netbsd-users: Re: OT: orbz.org

Subject: Re: OT: orbz.org - help needed
To: None <netbsd-users@netbsd.org>
From: David Maxwell <david@vex.net>
List: netbsd-users
Date: 01/28/2002 22:54:33
On Mon, Jan 28, 2002 at 12:05:36PM -0500, Shannon wrote:
> I don't think we disagree.  My point-of-view is purely it's use in
> my personal mail filters.  If using it blocks the wrong thing,
> it's not accurate _for me_.

Along with what others have said about it being impossible to define
"the wrong thing" in the context of email...

To some extent, this comes down to an Order vs. Chaos sort of thing :-)
For many years, long time net-citizens have complained about the influx
of the uninitiated, commercializers, and other new-newbies.

If you want to encourage responsible computing, then insist on people
following the current acceptable procedures to talk to you. However, if
you don't - don't be surprised if some people don't want to accept mail
from you, as one of the 'delinquents'.

> The problem here is that it's possible to have open relays on your
> domain, and you don't have control over that machine.

It really shouldn't be possible. You should always insist on an
acceptable use policy for your sub(networks/subscribers/lettors) which
is at least as strict as the one that _you_ agreed to. If someone may
hold you to a higher standard of behaviour, you had better be sure that
everyone you are responsible for connecting to the net agrees to meet it
also - or you send them elsewhere.

In the end - you can always put up a filter to block that open relay,
until the machine conforms. (Assuming your AUP reserved that right.)

> Should you be
> blacklisted in that case? 

Should parents be held responsible for the misbehaviour of their
children? If I buy a service from someone, and they subcontract part of
the job, is the subcontractor not held to the same level of service I
demanded, and contracted for? (The sense is inverted, in that you're
buying service from an upstream ISP, but hopefully the example is clear
enough.)

> I don't know if Orbz would blacklist in that
> case, but some people have.

It's sometimes hard to identify the granularity of 'an individual' or
'an organization'. Protect yourself by making sure that the subdomain
has its own DNS registrations, and properly handled postmaster@ and
abuse@ handling. Then protect yourself by having your own proper
handling. Odds are that someone will email abuse@ your domain before you
end up getting blacklisted. The quicker and more completely you fix the
problem, the less likely you'll be blacklisted.

> A company I worked for was blacklisted
> because a customer's machine had an open relay. As I recall, it was
> difficult for us to reverse the situation, and lawyers were involved.

That's almost funny. There was a much simpler technical solution, that
could have been accomplished in < 1/2h for almost any mailserver - less
if you're familliar with the MTA in question.

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
Any sufficiently advanced Common Sense will seem like magic... 
					      - me