Slashdot Mirror
UPDATED: AOL Added To ORBS List - At Their Request
Scott Crain, AOL 'Spamdinista,' wrote in with an update, and to make what's going on crystal clear.
There are two machines that have been added to ORBS on AOL's networks, at my request. The two machines are a new system in place to allow us to keep spammers from using outbound SMTP connections to spam the rest of the net with junk. Alan Brown, the maintainer of ORBS and I correspond frequently on a couple mailing lists we both frequent, and he asked if it would be ok if I had him place these two machines in ORBS, to which I agreed.
Basically, the two machines that are there are the external gateway for a percentage of AOL members using their TCP connectivity to send mail out of AOL without using the AOL client. It's no different than blocking AOL's dialup IP's (*.ipt.aol.com) as the MAPS DUL does currently.
In other words, this is a good thing. I'm sure I'm not the only one who doesn't like spam from AOL, and this looks like a step in the right direction.
I find it both funny and maddening. I have had
a dial-up mail server for ages now, it is as locked down secure as I can make it yet according to the MAPS DUL I dont have the legitmate right to
run my own mail server because I am just a lowly
dial-up.
"We have not found a legitimate reason for dial-up
users to talk directly to recipients' mail servers"
The reason might be because I can and dont spam. If I relay thru the ISP I will lose my domain name
and heve to put in alot of header re-write rules.
My domain is hosted elsewhere for free but no
mail services other than forwarding. This is just
not well thought thru.
My ISP doesnt have a policy against this
so it is not unauthorized I pull in the mail thru
the ISP's pop. I hate spam as much as anybody but
that is a real snobby statement especially if
your ISP's server may suck periodically.
I dont put a load on their dial-up router and
they leave me alone.
And of course the real issue is that more and
more people are dialing in and want to run all
their services themselves. With the advent of
IPv6 everyone will have a fixed IP. The trend
then will be toward de-centralizing services and
educated, responsible customers actually can take
the load of the ISP's central mail server.
I worked at an ISP once and we tried MAPS RBL
but it was too exclusionary and like all these
efforts needs to be a lot more specific. And I
have heard all the ORBS nightmares as well.
> I don't use ORBS, since I find it too aggressive.
My ISP found ORBS to be very aggressive. I spoke with them to find out why they are on the ORBS list of
Netblock Entries (aka "the Bozos List") .
The fact is that my ISP protested the unsolicited scanning of their networks from an outside source, white hat or not. And the scan was also hitting customer dialups. My ISP secured their sendmails, and told ORBS to kiss off and stop probing their networks.
I really don't blame them. A "white hat" service should not be as intrusive as ORBS.
Check all the headers of your message. Often SMTP servers will report what IP address you connected from. So it may have something like "Received: from silverlight.net (123.45.67.89)..." They could then do a lookup on that IP and see you connected to silverlight's server from an AOL IP.
Just a guess.
Document it. What company? When did this happen? Who added it? Evidence, dear watson. Every entry in the RBL is documented from their side. I tend to trust that unless presented with facts, not a vague story. Are you *sure* you're even referring to the RBL? after all, that's offtopic, we're talking about ORBS.
----------------------------
Ah.. Well that's depressing. (Curious, this news didn't come back to Slashdot as far as I can remember..)
I do recall @Home cracking down on their customers. For years, I used a friend's cable modem box for mail and a mush, and we noticed @Home mass portscanning their customers on port 80. Not long after that he got a nastygram to cease and desist or be disconnected. So we moved everything to a safer system in record time. For the record, we had been running several daemons off that cable box for four years before @Home bothered to notice.
Yes, they give you one month of time. But as they
blacklist smarthosts of open relays too, this can be much to less time.
ORBS had half of germany scanned last year, and some major ISPs turned out with 200+ open relays. Now all of this relays are under control of the customers, so you need time to find out what MTA they run, how to fix it, even explain the problem to them.
If you try to tell ORBS that you are working on it and need more time, they simply tell you, "Duh, you have plenty of time, we don't care how long your work days are". This and the fact that ORBS is lying (they tell that they won't scan blocks and won't use data which were likely get out of such scans) makes them unreliably and not a source to trust in.
Block ORBS.
Most mail abuse problems can be solved by dial-up based providers blocking access for their users to port 25 for anything outside of their network, thus ensuring that the mail has to (theoretically) come through their local mail servers.
Didn't screaming.net do the 0800 number thing long before AOL started their (similar) deal?
Whatever - much kudos to AOL UK for being extremely vocal in their dislike of the UK telco charging structures.
..
I've noticed a lot of multiple-step spam coming out of AOL recently, and wondered why it was worse than usual - now I know. :) This won't help me a great deal, since I don't use ORBS, but it's good to see them taking action. I think that the MAPS RSS would list the open servers, though, if they were reported.
For spam filtering at my site, I use two services: the MAPS RBL, which lists the IP address blocks of repeat and unrepentant spammers, and the MAPS RSS, which lists any still-open relays that have been spammed through.
MAPS RSS is different from ORBS in that spam must have been sent through a server at least once for it to be listed - you won't get listed in the RSS if you just block relay tests from them. ORBS is somewhat less "polite," and I don't use them because of the larger number of false-positive spam-blocks.
I'd use the MAPS DUL, which is a list of IPs used for modem pools (which should always be using their ISP's SMTP servers), but I can't get Sendmail to allow relaying from DUL-blocked IPs that should be otherwise allowed to relay through me (customers of mine using DRAC POP-before-SMTP). Anyone?
More information on MAPS services is available at http://www.mail-abuse.org/ (not affiliated, etc.).
In the last two weeks, I got some spam via an open relay in Spain, some via some obscure mail servers in China, and about 50% via AOL. I have no idea about the number of users in China (1.2 billion? *grin*) or using the Spanish ISP (actually, it was a bank), but AOL certainly is one of the major spam sources at the moment.
I expect AOL to improve fast - while their user base still sucks, they did get a quite good support team.
