[ On Saturday, November 4, 2000 at 22:05:18 (+0700), Robert Elz wrote: ]
> Subject: Re: spamwar rules of engagement [ was printer supplies ] 
>
> ORBS doesn't like me because I won't let them (even attempt to)
> relay mail through my mailer (they're filtered away from my nets).

Depending on which network you're talking about that may not be correct.

The address from which you sent that message is not currently, and has
has never been, listed in any black-list that I'm aware of.  SpamCop.net
has just recently nominated 202.28.96.1 for testing, though oddly enough
the message containing that IP in the header is one from yourself just
yesterday with the subject "Re: Anycast root metrics and analysis".
Seems someone (presumably at nic.cafax.se) decided to bounce your e-mail
to SpamCop!

However munnari.oz.au, from which you've sent e-mail in the past, is
listed in the ORBS static database (i.e. a lookup in the ORBS RBL will
return 127.0.0.3, as per their published documentation), and a look in
their database shows that they've got an actual spam on file which was
relayed through 128.50.1.21 (and they claim a relay check from another
unfilterd network was "successful" too).

Filtering the ORBS checker when you've not got a 100% absolutely
unbreakable mailer is "dangerous" because if a spam does get through
then the resulting listing in the static database is incredibly more
difficult to clear than if the ORBS checker could simply verify the
correctness of your systems after it has been repaired.

I note that the MAPS RSS has also verified that munnari.oz.au has indeed
been an open relay several times in the past (most recently in
Dec. 1999) and they also have an actual spam on-hand which was relayed
directly via munnari.oz.au on Dec. 4, 1999.  Their relay entry was
manually removed Jul. 3, 2000 but no explanation is given for the
removal.  Other relay testers also claim that 128.250.1.21 was tested
and shown to be an open relay in the past.

[ On Saturday, November 4, 2000 at 11:10:35 (-0500), Todd Vierling wrote: ]
> Subject: Re: spamwar rules of engagement [ was printer supplies ]
>
> On Sat, 4 Nov 2000, Greg A. Woods wrote:
> 
> : (and I regularly see at least two or three per day on average).  Most of
> : them would have been stopped by employing the various MAPS RBLs (and
> : IIRC they all would have been blocked if the ORBS RBL had been added to
> : the mix).
> 
> Although ORBS is an example of dropping a bomb on a crowded building because
> your enemy is somewhere inside it.  ORBS blocks too many legitimate mailers
> out of "retaliation" towards networks that don't allow ORBS probes past
> their border routers.
> 
> ORBS needs to die for that reason alone (and there are other reasons....).

I think you guys need to take a reality pill and look at some facts
rather than your current emotional response.  Unless you actually use
ORBS, even if only for some unimportant little domain that barely gets
any e-mail, you've really got no idea whatsoever of what you're talking
about.  The rumour mill is so full of falisities about ORBS that it's
just not funny.

Certainly if you follow the ORBS "manual entries" list (i.e. the ones
that return 127.0.0.4 in the DNS RBL) then you'll be blocking large
hunks of networks that are only rumoured to be the home of the odd open
relay or so.  The static database (which returns 127.0.0.3) is also
manually maintained, though given the evidence of actual relayed spam
that got such entries in the list in the first place, it's arguably a
very important list.

HOWEVER, the remainder of the ORBS list consists entirely of
mechanically verified, provably open, relays.

If you believe even for a moment that open relays are a bad thing to
allow and that they make spammer's lives much easier, and if you want to
try to do something about it, then you must use at least the verified
part of the ORBS list to prevent such verified open relays from
continuing to exist.  No other resource available today comes even close
to ORBS in completeness and mechanical objectivity.
(relays.mail-abuse.org, a MAPS so-called equivalent list, would not have
stopped a single piece of e-mail spam destined to my network over the
past month or so)


[ On Sunday, November 5, 2000 at 01:25:56 (+1100), Crossfire wrote: ]
> Subject: Re: spamwar rules of engagement [ was printer supplies ]
>
> Oh, and furthermore, ORBS RBL are also inadvisable due to their draconian
> and inappropriate handling of Australian ISPs which would result in all of
> .au's dialup and ISP populous not being able to post.

Hmmm....  Shouldn't you be more worried about cleaning up your own house
than of spreading incorrect rumours?  Seems your server is a real live
open relay at the moment:

236.5.134.139.relays.orbs.org   A       127.0.0.2
236.5.134.139.relays.orbs.org   TXT     "Open relay - see http://www.orbs.org/verify.php3?address=139.134.5.236"

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>