first option would continue to give you the benefit of spam filtering without blocking the 'manual list' and the second option would remove RBL filtering entirely. Ben -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
Re: ORBS - NOT!
Am Dienstag, 28. November 2000 02:01 schrieb Chris Olson: rblsmtpd -rrelays.orbs.org /var/qmail/bin/qmail-smtpd 21 | setuser qmaill accustamp | \ setuser qmaill cyclog -s500 -n5 /var/log/qmail/qmail-smtpd Sorry Chris, how braindead are you? Is it really _so_ hard to see where orbs is used here? You should have read a least the documentation before wasting bandwidth and our time. -- Henning Brauer | BS Web Services Hostmaster BSWS | Roedingsmarkt 14 [EMAIL PROTECTED] | 20459 Hamburg www.bsws.de| Germany
Re: ORBS - NOT!
On Tue, Nov 28, 2000 at 05:42:58AM +0100, Henning Brauer wrote: Am Dienstag, 28. November 2000 02:01 schrieb Chris Olson: rblsmtpd -rrelays.orbs.org /var/qmail/bin/qmail-smtpd 21 | setuser qmaill accustamp | \ setuser qmaill cyclog -s500 -n5 /var/log/qmail/qmail-smtpd Sorry Chris, how braindead are you? Is it really _so_ hard to see where orbs is used here? You should have read a least the documentation before wasting bandwidth and our time. plonk -- Ben Beuchler [EMAIL PROTECTED] MAILER-DAEMON (612) 321-9290 x101 Bitstream Underground www.bitstream.net
Re: ORBS helps hackers to break into srevers
On Mon, 20 Nov 2000, Adam McKenna wrote: Hello, this list is for discussion of qmail, if you wish to discuss orbs please take this to SPAM-L or elsewhere. The answer for all subscibers, Adam, I am not sure that this is disscusion for spam-l rather than qmail list. Qmail is one MTA only, which suports and propagates ORBS "moral" and technical thus availablility to connect with qmail platform to ORBS and reject mail from listed by ORBS hosts. Neither sendmail nor postfix is interested with ORBS anty-spam system and don't support ORBS. The ORBS system is also by sendmail's and postfix's team not accepted. There only qmail administrators may use ORBS. If qmail team will resign to support ORBS their criminal story will be finished. Also you as qmail propagator too has more to deceide with them. This is also great question to you. In my opinion ORBS - there are hackers supporters and first of all the hackers use the effects of its test to search "good" for hacking hosts. I have presented it on this list. Addtionaly - this is difficult to discuss with ORBS, while no person's name, who manage with them has been listed on ORBS WWW page. This is realy last posting form me on this subject and I think all has been said. I hope to be reason to think about this problem, which depends me personal and as I suppose the many host's admin Piotr Kasztelowicz, MD Vicepresident of Polish Medical Internet Society --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: ORBS helps hackers to break into srevers
Qmail is one MTA only, which suports and propagates ORBS "moral" and technical thus availablility to connect with qmail platform to ORBS and reject mail from listed by ORBS hosts. Neither sendmail nor postfix is interested with ORBS anty-spam system and don't support ORBS. The ORBS system is also by sendmail's and postfix's team not accepted. There only qmail administrators may use ORBS. This is NOT true, and you are way off mark. 1. There is no official support of ORBS to my knowledge from QMAIL and its authors, not in the way you are implying in your posting to this list. 2. Sendmail and postfix and ALL other mailprograms/MTA's that support RBL-type blocking, will automaticly support ORBS and any other lists like it. 3. There are several conserend QMAIL admins how desperatly try to make their workload less affected by other mail-administrators poorly secured servers. 4. There are several other mail admins that run other MTA-software, who also run with ORBS with or without the "support" of the MTA-vendor. If qmail team will resign to support ORBS their criminal story will be finished. Also you as qmail propagator too has more to deceide with them. This is also great question to you. You seem to mean that ORBS has done something wrong to you and/or others, yet you have little or no evidence of your claims about criminal activities. In my opinion ORBS - there are hackers supporters and first of all the hackers use the effects of its test to search "good" for hacking hosts. You seemed to have messed up you server and are now blaming ORBS for it, your hacker visits could JUST aswell found your server like they did BEFORE you where reported to ORBS and subsequently listed there. I have presented it on this list. Addtionaly - this is difficult to discuss with ORBS, while no person's name, who manage with them has been listed on ORBS WWW page. His name is Alan Brown, and on his www.orbs.org page he has a [EMAIL PROTECTED] as the contact address which should get you in contact with the adminitrators. This is realy last posting form me on this subject and I think all has been said. I hope to be reason to think about this problem, which depends me personal and as I suppose the many host's admin You should realy get your server RE-TESTET, if it is secure it will be removed but this is only possible if you are NOT blocking ORBS. Your earlyer mails said you where blocking ORBS, maybe ORBS administrators are TRYING to get in contact with you? Regards André Paulsberg
Re: ORBS helps hackers to break into srevers
[sorry but this was just too much...] On Mon, Nov 20, 2000 at 01:33:22PM +0100, Piotr Kasztelowicz wrote: Qmail is one MTA only, which suports and propagates ORBS "moral" and technical thus availablility to connect with qmail platform to ORBS and reject mail from listed by ORBS hosts. Neither sendmail nor postfix is interested with ORBS anty-spam system and don't support ORBS. The ORBS system is also by sendmail's and postfix's team not accepted. There only qmail administrators may use ORBS. That is WRONG. I use ORBS on a number of servers that run sendmail, postfix and Exim. It works like a charm, keeps out spam and has a few too many false positives, which come in thru my secondary MX's (real spammers don't usually retry sending to a fallback host...) If qmail team will resign to support ORBS their criminal story will be finished. Also you as qmail propagator too has more to deceide with them. This is also great question to you. Who is the qmail team? I have never heard of them and would like to make their acquaintance. In my opinion ORBS - there are hackers supporters and first of all the hackers use the effects of its test to search "good" for hacking hosts. I have presented it on this list. Addtionaly - this is difficult to discuss with ORBS, while no person's name, who manage with them has been listed on ORBS WWW page. This is realy last posting form me on this subject and I think all has been said. I hope to be reason to think about this problem, which depends me personal and as I suppose the many host's admin Can you please provide proof for ORBS supporting script kiddies? If you mean that the OBRS list of potential relaying host as such constitutes help to script kiddies, why does this not apply to other RBL lists? And what technical solution to spreading such lists of IP's in a secure manner do you propose? Piotr Kasztelowicz, MD Vicepresident of Polish Medical Internet Society -Johan Almqvist First Executive President of the International Swedish Society for Spam Prevention, Yet To Be Founded. -- Johan Almqvist
Re: ORBS helps hackers to break into srevers
On Mon, Nov 20, 2000 at 01:33:22PM +0100, Piotr Kasztelowicz wrote: On Mon, 20 Nov 2000, Adam McKenna wrote: Hello, this list is for discussion of qmail, if you wish to discuss orbs please take this to SPAM-L or elsewhere. The answer for all subscibers, Adam, I am not sure that this is disscusion for spam-l rather than qmail list. *PLONK* --Adam
Re: ORBS helps hackers to break into srevers
On Mon, Nov 20, 2000 at 07:08:33AM +0100, Piotr Kasztelowicz wrote: It not difficult to spuppose, that if MTA were old and insecure=possible for open relay the rest of sotwares are insecure too. There are many insecure hosts that are not on the ORBS list simply because they are not running an open relay. There are many hosts listed in ORBS that are otherwise secure but someone made an oopsie. In particular, I believe many older but still prevalent Linux distributions came with MTAs that were open relays by default but were otherwise secure. There is problem with them, tha the list of "relay host's" is widely published on net, instead to send it interested admin. Let's entertain your thoughts on security: if a host is truly comprimised either by being an open relay or other vulnerability, why should other hosts have to endure abuse from it? ORBS allows other administrators to block out a certain subset of hosts. And even without ORBS there are still plenty of ways for the local script kiddie to find your system. PGP signature
Re: ORBS helps hackers to break into srevers