Stephan
One thing that makes me slightly suspicious about this is that ORBS not only blacklists open relays, but it blacklists any intermediate mail servers. So if you run a mail server that allows customers to smart host through you, and they happen to be open relays, you get listed in ORBS. Your server isn't an open relay in and of itself and only acquires that quality through a clueless customer, and whether or not your customer smarthosted or not, they'd be the ones with the open relay.
It's quite possible that AOL is completely irresponsible here and has an open relay and ORBS could be completely right, but I think some caution is due here before throwing down on AOL (which a vast majority of the posters here seem to be doing without knowing anything about mail transport or mail blackhole lists).
--
Kevin Doherty
kdoherty+slashdot@jurai.net
Kevin Doherty
kdoherty+slashdot@jurai.net
You completely missed the point. ORBS is not immediately about blocking spam, it's about closing open relays, which can be used by anyone to send mail to anywhere, frequently abused by spammers to spam anonymously.
Just because some spammers use AOL doesn't mean that AOL should be in ORBS; AOL should only be there if it operates open relays.
--
Kevin Doherty
kdoherty+slashdot@jurai.net
Kevin Doherty
kdoherty+slashdot@jurai.net
This just makes the fight against spam that much more difficult.
Don't try to tell me that AOL can't pay a FTE or three to sort through the abuse mailbox and dispatch the complaints to the appropriate team.
50% of everything is above average.
And I guess if you use a VPN you can configure the mailserver to only accept mail from authenticated users with IP addresses on the VPN network.
Plus, the VPN would add to the overall security as well.
-------
Warning: Slashdot may contain traces of nuts.
Where's the grammar error there? I don't see anything wrong with the statement in question.
Jeff Sand
shroom-at-bradley.edu
Not sure if this the one you mean, but here's one mountain dew commercial:s ta-rhymes.html
http://www.adcritic.com/content/mountain-dew-bu
check www.adcritic.com, they usually list the background songs for all the ads there...
Search first, ask questions later.
What we do at my site is to use the Sendmail (8.9.3 and later) "access_db" feature with higher priority than RBL and ORBS. This means that you can add a host (or network, or domain) into the access hash that will always or never be able to relay to or through your site, regardless of what MAPS RBL or ORBS have to say about it. An added benefit of access_db is customized refusal messages. Say, for example, you get a lot of spam for a certain domain without a postmaster@ address whose DNS is rather screwy. It's not relaying spam, just sending spam. So, I can put something like "spamdomain.net 550 Your postmaster address is broken, I don't know who you are--too much spam from your domain. Go away." in access_db and protect your network and inform the clueless admins at the remote site of what's wrong.
Pining for the days when The Glorious MEEPT!!! graced SlapDash with his wisdom.
I see...
How much of that spam actually originated at AOL, and how much had forged headers to make it seem to come from AOL?
I find it amusing how ORBS keeps having to find new service providers. To my knowlege they have been kicked off two or three providers for blocking their own host.
While I appreciate the work the Orbs people are doing I don't appreciate the rough and offensive way in which they operate.
Did you report it to AOL?
The one time I got spam from a legitimate AOL user (and not a fake @aol.com address), I sent it to abuse@aol.com. After a few days, I got back a confirmed kill letter. That's a hellava better response than I've gotten out of any other ISP.
--
Business. Numbers. Money. People. Computer World.
Interesting. I had an Ebay transaction go bad once because the AOL seller didn't recieve any email from me at work. I could see from the logs that your SMTP servers were accepting the mail, but the guy insisted that I was ignoring him.
Maybe my work is spamming people, or maybe the guy just wanted to give me negative feedback. Has made my shy away from sellers on AOL, tho.
--
Business. Numbers. Money. People. Computer World.
Except that's not what they do. They first send you a note saying your door is unlocked, wait a month to see if you close it, and then post it on a billboard. You've had the chance to fix it, if you don't that's your problem.
If this was the case, why was a request for the basis of spam claim ignored? Because they can not provide it. I'd LOVE to see the claimed spam mail for my source....yet, this is not forthcoming.
They don't list spammers perse... They list open relays. They don't need a spam complaint, all they need to see is your open relay. It's what they are, a list of open relays. You don't like it, live with it.
Exactly. ORBS seems a bit useless.
With ORBS, one could test a server to see if it will relay mail for you. If it does, you know, and orbs tells them. You can spam for up to 30 days before ORBS notifies the rest of the spammers, that that machine is now available. The spamming continues until the machine is blackholed.
Why publicize it? Why not just wait until the machine is actually used for spam, and then gothrough the steps of RBLing it? It's that whole innocent until proven guilty thing... They haven't done anything wrong, there's just potential for wrong to be done.
Sound familiar, Napster fans?
AOL isn't actually the main cause of spam at present. The main sources are uu.net dialups (possibly through downstream customers who lease it), and sprintlink.net
:)
:)
(Neither of which are on ORBS because the people using them seem to do direct-to-MX spam, before anyone says anything.
If people want to do something, try complaining to the people hosting the spamvertised sites, the tools to do it (eg www.cybercreek.com), etc. Lurk in the newsgroup news.admin.net-abuse.email for a while, you'll soon see links to helpful pages.
But basically, don't go needlessly off on another AOL rampage, when they're not really doing too badly at present.
I use it on my own machine here, and it's caught 1 false positive (a machine in mozilla.org), and quite a few spams. I consider that a reasonable tradeoff, although I can appreciate that you'd probably look at it differently if you're an ISP. :)
How about setting up an intermediate Linux server between the NT server and the outside world. At least you could confiugure the Linux server to be secure and then hide the NT server within the firewall.
Andre
Jumpstart the tartan drive.
Absolutely.. the vix.com spam traps are pretty good and VERY rarely block legitimate email. On the other hand, as a sysadmin of an ISP, I find that our customers' own configured relays (which incidentally are very often running Lotus notes.. is their "default setting" set to open relay? :( ) are landing in ORBS on a daily basis. Unfortunately, unlike vix.com which actually makes a geniune reasonable attempt to contact the maintainer of the relay (perhaps by doing something sensible by looking at the contact in the whois database) before throwing them in the pit, ORBS just send an email to "postmaster@machine" without a proper "To:" header and assume it's going to get spotted amongst the 20,000 bounces that postmaster receieves every day!
