On Sat, May 13, 2000 at 11:29:48AM +0200, Olaf Titz wrote:
> > Because some people would prefer to block mail from sites with idiotic
> > mail admins who block relay checks?
> If they do have enough clue to block relay checks they generally have
> enough clue to block relaying itself too.
True but then that leaves a wide open door for outfits that want
to run a "spam haven" like Spamford was talking about doing. They set
up their relays and then block the relay checkers and they meet both
your qualification of someone who both has enough clue to block the
checks and enough clue to block the relay but chooses to do the former
while protecting the fact that he is not doing the later.
> Many very clueful admins don't want to be regularly relay-checked
> simply because the whole world knows their mail is secure. To label
> that "idiotic" is just A.B.'s personal preference and listing them in
> ORBS is pure and simple revenge for not obeying the demands _he_ likes
> to impose on the world.
They're not the problem.
The very clueful admins who don't want to be checked because they
are being paid to provide a service to the spammers. That's a problem.
How big of a problem? I don't know. Probably not big now. I would like
to see it stay that way. Remember, every time someone finds some little
chink to slip past MTA protection or tracing (like the HUGE hello lines
to obfuscate the last hop IP address in the Received-By lines) it rapidly
makes its way into dozens of spamavator packages and we suddenly get
swapped by all these hot new deals that cut through yesterday's shields
and tracing. These slime are just like the script kiddies we deal with
in security. One figures out a trick and the others quickly copy-cat.
I've had to deal with ORBS when a new relaying trick came out that
I hadn't heard of (was something to do with deliberately lying about what
domain you were in or something). I got listed, had to quickly catch up
on my homework, get the new hole fixed, get unlisted, and get on with
life. It's just like security. It's not a static thing that, once you're
done, you're done. They do notify you when you get listed. The objective
is to fix the problems.
I could have blocked the ORBS probes too (I have managerial
influence and oversight at several very large networks) and saved
myself some work. But that would have left my systems open as new
tricks come up and ultimately I might have been blacklisted by someone
more serious like Vixie's RBL itself. The threat did arise after one
incident when a firewall got misconfigured at a European site and some
slimers got through. Those guys almost got skinned alive. In another
case, a legacy customer got his contract canceled because he was engaging
in these practices deliberately and refused to cooperate in limiting spam.
The admins at sites where I have anything to say understand that the
response to ORBS is to fix THEIR problem, immediately. I consider it a
security problem.
> Olaf
Mike
-- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat May 13 2000 - 10:50:02 EDT