Slashdot Mirror

For just such reasons, they already have three different lists:

• Realtime Blackhole List - a list of netblocks involved with spam origination, severe spam relaying, or spam support services
• Dialup User List - A list of dialup netblocks
• Relay Spam Stopper - a broader list of known spam relays

I guess you're asking them to split the RBL into two or three more parts. I personally don't see the need for this; in my eyes supporting spammers is as bad as being a spammer. But opinions differ, and if enough people ask for it I'm sure they'll add those lists (as they did with the DUL and RSS lists). Have you asked them yet?

Nope, this is another example of a poorly researched /. article. /. is rapidly becoming somewhere to go for a laugh to see how badly wrong they've got it this time.

RBL listing of spamware sites is a long established tradition, its public knowledge and is one of the listing criteria: Spam Support

Escalation of listings past single hosts is also known about, this happens when the provider continues to allow the spamming to continue, or moves the host around the netblock to avoid the RBL listing.

You have to go after what hurts the spammers. They don't care if they lose their hotmail account, or their MSN dial up account... as long as people can still view their website.

Oh, and BTW... ISPs have every right to decide what goes on their network. Its *their* property. Abovenet have decided not to allow hosts that are in the RBL to transit their network. Thats fine... as a customer of an Abovenet customer, I'm ecstatic that they've done this, as it saves me a DNS lookup for every e-mail that comes in :) However, its still their decision... and its my decision to stay a customer of Abovenet's (albeit one hop removed)

There are many forms of the MAPS RBL subscription.

One form that appeals to some network providers is the MAPS RBL Subscription via Multihop eBGP4 . This subscription option involves configuration within border routers of a subscribing network provider. Any traffic that passes through a router configured to peer with the MAPS RBL feed will null-route packets destined for any host or network listed in the MAPS RBL. This includes ALL internet protocol traffic -- not just mail.

If a network or host is listed in the MAPS RBL, and a router between you and that host or network is configured to use the MAPS RBL BGP feed, you will be unable to browse a website located there, you will be unable to ftp to them, and yes, you will be unable to send them mail. And they will be unable to send you mail, or browse your web site. Again, any traffic passing through a router configured in this way that is destined for an IP in the MAPS RBL will be null-routed -- for all intents and purposes, dropped on the floor.

Asymmetric routing and inadequate coverage on the border can be a noted hole, but in cases such as these, the MAPS RBL BGP feed isn't really working anyways.

You shouldn't tar MAPS with the ORBS brush. For the last year or so, all of my mail gets extra headers added based on which of the lists (ORBS, MAPS RBL, MAPS RSS, MAPS DUL) it matches.

I frequently find that ORBS would block mail I'd like to receive, whereas the MAPS RBL and RSS never do, and the DUL would only rarely. For a normal ISP, I'd guess that ORBS would be a nightmare, but the RBL would be pretty much OK.

Of course, for me, I keep all my spam so I can feed it to SpamCop.

You shouldn't tar MAPS with the ORBS brush. For the last year or so, all of my mail gets extra headers added based on which of the lists (ORBS, MAPS RBL, MAPS RSS, MAPS DUL) it matches.

I frequently find that ORBS would block mail I'd like to receive, whereas the MAPS RBL and RSS never do, and the DUL would only rarely. For a normal ISP, I'd guess that ORBS would be a nightmare, but the RBL would be pretty much OK.

Of course, for me, I keep all my spam so I can feed it to SpamCop.

You shouldn't tar MAPS with the ORBS brush. For the last year or so, all of my mail gets extra headers added based on which of the lists (ORBS, MAPS RBL, MAPS RSS, MAPS DUL) it matches.

I frequently find that ORBS would block mail I'd like to receive, whereas the MAPS RBL and RSS never do, and the DUL would only rarely. For a normal ISP, I'd guess that ORBS would be a nightmare, but the RBL would be pretty much OK.

Of course, for me, I keep all my spam so I can feed it to SpamCop.

That's like saying "There's a lot of junk phone calls coming from the 612 area code" but they compromise by saying "You can call us up to fix it." And where do you live? In the 612 area code! Oh man!

However, it can also be fed directly into routers through eBGP4. I think larger networks might be more likely to use it that way. In this case, the blacklisted addresses simply become unroutable, and not even web access to the domain will work.