Apon discovering that one of our customers are in the netblock, rather than finding polite, helpful guys like the vixie mob, ORBS are just arrogant.
On one occasion, one of OUR relays was thrown into ORBS for allowing %hack type relaying, yeah, like THAT is useful to a spammer.!
Lots to respond to here. First, if you expect bounced messages from ORBS, you can always filter them out (the ORBS web site even tells you how). Second, ORBS does not test daily: it has not checked my hub for months. Third, I don't much mind the 17 messages (I receive rejected messages anyway) as I do having my hub hijacked by a spammer to send thousands of message if the jerk had got to my hub before ORBS did. Fourth, if your MTA crashes from unremarkable, nonmalicious, fully documented SMTP requests, then it is too buggy and fragile to be on the Internet. You should be grateful to ORBS for pointing that out, and fix it. Don't be lazy: I fixed mine.
... at least some @home mail servers.. my mail goes through 24.2.9.40 relay and it gets bounced from a ton of sites that use ORBS. Anyone else's @home e-mail got bounced so far?
--
GroundAndPound.com News and info for martial artists of all styles.
Speaking of useful links, this site is one of my favourites. It means I can cut and paste the header and body of a spam into a box and press a button. Hey presto, header automatically parsed, and an automatically generated complaint I can send to the abuse@ addresses of any dodgy-looking ISP's.
Never trust a man in a blue trench coat, Never drive a car when you're dead
I imagine that this sort of thing would be far harder to sue for, internationally.
Chicks suck.
Guys are ugly.
Pass the kleenex.
Or you could replace your mail server with one which does allow more flexible exception rules. Or tell your employees that you can't accept mail from AOL, whether it's from an employee or a customer.
Um, it's something like this:
Say you run a network. You don't want certain
groups accessing your network, say ORBS. It's
your network, so its your prerogative, right?
However, ORBS claims to be offering a viable
service by maintaining a list of offending
open relays on the Internet. Say that you
don't run any open relays, but you don't let
ORBS check your servers as above. Is it fair
for them to list all your addresses as open
relays?
The way I see it is that you have a
responsibility for your network; ORBS has
taken on much more responsibility than that,
whether they like it or not.
^Z
www.timcoleman.com is a total waste of your time. Never go there.
AOL recently implemented a scheme whereby any of their customers trying to deliver mail directly (as opposed to sending it through AOL's designated SMTP servers) is transparantly routed through another AOL mail server. Generally speaking, there's no legitimate reason for an AOL customer using any mail servers other than AOL's own - as a result, the mail going through these new servers is almost entirely spam (either being sent directly to the recipients mailboxes, or originally destined to go through some poor sap's open relay). It's these servers that AOL have requested be added to ORBS, not their normal mail servers. Even if you use ORBS, you should still get all legitimate AOL mail sent through AOL's main mail servers.
The servers being discussed here are in MAPS as well.
The machines blocked are the rly-ip*.mx.aol.com ones, not the rest of the mx servers. Outgoing SMTP connections are transparantly proxied through the rly-ip servers - most legitimate traffic should be going through the other mx machines, so just blocking the rly-ip ones shouldn't cause a problem.
If it was a webserver, then why the hell was it running sendmail? Do you really think a spammer, upon discovering this machine running an old version of sendmail, will think "Oh, that's a web server. I shouldn't abuse it"? The fact that it was running an insecure version of sendmail means that a spammer could have used it to blast thousands of messages to innocent people, using your bandwidth to do so. It's this sort of situation (people running mail daemons on machines that shouldn't be running them, and then not updating them because "oh, it's not the mail server. We don't have to worry about patching it") that's responsible for a good chunk of the spam problem.
AOL is having ORBS block outbound SMTP traffic from its external IP gateways in an effort to stop AOL users from running their own MTA through AOL's network. AOL's own SMTP servers do not send mail through those gateways, so they will not be blocked. these machines are presumably spam-proofed in some way, hence they are not listed as open relays.
AOL users can use any user agent they want, as long as the mail only gets sent out through AOL's SMTP. (actually, spammers can still run their own outbound SMTP on AOL's network, but ORBS subcribers won't receive it)
> And no matter how many abuse reports I send in, no matter how many times I send a letter to the administrative
/lot/ more steam.
/bad/ spam hole...)
> contacts telling them that they are allowing people to exploit security holes (the open relays) in their mailservers to
> send bulk e-mail to people, I've never once got any kind of reply other than a form letter.
You've obviously never had to send a spam complaint to Erols. All Praise Afterburner, He Of The Smoking Gun. ^_~
> So my question is, really, is there any way to get through to these people? Are the corporate ISPs so utterly clueless that
> they can't comprehend the idea that spam is a Bad Thing? What does it take to get through to these corporations?
...I don't know. I'm lucky in that I don't get much spam -- despite that being my real address up there, non-spam-proofed, and that's the email address I use to post to Usenet (when I do) as well. I did for a while, but it just slacked off. My usual response to such things was a rather irritated-sounding letter along the lines of "Your user has greatly misunderstood the point of the Internet. Please re-educate him or her before he or she pees on the carpet once more." I didn't get non-form-letters back very often, either. To a lot of companies, spam-fighting is simply not a profitable way to spend their time; their business model is better served by trying to get more suckers^Wcustomers to subscribe and pay their fees.
One of my friends once made a joking suggestion that we should get together a bunch of scary BOFH types, and call them the Spam Patrol. Have them dig up spammers' real addresses, and show up at the spammer's home in black suits and dark sunglasses. Have them stop in to chat. The spokesperson would calmly and patiently explain why Spam is Bad -- theft of resources, cost-shifting, etc, etc. Meanwhile, the four or five other Scary BOFH Types would simply wander around the living room and comment about how nice a house it was, wouldn't it be a pity if, etc.
It might not work that much better, but it would definately blow off a
(As for suggestions -- my only one would be to find an account somewhere that the admin runs the RBL. Hotmail is a
Let them have their 'global bbs'. I'll keep using the CDs as drink coasters, wallpaper, and shower mirrors.
