Slashdot Mirror

IMHO, in rough order of value:
SpamCop - Catches by far the most spam. Falses rarely, though yahoo shows up from time to time.
Spews - Known spam sources. Never falses.
ORDB - Fair false rate, and a lot of overlap with SpamCop.

...but I still have to ban domains like yahoo.com, hotmail.com, mail.com

You can find out more about the ORDB here and this site has very simple instructions for setting up sendmail to use the ORDB filter. Sendmail.org has quite a bit of additional stuff you can do to filter SPAM and still let legitimate e-mail through. ORDB also has solutions for people who don't run their own mail server and just connect someplace with a mail client to get their mail.

No. You still get 100+ per day. You just don't see them in your mailbox. But the bandwidth and storage space have already been eaten, and that's really what's evil about spam.

Right. As the person in charge of all of the domains, I have an advantage. Instead of ever accepting most spam, I stop it before it ever finishes its smtp connection. I run qmail in both places and make use of the realtime blackhole list feature.

Not only do I reference the Open Relay Database, but I also maintain my own blackhole list, created by piping my spam to some perl and shell scripts that figure out what system sent the spam to me, then add it to the blackhole list.

I can see it now--some future entrepreneur making an ORDB-like system blocking any servers that have sent out serving papers in the past...

Open Relay Database

It does exactly what you are talking about, only you dont need to run your own mail server. They forward to your real address. You can set each alias to allow all, deny all, allow all except specifically blocked (per sender), or block all except specifically allowed (per sender).

So basically I have a slashdot alias, but slashdot@slashdot.org is the only person who can send mail to that alias ;-) All the other emails are put into a "mail-dam" that I periodically check for anything of real value. You can also set it to instantly trash mail from senders you dont allow.

I run ORDB on my mail server as well, and I will soon be blocking all of APNIC, I go several days now with no spam while receiving tons of legitimate email.

On the off chance I get a spam, I immediately report it to spamcop.net

You need to attack spam on many many levels for it to be effective ;-)

ORBZ did not have the "confirmed op-in" relay tester that you mentioned; you could submit any IP address for testing, and the tester would queue it right away without sending you an e-mail to confirm the request. In that light, it could definitely be abused by kiddiots to cause a DOS on some poor soul's Domino box. The system you described is actually implemented by ORDB, which is independent from ORBZ.

I've been using ORDB for a few months and it works quite well. Only drawback is they don't re-scan regularly to see if relays are closed. www.ordb.org

I think we discussed this enough in the prior story Are SPAM Blacklists Unreasonable?

But, some information just bears repeating. First, there is a very good test system put in place by The Open Relay Database. Anyone running a mail server on their system should use this service (I do).

There is also a very good site that runs down how to close holes in different servers at mail-abuse.org.

Regardless of why this system is being exploited, it is certainly the system administrators fault...

Most MTA vendors don't go out of their way to provide up-front relay-control instructions in English, much less in a selection of languages.

Though I don't buy the language barrier excuse from chronic spammers (china telecom, e.g.), the open-relay db services could help smaller ones by translating their own instructions for fixing an open relay into the languages spoken in problem areas. Though in Wanadoo's particular case, that language would probably need to be the language of stuffing their MTA manual down their throat sideways.

Dorkslayers , who don't run an open-relay database per se, do come right out and say "If your IP address is in the APNIC CIDR Block or APNIC CIDR Block2 (for instance) and it's running a SMTP service that has been demonstrated to allow third-party email relay ... well ... you may be a dork. Nothing personal. It's just business."

I doubt I was a major contributor to the world of SPAM

Perhaps not, but your class of server is. There are hundreds of thousands of MS Exchange boxes that are dropped onto networks by “inadvertant co-administrators” without proper configuration. Each only needs to relay a couple of spam runs to provide enough capacity to handle all the worlds spam.

Yes, you only make up 0.001% of the problem. Now why should we treat you any differently from the other 99.99%?