This only happens if your network, or your upstream, voluntarily and consciously decides they want to follow MAPS's advice about abusive networks.
--
Martin

Fair enough, but if your car kept getting stolen, since you didn't lock it, left the engine running outside all the time, and perhaps put a big sign on it that said "steal me!", I wouldn't feel any sympathy for you. Furthermore, if you let it happen more than once (hell, theft of service happens hundreds of thousands of times with open relays) I'd simply point and laugh, for quite some time.

And yes, "it's not that hard, dumbass." There are several websites out there that teach people, in clear, concise steps, how to close an open mail relay, for both UNIX and NT; hell, for just about any operating system. People go to jail for leaving guns lying around when a kid picks one up and shoot someone. Why shouldn't people at least be scolded for running open mail relays when criminals use them to harass?

- A.P.

--
* CmdrTaco is an idiot.

I have a 24/7 broadband connection with better then 99.9% uptime at home, and I quite enjoy the minor hobby of being able to run my own tinsy little server on it. I have apache and sendmail, ssh login, etc. The notion of a default policy of filtering ports to the end consumer of bandwidth troubles me enormously.

You've been caught in the middle of this little spam problem and I feel your pain. Unfortunately port blocking and projects like MAPS DUL won't go away any time soon because spammers won't go away any time soon.

The worst DSL related listing in DUL has to be Sympatico Ontatio. This is an exception to the DUL rule of not listing DSL because Sympatico HSE uses PPP(over Ethernet) and can't guarantee the same IP, and they've turned a deaf ear to MAPS and to the Internet community when we complain to them about their spammers.

If the broadband provider's mail server bites, too bad. Find another broadband provider with better service or do what I did: Stick with ISDN and pick and choose between any ISP that does 56k (any server doing v.90 very likely supports ISDN transparently).

I also suggest you read your ISP's terms of service carefully. Chances are they forbid running servers on those connections for the same reasons - too much network abuse.

You might want to read some letters people wrote to the DUL Project about this, and the responses.

I have a 24/7 broadband connection with better then 99.9% uptime at home, and I quite enjoy the minor hobby of being able to run my own tinsy little server on it. I have apache and sendmail, ssh login, etc. The notion of a default policy of filtering ports to the end consumer of bandwidth troubles me enormously.

You've been caught in the middle of this little spam problem and I feel your pain. Unfortunately port blocking and projects like MAPS DUL won't go away any time soon because spammers won't go away any time soon.

The worst DSL related listing in DUL has to be Sympatico Ontatio. This is an exception to the DUL rule of not listing DSL because Sympatico HSE uses PPP(over Ethernet) and can't guarantee the same IP, and they've turned a deaf ear to MAPS and to the Internet community when we complain to them about their spammers.

If the broadband provider's mail server bites, too bad. Find another broadband provider with better service or do what I did: Stick with ISDN and pick and choose between any ISP that does 56k (any server doing v.90 very likely supports ISDN transparently).

I also suggest you read your ISP's terms of service carefully. Chances are they forbid running servers on those connections for the same reasons - too much network abuse.

You might want to read some letters people wrote to the DUL Project about this, and the responses.

2: The second option would be for UU.net to provide the IP ranges for its DIAL Up pool to the DUL project run by MAPS.

IIRC, they do. 63.0/11 appears to be the bulk (heh) of it. By their very definition, open relays usually don't follow the DUL very closely...

Much of the UUNET spam being reported to the MAPS DUL Project happens to be relay spam. This isn't helping the DUL Maintainers because they're already listed. You want to use MAPS RSS and DUL at the same time, and report open relays to RSS as found. See The RSS Project.

If you run your own mail server or an ISP, just block most of the spam via RBL/DUL/RSS from MAPS. If you don't run a mail server, choose an ISP that does these things for you on theirs. That will block most of your bandwidth waste.

If you run your own mail server or an ISP, just block most of the spam via RBL/DUL/RSS from MAPS. If you don't run a mail server, choose an ISP that does these things for you on theirs. That will block most of your bandwidth waste.

If you run your own mail server or an ISP, just block most of the spam via RBL/DUL/RSS from MAPS. If you don't run a mail server, choose an ISP that does these things for you on theirs. That will block most of your bandwidth waste.