On Mon, 20 Nov 2000, OK 2 NET - André Paulsberg wrote: This is NOT true, and you are way off mark. 1. There is no official support of ORBS to my knowledge from QMAIL and its authors, not in the way you are implying in your posting to this list. 2. Sendmail and postfix and ALL other mailprograms/MTA's that support RBL-type blocking, will automaticly support ORBS and any other lists like it. OK, you are right, I'm sorry Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: ORBS helps hackers to break into srevers
On Mon, Nov 20, 2000 at 01:35:20AM +0100, Piotr Kasztelowicz wrote: I will say about my experience with ORBS (as network administrator) because the peoples associated with qmail have given good recommendation to use and base on ORBS as good anti-spam method. I let to be another opinion! After crush of one of Polish Cardiac Society's Server placed in Lodz (I administrate others servers) I have been asked to help with administrating and making secure of this host. Till September it was really insecure and indicated (as I think and see) by ORBS as insecure. Okay, so ORBS thought the previous incarnation of the mail host was an open relay. Exactly - not excluded - that already this time helped it hackers "to find it as easy to break". You mean by relaying through the server? I believe ORBS only divulges open relay IPs when the hosts in question persist in being open relays. Presuming your server didn't reach that point, the only way spammers could have found it was by looking up your IP at random through the ORBS DNS or by scanning the net. Since October, after crush I have installed - nota bene recommended by ORBS and this mailing list software - so, qmail as mail system and tcpserver provided to secure qmail as well as telnetd, ftpfd and others insecure Internet's daemons. Gotcha. November 5, I have observed the proof of port scanning thus relay-test by ORBS. There are accepted by secured against open relay smtp, because ORBS applied to allocate addresses with domain of tested host (also @lodz.ptkardio.pl). Ok. The test was continued till November 9, This time I was taken away from my Hospital - I was participating at Polish Medical Internet Conference, where I have said about qmail and tcpserver as good security system to Internet servers too. "Nov 5 10:49:13 sun smtp: tcpserver: ok 16751 :212.51.193.152:25 relaytest.orbs. vuurwerk.nl:194.178.232.55::4445" This time was the proof to attack this server, prior "tested by orbs" That log snippet only shows that ORBS connected to your SMTP service. That is hardly an attack. The hackers have not broken the tcpserver, but system are not responding and this time we can't give our reaction. Now when the friends from Lodz had rebooted the server, it has been worked correctly. I was beginning to analyze of logs The logs have indicated the Romania as hackers place: "Nov 9 12:13:05 sun telnet: tcpserver: deny 18305 :212.51.193.152:23 falconsrl.r dsnet.ro:193.231.236.12::3802" All has been after this attack in short time restored. But in some time ORBS was beginning again the test. And in this same time I have observed again more proofs of hacking - good luck - without damaging. That's ridiculous. How could a failed connection attempt from a host in Romania be considered a crack attempt? What does it have to do with ORBS? I have send to ORBS the requests to cancel me from their data base and stop with testing, because I'm of opinion, that this data base use first of all hackers. You can certainly ask them to stop testing, but the ORBS database doesn't keep top secret information, it is just a list of IPs. There are many interesting hosts out there, most of which aren't listed in ORBS. If during test has been by me observed increased activity of attack I can suppose, that hackers this time have information which host is tested and which one host is established as insecure. Where! ORBS only lists hosts that are open mail relays. ORBS doesn't check for any other vulnerabilities. I have blocked smtp machines to bounce all mail's from ORBS: Effect is good, but ORBS apply be still active: "Nov 20 00:22:39 sun smtp: tcpserver: deny 7226 :212.51.193.152:25 mail2.manawatu .net.nz:202.36.148.21:postmaster:1932" WHY! Is that even an ORBS tester, or are you now blocking legitimate mail? PLEASE DON'T RECOMMEND ATE ORBS. There are criminal activity. My host can by during its appreciation damaged! 129.63.206.57. That's an IP, I just listed an IP. Am I a criminal? The story I got so far is ORBS tested your machine and found it to be an open relay. You fixed it and ORBS tested you again. Meanwhile there were isolated connection attempts from Romania and a system crash you haven't firmly correlated to anything else. Given those facts, solar flares seems a more plausible culprit than ORBS. PGP signature
Re: ORBS helps hackers to break into srevers
On Sun, 19 Nov 2000, Alex Pennace wrote: The story I got so far is ORBS tested your machine and found it to be an open relay. You fixed it and ORBS tested you again. Meanwhile there were isolated connection attempts from Romania and a system crash you haven't firmly correlated to anything else. The hackers read ORBS data base called by its "insecure hosts" and apply to break hosts direclty from list! The ORBS insecure hosts' data base is possible to read for all, but I think logic, that should be first of all for administator of indicated host, and when they made nothing to improve security, then could be disscused to inform about such host widely. Also answer the question why, the hackers finished with proofs, when I have blocked complete access to my host for ORBS? And why I'm existing still in data base of insecure hosts, when my host is already secure and works on recommended software (qmail, tcpserver)? I'm existing, because I let me to request to finish scanning smtp my host and I'm established by ORBS as "bad"? I think, that Internet's societies should be sensitive for all organization on Net, wich gives itself the privileges to say where is correct and where is incorect. Best Wishes Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: ORBS helps hackers to break into srevers
On Mon, Nov 20, 2000 at 02:14:57AM +0100, Piotr Kasztelowicz wrote: The hackers read ORBS data base called by its "insecure hosts" and apply to break hosts direclty from list! ORBS only lists hosts that are open mail relays. ORBS doesn't list hosts that are not open relays but have other vulnerabilities. ORBS is not a list of hosts with insecure telnet daemons. ORBS is not a list of hosts with insecure ftp daemons. The ORBS insecure hosts' data base is possible to read for all, but I think logic, that should be first of all for administator of indicated host, and when they made nothing to improve security, then could be disscused to inform about such host widely. ORBS is meant to blacklist problem hosts immediately, to curtail damage to other systems. Also answer the question why, the hackers finished with proofs, when I have blocked complete access to my host for ORBS? Maybe the "hackers" have nothing to do with ORBS. Your only shred of proof is a connection attempt to telnet from Romania. And why I'm existing still in data base of insecure hosts, when my host is already secure and works on recommended software (qmail, tcpserver)? I'm existing, because I let me to request to finish scanning smtp my host and I'm established by ORBS as "bad"? Send mail to ORBS and try to resolve this with them. PGP signature
Re: ORBS helps hackers to break into srevers
Hello ORBS only lists hosts that are open mail relays. ORBS doesn't list hosts that are not open relays but have other vulnerabilities. ORBS is not a list of hosts with insecure telnet daemons. ORBS is not a list of hosts with insecure ftp daemons. It not difficult to spuppose, that if MTA were old and insecure=possible for open relay the rest of sotwares are insecure too. There is problem with them, tha the list of "relay host's" is widely published on net, instead to send it interested admin. Send mail to ORBS and try to resolve this with them. ORBS has ignored all letters and will not stop scanning of my host Best Wishes Piotr --- Piotr Kasztelowicz [EMAIL PROTECTED] [http://www.am.torun.pl/~pekasz]
Re: ORBS helps hackers to break into srevers
On Mon, Nov 20, 2000 at 07:08:55AM +0100, Piotr Kasztelowicz wrote: Send mail to ORBS and try to resolve this with them. ORBS has ignored all letters and will not stop scanning of my host Hello, this list is for discussion of qmail, if you wish to discuss orbs please take this to SPAM-L or elsewhere. Thanks, --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 1:28am up 162 days, 23:44, 12 users, load average: 0.07, 0.10, 0.37
Re: orbs and qmail
