Re: For Alan Cox ...

• Next message: Roman V. Shaposhnick: "Re: [PATCH] int (*readpage)(struct file *, struct page *);"
• Previous message: Alexander Viro: "Re: [PATCH] int (*readpage)(struct file *, struct page *);"
• In reply to: Olaf Titz: "Re: For Alan Cox ..."
• Next in thread: Matti Aarnio: "Re: For Alan Cox ..."
• Reply: Matti Aarnio: "Re: For Alan Cox ..."
• Reply: Simon Richter: "Re: For Alan Cox ..."
• Reply: Alan Cox: "Re: For Alan Cox ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Olaf Titz writes:
> > ORBS lists sites they cannot probe
>
> which contradicts their claim of listing only "validated" open relays.
> It means that a site which is firewalled to block anything but certain
> known good mail sources ends up in ORBS as an open relay. This is just
> flawed methodology, but as anyone following one of the many ORBS
> discussion knows, the actual reason for listing sites they cannot
> probe is revenge against people A.B. doesn't like, and that makes ORBS
> outright rogue.

OK, here's the low-down. I run ermine.ox.ac.uk and it, along with
a number of the 20000 to 30000 other hosts in .ox.ac.uk use
oxmail.ox.ac.uk, our mail hubs, as a smart host. If ORBS finds any one
host in Oxford is an open relay then ORBS blacklists not only that
host (rightly) but *also* its smarthost: oxmail.ox.ac.uk. Immediately,
none of the 30000 users in Oxford can email anyone who uses ORBS.

Our mail admin used to then spend days solid then finding which
host(s) had caused the blacklisting, finding out who adminned the
host, blocking them at the oxmail hub, contacting them and telling them
to contact ORBS who would then (eventually) retry the host so that
oxmail could be unblacklisted and the broken host(s) then unblocked on
the oxmails. By that time, probably some other luser had misconfigured
their host as an open relay and, once again, the whole of Oxford would
be incommunicado to anyone using ORBS.

We use RBL and DUL ourselves for spam blocking and they're good but
ORBS and IMRSS both blacklist all the way through the received headers.
ermine.ox.ac.uk (the host which originally caused this thread) is
already running Exim complete with relaying controls, as are all the
hosts I run. The mail admin tells me the good news today that TPTB have
now finally agreed to firewall off all SMTP to Oxford apart from the
Oxmails and separately vetted named hosts. Given the number of hosts
involved with hundreds of mostly autonomous departments and colleges,
she's going to be spending even more time keeping all those
registrations up to date and coping with the moans of plenty of other
people who see firewalling off SMTP and not allowing them to run SMTP
servers as fascist. Good luck to her.

--Malcolm

-- 
Malcolm Beattie <mbeattie@sable.ox.ac.uk>
Unix Systems Programmer
Oxford University Computing Services
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Roman V. Shaposhnick: "Re: [PATCH] int (*readpage)(struct file *, struct page *);"
• Previous message: Alexander Viro: "Re: [PATCH] int (*readpage)(struct file *, struct page *);"
• In reply to: Olaf Titz: "Re: For Alan Cox ..."
• Next in thread: Matti Aarnio: "Re: For Alan Cox ..."
• Reply: Matti Aarnio: "Re: For Alan Cox ..."
• Reply: Simon Richter: "Re: For Alan Cox ..."
• Reply: Alan Cox: "Re: For Alan Cox ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:20 EST