If you run your own mail server or an ISP, just block most of the spam via RBL/DUL/RSS from MAPS. If you don't run a mail server, choose an ISP that does these things for you on theirs. That will block most of your bandwidth waste.

The idea of creating a real-info blacklist has been bounced around a few times and generally rejected as legally infeasable (would generate too many lawsuits), but still, I keep wishing that as long as ISPs are using AUPs that are incredibly restrictive on users they might as well go all the way and put in a clause stating that by joining the service, you agree that if you are terminated for abuse, the reason for termination and any personal information submitted for the purpose of gaining access may be distributed to all other ISPs that are interested in making account acceptance decisions based upon that information. Maybe give it a 3 or 7 year expiration, kind of like bad credit. Access to a list like this might give even slow ISPs a chance to keep ahead of the problem by preventing it from becoming an issue.

But enough dreaming. For now, we have to make do with whatever technical solutions are available, whether they be RBL-like general blacklists or personal filters. At least those with skill tend not to be spammed much.

The second issue brought up by the article (albeit somewhat indirectly) is the gradual blockage of direct access to mail to dial-up users, either by blocking SMTP at the router level, or by using the MAPS DUL. Despite having great sympathies for the desire to relieve the general frustration caused by spammers with disposable accounts by simply removing one major source of those accounts from the picture, it unfairly places the communication ability of anyone not rich enough for static IPs at the mercy of the frequently abysmal performance of the mail server of their ISP (@Home, for instance, has mail servers that go down on a regular basis, and despite repeated claims to the contrary has been losing a rather disturbing amount of e-mail altogether) -- whether or not that ISP is having any more difficulty controlling its dialup/dynamic-ip users than it is its users with static addresses. Granted, a number of ISPs are filtering at the router or submitting their dialup addresses directly to the DUL themselves, but I have yet to see one of them disclose in their advertisements that they provide a crippled internet connection.

So in summary, what we still need to control this problem ourselves is a better way of publicizing the e-mail distribution points that take a long time to deal with spammers, and a better way of identifying only those dynamic address ranges belonging to ISPs that are either incapable of dealing with their dynamic-IP userbase or have given up on it completely -- and then a centralized location to check up on ISPs with broken services ahead of time, sort of like a Better Business Bureau for the internet.

How to do it? I have no idea. Here's to hoping someone else does.

The idea of creating a real-info blacklist has been bounced around a few times and generally rejected as legally infeasable (would generate too many lawsuits), but still, I keep wishing that as long as ISPs are using AUPs that are incredibly restrictive on users they might as well go all the way and put in a clause stating that by joining the service, you agree that if you are terminated for abuse, the reason for termination and any personal information submitted for the purpose of gaining access may be distributed to all other ISPs that are interested in making account acceptance decisions based upon that information. Maybe give it a 3 or 7 year expiration, kind of like bad credit. Access to a list like this might give even slow ISPs a chance to keep ahead of the problem by preventing it from becoming an issue.

But enough dreaming. For now, we have to make do with whatever technical solutions are available, whether they be RBL-like general blacklists or personal filters. At least those with skill tend not to be spammed much.

The second issue brought up by the article (albeit somewhat indirectly) is the gradual blockage of direct access to mail to dial-up users, either by blocking SMTP at the router level, or by using the MAPS DUL. Despite having great sympathies for the desire to relieve the general frustration caused by spammers with disposable accounts by simply removing one major source of those accounts from the picture, it unfairly places the communication ability of anyone not rich enough for static IPs at the mercy of the frequently abysmal performance of the mail server of their ISP (@Home, for instance, has mail servers that go down on a regular basis, and despite repeated claims to the contrary has been losing a rather disturbing amount of e-mail altogether) -- whether or not that ISP is having any more difficulty controlling its dialup/dynamic-ip users than it is its users with static addresses. Granted, a number of ISPs are filtering at the router or submitting their dialup addresses directly to the DUL themselves, but I have yet to see one of them disclose in their advertisements that they provide a crippled internet connection.

