Subject: Blackhole lists (was Re: mail configuration)
To: Jay Maynard <jmaynard@conmicro.cx>
From: Todd Vierling <tv@wasabisystems.com>
List: current-users
Date: 02/21/2001 14:48:33
On Wed, 21 Feb 2001, Jay Maynard wrote:
: This is a feature, not a bug. The only reason for a dialup user to not use
: your ISP's server for outgoing mail is if you want to evade limits placed on
: traffic there...like limits on number of recipients for a message, or number
: of messages per minute. Many sites reject mail sent directly from dialups,
: anyway, via the MAPS RSS list.
Er, MAPS DUL, but anyway....
If you have a legitimate reason for exceeding a dialup ISP's traffic limits,
you probably need a fatter link than 33.6K or less modem upload speeds
anyway. :)
: Yes, closing open relays is good, but how many of the open relays throughout
: China and Japan and Korea have ever responded to relaying complaints? (No,
: ORBS is not the answer, at least not until they stop cracking sites
: actively themselves.)
I can't believe I've been defending ORBS recently, and I should probably
question my sanity for doing so, but there actually is good reason:
As of 1 Feb 2001, they've exploded the different types of information into
different DNS zones so that you can reduce your usage of ORBS, if you like,
to specific types of information. Personally, I use only the
"inputs.orbs.org" (one-hop direct open relays) list, which has stopped about
70% of the crap that MAPS hasn't, and now that the purpose of the list is
more specific, has convinced a couple admins (through my e-mail notices)
that their servers are, indeed, insecure.
Note that ORBS isn't scanning addresses randomly; it's only doing so when
triggered by a spamtrap address or a user who wants to know if spam did get
relayed through an insecure host. If they do `crack' a site by testing it
from a third party's advice, I completely agree with them that it should be
noticed and blacklisted so that the admin will be forced to get it fixed.
I've never had a problem with their automated tester finding real open
relays, as the tester itself is well thought out.
My past gripes with ORBS have been the way that their old, merged DNS zone
included a bunch of information that blocked all kinds of legitimate mail.
Both for my outbound and inbound mail, I didn't want to block the flow of
things that are not necessarily under the admins' control (like multihop
relays at large ISPs). I'm not completely happy that they still provide
that information, but so long as it's not in the single-hop relay zone, I'm
not too dissatisfied. I hope that the reason for the DNS zone changes was
from these gripes and complaints....
There's far too many single-hop open relays out there *not* to take a stand
against them. Most simply won't get fixed until it's impossible to get
legitimate mail out from them.
--
-- Todd Vierling <tv@wasabisystems.com> * Wasabi NetBSD: Run with it.
-- NetBSD 1.5 now available on CD-ROM -- http://www.wasabisystems.com/