You are here: Home > Participate > Join a Discussion > Mailman Archives
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: spam-tools?

  • From: Paul Wouters < >
  • Date: Mon, 18 Jun 2001 14:39:23 +0200 (MET DST)

On Mon, 18 Jun 2001, Sabri Berisha wrote:

> > ORBS ( http://www.orbs.org/ ) is R.I.P. and I think this is good as it
> > tested my relays regardless that I did not want ORBS to test my relays ever.
>
> If you do not operate an open relay I see absolutely no reason to object
> to those scans.

There are enough horror stories of ORBS everyone on this list knows. The
most simple and stupid thing of ORBS was that people could submit IP's,
and they would test and block it within the hour. If you've ever done a
emergency mail server migration, and was knee deep in DNS and MS hell,
the last thing you need is to have one of your IP's blocked because a
spammer and an ORBS user found your temporary mail server.

Paul, who had the uniq experience of appearing in ORBS with both "blocked
by adminsitrative reasons" and "confirmed does not relay" at the same time.

> > So ORBS did an illegal action in my point of view and I don't want illegal
> > things to happen in Internet.
>
> If ORBS would scan you with the intent do send unsolicited bulk email
> through your server you would have a point.

Port scanning is in violation of some telecommunication laws and even more
AUP's.

> Please do note that where you read "ORBS" you could read any other
> relaytester which tests with the purpose of informing *you* of any
> misconfigurations and therefor protecting *you* against your own possible
> stupidity.

The difference is that systems like RBL only block you after they are
convinced the admin can't or doesn't want to be reached. Instead of cutting
you down, they actually try to *help* you fix any problems.
Also stupidity is a very relative term. For instance, migrating and allowing
all local IP's to relay through your mailserver, opens up a subtle hole in
that mail sent to old MX records (so old mailserver) gets a fully granted
relay to the new mail server (because local IP is trusted), so people
tend to forget that portforwarding during a DNS waiting time opens them
up to spammers and ORBSlike actions. Now, I don't MIND people telling me
this, but to immediately ensure that a percentage of my users no longer
can send or receive email for this is plain stupid and wrong.

Paul
-- 
"Ik vind het zo moeilijk om mijn mening de vrije loop te geven in de
 wetenschap dat het morgen wellicht op de voorpagina van de Telegraaf
 staat."

  --- Sabri Berisha, Nationaal Aftap Overleg mailing list (nao-l)





  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>