Domain: orbz.org
Stories and comments across the archive that link to orbz.org.
Comments · 15
-
Re:ORBS, ORBZ, and others, dunno. I'm dumb. One of
Hmmm, the link disappeared.
Here is is again: ORBZ -
Re:A quick run-down of what ORBZ is (i.e. was)
On March 12, 2002, I pulled all the IPs from the spam in my trollboxes.
Combined, there were 105, which is pretty typical.
I checked these 105 with the handy web page that is unfortunately no longer available (http://orbz.org/)
That web page checked inputs.orbz.org, outputs.orbz.org, relays.ordb.org,
orbs.dorkslayers.com, dev.null.dk, relays.osirusoft.com, bl.spamcop.net, and relays.visi.com.
outputs.orbz.org listed the largest number as open relays at 43.
By combining orbz.inputs, orbz.outputs, dorkslayers, dev_null and visi,
the total went up 5, to 48.
In other words, using standard block lists that only list open relays would have stopped 46% of the spam received.
Spam cop caught 65, Osirus caught 51.
Spam cop and Osirus (despite the name relays.osirusoft.com) do not just list open relays.
Combining all these together caught 82, or 78% of the spam.
Since these were troll boxes, these is no measure of how many false positives there would have been.
Pretty strong evidence that most of the spam we receive
isn't even bounced off an open relay at all, much less a Chinese relay.
-- Spam Wolf, the best spam blocking vaporware yet! -
El Reg
The Register has a little more info. It seems that there is a workaround which involves changing the settings in Domino, though persuading everyone in the world who's running Domino to apply the fix might be hard! It seems like orbz.org is down already, and it's probably going to stay that way
:( -
Re:List of spamming asian countries
I like ORBZ. No stats, though!
:-( -
I can't disagree moreAs the Ex-AbuseDesk admin at a local ISP, I must say that I wanted to do that VERY badly, but wasn't allowed to. There's simply no way to get a response from them. I have absolutely no qualms about cutting communication off from them. It's just so frustrating for EVERYONE.
On the other end, if many of those domains are in the Orbz or other blacklists, maybe just using those would be better.
-
Baby/bathwater ratio
And how would anybody find out how much of the baby is being thrown out with the bathwater?
Easy - go through your mail log and collect a representitative sample of IP addresses that connect to it, then write a perl script to check these against the list. Net::DNS::Resolver is your friend.
This is exactly what we did when we were deciding which DNSBLs to use. In the end we went with ORBZ inputs and SPEWS. There were some discrepencies in the relays.osirusoft.com zone, however, which prompted us not to use it.
-
Re:Mixed feelings
I submit that I have every right to have an open relay, and not risk having my e-mail blocked based solely on that basis.
I submit that I have a right to not accept e-mail from your open relay for no reason whatsoever (but generally I will do so because it is an open relay). If mail is relayed through your server, then I see that as sufficient proof for my purposes. I'm not asking the government to come take your personal freedom away, or take your driver's license away, or even take your network connection away (though many would want that taken away). IMHO, you have the right to be connected to the internet with an open relay if you want, but you have no right to expect that everyone must accept mail from your server, or even accept any IP packets from you, because of being an open relay.
Liken open relaying to doing bizarre behaviour, or having serious body odor because you don't shower. It's your right to do that. But it's also my right to have nothing to do with you and not even hire you. We just keep apart.
There is nothing wrong with running an open relay, if you manage it right and the volume is low enough that it is reasonable to do so. Shouldn't it be your right, without fear of someone else trying to modify your behavior?
First of all, in reality, it won't happen. As soon as the first spammer discovers your open relay they will spam. And I got hold of one of these spam lists and found that the very first entries are of spamware authors and other spammers. So they are going to be among the first to be spammed by the spammer that found your open relay. Now several spammers have your IP address. It will be like a shark feeding frenzy. Eventually the spamming gets down to the addresses that have will alert the blacklist operators, and you get blacklisted.
I don't want the spam, and I'll accept the collateral damage of loss of legitimate mail from your server in exchange for protection from the spam. And that's my choice and I have the right to make that choice, and base it on information I believe to be factual (e.g. ordb and orbz). You have the freedom to choose which way you want to behave, and all that comes with it (or not).
-
Re:Mail servers are private propertyYou are 100% correct. However, I think that it's the responsibility of the sysadmin who subscribes to a blackhole list to keep the database current and to make sure that the list has a decent policy for removal from the list.
I'd say it's the responsibility of the sysadmin to analyse those factors way before they even started to use the list. I know we checked over a period of months that the two services we used we well maintained. I'd like to counter a couple of the points you mentioned:
Mail is sent to an administrative account at the mail-server (or at least to common addresses like abuse@[mail-server], root@[mail-server]. Making admins manually subscribe does not satisfy this requirement.
Related to the above, such mail must contain a full itemized list of tests performed (or at least any and all items which were failed). The point of these lists is not to punish admins, but to educate them and make a better internet.This was one of the stumbling blocks we came up against. We'd prefer the systems used a notification method like you described. However, the TXT on the lookup clearly points you to a web page detailing exactly what failed. Our reject message is also customised to suggest why the mail is being rejected.