In the immortal words of Kevin Waterson ([EMAIL PROTECTED]): ORBS doesn't use the abuse.net tests to determine who is an open relay. To quote from the ORBS site Try Abuse.Net's new relay tester (requires registration). This is the only web-based tester which carries out the same set of tests which ORBS does. The text on the orbs.org website is, unfortunatly, misleading. Alan Brown, the person who is ORBS, has given more cogent explanations of how the tester works on various mailing lists and newsgroups. ORBS uses the abuse.net tester...with one VERY important difference: they actually check to see if the relayed message is received at the final destination address. The fact that qmail "accepts" the message will NOT result in being listed by ORBS: the message would actually have to be incorrectly relayed for that to happen. Hopefully, it should be self-evident why the abuse.net tester does not do this. (Hint: it would make a great mailbombing service.) There are many legitimate complaints that people have had about ORBS' behavior (such as "spite listings" and the fact that its tests generate spam to postmasters of correctly configured machines), but even ORBS' most vocal detractors (and I have been one of those) do not believe that a correctly configured qmail server will, on its own, generate an ORBS listing. -n --[EMAIL PROTECTED] And when love is gone, there's always justice. And when justice is gone there's always force. And when force is gone, threre's always mom. Hi mom! (--Laurie Anderson) http://www.blank.org/memory/--
RE: orbs and qmail
On 20-Oct-2000 Kevin Waterson wrote: I made a check of the server and all was well but when I checked it from the facility at abuse.net I found it was reporting an open relay. The problem it seems stems from qmails handling of one of the tests has qmail accepting the mail and dealing with it internally, so that probably ever qmail server will eventually end up listed on orbs, with an incorrectly assumed open relay. ORBS doesn't use the abuse.net tests to determine who is an open relay. Typically, ORBS requires the delivery of a piece of email via the alleged open relay before adding that host ot its list. A properly configured qmail server will not act as an open relay even as it fails the abuse.net test. Having said that, it is possible to be listed even if your server is not an open relay, usually because one of your clients is open, and they are using your server for outbound mail. Simply correct your clients config and signal your server as fixed via the ORBS web page. For a more permament fix, run ORBS on your servers against your clients, and list your servers(s) as ORBS hubs. But we needed action quickly as users were complaining so we had to switch our primary server to sendmail, to avoid any confusion. Now, if Orbs are incorrectly listing services perhaps we here need to follow up with our legal people. This is a charge frequently levelled at ORBS; indeed, our servers have been incorrectly listed twice. However, once was a typographical error on the part of an admin, and the other because a netblock was listed with the wrong ownership at the relevant authority. In both cases, the error was quickly attended to by ORBS admin. -- Rick Lyons WebCentral
Re: orbs and qmail
On Fri, Oct 20, 2000 at 03:36:23PM +1100, Kevin Waterson wrote: Recently, after running qmail for 3 years on our primary mail server, we found ourselves listed on orbs. It seems we were acting as an open relay and that many mailers were simply bouncing mail from our domain. I made a check of the server and all was well but when I checked it from the facility at abuse.net I found it was reporting an open relay. The problem it seems stems from qmails handling of one of the tests has qmail accepting the mail and dealing with it internally, so that probably ever qmail server will eventually end up listed on orbs, with an incorrectly assumed open relay. No. This is NOT the reason you were listed. Hosts are added to ORBS only AFTER the relay test is received back by the tester. --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 3:16am up 132 days, 32 min, 10 users, load average: 0.07, 0.03, 0.00
Re: orbs and qmail
[EMAIL PROTECTED] wrote: On 20-Oct-2000 Kevin Waterson wrote: I made a check of the server and all was well but when I checked it from the facility at abuse.net I found it was reporting an open relay. The problem it seems stems from qmails handling of one of the tests has qmail accepting the mail and dealing with it internally, so that probably ever qmail server will eventually end up listed on orbs, with an incorrectly assumed open relay. ORBS doesn't use the abuse.net tests to determine who is an open relay. To quote from the ORBS site Try Abuse.Net's new relay tester (requires registration). This is the only web-based tester which carries out the same set of tests which ORBS does. Typically, ORBS requires the delivery of a piece of email via the alleged open relay before adding that host ot its list. A properly configured qmail server will not act as an open relay even as it fails the abuse.net test. So what is point of having a test that does not give correct results? It would seem any qmail server will fail the test as qmail will accept the miscreant mail and deal with it internally. This behaviour, according to ORBS, will have you listed as an open relay. -- Kind regards Kevin Waterson
Re: orbs and qmail
On Sat, Oct 21, 2000 at 07:41:09AM +1100, Kevin Waterson wrote: Typically, ORBS requires the delivery of a piece of email via the alleged open relay before adding that host ot its list. A properly configured qmail server will not act as an open relay even as it fails the abuse.net test. So what is point of having a test that does not give correct results? It would seem any qmail server will fail the test as qmail will accept the miscreant mail and deal with it internally. This behaviour, according to ORBS, will have you listed as an open relay. Are you a moron, or can you just not read? Do I have to quote from the ORBS web site? "ORBS only counts a host as open if it actually delivers the test messages. Bounces are ignored for databasing purposes. Most of the online testers which perform multiple tests stop as soon as one envelope is accepted, so may give misleading results if they don't actually check for delivery and continue the test sequence if the message isn't delivered." http://www.orbs.org/envelopes.html --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 4:47pm up 132 days, 14:02, 9 users, load average: 0.00, 0.00, 0.00
Re: orbs and qmail
I made a check of the server and all was well but when I checked it from the facility at abuse.net I found it was reporting an open relay. Sigh. He must be referring to the place that says in large ugly blinking letters: BLINKBTHIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY./B/BLINK If it is really an open relay, the test message will be delivered to you. If you do not receive the test message in your e-mail in the next few hours, it BIS NOT/B an open relay. I wish there were some way I could make this stuff more idiot resistant, but some idiots can resist anything. Regards, John Levine, [EMAIL PROTECTED], http://www.abuse.net, Trumansburg NY abuse.net postmaster
Re: orbs and qmail
Are your tcprules set up correctly to deny open relaying to everyone except your internal users? Is your /var/qmail/control/rcpthosts set up correctly? If not, then you may be acting as an open relay. -c At 3:36 PM +1100 10/20/00, Kevin Waterson wrote: Recently, after running qmail for 3 years on our primary mail server, we found ourselves listed on orbs. It seems we were acting as an open relay and that many mailers were simply bouncing mail from our domain. I made a check of the server and all was well but when I checked it from the facility at abuse.net I found it was reporting an open relay. The problem it seems stems from qmails handling of one of the tests has qmail accepting the mail and dealing with it internally, so that probably ever qmail server will eventually end up listed on orbs, with an incorrectly assumed open relay. But we needed action quickly as users were complaining so we had to switch our primary server to sendmail, to avoid any confusion. Now, if Orbs are incorrectly listing services perhaps we here need to follow up with our legal people. Kind regards Kevin Waterson Chris Thorman (413) 473-0853 e-fax
RE: ORBS
hi, to put in in a nutshell: put domains to receive mails for into ~/control/rcpthosts put ip-adressess for which you wish to relay into /etc/tcp.smtp.cdb don't use the relaymailfrom-patch - ORBS checks this! self-experience ;) [room for steps anyone else would add] ;) a == Alexander Jernejcic email:[EMAIL PROTECTED] begin LOVE-LETTER-UND-NIX-DAZUGELERNT.txt.vbs I am a Signature, not a Virus! end == -Original Message- From: Mark Walsh [mailto:[EMAIL PROTECTED]] Sent: Saturday, October 07, 2000 10:41 PM To: Qmail Subject: ORBS I seen a lot of discussion on the ORBS issue in the past. However, did any ever post the solution to closing the relay for spam? Make the instructions clear for this newbie will you? Mark Walsh slowly learning linux...