So in summary, what we still need to control this problem ourselves is a better way of publicizing the e-mail distribution points that take a long time to deal with spammers, and a better way of identifying only those dynamic address ranges belonging to ISPs that are either incapable of dealing with their dynamic-IP userbase or have given up on it completely -- and then a centralized location to check up on ISPs with broken services ahead of time, sort of like a Better Business Bureau for the internet.

How to do it? I have no idea. Here's to hoping someone else does.

One problem with using a local sendmail to send your email could be if the recipitents mail server uses the MAPS Dialup Blacklist... Basically, what that is is a database of dial up users, and when your mail server sends mail, and it checks your IP address, if it is identified as a dialup, it will not allow your mailserver to communicate. This is why you should use your ISPs mail server. When you use your ISPs mailserver, it will not be on the dialup list, and will be allowed to communicate (unless its on RBL, relay list, etc)
Ironically, as I write this, the mail-abuse.org DNS servers are unavailable. Interesting...
When it comes back up though, goto http://mail-abuse.org for more information

We had to start using the DUL to stop people using large dynamic dial-up pools from connecting to our mail server. The good side effect of this was there was a masssive reduction in Direct-to-MX spamming. Using the RBL and RSS was a good idea as well.

You might be able to limit the number of RCPTs per message, but that might harm your legit users, so do so at your own risk.

We used the DUL to prevent large dial-up pools from connecting directly to the server. We also monitored the load on the machine; there was a noticable jump when the dictionary attack would roll thru. Outside of that we treated every scan as a security incident and followed up whith the ISP responsible for the offenders IP address.

Google cache link since this poor server cant handle the load, Very interesting software, But I feel nothing can beat using the MAPS RBL and other MAPS resources. Havnt had my mailserver spammed since!

--
WolfSkunks for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.keenspace.com";

Also subscribe to the MAPS RSS and DUL lists. Out of the spam that I get here, 99% of it gets blocked by RSS and DUL, and the other 1% by RBL. I've not received a single spam since installing these.

If you have sendmail 8.10 or later, do this in your sendmail.mc file:

FEATURE(dnsbl,`blackholes.mail-abuse.org',`Mail rejected, see http://www.mail-abuse.org/rbl/')dnl FEATURE(dnsbl,`relays.mail-abuse.org',`Open relay rejected, see http://www.mail-abuse.org/rss/')dnl FEATURE(dnsbl,`dialups.mail-abuse.org',`Dialup rejected, see http://www.mail-abuse.org/dul/')dnl FEATURE(`delay_checks')dnl

You won't see any more spam, and your log file will show the address they tried to send to (this is what delay_checks is for).
---

Also subscribe to the MAPS RSS and DUL lists. Out of the spam that I get here, 99% of it gets blocked by RSS and DUL, and the other 1% by RBL. I've not received a single spam since installing these.

If you have sendmail 8.10 or later, do this in your sendmail.mc file:

FEATURE(dnsbl,`blackholes.mail-abuse.org',`Mail rejected, see http://www.mail-abuse.org/rbl/')dnl FEATURE(dnsbl,`relays.mail-abuse.org',`Open relay rejected, see http://www.mail-abuse.org/rss/')dnl FEATURE(dnsbl,`dialups.mail-abuse.org',`Dialup rejected, see http://www.mail-abuse.org/dul/')dnl FEATURE(`delay_checks')dnl

You won't see any more spam, and your log file will show the address they tried to send to (this is what delay_checks is for).
---

Also subscribe to the MAPS RSS and DUL lists. Out of the spam that I get here, 99% of it gets blocked by RSS and DUL, and the other 1% by RBL. I've not received a single spam since installing these.

If you have sendmail 8.10 or later, do this in your sendmail.mc file:

FEATURE(dnsbl,`blackholes.mail-abuse.org',`Mail rejected, see http://www.mail-abuse.org/rbl/')dnl FEATURE(dnsbl,`relays.mail-abuse.org',`Open relay rejected, see http://www.mail-abuse.org/rss/')dnl FEATURE(dnsbl,`dialups.mail-abuse.org',`Dialup rejected, see http://www.mail-abuse.org/dul/')dnl FEATURE(`delay_checks')dnl

You won't see any more spam, and your log file will show the address they tried to send to (this is what delay_checks is for).
---

This site uses some very tough filters:

• The MAPS RBL, which blocks notorius spammers and sometimes even puts their uplinks on the RBL.
• The Open Relay Behaviour Modification System which tests and lists open relays (This is the filter that blocks most of the SPAM for me)
• An ISP-"Scorelist", which means that email that comes from an ISP with a high score has to be confirmed again from the sender because SpamCop wants to see if the return address is forged.