I find ORBZ's reason for not emailing notifications somewhat amusing though.There must be a period of sufficient length (24 hours sounds good to me) to allow the admin to fix the problem, before the host is added to the list.
I disagree. One of the bonuses of both systems is their automatic notification feature. I can submit a relay for checking on the first spam from a server, and have it reject future attempts that same day.
There must be a free means of checking the lists. The current database of blocked addresses must be available for use and editing by myself. If IP blocking is enabled, it must possible to disengage, on a per-host basis.
Any server capable of limiting using RBLs is also capable of whitelisting IPs or IP ranges. We have many IPs in our whitelists, but it should be up to us to add to that whitelist. If you allow general access to the blacklists you will get moron spammers de-listing relays and then using them.
Any IP address which submits a list of open relays must be banned from submitting more relays for a reasonable period of time (3 years, maybe?) if one, when tested, is found to be adequate. Otherwise, these DBs are just DDOS attacks waiting to happen.
ORBZ will not retest within 24hrs unless requested from the IP of the blocked server. ORDB does not have such a limit to my knowledge, but I agree it should have.
-
Re:Simple solutionThe rehabilitated system or network should be able to submit there address to a server to be crawled for open relays (much like submitting a URL to a search engine).
I don't know about the other RBL lists. but ORBZ allows you to do this. The URL to submit your server for re-testing is http://www.orbz.org/sysadmin-darkside.php.
-
Mail servers are private propertyFrom the article: I could draw a bunch of analogies here, but isn't the bottom line that no one owns the internet e-mail system?
This is a fallacy that continues to be propagated. I own my own mail server. The company I work for owns its mail servers. We can both decide who we want to allow to send mail to our users.At work, we use two open relay lists; ORDB and ORBZ. Nobody forces us to use them; it's our server cluster, and our choice.
The reason we use those two systems, however, is due to the reasons pointed out in the article. Some blacklists are far too easy to get onto, or hosts are arbitrarily added by humans. The only way to get onto either of those lists is to be an open relay. The only way off is to be automatically retested and found to not be an open relay. -
From a small isp perspective..
I work for a small ISP, and we tried very hard to keep our mail relay as open as possible so our users could set up mail at work, at the office and other places where they may have a different connection to the net. We did and still do run filters on our mail server, to try and stop spam and virii, yet we were placed on ORDB and on ORBZ . The whole we were placed on these lists was not due to anyone complaining about spam originating or being relayed from our server, but just because it had an open relay. In the end we closed the relay, which caused us to lose customers who could no longer send mail through us from their work or other places, but we were also losing customers when we were on these lists because people could not send mail to their friends and business contacts.
Most of these Blackhole lists do send a message back to the person trying to send the mail, and they often portray admins who run open relays as evil spammers or complete morons. Neither of these is true. We were trying to provide a service to our customers, and we work CONSTANTLY to keep the spam out.
Blocking or denigrating the ISP or admin of a mail server which happens to have an open relay that may get used for spamming is like blaming Boeing for the recent trade center attacks. They built the plane but they did not do the deed. We ran a mail server, but we did not spam people. Go after the spammers, and their backbone providers, and their corporate backers, not the little guys who get hurt by this the most. -
You will know soon.
orbz They will tell you if you are or not. Good Luck.
-
Several orbs/maps replacements
here are some websites for replacements of ORBS and or MAPS
http://www.orbl.org/ Open Relay Black List of Phoenix, AZ
http://www.orbz.gst-group.co.uk/orbs/ Open Relay Block Zone (ORBZ), of Basingstoke, England
http://www.ordb.org/ the Open Relay Database (ORDB), of Aarhus, Denmark
http://www.orbz.org/ Open Relay Blackhole Zones (ORBZ) Nassau, NY
also look at this prior slashdot story about ORBS (Open Relay Behavior-Modification System) forking :http://slashdot.org/articles/01/07/02/1540210.sht ml
here is a list of the DNS zones:
or.orbl.org
relays.ordb.org
orbz.gst-group.co.uk
manual.orbz.gst-group.co.uk
inputs.orbz.org
outputs.orbz.org -
Alternatives to MAPS and ORBS
Here are some up and coming alternatives:
- http://www.orbl.org/
- http://www.ordb.org/
- http://www.orbz.org/
- http://relays.osirusoft.com/
- http://orbs.gst-group.co.uk/
I also have my mail server configured to reject mail from other mail servers that do not have their IP addresses correctly configured and/or delegated in the in-addr.arpa reversed DNS zone. Amazingly, this has cut out almost as much spam as MAPS has. For Postfix users, this can be done with:
smtpd_client_restrictions = permit_mynetworks reject_unknown_client permit
While this does end up rejecting a few "legitimate" servers, the number is very small. I suspect that for the most part this works because open relays tend to be the result of "inadequate administration" which can also be the cause of the lack of reverse DNS. If they can't get one of them right, they probably can't get the other right. -
the real ORBZ: www.orbz.org
They forgot all about ORBZ, run by a friend of mine. It's not the same as ORBZ, the uk ORBS-fork.