<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Improbeable relays

  • From: Anders Andersson < >
  • Date: Sat, 14 Jul 2001 10:35:35 +0200 (MET DST)

"Valentin Hilbig" nospam@localhost wrote:
>You try to ague, but I don't want to.

That's fine, I won't insist on having an argument with you in
particular.  However, the issue of appropriate vs. inappropriate
probing methods as well as blocking policies should be of general
interest to the members of this list.  Sorry for the length of
this, but we have already touched on a number of issues.

>You cannot guess as it's the policy to disallow guessing, too. ;)

If the policy that disallows "guessing" is the same as the one
saying that it's a crime to access any of your secret computers
without your explicit permission, then I don't see how I can take
either statement on your part seriously.  If you want to sue me
for probing, I suggest limiting your lawsuit to observable facts.
Calling every random act of mine you happen to dislike a "crime"
isn't going to make it so.  "Parking or thinking prohibited" is
not a signpost I'm going to obey.

>If you don't want to send mail to somebody, just go for it.  And tell your
>customers/students that you don't forward some mail for some reason they
>never want to know.  I don't tell you how much users are behind my type of
>relays.  Only a note, there are a lot more than 100 individuals using my
>relays.

For the record, I'm nowhere near using that list of untouchable
computers to actually block e-mail.  Its purpose is to list IP
addresses that for whatever reason should not be tested.  However,
if there is a real risk that any of the computers listed will
deliver spam, I'd rather refuse mail from them altogether than
get into a legal argument with the host owner over whether I may
even test for the presence of an open relay path.

If there is any complaint I have heard from my colleagues or our
10,000 students, it's about all the junk e-mail they get, not
about the wanted e-mail they don't get.  Should anybody question
our e-mail policy, I will be most happy to hear their opinion and
make the appropriate concessions, but since we are a university
and not a commercial ISP, we can place restrictions on what our
e-mail facilities are used for.  The ability to receive e-mail
from every shabby corner of the Internet in spite of it being a
well-known source of spam is not high on our list of priorities.

It probably wouldn't be too much work to maintain a whitelist of
Chinese sites that are allowed to send mail to us, while anything
else from China is flatly rejected (perhaps with circumvention
instructions).  So, that's a few hundred million potential users
behind the Chinese relays.  Would that be a problem to me?  No.
The President of Mexico can't send e-mail to us either.  So what?

>If you list my type of relays you only help the SPAMmers.  Besides, this is
>a false listing, too, because the relay you mention happen to not be
>"non-closed" (it's not open and a little less than fully closed) by policy
>currently (but yes, has the developement ANTISPAM-filter running, see
>spam.geht.net).

Well, I don't intend to bend over backwards making the listing
factually correct for every single IP address on the Internet.
If an ISP maintains different policies for different hosts but
refuses to identify each host for me, I'll simply list them all
as "untouchable".  Better safe than sorry.

And, I don't really see the point of implementing a legal policy
that is secret to outside observers.  It's like hiding all those
"no unauthorized entry" signs behind thick foliage just to keep
visitors from learning which doors they are allowed to use.  Eh?

>I thought, we don't want to help SPAMmers, but that's your choice.  I don't
>want to argue, I only want to get rid of SPAM, and therfor I want to get rid
>of systems who make the situation worse for non-SPAMmers.  My relays only
>make the situation worse for SPAMmers even if you try to argue that this is
>not the case.

No, it's not my choice to help any spammers, but if my solution
has this kind of deficiency, I'd like to have it explained to me,
so that I can work towards removing that deficiency.  That said,
I don't think the fear of helping spammers is a rational argument
in general when it comes to whether to disclose information.  We
have heard it before; in the 1980's system administrators tried
to avoid hackers playing around with their systems by keeping the
documentation secret!  Security through obscurity doesn't work;
the protective measures usually hurt the good guys more than the
bad guys.

	And the LORD God commanded the man, saying,
	Of every tree of the garden thou mayest freely eat.
	But of one particular tree, thou shalt not eat, for in
	the day that thou eatest thereof thou shalt surely die.
	And I'd be damned if I toldest thee which tree that is,
	because I'd merely help the serpent beguile thee!
	And the man said, Ok, I guess I'll starve then.

>In this context, ORBS is bad, but RBL MAPS is good, because RBL even blocks
>CLOSED relays if an allowed customer spams over such closed relays which is
>likely to happen for newbies.  So RBL helps, ORBS does not.  Period.

The MAPS RBL is pretty irrelevant, as it's not primarily a list
of open relays, and it's not even semi-automated.  ORBS should be
compared to the MAPS RSS instead.  The RSS performs semi-automated
relay tests, and I usually test each suspected relay I find before
I submit it to MAPS, in order to spare them false nominations.  If
the ORBS relay testing is criminal, I don't see how MAPS RSS would
be much better in that respect.

By the way, MAPS RSS seems to have reoccurring problems with their
database (relays appearantly "nominated" without proof of spam,
relays nominated and "added" on the web site but still not found
in the relays.mail-abuse.org DNS zone, and so on).  Anybody here
who has any insight into their operations?

I think we could use additional databases accessed via the DNS,
not merely blocking lists based on IP addresses, but information
on network entities that would be generally useful in MTA software
and other applications.  While WHOIS can help determine the owner
and jurisdiction of a particular IP address or domain name, the
format doesn't lend itself towards automated access.  It should be
possible to maintain different levels of protection depending on
the country, owner, or type of the SMTP or HTTP client host.  If
an Apache module could say to the client "sorry, but due to the
burden of junk e-mail placed on us by your ISP, you have to wait
another 30 seconds before we will deliver the requested page", I
think some ISPs would become more wary of lending themselves to
the spamming business.

--
Anders Andersson, Dept. of Computer Systems, Uppsala University
Paper Mail: Box 325, S-751 05 UPPSALA, Sweden
Phone: +46 18 4713170   EMail: andersa@localhost





  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>