Re: vger rejecting messages from mediaone

From: Khimenko Victor (khim@sch57.msk.ru)
Date: Tue Jan 18 2000 - 10:16:14 EST


In <20000117202533.D8485@hubinternet.com> Walter Reed (walt@hubinternet.com) wrote:
> On Sat, Jan 15, 2000 at 06:28:05PM +0000, Alan Cox wrote:
>> > ORBS was supposed to be a list of CONFIRMED OPEN mail relays. Apparently,
>> > they have changed their mission without telling anyone. Their web page,
>> > "What is ORBS?" says:
>>
>> They've always said people who block their scans as a response will be
>> blacklisted because that is what every rogue ISP and intentional spam exploder
>> company does.

> ... And it's also what many admins would do when ORBS probes their machines for the
> 50,000th time...

Unfortunatelly on practice it's what many admins doing when ORBS probes their
machines for FIRST time. Just to pull itself out of ORBS blacklist (instead of
fixing MTA configuration - it's easier to block ORBS then to fix MTA). If they
got 50,000th probe then something REALLY wrong happened: usually ORBS doing
probes very seldom.

> The problem with orbs is NOT that it probes for open relays, but that
> the ORBS maintainer has a policy of blacklisting anyone who disagrees with him -
> regardless of whether or not the blocked systems relay or not.

He has no easy way to find out (if system is blocking then bot can not check it).

> The probe system also does not handle systems which intelligently relay normal
> mail and not SPAM.

Is system "relay normal mail" then it can be convinced to relay SPAM (I've not
seen MTA with AI to detect SPAM using mail contents).

> Vixie's MAPS is nice because it only lists spammers. ORBS lists mail servers
> sometimes based upon false assumptions or "whims".

Of course. That's why there are MAPS RBL, MAPS RSS, MAPS DUL and *ORBS*.
The more protection you getting the more probability to close gates to
innocent victim -- there are no magic bullet :-/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Jan 23 2000 - 21:00:18 EST