RE: ORBS
I never was following this thread...but read the archives. http://www-archive.ornl.gov:8000/ /BR Manager InterPlanetary Solutions http://ipsware.com/ -Original Message- From: Mark Walsh [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 08, 2000 6:41 AM To: Qmail Subject: ORBS I seen a lot of discussion on the ORBS issue in the past. However, did any ever post the solution to closing the relay for spam? Make the instructions clear for this newbie will you? Mark Walsh slowly learning linux...
Re: ORBS doesn't like me :(
On Tue, 5 Sep 2000, Andy Meuse wrote: Hi All, I just recieved an email from ORBS branding my mail server and open relay. I looked in my tcp.smtp and I think I know why. 172.16.3.:allow,RELAYCLIENT="" 4.17.165.0.:allow,RELAYCLIENT="" 207.244.122.53.:allow,RELAYCLIENT="" :allow I would imagine it's that allow on the last line right? wrong. The relayclient variable isn't set in it. What do you have in /var/qmail/control/rcpthosts? Vince. -- == Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED]http://www.pop4.net 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking Online Campground Directoryhttp://www.camping-usa.com Online Giftshop Superstorehttp://www.cloudninegifts.com ==
Re: ORBS doesn't like me :(
On Tue, Sep 05, 2000 at 10:26:55AM -0400, Andy Meuse wrote: I just recieved an email from ORBS branding my mail server and open relay I looked in my tcp.smtp and I think I know why. 172.16.3.:allow,RELAYCLIENT="" 4.17.165.0.:allow,RELAYCLIENT="" 207.244.122.53.:allow,RELAYCLIENT="" :allow I would imagine it's that allow on the last line right? No, that just tells tcpserver whether to accept or reject the connection completely. What does /var/qmail/control/rcpthosts say? PGP signature
RE: ORBS doesn't like me :(
Hmmm. I removed my rcpthosts file. On Tue, Sep 05, 2000 at 10:26:55AM -0400, Andy Meuse wrote: I just recieved an email from ORBS branding my mail server and open relay I looked in my tcp.smtp and I think I know why. 172.16.3.:allow,RELAYCLIENT="" 4.17.165.0.:allow,RELAYCLIENT="" 207.244.122.53.:allow,RELAYCLIENT="" :allow I would imagine it's that allow on the last line right? No, that just tells tcpserver whether to accept or reject the connection completely. What does /var/qmail/control/rcpthosts say?
Re: ORBS doesn't like me :(
On Tue, Sep 05, 2000 at 10:26:55AM -0400, Andy Meuse wrote: Hi All, I just recieved an email from ORBS branding my mail server and open relay. I looked in my tcp.smtp and I think I know why. 172.16.3.:allow,RELAYCLIENT="" 4.17.165.0.:allow,RELAYCLIENT="" 207.244.122.53.:allow,RELAYCLIENT="" Why the . (dot) after a complete IP adress? Could that be messing things up? Also, what does control/percenthack say? -Johan -- Johan Almqvist
Re: ORBS doesn't like me :(
"Andy Meuse" [EMAIL PROTECTED] wrote: I just recieved an email from ORBS branding my mail server and open relay. I looked in my tcp.smtp and I think I know why. 172.16.3.:allow,RELAYCLIENT="" 4.17.165.0.:allow,RELAYCLIENT="" 207.244.122.53.:allow,RELAYCLIENT="" :allow I would imagine it's that allow on the last line right? You would imagine incorrectly, then. :-) That last line just says that your SMTP service is open to the public--which is SOP for SMTP servers. You must have some other problem, like a ~alias/.qmail-default that reroutes otherwise undeliverable mail to another host that implements % or ! addressing. The message from ORBS should contain the offending message, which should show the problem. -Dave
Re: ORBS doesn't like me :(
On Tue, Sep 05, 2000 at 10:37:32AM -0400, Andy Meuse wrote: Hmmm. I removed my rcpthosts file. Put it back. Without an rcpthosts file, you are an open relay. Greetz, Peter. --
RE: ORBS doesn't like me :(
On Tue, 5 Sep 2000, Andy Meuse wrote: Hmmm. I removed my rcpthosts file. Put it back. Any of the IP addresses in tcp.smtp will bypass it if the RELAYCLIENT variable is set. Vince. On Tue, Sep 05, 2000 at 10:26:55AM -0400, Andy Meuse wrote: I just recieved an email from ORBS branding my mail server and open relay I looked in my tcp.smtp and I think I know why. 172.16.3.:allow,RELAYCLIENT="" 4.17.165.0.:allow,RELAYCLIENT="" 207.244.122.53.:allow,RELAYCLIENT="" :allow I would imagine it's that allow on the last line right? No, that just tells tcpserver whether to accept or reject the connection completely. What does /var/qmail/control/rcpthosts say? -- == Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED]http://www.pop4.net 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking Online Campground Directoryhttp://www.camping-usa.com Online Giftshop Superstorehttp://www.cloudninegifts.com ==
Re: ORBS doesn't like me :(
On Tue, Sep 05, 2000 at 10:37:32AM -0400, Andy Meuse wrote: Hmmm. I removed my rcpthosts file. There's your answer. You opened you relay to all domains when you did that. RC On Tue, Sep 05, 2000 at 10:26:55AM -0400, Andy Meuse wrote: I just recieved an email from ORBS branding my mail server and open relay I looked in my tcp.smtp and I think I know why. 172.16.3.:allow,RELAYCLIENT="" 4.17.165.0.:allow,RELAYCLIENT="" 207.244.122.53.:allow,RELAYCLIENT="" :allow I would imagine it's that allow on the last line right? No, that just tells tcpserver whether to accept or reject the connection completely. What does /var/qmail/control/rcpthosts say? -- +--- | Ricardo Cerqueira | PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42 | Novis - Engenharia ISP / Rede Técnica | Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal | Tel: +351 21 010 - Fax: +351 21 011 PGP signature
Re: ORBS doesn't like me :(
On Tue, Sep 05, 2000 at 11:08:15AM -0400, Andy Meuse wrote: I put the rcpthosts back and all mail (local and remote) was returned undeliverable. However, I had also removed the :allow from my tcp.smtp so I don't know if that is the problem. Are the domains you *do* want to receive mail for in rcpthosts now? Greetz, Peter. -- [ircoper][EMAIL PROTECTED] - Peter van Dijk / Hardbeat [student]Undernet:#groningen/wallops | IRCnet:/#alliance [developer]_ [disbeliever - the world is backwards](__VuurWerk__(--*-
Re: ORBS doesn't like me :(
On Tue, Sep 05, 2000 at 04:42:45PM +0200, Peter van Dijk wrote: On Tue, Sep 05, 2000 at 10:37:32AM -0400, Andy Meuse wrote: Hmmm. I removed my rcpthosts file. Put it back. Without an rcpthosts file, you are an open relay. That's always surprised me. I would have assumed that qmail would default to control/me if rcpthosts is empty. Any reason why it doesn't? -Johan -- Johan Almqvist
Re: ORBS doesn't like me :(