I doubt I was a major contributor to the world of SPAM

Perhaps not, but your class of server is. There are hundreds of thousands of MS Exchange boxes that are dropped onto networks by “inadvertant co-administrators” without proper configuration. Each only needs to relay a couple of spam runs to provide enough capacity to handle all the worlds spam.

Yes, you only make up 0.001% of the problem. Now why should we treat you any differently from the other 99.99%?

I submit that I have every right to have an open relay, and not risk having my e-mail blocked based solely on that basis.

I submit that I have a right to not accept e-mail from your open relay for no reason whatsoever (but generally I will do so because it is an open relay). If mail is relayed through your server, then I see that as sufficient proof for my purposes. I'm not asking the government to come take your personal freedom away, or take your driver's license away, or even take your network connection away (though many would want that taken away). IMHO, you have the right to be connected to the internet with an open relay if you want, but you have no right to expect that everyone must accept mail from your server, or even accept any IP packets from you, because of being an open relay.

Liken open relaying to doing bizarre behaviour, or having serious body odor because you don't shower. It's your right to do that. But it's also my right to have nothing to do with you and not even hire you. We just keep apart.

There is nothing wrong with running an open relay, if you manage it right and the volume is low enough that it is reasonable to do so. Shouldn't it be your right, without fear of someone else trying to modify your behavior?

First of all, in reality, it won't happen. As soon as the first spammer discovers your open relay they will spam. And I got hold of one of these spam lists and found that the very first entries are of spamware authors and other spammers. So they are going to be among the first to be spammed by the spammer that found your open relay. Now several spammers have your IP address. It will be like a shark feeding frenzy. Eventually the spamming gets down to the addresses that have will alert the blacklist operators, and you get blacklisted.

I don't want the spam, and I'll accept the collateral damage of loss of legitimate mail from your server in exchange for protection from the spam. And that's my choice and I have the right to make that choice, and base it on information I believe to be factual (e.g. ordb and orbz). You have the freedom to choose which way you want to behave, and all that comes with it (or not).

rlsnyder continues: "Am I way off base here, or is this self-appointed mail police thing going in the wrong direction?

A sysadmin that doesn't think to check to see whether a newly installed SMTP relay is wide open or not is like a mechanic that forgets to put motor oil back in the engine or doesn't add brake fluid after changing the master cylinder. Not very professional. The reasonable person is leery about allowing either of them another chance to abuse their machinery in the near future.

If rlsnyder was competant, he'd have fixed the open relay, identified the blacklists that list his SMTP relay's IP address (http://www.ordb.org/lookup/rbls/) and submitted retest requests. He'd have been out of the most widely used open relay blacklists (which is all that matters) in under 24 hours.

I don't maintain any blacklists, but I do make use of them, and I have every right to continue to make use of whatever blacklists I see fit. If the blacklist nomination or removal criteria doesn't fit my needs, then I won't use them.

People that have a problem with this have realized that there's nothing whatsoever they can do about my (or any other sysadmin's) decision whether or not to use distributed blacklists to filter email. So, they try to go after the blacklists themselves. That will never ever work, because the root cause of the existance of blacklists - a desire by reasonable people to protect their systems against spammers and incompetent or inadvertant sysadmins - will still be there.

ordb.org is a great site for this. They are very professional with both addition of servers, and subtraction of them. My mail server was an open relay for a time till I got an email from them saying that I was blacklisted. I quickly fixed the server, and submitted that my site be checked again, the next day I was taken off their lists, very easy. They run about 20 tests connecting to your server and sending e-mails for the most common way of sending spam. Also, as they say in their faq that they reload their lists every hour to get servers off it quickly. Well done!

At work, we use two open relay lists; ORDB and ORBZ. Nobody forces us to use them; it's our server cluster, and our choice.
The reason we use those two systems, however, is due to the reasons pointed out in the article. Some blacklists are far too easy to get onto, or hosts are arbitrarily added by humans. The only way to get onto either of those lists is to be an open relay. The only way off is to be automatically retested and found to not be an open relay.