... that could scar kids for life ;-)
Promiscuous Browsing, huh? Like http://www.mustbedestroyed.com/
"It's tough to be bilingual when you get hit in the head."
I, for one, can attest that *plenty* of spam *has* come through AOL... almost every day for the last three -> five years I've gotten some spam from an AOL address (though msn.com is awful popular these days)...
Cut 'em off. They can live in their own little world.
"It's tough to be bilingual when you get hit in the head."
Not really... you didn't take my post in context.
>>The main problem with ORBS is that it is harder to explain (with RSS you can say 'spam _has_ been sent through this server'),
>*plenty* of spam *has* come through AOL...
Some of the spam I've gotten from AOL has been from invalid AOL screen names, relayed through the AOL servers. This was a reply to another comment, not the original article (in which case, yes, that would be accurate)... the point was that I was getting spam through AOl relays, as well as 'real' AO Lusers.
"It's tough to be bilingual when you get hit in the head."
Yeah, the way they handled that was less than exemplary... I was running a Linux masq box on @Home at the time (now on a slightly different version of @Home (or something)), and though I didn't personally have any problems (my box is locked up pretty tight (sendmail config and firewalling), so I didn't get a nastygram, but I noticed a few others that did have problems, and I know of at least one person who *did* get a letter from @Home... but he wasn't actually a problem (I ran through his setup and log with him). Oh well - they needed to blame somebody.
Bah!
"It's tough to be bilingual when you get hit in the head."
Oooh.... I like that one 8^)
Is it an... *evil* transient? (finger to mouth)
"It's tough to be bilingual when you get hit in the head."
What would be the grounds for the suit? ORBS isn't forcing you to use their list to do anything, let alone block email
Now that I think of it, this might actually be a good thing. If AOL successfully sues ORBS for "restraint-of-trade" or whatever, maybe then the all the XXX Pr0n sites could sue Mattel [and whoever else has net filtering software] for the same thing... since it is really the same thing. ORBS/Mattel has a list of "bad" sites... sysadmins/users decide whether or not to use that list...
It'd be rather interesting I think...
Ender
Nothing to see here
I understand that AOL is intercepting all outbound port 25 traffic and rerouting it through their own mailservers. This has been wreaking havoc with people's mail filters but has the benefit of rate limitation and whatever other anti-spam heuristics AOL has put in place.
Not all the relays are blocked. Only the ones, AOL asked for!
Grandma will be able to send happy birthday 'cause she uses the valid mail relay(s).
Best regards,
NKJensen.
-- From Denmark
How can this be a good thing when subscribers to ORBS are now blocking anyone sending mail from AOL using non-AOL mailers? If I was using AOL I certainly would something else like Netscape, or Eudora.
Why don't they just fix their MTAs with filtering software such as Brightmail? Also, I thought they had some gee-wiz internal anti-spam technology that is 'spota work. Sheesh.
I love watching these big sites get banned because of spam.. WEBTV (owned by microsoft) has banned the msn.com mailserver.. stupid.
http://www.1053.org -=We use big words=-
Anywho, I just recently had two emails (going to Geocities) bounced back to me, saying basically that mail from AOL is blocked for that domain.
What confuses the hell out of me is that this email should never have gone through AOL! I have an SMTP account at silverlight.org, and my email was going through there. And I know it isn't that Silverlight is being blocked, because the message specified an AOL IP.
So...what gives? Anyone?
--
"I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett
Thanks to your suggestions, I figured out that, yes, my IP is being attached to outgoing mail. I still don't know if AOL is intercepting my mail and routing it through their servers, but it doesn't matter now, because I just signed up for a new ISP. =)
--
"I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett
well then...
I am aware of who's responsibility it is to fix a mail server. however, blacklisting someone and only telling them _afterwards_ is bad politics.
So is snooping through someone's network. Privacy, eh?
--- sig moved for great justice.
You have a valid point. however, we keep logs of everything, including mail transfers for about a year back. Sendmail was running on the web server because it was "required" by one of the other daemons... It's BSDI, sue me...
The orbs attack happened just before the "fixed" sendmail 8.9 came out.
The logs did not show any mail activity except for orbs.org probes on port 25...
--- sig moved for great justice.
if your dog was too loud, and your neighbor shot your dog in the ass because of that, without asking you to shut the damn thing up first, would that rule? I didn't think so. If I were ORBS, I'd at least notify a potential open relay owner about the problem before blacklisting them... Or, maybe if the owner or a mail relay is not able to fix it himself, provide him with a pointer in the right direction....
So I say, as of right now, ORBS sucks. Maybe one day they will get their heads out of their asses.
--- sig moved for great justice.
For various grossly inaccurate definitions of "legitimate", perhaps. AOL has millions upon millions of subscribers. Most of those subscribers fall into the "Complete Moron" bin -- you know, those people who would be better served not having a computer at all (also defined as those who are confused by the "0" and "1" on the power switch.)
.01% of AOL SPAM due to relays vs. the number of their own SPAM generating subscribers (generally too uneducated to know any better. [I don't want to say stupid as they honestly don't know any better])
ISPs certainly can (and have on several occasions) block e-mail from AOL. I can atest to the amount of calls those ISPs would get from customers.
ORBS is certainly a knock on the door, but an open relay is a small blip on the SPAM horizen --
Besides, with 95% of all internet SPAM destined for <insert lame "screen name" here>@aol.com, who cares if all their mail servers are open relays. *grin*
Disclaimer: all statistics quoted here are based on nothing but assumed correct.
Postfix supports TLS (which uses client SSL certificates for authentication) via a separate patch (which will be integrated now that the US is not such a police-state WRT crypto), as well as pop-before-SMTP authentication (where a user gets POP or IMAP mail, which adds their IP to an "allowed relay" database for a time period).
;-)
It's also free, as in freedom, and gratis
---
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
>Why publicize it?
...
Possibly ORBS users would prefer that spammers use systems already listed by ORBS rather than looking around for others. Certainly makes my spam filtering easier
AOL used as an open relay? Not possible!
Just kidding AOL could fall of the face of this planet and fall into SPAM hell and I wouldn't care. Teach gramma to use a real ISP.