The negative impact is that there is about one piece of mail per week SpamCop holds back. And people who send email to me are often people who cannot understand the confirmation request.

So I think that this war cannot be won. After my experiences with ORBS, MAPS and SpamCop, I must say that having a nearly spam-free mailbox has severe disadvantages, and I think that there are lots of people who will accept SPAM in the end; simply because it is too difficult to build filter software that filters most SPAM and is user-friendly at the same time.

I know for a fact that some of these groups do network scans (which they often claim they do not do); since they do most of the scans via private network accounts they don't get caught in log files. You're painting a mighty broad brush there. :)
The reference to "network scans" (in itself a subjective term) is referring to ORBS and, possibly, the now-defunct IMRSS. See my previous post for information on the differences between the various anti-spam IP lists. Neither of these lists has anything to do with MAPS. MAPS considers active networking scanning abusive. However, having received a spam, then testing to see if the offending machine is an open relay would not be considered a "network scan". Note: I am not an employee of MAPS. I do not speak for MAPS in any capacity. Rather, from a position of familiarity with their policies.

--

Honestly that's the funniest damn thing I've read in weeks! I was rolling on the floor, clutching my left nut and thanking God I use a Mac and Linux!

For instance, the way they blackhole anyone who runs an open SMTP server, even if it's not being used for spamming, or has spam filtering built in. You don't know what MAPS RBL does. You appear to be referring to ORBS.
Various blocklists... ORBS - Open Relay Behaviour-modification System
Open relay blocklist. Not affiliated in any way with MAPS. Blocks open SMTP relays. Does not require that the relay actually be used to send spam. MAPS RBL - Realtime Blackhole List
List of IP addresses of machines owned by providers who are know to be spam friendly. Manual submission. [Relatively] difficult to be placed on. This is as much admin behavior modification as spam blocking. To be used for blocking at SMTP level or BGP filtering (i.e. blackholing on the TCP/IP layer). MAPS RSS - Relay Spam Stopper
List of IP addresses of machines that contain open relays. Differs from ORBS because they don't actively scan for open relays and they require a sample of the spam before considering listing. To be used for blocking at SMTP level. MAPS DUL - Dial-up User List
List of IP addresses of dialup modem pools. To be used for SMTP blocking, but only blocking a "direct connection". Many believe that a dial-up user has no business attempting to pose as an SMTP server rather than an SMTP client. Spammers use direct-to-MX programs to bypass any sort of filtering/throttling their ISP might use on their dedicated SMTP servers. This prevents such spam from getting through. Please note that none of these lists block on content. They are all lists of IPs.

--

For instance, the way they blackhole anyone who runs an open SMTP server, even if it's not being used for spamming, or has spam filtering built in. You don't know what MAPS RBL does. You appear to be referring to ORBS.
Various blocklists... ORBS - Open Relay Behaviour-modification System
Open relay blocklist. Not affiliated in any way with MAPS. Blocks open SMTP relays. Does not require that the relay actually be used to send spam. MAPS RBL - Realtime Blackhole List
List of IP addresses of machines owned by providers who are know to be spam friendly. Manual submission. [Relatively] difficult to be placed on. This is as much admin behavior modification as spam blocking. To be used for blocking at SMTP level or BGP filtering (i.e. blackholing on the TCP/IP layer). MAPS RSS - Relay Spam Stopper
List of IP addresses of machines that contain open relays. Differs from ORBS because they don't actively scan for open relays and they require a sample of the spam before considering listing. To be used for blocking at SMTP level. MAPS DUL - Dial-up User List
List of IP addresses of dialup modem pools. To be used for SMTP blocking, but only blocking a "direct connection". Many believe that a dial-up user has no business attempting to pose as an SMTP server rather than an SMTP client. Spammers use direct-to-MX programs to bypass any sort of filtering/throttling their ISP might use on their dedicated SMTP servers. This prevents such spam from getting through. Please note that none of these lists block on content. They are all lists of IPs.

