Re: RBL report..

To: Daniel Martin <Daniel.Martin@jhu.edu>
Cc: debian-devel@lists.debian.org, recipient list not shown: ;
Subject: Re: RBL report..
From: Nils Jeppe <nils@jeppe.de>
Date: Tue, 28 Mar 2000 11:11:32 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.20.0003281102450.28505-100000@wasteland.pandemonium.de>
In-reply-to: <[🔎] 87og7zybuh.fsf@dwww.cush.dyn.ez-ip.net>

On Mon, 27 Mar 2000, Daniel Martin wrote:

> ORBS BLOCKS MORE THAN OPEN RELAYS.
> Sorry to shout, but I've been bitten by ORBS before.
> It blocks open relays *or machines which relay for open relays*.

Which is basically the same.

> This means that since my campus's smarthost trusts any machine inside
> jhu.edu to send mail out (and why shouldn't it?), an open realy
> anywhere on campus can cause all mail going through the smarthost to
> be blocked.

Because you shouldn't relay mail from open relays. Since the problem was
identified, block the machine which is local on your campus. Once you fix
it, notify ORBS so they will take you out of their list.

Relaying mail for open relays effectively makes YOUR SERVER an open relay,
too. It HAS to be blocked, because the mail doesn't originate from the
real open relay but from the smarthost, and if the smarthost didn't get
blocked, it would be really easy to circumvent ORBS.

> To repeat: ORBS does not block only mail that came through open
> relays, it blocks mail that came through servers that have in the past 
> served open relays.  It allows a single open relay on a mail network
> to cause the entire mail network to be blocked.  It is to my mind an
> inordinately severe response to the problem.

NO IT IS NOT. Spam is evil. Open relays are evil. Close all open relays,
they have NO justification for existence. People who like to argue
otherwise can get in touch with me, and I will happily let them deal with
all Spam I get. ;-)

To reiterate, open relays are a serious configuration problem. It's a
bug. It's a serious security hole. It has to be fixed. It isn't just a
harmless little something, it is costing hundreds of thousands of people
all around the world, every day, real money to deal with Spam.

ORBS gives you enough time to fix the problem before you get blocked. And
if for some reason you cannot fix the open relay, you have to block the
open relay from using you as a smarthost. Yes it is that simple. No there
is no alternative.

Administrators who can not deal with open relays are incompetent
fools. Administrators who do not want to deal with open relays are not one
iota better than the worst spammers out there.

There, I had to say it, now let's close the discussion, ORBS is a
reasonable answer to a real problem.

Nils

-- 
 "Kif, if there's one thing I don't need it's your 'I don't think that's
  wise' attitude."
						--- Zap Brannigan

Reply to:

References:
- Re: RBL report..
  - From: Daniel Martin <Daniel.Martin@jhu.edu>

Prev by Date: Re: ITP: tinydns and dnscache
Next by Date: debconf: how to configure non-interactive install
Previous by thread: Re: RBL report..
Next by thread: Re: RBL report..
Index(es):
- Date
- Thread