Re: spam-tools?
- Date: Mon, 18 Jun 2001 16:45:03 +0200 (MET DST)
On Mon, 18 Jun 2001, Jan-Pieter Cornet wrote:
> > emergency mail server migration, and was knee deep in DNS and MS hell,
For the record, that was a typo. i meant MX hell :)
> You mean that you don't like ORBS because you are bad at doing your job.
> This is the wrong reason for not liking something, and sounds more like
> blame delegation to me.
Just to show what happened, since it triggered some email. When moving
servers both physically and to another backbone ISP, I had a setup where
at some point I had two mailservers, while I wanted ofcourse one mail spool.
One link was relatively slow, and the machines 200km from each other, so
doing /var/spool/mail over NFS wasn realistic.
At some point, you can't really avoid having two different MX records
circulating. And yes, the fallback MX at the time which was in the UK
at the time wasn't trustworthy enough. All in all, a tricky non trivial
situation. So I decided to portwarded port 25 of the old server to the
new server. That ofcourse needed relay permission on the new mailserver
of the old server.
I hadn't realised spammers were checking it this closely, and within 20
minutes I had received the first complaint, and killed the port forwarding.
In total, about 50 emails were relayed through our system.
Then the ORBS tester came, failed to relay. I complained to ORBS because I
don't agree with their policy and got blacklisted. Hence the "not relaying"
and "blocked" entry for my server (which btw when we moved stayed at the
old IP which another customer of our old backbone ISP got. Another reason
why ORBS was stupid, because they never removed the IP even when I sent
them an email saying they should adminsitratively block our new ip and
release the old one.
The whole point I making is that this entire situation was under control,
and the manual addition to ORBS was totally uncalled for. That is the
difference I mentioned with RBL. I am not as Mr. Berisha tries to show,
starting a fight on one system vs the other. I taking about reasonable
measures for problems instead of initiating DEFCON 1 for a fixed problem.
> ORBS never did any portscanning, you must be confused with something else
ORBS scanned any IP you fed it. Whether you want to call it mailport
scanning or port scanning or relay scanning, isn that relevant.
> ORBS tries to help too.
I tried to explain to ORBS why I think their policy is not a good one. It
escalated, and we got blacklisted. Such personal and non-transparent
policy is a schoolbook example on how not to design or follow policies.
> But ORBS tried to help end-users too, by listing open relays as soon as
> possible, so you can block the spam coming from them.
ORBS had a personal agenda, and not a published policy that it kept itself.
> Portforwarding is a VERY stupid thing to do, just run mailservers on
> both machines, with appropriate configuration.
See above for some more details. It was the only solution I had. I couldn't
let mail queue at the fallback because it was broken (and outside of my
control) so the IP number needed to accept mail. I sure there would have
been better ways of fixing things, but again my point is that the meassure
and consquence of a brief situation led to long term blocking by ORBS.
And in case people wonder, yes, I very much against spam myself, and even
have a page up at www.xtdnet.nl/paul/spam/ where I collect spam which is
regularly used to fine tune personal filtering systems.
> Receiving email has nothing to do with ORBS,
If sending fails because you are ORBS listed, there are (suprise!) people
who can receive email anymore.
As for mr.Berisha's bitterness on journalism, and his rejected claim to the
"Raad van Journalistiek" regarding my article on tapping in the Netherlands,
I suggest we keep this off this list. If people are really interested, please
read either my, Cryptome's or Mr. Berisha writing at:
http://www.fnl.nl/ct-nl/archief2001/ct2001-06/
http://mohave.bit.nl/~sabri/ct/ (seems to have been forced onto geocities now)
http://cryptome.org/nl-tap2.htm
Dutch readers can read the next c't for a clarification.
Paul
--
"Ik vind het zo moeilijk om mijn mening de vrije loop te geven in de
wetenschap dat het morgen wellicht op de voorpagina van de Telegraaf
staat."
--- Sabri Berisha, Nationaal Aftap Overleg mailing list (nao-l)