I'm a sysadmin that has sent 4 Abuse complaints to AOL for open relay in the last 48 hrs. Somebody needs to do something about it. Kudos ORBS for having the BALLS to stand up to them.
This space intentionally left blank.
Be aware that ORBS doesn't block the *incoming* MX servers. It blocks the servers which deliver *outgoing* mail, which are often different machines. (MIT, for example, has continual problems with ORBS blacklisting our outgoing mail servers. They are not the same as our incoming mail servers.)
to the ppl out there with 'closed source win NT mailservers'
we get round this problem by using a upstream non-open relay server in out mx records {provided by the isp} and block inbound smtp at the router <except from the upstream relay> tada! we're removed from orbs cos spammers can't use us anymore!
Terrorist do not have to have a reason.
If ORBS were anything more than a group of terrorists, they woudn't be blindly attacking amchines like they do.
They would:
1) Have contacted me (postmaster) with the headers indicating my machine was used for spam.
2) ASKED if they could test the host.
That is how a REASONABLE group would have done. And my oppinion of them would be far different than it is.
Instead, they just launch an attack.
Like the terrorists that they are.
If it was said on slashdot, it MUST be true!
It is YOU who can not make the differentation.
The purpose of the 17+ different emails is to SCAN and PROBE port 25 for holes.
This behaviour is as annoying and rude when a spammer does it, as it is when ORBS does it. The difference is the spammer tries once. ORBS keeps trying.
A SPAMMER is unable to send mail from my host, so there would be no REASON for me to show up on ORBS, *YET* ORBS attacked my box. When asked for the REASON behind the attack, and PROOF in the form of spam-email from my host...no response was forthcoming.
Your on-going defense of ORBS is sad and pathetic. They are net terrorists, just like spammers.
If it was said on slashdot, it MUST be true!
My host is not open, and has never (to the best of my knowledge senator) BEEN open.
Yet, I have spammers try TESTING my system with e-mail ATTACKS on a regular basis. Their action is a RUDE and makes them as much a net-terrorist as ORBS. Difference? A spammer tries once. ORBS is ABUSIVE and tries 17 times.
If ORBS wants to be better than the spammers they claim they are, they should modify their methodology.
1) provide proof that the site being used for spam
2) contact the sysadmin
3) Ask if they want to be terrorized
ORBS does none of these.
ORBS is a net terrorist.
If it was said on slashdot, it MUST be true!
qmail has its place. Sendmail won't work with coda, but qmail will, so qmail is a good choice for a coda filesystem.
Being I used to hand hack sendmail rules, I have no problems with sendmail. In fact, ORBS automated system said my host was OK one day later than the humans had manually blacklisted my site because I send them e-mail asking them why in the hell they were probing me, told them I was going to block their IP range, and asked for proof of the SPAM that got me listed in the 1st place.
In this case, it is not a problem with mail configs, the problem is with the people behind the ORBS site launching an attack against my host without any reason, other than to find an open relay.
Which is exactly what spammers do, except spammers don't try 17+ times. Spammers try once and sometimes twice. So that makes ORBS 8-17 times as bad as a spammer.
If it was said on slashdot, it MUST be true!
>They first send you a note saying your door is unlocked,
And what gives them the right to even be TRYING my door?
In the physical world, someone who goes from house to house trying doorknobs is called a prowler.
>They don't need a spam complaint, all they need to see is your open relay.
Ahh, so the claims of testing based on spam complaints is bogus. Hence the inability to provide the spam that got my system on their list.
Given you are from NL, are you defending them because you know Alan Brown?
>You don't like it, live with it.
If you don't like the fact that *I* find them to be net-terrorists, and as slimey as the spammers they claim to be helping solve the problem of, might I suggest *YOU* live with the fact that ORBS is slime?
If it was said on slashdot, it MUST be true!
Hello? Clue phone rininging.
Some MTA's will crash under the testing they do. It has nothing to do with the software, not the sysadmin.
Some people have to run things other than sendmail. Or Unix.
The only setup issue for the sysadmin in such cases is to pick a better MTA, or go beat up the MTA programmers.
If it was said on slashdot, it MUST be true!
>2. ORBS perform SMTP relay checks on mail-servers which users nominate after suspect behaviour.
ORBS is unable to provide any PROOF that my host was used for spam.
>3. ORBS only block proven Open Relay servers, and server which ORBS can't check.
And telling the admins at ORBS you are going to block them because you find their behavoir rude gets you listed in the ORBS database.
Note that my server is now listed as a open relay, even though it is not, all because I TOLD them I find their actions rude, and no better than any spammers.
>BOZO-admins who treaten ORBS with lawsuits and other bogus stuff
Oh, so if you find ORBS rude, you should get blocked?
>as it should be if you ask me.
"Agree with us, or we will have you blocked. Oh, and if you don't like it just sit down and shut up and we won't block you."
>I like ORBS, MAPS is far from sufficient.
That is nice Mr. Alan Brown.
If it was said on slashdot, it MUST be true!
How about this:
If you write the ORBS terrorists telling them you find them rude and will be blocking their rude behaviour, they say you make 'cartooney threats'.
Cartooney threats are normally an anvel on the head, or falling through a ACME portable hole placed on the floor.
ORBS is run by a bunch of net terrorists.
If it was said on slashdot, it MUST be true!
>The reasons for listing those who deny or block ORBS tester is obvious, if you can't determind if their secure they are presumed unsecure.
Your logic is flawed.
I block ORBS because I find what they do to be no better than any of the spammers who attemt to use my box as a relay host.
Nothing insecure about MY host...yet you think if you don't allow rude behavior, you have an open relay.
If it was said on slashdot, it MUST be true!
>What LAWS do I break, entering a door beliving it to be my destination?
... Relaying denied ... Relaying denied ... Domain name required ... Relaying denied ... Relaying denied ... Relaying denied ... Relaying denied ... Relaying denied ... Relaying denied
s p?String=fact*1%2B0&ACT=SELECT
/. Thread you are here by choice. ORBS with their scanning of port 25 17+ times looking for an open relay to pass onto spammers is force.
