Re: [Semi-OT,important] ORBS globally blocks users of these lists

From: Henning P . Schmiedehausen (hps@tanstaafl.de)
Date: Mon Jan 17 2000 - 05:16:35 EST


alan@lxorguk.ukuu.org.uk (Alan Cox) writes:

>> You missed my qualifier. I asked that ORBS not be used while they practice
>> their policy of global blacklisting. I fully support ORBS in it's efforts
>> to stop spam by affecting the broken systems. Any servers on Above.net
>> address space that are open should be listed. The other hundreds of
>> thousands should remain fully free. Especially when the ones I touch are
>> listed in the database as anti-spam compliant.

>> Is generic blacklisting right?

>Learn to use ORBS properly and -you- get to pick if you filter netblks too
>or not. Its not hard, if the A record on the check is 127.0.0.4 its a netblk

This is the problem. Most people just drop the generic "lets use ORBS"
config into their mailers and don't judge.

BTW: I just started an experiment: I reported one of my machines,
which is currently down and turned off and another one, which is up
but not running SMTP (never will) to ORBS as open relay. I want to
find out what happens.

One of the bigger concerns I have with ORBS is the following situation:

- Joe L. Dialupkiddie [1] dials into his ISP. He is reported to the
  ORBS database by a "friend" from the IRC, his out-of-the-box Linux
  distribution contains an open sendmail which is run at startup (JLD
  does not even know what sendmail is nor does he ever uses it [2]. He
  uses Netscape for Mail). ORBS takes his (dynamically assigned) IP
  address into its database.

- Some days later, one of our Linux Wizards (lets call him "Khimenko
  Victor") wants to send mail to you. He dials into his ISP, gets the
  address previously used by Joe L. Dialupkiddie and your mailer
  rejects his mail because the address is in the ORBS database.

=> Using ORBS has damaged your communication.

This scenario is the main reason I don't use ORBS for the mailers I
administrate. In an age where IP address reuse and masquerading is
done in big numbers, it is simply unfair to block on addresses. You
can and you will hit the wrong people.

And it is unfair on ORBS to put the load on the ISPs. I do consulting
at an ISP where we have > 10.000 dialup customers.About 5% of these
use Linux on a regular base for dialling up which is about 500 users.

All of these consider themselves "computer whizzes" just because they
can insert a Linux CD into their drives and follow the out-of-the-box
instructions. None of these will ever be persuaded by an "admin from
your ISP" that they're doing something wrong because they're fourteen
years old, 3LiT3 because they're running L1n|_|xZ and would never
listen to the advice of "old men which are not c00L". 99% of these
don't even know what a sendmail is, neither that they run one. Neither
how to prevent "SPAM blocking" on their mailers.

They damage the other > 9500 regular dialup users because some of the
dialup-addresses were put into ORBS. And the blame is put on the ISP
(which is proactive against SPAM. We used to run smtpd for a very long
time before ORBS until they finally found a way around it. Now we're
using another tool).

We submit our mailservers to ORBS on a regular base for retesting and
come out clean. And still we're hit and some of our dialup addresses
are in the ORBS database. We have about 50 Class C networks, which
sums up to > 12000 IP addresses. Do you want us to scan all of the
addresses from the ORBS database to find out whether we're in there?

Don't tell me, that we don't 'do enough'. We're putting a lot of work
into our mailers, but there are limits.

Personally I'm with George Bonser. The ORBS people and the people who
support them are IMHO doing damage to the net because they haven't
thought about all possible scenarios.

        Regards
                Henning

[1] He calls himself "L." because he is a "Linux wizard"

[2] My experiment should find out whether if he drops offline and
    somebody else without SMTP daemon / nobody dials up, the address
    would still get listed into ORBS. If yes, I'm willing to report the full
    dialup netblocks of AOL and T-Online into ORBS and see what happens when
    two >> $150 billion companies [3] start looking for the ORBS guys... [4]

[3] AOL Time Warner and Deutsche Telekom

[4] Nuking NZ I would presume.

-- 
Dipl.-Inf. (Univ.) Henning P. Schmiedehausen --             hps@tanstaafl.de
TANSTAAFL! Consulting - Unix, Internet, Security      

Hutweide 15 Fon.: 09131 / 50654-0 "There ain't no such D-91054 Buckenhof Fax.: 09131 / 50654-20 thing as a free Linux"

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Jan 23 2000 - 21:00:15 EST