Re: NEVER USE SORBS

To: Peter Klavins <klavins@netspace.net.au>
Cc: debian-isp@lists.debian.org
Subject: Re: NEVER USE SORBS
From: Craig Sanders <cas@taz.net.au>
Date: Fri, 28 Jul 2006 09:07:31 +1000
Message-id: <[🔎] 20060727230731.GI7118@taz.net.au>
In-reply-to: <[🔎] 003501c6b17d$025ac7d0$d07a1210@datalon.com>
References: <[🔎] 20060727121045.GG2066@zip.com.au> <[🔎] 003501c6b17d$025ac7d0$d07a1210@datalon.com>

On Thu, Jul 27, 2006 at 03:03:06PM +0200, Peter Klavins wrote:
> I think the business-ADSL space is changing a lot and expectations are
> rising for what can be achieved with a business ADSL line.

no, i think you're confused about what a DUL is about.

> I rent a business level ADSL line here in Italy because it's convenient

whether it is ADSL or not is irrelevant.

what matters is whether it's dynamically allocated or not.  that's all.
for a DUL entry, nothing else is relevant.

i run my own home mail server at the end of an ADSL line. on a static
IP. in fact, on my own /24 (although that makes no difference - static
is static).

> for me especially because competition has lowered prices to the point
> where for example 6 Mbit ADSL with no upload/download limits (which
> on the contrary is common back home in Australia) costs of the order
> of 50 AUD a month flat.  I got the business level ADSL instead of the
> consumer level ADSL precisely because it offered a static IP address,
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

if your IP is statically allocated to your connection (whether it be via
ADSL or any other method) then it does not belong in a DUL.

if it has ended up in a DUL listing that would be because:

a) the rDNS looks like it's probably dynamic

b) your ISP has not properly registered their IP address space with ARIN or
whoever is responsible for that task in EU.

c) your ISP has not bothered to inform the DUL that it is static.

any of these issues can be corrected by the responsible party.

> that indeed has not changed in all the years that I have had the
> service, regardless of reboots.

yes, that is the nature of static IP addresses.  it's why they're called
static.

> But, importantly, it is assigned by DHCP, presumably for

the method of assignation is irrelevant. the fact that it is assigned to
one particular customer and no other is what is important.

assigned to one customer = static

part of a shared pool dynamically assigned to any of several custs = dynamic

> [...]
>
> Now the ISP I use is one of the biggest European-wide ISP's, and I am
> pretty certain that for me it would be very difficult bureaucratically
> to get them to do anything like configure an rDNS or raise or lower
> TTL's and so on.  So, I haven't tried.  And my servers and SSH and VPN
> connections work fine.
> 
> Except for mail.
> 
> I haven't set up a mail server simply because I am terrified of the pain

try it and see. it takes less than 10 minutes to 'apt-get install
postfix' (or exim or whatever) and see if you can send mail to some host
known to be using SORBS or some other DUL.

or you can use rblcheck to see if your IP is listed in any RBL or DUL.

if it works, fine.

if it doesn't, it's up to you whether you ask your ISP to get it de-listed or
not.  since you're not currently dependant on it working, you can fire off the
request and not care how long it takes to get fixed.

if your ISP couldn't be bothered getting it de-listed then you have an issue
with your ISP, not with SORBS or any other DUL.  take it up with them.

> I would go through judging by what I read on this group.  Now being an
> old (literally) software engineer who is reasonably competent in many
> things computer-wise after 30 years of studying compsci and then working
> with all manner of hardware and software, I would actually like to
> eventually set up my own mail server.  And I would like to do it without
> coordinating with my ISP because of all the pain I would go through.  I
> would like to do it with the same competence that I've set up my (not
> public so far) web server and my firewall, and every other thing I've
> had to go through in learning about connecting server equipment to the
> internet.

unfortunately, that possibility has been ruined by spammers and virus
authors. blame them. your ISP may have already properly registered their
IP address space. you may be imagining a problem that doesn't exist. or
you may have to co-ordinate with your ISP and ask them to do their job
properly.

> But you're saying that the one type of server I shouldn't connect is a
> mail server?  Because I couldn't cope?  I don't think that's reasonable.

no, i'm not.

i'm saying that DULs provide a useful service to those who want to
reject mail direct from dynamic IP addresses. a service that is useful
enough and accurate enough, IMO, to accept the fact that there will be
the occasional mistaken listing.

> I understand that you may not want to accept mail directly from me

i have no problem receiving mail direct from your mail server because it's
not a dynamic IP address.

if it is incorrectly listed in a DUL then that is a mistake that can be
easily corrected by the registered contact (aka "owner") of the address.
i.e. your ISP.

> because of arbitrary rules like you wouldn't accept mail from someone
> born in Australia but living in Italy, but I don't think it is

no, the arbitrary rule is that i don't want mail direct from dynamic IP
addresses. regardless of where in the world it is, and regardless of who
is sending it or what they are sending. to facilitate that rule, i make
use of some DUL services.

> reasonable for all the mail admins in the world to not accept my mail
> because it is assigned from a pool of addresses for all I know may be
> designated somewhere as being dynamic (my bet is that they are:  what
> does 217-133-15-nnn.b2b.tiscali.it say as an IP address to you?).

it says "probably dynamic". without further information (which can come
from whois if your ISP has registered their address space correctly, or
it can be provided direct to the DUL operators by the registered contact
for the IP addresses concerned), then assuming it is dynamic is perfectly
reasonable.

> I for one would like to know how to become professionally competent in
> mail server administration, slowly, at my own pace, gradually
> introducing more and more complexity as time goes on, just as I did with
> apache etc.  I expect to be capable of doing this judging by other
> things I have learnt in the past.  I may make mistakes, I may not
> designate some header fields correctly in my first attempts, but I would
> hate to be banned from trying simply because I was blacklisted by SORBS.
> But I certainly would never send SPAM, I am too professional and careful
> for that.  In fact, I would argue that learning at my own pace on my
> ADSL would be far preferable than learning in the sysadmin group of some
> organisation with a network connection that is truly static.

this isn't about you. it's not personal. it's about common and repeated
sources of spam....and, unfortunately, dynamic address space is a huge
source of spam and viruses.

> But you're saying that even if I succeed in becoming a competent mail
> admin, I shouldn't join the peer-to-peer world of mail servers simply
> because I have this IP address?  And if my netblock (because of some

no, i am not saying that. if your IP is static then it should not be
listed. if it is listed by mistake then your ISP can correct that
mistake.

craig

-- 
craig sanders <cas@taz.net.au>           (part time cyborg)

Reply to:

Follow-Ups:
- RE: NEVER USE SORBS
  - From: "Peter Klavins" <klavins@netspace.net.au>

References:
- Re: NEVER USE SORBS
  - From: CaT <cat@zip.com.au>
- RE: NEVER USE SORBS
  - From: "Peter Klavins" <klavins@netspace.net.au>

Prev by Date: Re: NEVER USE SORBS
Next by Date: RE: NEVER USE SORBS
Previous by thread: Re: NEVER USE SORBS
Next by thread: RE: NEVER USE SORBS
Index(es):
- Date
- Thread