/dev/null, if you have in interest in stopping spam. Because ORBS has moved from a failed experiment to nothing more than a terrorist organization.
And your purpose is? To find a Open Relay and publish it? No sane person will welcome you coming through their doors for you to publish that you've found unlocked/open telephone lines?
Guess that is why you are taking drugs under the guidance of a therapist....because you are not sane.
And, as far as I can tell, you are lying about your destination.
>What LAWS do I break, if as a janator if I check the building for open doors.
When did YOU become the janitor for MY building?
>Do I break any LAW doing the same as a security guard, friendly neightbor, police and so on.
Again, when did you become the guard or my neighbor? Being a neighbor, when did YOU introduce yourself? You haven't.
>There are reasonable limits to any action, and it varies depending on the situation.
So blindly attacking hosts looking for open relays is OK in your book?
ORBS could not provide ANY reason for attacking my host. If ORBS would have provided a reason, then it would not have been a blind attack, just an attack.
>But you are obviously far from realising this, in this and in any exampel you have used.
No, ma'am. You are the one with the problem. You are the one who is Pro-ORBS, no matter what the reason.
>Unfortunately, your methology of "shoot first, be reasonable later" aren't as good as you think.
Miss, ask your psychoanalyst to change your psychotropics
ORBS is the one who attacks a host with 17+ scanning probes on port 25. ORBS does NOT contact the host before the attack, nor do they respond to the question WHY my host was attacked, and they do not provide any proof that the host has ever been USED as an open relay for spam.
So ORBS not only shoots first, but they aren't reasonable later.
I, on the other hand, have offered up how ORBS would operate if they were not a cover for hunting down Open Relays for spammers.
1) contact the target before attacking, asking if they want to be attacked.
2) provide proof of the host having an open relay.
3) do not publish known open relays.
Given the way ORBS operates, they act JUST like an organization who's goal would be to help spammers find open relays. What is sad is you believe ORBS when they say they are here to help. ORBS actions show they are a net-terrorist, helping spammers do their work.
>> They blindly attack hosts,
>The only blind attack I've seen so far is yours, and it's against the fabric of reason and judgement.
Given my pager went off letting me know there were excessive relay attempts, and that this ORBS machine I had never heard of was doing the attack, lets see.
17+ probes scanning my mail port looking for an open relay - attack
ORBS - never heard of them, and when asked for a reason they gave none - blind
Hence the phase BLIND ATTACK.
You ask that ORBS be judged by their "intentions".
Linux One says they are a valued member of the Linux community.
Sanford Wallace said he was intending to move Internet commerce forward
ORBS *CLAIMS* to be 'working to stop spam', yet they are WORSE than any spammer has ever been on my box.
11:51:38 sendmail[48233]: HAA48233: ruleset=check_rcpt, arg1=, relay=relaytest.orbs.org [202.36.148.7], reject=550
11:51:38 sendmail[48233]: HAA48233: lost input channel from relaytest.orbs.org [202.36.148.7]
11:51:38 sendmail[48233]: HAA48233: from=, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=relaytest.orbs.org [202.36.148.7]
11:53:25 sendmail[48242]: HAA48242: ruleset=check_rcpt, arg1=, relay=relaytest.orbs.org [202.36.148.7], reject=550
11:53:25 sendmail[48242]: HAA48242: lost input channel from relaytest.orbs.org [202.36.148.7]
11:53:25 sendmail[48242]: HAA48242: from=, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=relaytest.orbs.org [202.36.148.7]
11:54:14 sendmail[48245]: HAA48245: ruleset=check_rcpt, arg1=orbs-relaytest@manawatu.co.nz, relay=relaytest.orbs.org [202.36.148.7], reject=550 orbs-relaytest@manawatu.co.nz... Relaying denied
11:54:14 sendmail[48245]: HAA48245: lost input channel from relaytest.orbs.org [202.36.148.7]
11:54:14 sendmail[48245]: HAA48245: from=sender@orbs.org, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=relaytest.orbs.org [202.36.148.7]
11:55:13 sendmail[48253]: HAA48253: ruleset=check_mail, arg1=, relay=relaytest.orbs.org [202.36.148.7], reject=553
11:55:13 sendmail[48253]: HAA48253: from=, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=relaytest.orbs.org [202.36.148.7]
11:56:05 sendmail[48256]: HAA48256: ruleset=check_rcpt, arg1=, relay=relaytest.orbs.org [202.36.148.7], reject=550
11:56:05 sendmail[48256]: HAA48256: lost input channel from relaytest.orbs.org [202.36.148.7]
11:56:05 sendmail[48256]: HAA48256: from=, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=relaytest.orbs.org [202.36.148.7]
11:57:21 sendmail[48259]: HAA48259: ruleset=check_rcpt, arg1=, relay=relaytest.orbs.org [202.36.148.7], reject=550
11:57:22 sendmail[48259]: HAA48259: lost input channel from relaytest.orbs.org [202.36.148.7]
11:57:22 sendmail[48259]: HAA48259: from=, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=relaytest.orbs.org [202.36.148.7]
11:58:20 sendmail[48262]: HAA48262: ruleset=check_rcpt, arg1=, relay=relaytest.orbs.org [202.36.148.7], reject=550
11:58:20 sendmail[48262]: HAA48262: lost input channel from relaytest.orbs.org [202.36.148.7]
11:58:20 sendmail[48262]: HAA48262: from=, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=relaytest.orbs.org [202.36.148.7]
11:59:20 sendmail[48266]: HAA48266: ruleset=check_rcpt, arg1=, relay=relaytest.orbs.org [202.36.148.7], reject=550
11:59:21 sendmail[48266]: HAA48266: lost input channel from relaytest.orbs.org [202.36.148.7]
11:59:21 sendmail[48266]: HAA48266: from=, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=relaytest.orbs.org [202.36.148.7]
12:00:33 sendmail[48276]: IAA48276: from=, size=763, class=0, pri=30763, nrcpts=1, msgid=, proto=SMTP, relay=relaytest.orbs.org [202.36.148.7]
12:00:33 sendmail[48278]: IAA48276: to=, delay=00:00:05, xdelay=00:00:00, mailer=cyrus, stat=User unknown
12:00:38 sendmail[48278]: IAA48278: to=, delay=00:00:05, xdelay=00:00:05, mailer=esmtp, relay=mail2.manawatu.net.nz. [202.36.148.21], stat=Sent (BAA07218 Message accepted for delivery)
12:01:44 sendmail[48288]: IAA48288: from=, size=787, class=0, pri=30787, nrcpts=1, msgid=, proto=SMTP, relay=relaytest.orbs.org [202.36.148.7]
12:01:44 sendmail[48290]: IAA48288: to=, delay=00:00:06, xdelay=00:00:00, mailer=cyrus, stat=User unknown
12:01:50 sendmail[48290]: IAA48290: to=, delay=00:00:06, xdelay=00:00:06, mailer=esmtp, relay=mail2.manawatu.net.nz. [202.36.148.21], stat=Sent (BAA07291 Message accepted for delivery)
12:02:51 sendmail[48294]: IAA48294: ruleset=check_rcpt, arg1=, relay=relaytest.orbs.org [202.36.148.7], reject=550
12:02:52 sendmail[48294]: IAA48294: lost input channel from relaytest.orbs.org [202.36.148.7]
12:02:52 sendmail[48294]: IAA48294: from=, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=relaytest.orbs.org [202.36.148.7]
12:04:08 sendmail[48303]: IAA48303: ruleset=check_rcpt, arg1=, relay=relaytest.orbs.org [202.36.148.7], reject=550
12:04:09 sendmail[48303]: IAA48303: lost input channel from relaytest.orbs.org [202.36.148.7]
12:04:09 sendmail[48303]: IAA48303: from=, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=relaytest.orbs.org [202.36.148.7]
Now in a 6 day period, ORBS just HAPPENED to be the only site that probe attacked me.