On Tue, Sep 05, 2000 at 11:08:15AM -0400, Andy Meuse wrote: I put the rcpthosts back and all mail (local and remote) was returned undeliverable. However, I had also removed the :allow from my tcp.smtp so I don't know if that is the problem. It's not the problem. What are the contents of rcpthosts? What is the reason that the mail was returned as undeliverable? (Did it not occur to you to provide this information in the first place?) Chris
Re: ORBS doesn't like me :(
Andy Meuse [EMAIL PROTECTED] wrote: I put the rcpthosts back and all mail (local and remote) was returned undeliverable. However, I had also removed the :allow from my tcp.smtp so I don't know if that is the problem. You need the :allow to let other servers on the net connect to your machine to deliver mail to you. rcpthosts should exist and contain domains for which you will accept mail -- typically the contents of the files 'locals' plus virtualdomains and perhaps a few others (backup MX, etc). Charles -- -- Charles Cazabon [EMAIL PROTECTED] QCC Communications Corporation Saskatoon, SK My opinions do not necessarily represent those of my employer. --
Re: ORBS doesn't like me :(
I put the rcpthosts back and all mail (local and remote) was returned undeliverable. However, I had also removed the :allow from my tcp.smtp so I don't know if that is the problem. The lack of a rcpthosts file was *definitely* the problem. When you don't have this file, qmail's default behavior is to accept and relay email for the entire Internet. Having an ":allow" line in your tcp.smtp file won't affect your server's behavior one way or the other. This line tells tcpserver to accept connections from any remote host (besides those mentioned elsewhere in the tcp.smtp file), but don't modify any environment variables during the session (such as RELAYCLIENT). This is tcpserver's default behavior anyway, so the only reason to have this line is for the sake of readability. Note that allowing a host to make a connection is not the same thing as allowing that host to use your server as a relay. So, the short answer is, now that you have a rcpthosts file again, ORBS will stop blacklisting you. ---Kris Kelley
Re: ORBS doesn't like me :(
On Tue, 5 Sep 2000, Johan Almqvist wrote: | On Tue, Sep 05, 2000 at 04:42:45PM +0200, Peter van Dijk wrote: | On Tue, Sep 05, 2000 at 10:37:32AM -0400, Andy Meuse wrote: | Hmmm. I removed my rcpthosts file. | Put it back. Without an rcpthosts file, you are an open relay. | | That's always surprised me. I would have assumed that qmail would | default to control/me if rcpthosts is empty. Any reason why it doesn't? I think this has been requested by some list users in the past, but it's not that big of a deal. All it does is secure someone from blowing their foot off on accident. Of course, with the behavior as default, them being put on antispam lists might be a worse "long term" effect, as it's hard to get off some of the lists to a newbie. Oh well, i guess it's punishment for not reading the docs properly -- ___ _ __ _ __ /___ ___ /__ John Gonzalez/Net.Tech __ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC! _ / / / `__/ /_ / / / / / / /_/ / / /__ (505)439-0200/fax-437-3052 /_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com [-[system info]---] 9:45am up 117 days, 15:48, 4 users, load average: 0.10, 0.18, 0.18
Re: ORBS doesn't like me :(
On Tue, Sep 05, 2000 at 11:08:15AM -0400, Andy Meuse wrote: I put the rcpthosts back and all mail (local and remote) was returned undeliverable. However, I had also removed the :allow from my tcp.smtp so I don't know if that is the problem. Ack! You are mighty confused. The 'allow' and 'deny' statements specify whether a tcp connection from a given IP address will be allowed or denied, not whether any messages passed over the connection will be accepted for delivery. rcpthosts is a list of domains for which your mailer will accept mail. You need to list the domains for which that machine should accept email. Take a look at the relaying doccumentation at http://www.qmail.org/, if you need to setup selective relaying (i.e. allowing certain people - your users - to use your machine to send their email) Regards, james -- James Raftery (JBR54) - Programmer Hostmaster - IE TLD Hostmaster IE Domain Registry - www.domainregistry.ie - (+353 1) 706 2375 "Managing 4000 customer domains with BIND has been a lot like herding cats." - Mike Batchelor, on [EMAIL PROTECTED]
RE: ORBS doesn't like me :(
Because you more often want a mail server to relay your mail than not to relay your mail. Why bother setting up rcpthosts if your server is firewalled off from the internet, being an internal mail handler/relay anyway? David -Original Message- From: Johan Almqvist [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 05, 2000 8:51 AM To: Peter van Dijk; [EMAIL PROTECTED] Subject: Re: ORBS doesn't like me :( On Tue, Sep 05, 2000 at 04:42:45PM +0200, Peter van Dijk wrote: On Tue, Sep 05, 2000 at 10:37:32AM -0400, Andy Meuse wrote: Hmmm. I removed my rcpthosts file. Put it back. Without an rcpthosts file, you are an open relay. That's always surprised me. I would have assumed that qmail would default to control/me if rcpthosts is empty. Any reason why it doesn't? -Johan -- Johan Almqvist
Re: ORBS doesn't like me :(
On Tue, Sep 05, 2000 at 05:51:11PM +0200, Johan Almqvist wrote: On Tue, Sep 05, 2000 at 04:42:45PM +0200, Peter van Dijk wrote: On Tue, Sep 05, 2000 at 10:37:32AM -0400, Andy Meuse wrote: Hmmm. I removed my rcpthosts file. Put it back. Without an rcpthosts file, you are an open relay. An empty rcpthosts != no rcpthosts at all. empty means "i don't take mail for any domain". No files mean "i don't limit any domain". And rcpthosts does not assume me if empty. man 8 qmail-smtpd for more info. RC -- +--- | Ricardo Cerqueira | PGP Key fingerprint - B7 05 13 CE 48 0A BF 1E 87 21 83 DB 28 DE 03 42 | Novis - Engenharia ISP / Rede Técnica | Pç. Duque Saldanha, 1, 7º E / 1050-094 Lisboa / Portugal | Tel: +351 21 010 - Fax: +351 21 011 PGP signature
RE: ORBS doesn't like me :(
I created a rcpthosts file populated with my domain. Now the error I'm recieving after sending remote mail is .. "No transport provider was available for delivery to this recipient." Local mail is unaffected. thx for all the replies, -Andy Here is a recap of my situation. ORBS says I'm an open relay. I had no rcpthosts file so there you go. When I create a rcpthosts file local users can't send remote mail. You need the :allow to let other servers on the net connect to your machine to deliver mail to you. I thought I read that the :allow is redundant since the default is to allow any connection? rcpthosts should exist and contain domains for which you will accept mail -- typically the contents of the files 'locals' plus virtualdomains and perhaps a few others (backup MX, etc). Charles