--

For instance, the way they blackhole anyone who runs an open SMTP server, even if it's not being used for spamming, or has spam filtering built in. You don't know what MAPS RBL does. You appear to be referring to ORBS.
Various blocklists... ORBS - Open Relay Behaviour-modification System
Open relay blocklist. Not affiliated in any way with MAPS. Blocks open SMTP relays. Does not require that the relay actually be used to send spam. MAPS RBL - Realtime Blackhole List
List of IP addresses of machines owned by providers who are know to be spam friendly. Manual submission. [Relatively] difficult to be placed on. This is as much admin behavior modification as spam blocking. To be used for blocking at SMTP level or BGP filtering (i.e. blackholing on the TCP/IP layer). MAPS RSS - Relay Spam Stopper
List of IP addresses of machines that contain open relays. Differs from ORBS because they don't actively scan for open relays and they require a sample of the spam before considering listing. To be used for blocking at SMTP level. MAPS DUL - Dial-up User List
List of IP addresses of dialup modem pools. To be used for SMTP blocking, but only blocking a "direct connection". Many believe that a dial-up user has no business attempting to pose as an SMTP server rather than an SMTP client. Spammers use direct-to-MX programs to bypass any sort of filtering/throttling their ISP might use on their dedicated SMTP servers. This prevents such spam from getting through. Please note that none of these lists block on content. They are all lists of IPs.

--

That said, no-one forces anyone else to actually use the RBL. MAPS simply puts out a list of people who they don't think play nice, and it just so happens that a lot of other people agree. The Consumer Reports analogy in the linked article fits this perfectly.

Now I can understand why they'd be pissed off, but what right have they to complain?

--

[...] including the DUL which is the worst piece of half-baked crap for valid (non-spam) emails I've ever seen [...]

[...] including the DUL which is the worst piece of half-baked crap for valid (non-spam) emails I've ever seen [...]

The author says RBL hasn't been working properly since 8/10

The RSS zone used to have TXT records. It currently does not have text records, as of August 2000. They were eliminated because the zone file is growing rather large. This affects Qmail users who utilize rblsmtpd to check the RSS list, as the previous instructions relied on the existance of TXT records to function.

I'm not sure if or how this affects Exim users (as Exim is the mail server Kurt refers to), and it's not the RBL. For me, RSS hasn't been functioning properly since (about) 8/8.

does anyone have any more info on the status of the RBL? The author says RBL hasn't been working properly since 8/10. I find no references/complaints about that on Deja (which strikes me as odd, if there really is a problem). I use it on our mailer, and haven't seen any problems. There isn't any news posted on the RBL site. FUD?

• root@127.0.0.1. This way, they spam themselves.
• abuse@favorite isp/portal. I like this one even more, since they turn themselves in.
• known_spammer@other.spammer.com. That way, they bring down each other's servers.
• rbl@mail-abuse.org. Let them put themselves on the MAPS RBL.

-- Dave

Sendmail supports the RBL as a feature in version 8 I believe. I'm not a sendmail hack at all, and I had the whole thing set up in about 10 minutes.

Would it work against MAPS itself? Yes, MAPS is subject to court orders just like everyone else. But if, say, MAPS were to commend that xyz.com be blackholed, and others chose to follow that advice, would it work against them? Nope. Unless and until the court gains jurisdicition over others, the court order would not be binding on those not party to the action. Is that what you were getting at?

BTW, the MAPS press release notes that they have retained Michael Grow of the Arent, Fox law firm in D.C. to represent them. Heavy hitter, knows his stuff, works for a firm which has "gotten" the Net for a whole lot longer than most.

I set up an address solely for anyone responding to my /. posts. I've never sent any mail from that address, but I've received spam on it. Ditto my address for Technocrat, which is different.

Some scum has the minimal smarts needed to scan weblogs for addresses. Ah, well, time for RBL/ORBS/whatever.

How's an admin s'posed to find out he's running broken code, if the one who finds it doesn't tell anybody? It's the same concept as the MAPS Realtime Blackhole List, and the list of open mail relays--refuse enough mail from an open mail server, and the mailserver admin will have to fix his relay. Make public the fact that version x of whatever software package has a security hole, and admins will either fix it or risk losing data. Plus, OTHER admins will have the opportunity to seek solutions as well...