Looks like ORBS is worse than any spammer.
>You logic is not only flawed, it's lame.
>WHY should they give "proof of spam" when they are surveing for Open Relays?
What part of "if they probe me they have to have a reason" are you not understanding?
What part of "provide some proof to WHY you selected my host to probe" are you not understanding?
As you admit however, they are "surveying for Open Relays". The only reason to do that is to use them for spam. And, in fact they DO publish the list for spammers to use.
>WHY do you make up fact to support you argument?
From http://www.cup.cam.ac.uk/elt/dictionary/default.a
fact noun something which is known to have happened or to exist, esp. something for which proof exists, or about which there is information
So how can you make up facts?
To say "make up facts" indicates you need your shrink to adjust your drugs.
> (Is it to weak to stand on it's own "feet"?)
Where are YOUR logs? Your statistics?
>>The difference is the spammer tries once. ORBS keeps trying.
>This is, as every statment you make, not true!
I have logs I posted. Seems I'm correct and YOU are not. Just like my posts have said....ORBS is a net-terrorist.
>SPAMMERS port-scan entiry NET-BLOCKS, ORBS doesn't do this.
Show me the code ORBS uses. What? No proof?
As *I* have said, they scanned *MY* host. Where did I say they scan net-blocks? All my claims are based on what I have logs for.
And the basis of your counter-claims are? Oh, let me guess, the web pages of ORBS? *yawn* The actions of ORBS show different than the web pages.
>Spammers won't stop ABUSEing your server, even if you try asking og pleading.
Really? Given my e-mail logs, spammers try once, and then go away.
>ORBS stops if you ask them to, and add you to their list as "asked not to be tested".
With a flag of 'cartoonie threats' also? If you ask not to be tested, it is assumed that you ARE
a open relay.
>Spammer try over and over til they find an Open Relay, then they ABUSE this security problem.
Prove this. My logs shows any given spammer tries ONCE, perhaps two times, then goes away.
No abuse, no over and over.
ORBS on the other hand, scanned port 25 17+ times looking for a hole to publish.
>ORBS report it, the DON'T ATTACK or ABUSE it!
Yea, they just publish the open relay to encourage abuse of the open relay. How charming and non-abusive of them.
And 17+ times is not an attack? Then what is it?
>If YOU don't like this, don't act like a crybaby, please unplugg your computer insted.
How like a terrorist.
'This is our political agenda. If you do not agree, then BANG! Dead." That is what your have asked for, if I do not like ORBS, I should just nip off and kill my host.
Tell you what, how about this:
If I see something that is WRONG, I will let my voice be heard. And if YOU don't like it, provide PROOF that my opinion is wrong. So far, you have provided no proof. And given you are 'Dare_devil" and not Alan Brown (the clown who runs ORBS), you have no authority to speak for ORBS.
>YOU try over and over to fuse false accusation against ORBS without any proof.
Ma'am, you are the one who has provided no proof to date. I have provided logs now showing the attack. It is hard to provide the e-mail replies from ORBS, because, well they never did reply.
>Even when confrontet of false statements YOU ignore it,
Miss, the only thing I have been confronted with is your ignorance.
I have seen no facts, just your claims. Post code, post logs, do something more than wave your hands about.
>making YOU WORSE than SPAMMERS! Right now, YOU are the net-terrorist!
Pointing out how you have a problem with reality makes me a net-terrorist?
Defending my POV makes me a net-terrorist?
I am forcing you (or anyone else) to read this exactly how?
ORBS forced themselves on my host 17 times.
Understand the difference between choice? And no choice? This
Lets try a different exercise:
I have a daemon in a lamp. (the genie was bought out by AOL) When I rub the lamp and ask for all Open Relays to be closed, BAM! They are!
Guess what?!? SPAMMERS keep SPAMMING! Why? Because they can create their own relays! Gee, guess ORBS was useless when it came to stopping spam!
Join CASUE, support the Real Time Black hole list, Re-write your sendmail so it acts like an open relay, but throws e-mail into
Look at the thread. ORBS is a failure in its goal.
They are a failure because ORBS is a net-terrorist.
If it was said on slashdot, it MUST be true!
>The more serveres using ORBS protection, the faster/better the result will come.
The endorsement of rude behavior (baseless port scans) helps no one.
If it was said on slashdot, it MUST be true!
They attack your host with 17+ attacks to check if your host is used as a SPAM site.