Re: ORBS doesn't like me :(
Johan Almqvist [EMAIL PROTECTED] writes on 5 September 2000 at 17:51:11 +0200 On Tue, Sep 05, 2000 at 04:42:45PM +0200, Peter van Dijk wrote: On Tue, Sep 05, 2000 at 10:37:32AM -0400, Andy Meuse wrote: Hmmm. I removed my rcpthosts file. Put it back. Without an rcpthosts file, you are an open relay. That's always surprised me. I would have assumed that qmail would default to control/me if rcpthosts is empty. Any reason why it doesn't? So far as I remember the discussion back some time ago, no, there isn't any particular reason. Dan just wrote it the other way. -- Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
RE: ORBS doesn't like me :(
On Tue, 5 Sep 2000, Andy Meuse wrote: this is my tcp.smtp file 172.16.3.:allow,RELAYCLIENT="" 4.17.165.:allow,RELAYCLIENT="" 207.244.122.53.:allow,RELAYCLIENT="" :allow How are you creating tcp.smtp.cdb ? Vince. -- == Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED]http://www.pop4.net 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking Online Campground Directoryhttp://www.camping-usa.com Online Giftshop Superstorehttp://www.cloudninegifts.com ==
RE: ORBS doesn't like me :(
Vince, please don't try to telnet into my mail server anymore. :( Sep 5 14:31:42 qmail in.telnetd[6995]: refused connect from 209.103.136.12 -Andy -Original Message- From: Vince Vielhaber [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 05, 2000 2:34 PM To: Andy Meuse Cc: Qmail (E-mail) Subject: RE: ORBS doesn't like me :( On Tue, 5 Sep 2000, Andy Meuse wrote: this is my tcp.smtp file 172.16.3.:allow,RELAYCLIENT="" 4.17.165.:allow,RELAYCLIENT="" 207.244.122.53.:allow,RELAYCLIENT="" :allow How are you creating tcp.smtp.cdb ? Vince. -- == Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED] http://www.pop4.net 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking Online Campground Directoryhttp://www.camping-usa.com Online Giftshop Superstorehttp://www.cloudninegifts.com ==
RE: ORBS doesn't like me :(
On Tue, 5 Sep 2000, Andy Meuse wrote: Vince, please don't try to telnet into my mail server anymore. :( I was going to try sending you mail directly to it with telnet, I missed the 25 at the end command line and ^D out of it. Believe me, it wasn't intentional. Vince. Sep 5 14:31:42 qmail in.telnetd[6995]: refused connect from 209.103.136.12 -Andy -Original Message- From: Vince Vielhaber [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 05, 2000 2:34 PM To: Andy Meuse Cc: Qmail (E-mail) Subject: RE: ORBS doesn't like me :( On Tue, 5 Sep 2000, Andy Meuse wrote: this is my tcp.smtp file 172.16.3.:allow,RELAYCLIENT="" 4.17.165.:allow,RELAYCLIENT="" 207.244.122.53.:allow,RELAYCLIENT="" :allow How are you creating tcp.smtp.cdb ? Vince. -- == Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED] http://www.pop4.net 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking Online Campground Directoryhttp://www.camping-usa.com Online Giftshop Superstorehttp://www.cloudninegifts.com == -- == Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED]http://www.pop4.net 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking Online Campground Directoryhttp://www.camping-usa.com Online Giftshop Superstorehttp://www.cloudninegifts.com ==
Re: ORBS doesn't like me :(
Quoting Andy Meuse ([EMAIL PROTECTED]): I created a rcpthosts file populated with my domain. Now the error I'm recieving after sending remote mail is .. "No transport provider was available for delivery to this recipient." Heh.. that doesn't say anything. That's an Outlookism that it spits out when it really does not know what is going on (like all of the time). "No transport provider .." bah! If you could provide the actual error message that qmail-smtpd spits out, and that reasonable mailers will show you, that certainly would help a lot. In any case, the problem is (almost) certainly that RELAYCLIENT is not set for the connection, hence qmail does not allow you to relay to any domain not in rcpthosts. Aaron
RE: ORBS doesn't like me :(
I reconfigured tcprules and now everything is fine. I think I had edited the tcp.smtp and it never occured to me to rerun tcprules, that or the "-c 50" in the tcpserver command line below was effin it up. exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -v -x/etc/tcp.smtp.cdb -c 50 -u503 -g502 0 smtp \ /var/qmail/bin/qmail-smtpd 21 | /var/qmail/bin/splogger smtpd 3 Anyway, thanks for the pointers everyone. -=Andy -Original Message- From: Vince Vielhaber [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 05, 2000 3:20 PM To: Andy Meuse Cc: 'Qmail (E-mail)' Subject: RE: ORBS doesn't like me :( On Tue, 5 Sep 2000, Andy Meuse wrote: Vince, please don't try to telnet into my mail server anymore. :( I was going to try sending you mail directly to it with telnet, I missed the 25 at the end command line and ^D out of it. Believe me, it wasn't intentional. Vince. Sep 5 14:31:42 qmail in.telnetd[6995]: refused connect from 209.103.136.12 -Andy -Original Message- From: Vince Vielhaber [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 05, 2000 2:34 PM To: Andy Meuse Cc: Qmail (E-mail) Subject: RE: ORBS doesn't like me :( On Tue, 5 Sep 2000, Andy Meuse wrote: this is my tcp.smtp file 172.16.3.:allow,RELAYCLIENT="" 4.17.165.:allow,RELAYCLIENT="" 207.244.122.53.:allow,RELAYCLIENT="" :allow How are you creating tcp.smtp.cdb ? Vince. -- == Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED] http://www.pop4.net 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking Online Campground Directoryhttp://www.camping-usa.com Online Giftshop Superstorehttp://www.cloudninegifts.com == -- == Vince Vielhaber -- KA8CSHemail: [EMAIL PROTECTED] http://www.pop4.net 128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking Online Campground Directoryhttp://www.camping-usa.com Online Giftshop Superstorehttp://www.cloudninegifts.com ==
Re: ORBS doesn't like me :(
On Tue, Sep 05, 2000 at 03:19:34PM -0400, Vince Vielhaber wrote: On Tue, 5 Sep 2000, Andy Meuse wrote: Vince, please don't try to telnet into my mail server anymore. :( I was going to try sending you mail directly to it with telnet, I missed the 25 at the end command line and ^D out of it. Believe me, it wasn't intentional. I believe you. That happens to me all the time :) Greetz, Peter -- dataloss networks
Re: ORBS doesn't like me :(
Quoted from Peter van Dijk: On Tue, Sep 05, 2000 at 03:19:34PM -0400, Vince Vielhaber wrote: I was going to try sending you mail directly to it with telnet, I missed the 25 at the end command line and ^D out of it. Believe me, it wasn't intentional. I believe you. That happens to me all the time :) That's why you use tcpclient: it doesn't have a default port. :-) ---Chris K. -- Chris, the Young One |_ but what's a dropped message between friends? Auckland, New Zealand |_ this is UDP, not TCP after all ;) ---John H. http://cloud9.hedgee.com/ |_ Robinson, IV