Now, many of those formerly compelling reasons have evaporated:

IM - is a world of divided standards, so you can only talk to AOL users if you're an AOL user, MSN if your an MSN user, etc.

email - is a world where you need to sift through 20 spam messages to find your one message. Also the monoculture of email clients created a nightmare reality of viruses.

nntp - spam is certainly a problem, as is the bulk of news services no longer carrying binaries.

Search - pay per search, or commercially-supported search (ie - paid-for results placement).

Stock Trading - find me a stock worth investing in today. It was half a function of cheap trading, but also half a function of stocks where you could actually make money.

Nobody can afford to host anymore, so people's websites are either overrun with popups or they're very small, and hosted on very slow hardware, and anyone posting material of any worth has been shut down due to copyright concerns.

Anything interesting or non-mainstream is either impossible to find now, or shut down.

I recently went through my bookmarks.html list, of 500k, accumulated over the past 8 years or so - and a good 70% of the URLs were dead. Making me regret not saving the content to my local hard drive. (and I have saved a great deal anyway).

Free Music - the age of napster is finished.

Free Software - I'm not talking about Free Software, I'm talking about that which the BSA is making extinct. Warez. Right or wrong, it was one major compelling reason people got onto the internet.

The only compelling things left I can see are: email/im - despite the fact that they're not what they used to be, they're still very useful, but there's no need for broadband here.

Corporate Software websites - where you can usually get up to date drivers and updates. Most of the time, broadband isn't required.

Free Software - If you're a Linux-head - you still need broadband for downloading those isos.

Marketing - ah yes. If you're an advertiser, the internet is your friend, and a very compelling reason to get broadband, or even a T1. That is, until everyone who has signed up for the internet in the past 3 years finally realizes that there's nothing out there for them but advertising and crap, and drop the service.

If you think you have a better solution to these problems, how about proposing them, and actually DO something about it. Complaining here on Slashdot is not a guarantee that things will change.

Spam is Free Speaaech (A Troll)

No it isn't (Baittaker543)

Yes it is (Anonymous Spammer) 30 post thread snipped

My webserver got RBL'd (warfire) So I've come here to cry instead of ditching my low-file ISP. Your technical solutions are no good.

I know more than you do (karmawhore23) I am cleverer than you.

There is a simple solution to this problem...

Run your own mail server. Just a relay is all you need... make sure its authenticated so you dont get blacklisted by ORDB. I use ArGoSoft mail server, its small, uncrippled and freeware (they have plus and pro versions for $$). And its a fully functional server, so you dont deal with verizon's BS.

i dunno wtf you can do about ftp blocking, that is some major bullshit.

SpamAssassin is a mail filter to identify spam.

Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email.

The spam-identification tactics used include:

• header analysis: spammers use a number of tricks to mask their identities, fool you into thinking they've sent a valid mail, or fool you into thinking you must have subscribed at some stage. SpamAssassin tries to spot these.
• text analysis: again, spam mails often have a characteristic style (to put it politely), and some characteristic disclaimers and CYA text. SpamAssassin can spot these, too.
• blacklists: SpamAssassin supports many useful existing blacklists, such as mail-abuse.org, ordb.org or others.
• Razor: Vipul's Razor is a collaborative spam-tracking database, which works by taking a signature of spam messages. Since spam typically operates by sending an identical message to hundreds of people, Razor short-circuits this by allowing the first person to receive a spam to add it to the database -- at which point everyone else will automatically block it.

Once identified, the mail can then be optionally tagged as spam for later filtering using the user's own mail user-agent application.

SpamAssassin requires very little configuration; you do not need to continually update it with details of your mail accounts, mailing list memberships, etc. It accomplishes filtering without this knowledge, as much as possible.