Just to end the discussion whether or not the ORBS is listed in the MAPS RBL, I let my mailserver to be checked by ORBS to find out the IP adress originating the relay tests. This is my exim log entry:
refused relay (host_accept_relay) to <orbs-relaytest@manawatu.co.nz> from <sender@orbs.org> H=relaytest.orbs.vuurwerk.nl [194.178.232.55]
and this IP is not in in the RBL ( http://mail-abuse.org/cgi-bin/l ookup?194.178.232.55)


Personally I don't use ORBS anymore because it rejected too many legitimate (non-spam) emails. I'm maintaining the mailinglist server for KDevelop (and other projects) and at the time I used ORBS I got several complains from people who were not able to post the list.
Of course it would be better if the relays would get closed. But how do you explain that to your "customers"? "Sorry, you can't post to this mailing list because your ISP's mailserver is an open relay." -- "Uhhm, what?" I don't think this is a solution. It only annoys people and you can't expect the people to bother with such things. Heck, they just want to ask a question on my mailinglist!

Personally I really like the MAPS RSS list. It only lists relays that actually had been confirmed to relay spam. IMHO this list should get a bit more support (i.e. look to the headers of your daily spam and submit the spam message and the relay IP to RSS if you have the time)

Stephan

Just to end the discussion whether or not the ORBS is listed in the MAPS RBL, I let my mailserver to be checked by ORBS to find out the IP adress originating the relay tests. This is my exim log entry:
refused relay (host_accept_relay) to <orbs-relaytest@manawatu.co.nz> from <sender@orbs.org> H=relaytest.orbs.vuurwerk.nl [194.178.232.55]
and this IP is not in in the RBL ( http://mail-abuse.org/cgi-bin/l ookup?194.178.232.55)


Personally I don't use ORBS anymore because it rejected too many legitimate (non-spam) emails. I'm maintaining the mailinglist server for KDevelop (and other projects) and at the time I used ORBS I got several complains from people who were not able to post the list.
Of course it would be better if the relays would get closed. But how do you explain that to your "customers"? "Sorry, you can't post to this mailing list because your ISP's mailserver is an open relay." -- "Uhhm, what?" I don't think this is a solution. It only annoys people and you can't expect the people to bother with such things. Heck, they just want to ask a question on my mailinglist!

Personally I really like the MAPS RSS list. It only lists relays that actually had been confirmed to relay spam. IMHO this list should get a bit more support (i.e. look to the headers of your daily spam and submit the spam message and the relay IP to RSS if you have the time)

Stephan

Just to end the discussion whether or not the ORBS is listed in the MAPS RBL, I let my mailserver to be checked by ORBS to find out the IP adress originating the relay tests. This is my exim log entry:
refused relay (host_accept_relay) to <orbs-relaytest@manawatu.co.nz> from <sender@orbs.org> H=relaytest.orbs.vuurwerk.nl [194.178.232.55]
and this IP is not in in the RBL ( http://mail-abuse.org/cgi-bin/l ookup?194.178.232.55)


Personally I don't use ORBS anymore because it rejected too many legitimate (non-spam) emails. I'm maintaining the mailinglist server for KDevelop (and other projects) and at the time I used ORBS I got several complains from people who were not able to post the list.
Of course it would be better if the relays would get closed. But how do you explain that to your "customers"? "Sorry, you can't post to this mailing list because your ISP's mailserver is an open relay." -- "Uhhm, what?" I don't think this is a solution. It only annoys people and you can't expect the people to bother with such things. Heck, they just want to ask a question on my mailinglist!

Personally I really like the MAPS RSS list. It only lists relays that actually had been confirmed to relay spam. IMHO this list should get a bit more support (i.e. look to the headers of your daily spam and submit the spam message and the relay IP to RSS if you have the time)

Stephan

is there an alternative way to contact your domain, mr. net.nazi?

How about your users -

did you give them a say?

Regardless, the RBL focuses on open relays

Regardless, the RBL focuses on open relays

Regardless, the RBL focuses on open relays

Regardless, the RBL focuses on open relays