Re: ORBS doesn't like me :(
On Tue, Sep 05, 2000 at 08:44:22AM -0700, Ihnen, David wrote: Why bother setting up rcpthosts if your server is firewalled off from the internet, being an internal mail handler/relay anyway? There are cases where people intentionally want to create open relays, and there should be a mechanism to allow that. But AFAIC the current method makes it too easy to shoot oneself in the foot. Too often people take the premise that "rcpthosts lists the domains to accept mail for" (to paraphrase) and use that to make the conclusion that "no rcpthosts means accepting mail for no domains". While it is incorrect, it's not an entirely off-the-wall thought progression. Regards, james -- James Raftery (JBR54) - Programmer Hostmaster - IE TLD Hostmaster IE Domain Registry - www.domainregistry.ie - (+353 1) 706 2375 "Managing 4000 customer domains with BIND has been a lot like herding cats." - Mike Batchelor, on [EMAIL PROTECTED]
RE: ORBS doesn't like me :(
On Tue, 5 Sep 2000, Andy Meuse wrote: | Here is a recap of my situation. ORBS says I'm an open relay. I had no | rcpthosts file so there you go. When I create a rcpthosts file local users | can't send remote mail. You need to read LWQ, and specifically, the section on selective relaying. http://web.infoave.net/~dsill/lwq.html#relaying http://www.palomine.net/qmail/relaying.html http://www.palomine.net/qmail/selectiverelay.html | I thought I read that the :allow is redundant since the default is to allow | any connection? It is redundant. It's put in there to be syntaxtically correct in case the default behavior changes in the future. -- ___ _ __ _ __ /___ ___ /__ John Gonzalez/Net.Tech __ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC! _ / / / `__/ /_ / / / / / / /_/ / / /__ (505)439-0200/fax-437-3052 /_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com [-[system info]---] 10:50am up 117 days, 16:53, 4 users, load average: 0.03, 0.16, 0.16
Re: ORBS doesn't like me :(
Andy Meuse [EMAIL PROTECTED] wrote: I created a rcpthosts file populated with my domain. Now the error I'm recieving after sending remote mail is .. "No transport provider was available for delivery to this recipient." Local mail is unaffected. I'm not familiar with this error message. What was the recipient address, what is your local domain, what is the contents of rcpthosts and locals, ... You need the :allow to let other servers on the net connect to your machine to deliver mail to you. I thought I read that the :allow is redundant since the default is to allow any connection? Yes, my bad. It is the default. I just like being explicit in tcp rules files. Charles -- -- Charles Cazabon [EMAIL PROTECTED] QCC Communications Corporation Saskatoon, SK My opinions do not necessarily represent those of my employer. --
RE: ORBS doesn't like me :(
Yep, I have the locals set up with my domain(s). Since I have been an open relay, and then when I create a rcpthosts file it seems SMTP rejects me, I suppose my tcprules or tcpserver or both are configured incorrectly. Again here is the error message. "No transport provider was available for delivery to this recipient." I was sending local to hotmail account, and also tried other external addresses. (Yahoo, Juno etc.) this is my tcp.smtp file 172.16.3.:allow,RELAYCLIENT="" 4.17.165.:allow,RELAYCLIENT="" 207.244.122.53.:allow,RELAYCLIENT="" :allow The mail server is on the 4.17.165.0 network Users are on the 172.16.3.0 network Here are the commands I run qmail from in rc.local # starts Qmail basics /bin/csh -cf '/var/qmail/rc ' # Starts pop3 server from tcpserver /usr/local/bin/tcpserver -v -R 0 pop3 /var/qmail/bin/qmail-popup qmail.buyerzone.com \ /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir 21 | /var/qmail/bin/splogger pop3d #This modifies the qmail-queue for qmail virus scan #QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE # Tcpserver with relaying rules found in /etc/tcp.smtp exec /usr/local/bin/softlimit -m 400 \ /usr/local/bin/tcpserver -v -x/etc/tcp.smtp.cdb -c 50 -u503 -g502 0 smtp \ /var/qmail/bin/qmail-smtpd 21 | /var/qmail/bin/splogger smtpd 3 Hmmm. Should the -c 50 be right after tcpserver? rcpthosts locals read... buyerzone.com buyerszone.com mail.buyerzone.com mail.buyerszone.com qmail.buyerzone.com qmail.buyerszone.com Thanks again, Andy And yes I've read the FAQ and LWQ so much my eyes hurt. I did have problems getting qmail to run using daemontools (RCDIR config I think) so I inserted the startup commands into rc.local. Andy Meuse schrieb: do you have your domain in ~/control/locals too? you will need that for qmail to realize that mails for your domain should be delivered locally and *not* passed on elsewhere. wolfgang I created a rcpthosts file populated with my domain. Now the error I'm recieving after sending remote mail is .. "No transport provider was available for delivery to this recipient." Local mail is unaffected. thx for all the replies, -Andy
Re: ORBs problem and Qmail (@@@ related)
On 17 May 00, at 4:40, Greg Moeller wrote: # cat alias/.qmail-tnet-default | fastforward -d -p /etc/aliases.cdb | forward "$DEFAULT" This line does it; what it "$DEFAULT" contains "[EMAIL PROTECTED]"? Try to do |forward "$DEFAULT"@`head -1 /var/qmail/control/locals` (where instead of head, you'd fill the machine name in) Just to thank Peter and let everyone know this worked perfectly and we're off ORBS (and still delivering Email correctly :) Greg
Re: ORBs problem and Qmail (@@@ related)
qweqweqwe asdasdasdasd zxczxczxc
Re: ORBs problem and Qmail (@@@ related)