I work for a small ISP, and we tried very hard to keep our mail relay as open as possible so our users could set up mail at work, at the office and other places where they may have a different connection to the net. We did and still do run filters on our mail server, to try and stop spam and virii, yet we were placed on ORDB and on ORBZ . The whole we were placed on these lists was not due to anyone complaining about spam originating or being relayed from our server, but just because it had an open relay. In the end we closed the relay, which caused us to lose customers who could no longer send mail through us from their work or other places, but we were also losing customers when we were on these lists because people could not send mail to their friends and business contacts.
Most of these Blackhole lists do send a message back to the person trying to send the mail, and they often portray admins who run open relays as evil spammers or complete morons. Neither of these is true. We were trying to provide a service to our customers, and we work CONSTANTLY to keep the spam out.
Blocking or denigrating the ISP or admin of a mail server which happens to have an open relay that may get used for spamming is like blaming Boeing for the recent trade center attacks. They built the plane but they did not do the deed. We ran a mail server, but we did not spam people. Go after the spammers, and their backbone providers, and their corporate backers, not the little guys who get hurt by this the most.

(The parent has not been modded high enough yet as of this post)

Regardless of the legal dispute, MAPS should have their implementation for filtering spammers removed from all MTAs. This is a frustrating problem, and is a major time-eater for diligent admins and an even bigger one for end-users on networks not overseen by such admins. Sendmail has removed MAPS support, reaffirming my commitment to stick with it since Sendmail's security record as been much improved over the past 3 years and it is great free software. A bitch to configure, but hey; when you run Slackware you know what you're getting into. I found it very alarming and frustrating when I decided to put a stop to what appears to be a significant increase in spam lately by finally getting around to implementing MAPS, only to discover the new fee-based implementation of MAPS. This pricing/policy change is completely antithetical to what anti-spam software should stand for! They started out as this "crusader" organization making software to rid the 'Net of the filth that proliferates as spam, then stick you with a fee? Quite unsamaritan and anti-community for a service that purports to assist the community, only to later suck you into payments once they've garnered enough of a following. Exploitative in the vilest sense.

ORDB is a godsend! I put this on my servers 2 days ago and spam has all but ceased. 10 trickled through the first day and were added to the list. ORDB's policy is effective, efficient and fair and it doesn't bog down the server or the network in any noticeable way. It's a quick 30 minute configure for a moderate sendmail admin, and yields immediate results. Granted it doesn't provide known spammer protections, but how can you do that?

The onus on stopping spammers is on ISPs through their AUPs. Once they make it crystal clear that using their network services for stupid things like Spam, port scanning, and defacing web-pages is going to immediately ban them from that service, the Spam and other useless 'Net activities will stop and these idiots will quietly go back to the middle-high school where they once worked and pick up their green weenies, Mr. Clean, and get those toilets clean and those hallway tiles shiny again, where their skills/socialization are most appropriate.

Clearly, we can't count on our Congress to improve the Spam sitation...

here are some websites for replacements of ORBS and or MAPS

http://www.orbl.org/ Open Relay Black List of Phoenix, AZ
http://www.orbz.gst-group.co.uk/orbs/ Open Relay Block Zone (ORBZ), of Basingstoke, England
http://www.ordb.org/ the Open Relay Database (ORDB), of Aarhus, Denmark
http://www.orbz.org/ Open Relay Blackhole Zones (ORBZ) Nassau, NY

also look at this prior slashdot story about ORBS (Open Relay Behavior-Modification System) forking :http://slashdot.org/articles/01/07/02/1540210.sht ml
here is a list of the DNS zones:
or.orbl.org
relays.ordb.org
orbz.gst-group.co.uk
manual.orbz.gst-group.co.uk
inputs.orbz.org
outputs.orbz.org

Here are some up and coming alternatives:

• http://www.orbl.org/
• http://www.ordb.org/
• http://www.orbz.org/
• http://relays.osirusoft.com/
• http://orbs.gst-group.co.uk/

I also have my mail server configured to reject mail from other mail servers that do not have their IP addresses correctly configured and/or delegated in the in-addr.arpa reversed DNS zone. Amazingly, this has cut out almost as much spam as MAPS has. For Postfix users, this can be done with:

smtpd_client_restrictions = permit_mynetworks reject_unknown_client permit