Re: Debian hosting an open relay?

To: Philip Blundell <philb@gnu.org>
Cc: Wade Richards <wrichard@direct.ca>, debian-project@lists.debian.org
Subject: Re: Debian hosting an open relay?
From: Craig Sanders <cas@taz.net.au>
Date: Mon, 23 Jul 2001 10:55:42 +1000
Message-id: <[🔎] 20010723105542.D15774@taz.net.au>
In-reply-to: <[🔎] E15MFsT-000095-00@kings-cross.london.uk.eu.org>

On Mon, Jul 16, 2001 at 10:26:05PM +0100, Philip Blundell wrote:
> >All of my mail from the debian-security list is appearing in my spam
> >folder, because it appears that murphy.debian.org is in the ORBS
> >list.
> >
> >Does anyone know if this is a Debian problem (I find it hard to
> >believe that there really is an open relay), or an ORBS problem?
>
> ORBS is dead.

ORBS is worse than dead.

one of the DNS secondaries for orbs.org recently announced that they
would be returning a positive result to ANY query for any of the orbs
domains.

he is doing this because a) people won't reconfigure their MTA even when
orbs has been dead for months, and b) the owner of the orbs.org domain
refuses to remove the NS records for this secondary name server from the
orbs zones.

there are about 11 secondaries for the orbs.org domains. this means that
mail from about 1 in every 11 hosts will get a false positive match. due
to the TTL set in the zone, positive results will be cached for several
days.

the only solution is to STOP using the orbs.org blacklist zones. they're
dead anyway, so you have nothing to lose.

there are numerous orbs replacement services available now.

a combination open relay listing and dul.  quite qood:
    relays.osirusoft.com

osirusoft.com also maintains a list of available dnsrbl services.

an orbs-like service with open relay (inputs) and multistage open relay
(outputs) zones:
    inputs.orbz.org
    outputs.orbz.org

two more orbs-like services. these are both particularly good at
blocking spam from open relays:
    or.orbl.org       (this one combines inputs and outputs in one zone)
    relays.ordb.org   (probably the single most effective dnsrbl around)

and, of course, there are the MAPS services (note that these will be
available by subscription only at the end of the month):

    blackholes.mail-abuse.org
    relays.mail-abuse.org
    dialups.mail-abuse.org

i use the following in my postfix configuration.  it's quite effective.

maps_rbl_domains = relays.ordb.org, relays.osirusoft.com,
                   inputs.orbz.org,
                   blackholes.mail-abuse.org, dialups.mail-abuse.org,
                   relays.mail-abuse.org

i don't use outputs.orbz.org or or.orbl.org because i don't agree with
the collateral damage caused by blocking mail from ISPs who just happen
to temporarily have a clueless customer with an open relay.

craig

-- 
craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

Reply to:

Follow-Ups:
- Re: Debian hosting an open relay?
  - From: Branden Robinson <branden@debian.org>

References:
- Re: Debian hosting an open relay?
  - From: Philip Blundell <philb@gnu.org>

Prev by Date: Re: Interested in Binary Code for the Linux Operating System
Next by Date: Re: Debian / RS6000
Previous by thread: Re: Debian hosting an open relay?
Next by thread: Re: Debian hosting an open relay?
Index(es):
- Date
- Thread