On Tue, May 16, 2000 at 12:00:23PM -0500, Greg Moeller wrote: Hi there. Our mail server's been listed in ORBs because of a multiple @ related hole. Is this common for a Qmail system or is something odd about our setup? There must be something odd. What does /var/qmail/alias/.qmail-snet-default containt? # cat alias/.qmail-tnet-default | fastforward -d -p /etc/aliases.cdb | forward "$DEFAULT" Please don't do that. You can trust the people here, and giving real info will allow us to help you quicker. Here's the full poop from ORBS: 154.11.89.180 : 2000-04-21 21:28:00 UTC From [EMAIL PROTECTED] Sat Apr 22 09:27:47 2000 Received: from toolbox.total.net (toolbox.total.net [154.11.89.179]) by mail2.manawatu.net.nz (8.9.3/8.9.3) with SMTP id FAA05197 for [EMAIL PROTECTED]; Sat, 22 Apr 2000 05:59:36 +1200 X-Remote-IP: 154.11.89.179 Date: Sat, 22 Apr 2000 05:59:36 +1200 Received: (qmail 15431 invoked by alias); 21 Apr 2000 13:59:31 - Delivered-To: [EMAIL PROTECTED]@pop.total.net Received: (qmail 15413 invoked from network); 21 Apr 2000 13:59:31 - Received: from unknown (HELO relaytest.orbs.vuurwerk.nl) (194.178.232.55) by pop.total.net with SMTP; 21 Apr 2000 13:59:31 - To: [EMAIL PROTECTED]@pop.total.net From: [EMAIL PROTECTED] X-Token: ckpfbvvorqbdqnlp X-Envelope-Sender: [EMAIL PROTECTED] X-Envelope-Recipient: [EMAIL PROTECTED]@pop.total.net Message-Id: [EMAIL PROTECTED] Subject: ORBS Relay Test - 154.11.89.180 [snip] We're using the fastforward alias system.(version fastforward-0.51) Hmmm, could you give us some details of your configuration then? It's Qmail 1.03, fast forward 0.51. It's handling about 60,000 local mailboxes, and doing forwards for about 700 virtual domains. (this is put into the virtual domain file automatically by a script which scans a single file with every map on the system.) # head -5 control/virtualdomains 258wallace.com:valias 4200st-laurent.com:valias # cat valias/.qmail-default | /var/qmail/bin/fastforward -d /etc/aliases.cdb Hope that's enough for now.. Greg
Re: ORBs problem and Qmail (@@@ related)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 17 May 00, at 4:40, Greg Moeller wrote: # cat alias/.qmail-tnet-default | fastforward -d -p /etc/aliases.cdb | forward "$DEFAULT" This line does it; what it "$DEFAULT" contains "[EMAIL PROTECTED]"? Try to do |forward "$DEFAULT"@`head -1 /var/qmail/control/locals` (where instead of head, you'd fill the machine name in) -BEGIN PGP SIGNATURE- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOSJdx1MwP8g7qbw/EQJaMQCgq70C4qZeffjiFFqzZj1iZ18+mKAAoM4/ j7QNQT0oEvsFRzVPzbfaSq2U =20Z8 -END PGP SIGNATURE- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Re: ORBs problem and Qmail (@@@ related)
On Tue, May 16, 2000 at 12:00:23PM -0500, Greg Moeller wrote: Hi there. Our mail server's been listed in ORBs because of a multiple @ related hole. Is this common for a Qmail system or is something odd about our setup? There must be something odd. What does /var/qmail/alias/.qmail-snet-default containt? Here's the header from ORBS, with enough changed so that any spammers watching won't get ideas. :) Please don't do that. You can trust the people here, and giving real info will allow us to help you quicker. [snip] We're using the fastforward alias system.(version fastforward-0.51) Hmmm, could you give us some details of your configuration then? And please tell us real hostnames (post real headers, for example), so we can see for ourselves. Greetz, Peter. -- [EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
Re: ORBS prevention
On Mon, May 08, 2000 at 11:34:27AM +0900, Kristina wrote: Now that I want to use my qmail-server in real life, there are many other issues involved--like preventing my qmail server from being put on the ORBS database. I have referred to the archives, however, there is much heated discussion without much pratical detail. A standard qmail install will never be in the ORBS database. qmail is relay-safe out of the box. :- -Johan -- Johan Almqvist
Re: ORBS prevention
At 11:34 AM +0900 5/8/00, Kristina wrote: I am at the point of setting up my qmail-server as the mail-hub for my organization. I have only used qmail for testing purposes so far and I am not experienced with anti-spam techniques. Now that I want to use my qmail-server in real life, there are many other issues involved--like preventing my qmail server from being put on the ORBS database. I have referred to the archives, however, there is much heated discussion without much pratical detail. Pleae let me know what I need to do for ORBS prevention and any other configuration details necessary for a secure, anti-spam mail-hub. Absolutely nothing. qmail as installed won't relay for third parties, and therefore won't get in ORBS. It's what you *shouldn't* do that's important. Under no circumstances should you remove the rcpthosts file. Read Dave Sill's Life with qmail and some of the other documents that you must have run across if you've read all the "heated discussion" to learn how to properly set up relaying with qmail. Thankyou in advance, Kristina -- -- Paul J. Schinder NASA Goddard Space Flight Center Code 693 [EMAIL PROTECTED]
Re: ORBS database
I have tcpserver of course. What's wrong here? Thanks. Do you have a rcpthosts file? Is ORBS possibly testing from a 10.x.x.x address? Regards, Frank
Re: ORBS database
Is ORBS possibly testing from a 10.x.x.x address? :) was missing :)
Re: ORBS not recommended
At 9:20 PM -0500 2/6/00, Len Budney wrote: [EMAIL PROTECTED] wrote: I would strongly recommend *against* using ORBS, because it blocks a lot of legitimate mail. Agreed. (I cut a similar caution for space reasons; should've just omitted mention of ORBS.) Fascism is seductive to techies--in particular, the ORBS fellow does seem to have a bit of a god complex. http://www.orbs.org/bugtraq.html gives a good example. Len. I use maildrop and a hacked version of rblcheck to simply add a header to suspected spam. If the last server before ours matches RBL, rblcheck's return code is incremented by 1. If it matches at RBL.maps.vix.com, incremented by 2. DUL.maps.vix.com, by 4. relays.mail-abuse.org, by 8. Then I throw the return value into the header. The results have been informative. Delivered-To: [EMAIL PROTECTED] Date: Mon, 7 Feb 2000 03:58:15 GMT From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: 2 FREE GAMBLING CRUISE TICKETS L@@K Status: U X-Spam: based on relay(1) 199.171.54.114 So in this case the spam was spotted by only ORBS. In the next example, ORBS and relays.mail-abuse caught it: Delivered-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Bcc: snipped for brevity From: [EMAIL PROTECTED] Subject: Earn Big $$$ From Home! Status: U X-Spam: based on relay(9) 205.168.240.10 And one that surely isn't spam: Delivered-To: [EMAIL PROTECTED] Date: Wed, 2 Feb 2000 17:02:31 -0500 (EST) From: [EMAIL PROTECTED] Subject: MODIFY DOMAIN somedomain.com Reply-To: [EMAIL PROTECTED] X-Spam: based on relay(1) 198.41.0.91 Status: U ORBS catches a lot of spam, but they also hit a lot of big sites. Like Network Solutions in the above example. PacBell Internet. Ebay. Discover Brokerage. The thing is, all these sites DO HAVE open relays. Just because they're big, they should be able to get away with it? I've let all of them know (I'm sure they already knew), but haven't seen any of them change it. Anyway, the plan is to eventually let users decide for themselves how much filtering they want, or if they're happy with just a header being added. If they want to chance lost mail and use ORBS, that's their choice. jon