No attempt is made to ask the admin if they are a spam site, they just launch the probe attack. They are as RUDE as the spammers they claim to be 'defending the net against' with their unwanted probe attacks.
At least the Real-time black hole list tries to talk to the host accused.
ORBS is an example of how the 'cure' is as bad as the 'curse'.
If it was said on slashdot, it MUST be true!
They scan the SMTP port for a hole, and when *I* asked for the reason why, I was not given any proof.
Hence BASELESS (No reason was ever given for the scanning attack when asked) and a PORT SCAN (17+ attack scan of a port).
Looks like you are unwilling to accept the truth that ORBS is a net-terrorist.
If it was said on slashdot, it MUST be true!
Then why won't they provide proof of the reason for the nomination?
Becasue they can't....they are net-terrorists.
If it was said on slashdot, it MUST be true!
>The wording net-terrorist is in itself rude, calling ORBS's actions rude in several of your postings today doesn't realy make me take your case seriously.
It is obvious you have some blind devotion to ORBS. So why don't you take your devotion to NANOG list and convince them that you are right.
Go nutz on blocking my B/c blocks or my AS numbers. While you are att it, be sure to block all the netblocks of the people I work with. And when asked, you can tell people that you put on a block because *YOU* can't handle the truth-ORBS is a net terrorist.
If it was said on slashdot, it MUST be true!
Trust me, i get it! Plus, we have an autoresponse :P
Mike Roberto (roberto@soul.apk.net) - AOL IM: MicroBerto
Berto
Scott - thanks a lot for your words. I run the AbuseDesk for the ISP i work for... when we get spam from AOL servers, should it be forwarded to abuse@aol.net ? That's where I send mine, and although I never get a response, I read that it is the right place.
Mike Roberto (roberto@soul.apk.net) - AOL IM: MicroBerto
Berto
had to take off both MAPS-RBL and ORBS because they block a gigantic amount of abusing servers which are also used for a lot of legitimate mailing.
This is the tough part. Most if not all spam does come through relays that are used for other purposes as well. But if you let that stop you from blocking them, then what incentive is there to fix the relay?
SPAM is theft. Theft of network resources, and of time. If you want to stop it you have to show some backbone, and you have to be willing to inconvienience the legitimate customers so *they* will put pressure on their admins to quit being accessories to the theft. If you aren't willing to do that, then in affect you are also an accessory to the thieves.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
BZZT! Wrong.
Orbs isn't a blackhole list.
Try again.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
If it's not causing us a problem (i.e. bounced/blocked mail) then it's not high enough on our priority list to allocate the time and resources required to do it right.
This is exactly why the RBL exists. Because a lot of people have this attitude - if you want them to fix their screw-ups you have to cause them a little pain. Like the proverbial mule and the two by four.
And please note - despite the horde of uninformed (or misinforming?) posters, the ORBS list is not a blackhole.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
No, no no no NO!
What ORBS and RBL DUL are doing here is blocking DIRECT-TO-SMTP from dial-up, NOT AOL INTERNAL SERVERS!
In other words, the only thing this blocks are the clowns with RFMS (Rapid Fire {mail sender|mallet summoner}) on AOL dial-up.
Meow!
Yes, that's really my e-mail. Don't change a thing.
self appointed highway speed blockers self appointed political correctness snitches self appointed hall monitors self appointed ANYTHING pain my ass
- real hackers don't have sigs -
My SMTP server is not an open relay and has never exhibited suspect behavior, but it is blocked because Roadrunner did not approve of uninvited probes, and blocked ORBS. It is flatly wrong for ORBS to block servers that it cannot probe. When ORBS does this, they are listing servers as open relays without any proof whatsoever.
Wait a minute when I send spam stuff to abuse@apk.net or spam@apk.net I don't get crap back? (just to be a prick >:D)
It also tracks networks that prevent ORBS from verifying whether or not their SMTP servers continue to permit third-party relay - it is fairly common for inept administrators to try blocking the ORBS testers rather than to actually fix their security problems.
I myself am going to block all ORBS testers from testing any of my email servers or forwarders. I really think these people are anti-free speach.
I never liked the SPA, and I don't like these people. They aren't held accountable for their database, nor are they held accountable for the resources they might be stealing.
Installed the Bubblemon yet?
I used exactly this solution to help a client get out of ORBS. I set up a Linux box running Sendmail which handled outside mail and did relay checking. It used a different view of the DNS world which convinced it to forward mail to the NT box because of a better MX record preference. For outgoing mail, since the NT box's IP was blacklisted, the Linux box simply did masquerading to give it a sanitized IP. :-)
This required absolutely NO changes to the NT setup and was up and running flawlessly within a few hours.
For roaming users, it should be relatively simple to whip up a Web page which does authentication and then adds in the roaming IP address to Sendmail's access_db for 30 minutes so the mobile user can relay.
Is this actually possiable? To get the entire 'real' internet smart guys.....to drop AwOL packets? THIS would be cooooool. Then they will truely only be a 'content provider'. Cool. mail me w/ stuff ntstud@hotmail.com [no flames for name....long story]
Wacked-Support NT
If you really want to get their attention without pissing too many people off, give a 400 series (transient) error instead of a 500 series (permanent/fatal) error. Imagine the pile up of queued mail on AOL's servers.
Sure, they'll try to re-deliver every hour or so, but the build up on their end will be more than worth while. Refuse the mail, and it goes right back to the sender, not much more load than proper delivery. But, if they had to frequently re-process a small fraction of their current mail, it'd be really painful and give them a big sense of urgency.
And then there's the support calls asking why the mail they sent two hours ago hasn't been delivered. Oh the mayhem...
Some people have a way with words, and some people, um, thingy.
Additionally, in the same period of time, I've received probably 8 or 10 e-mails from friends/family that use AOL. I would most certainly raise a stink if my ISP decided to honor ORBS lists and keep me from receiving this e-mail.
Also true, and a fact which I forgot in a moment of bandwagonitis. My bad.
I recieve a startlingly low amount of spam -- usually around one message a month of unsolicited e-mail, including chain-letters and the Disney Trip letter. I think it's been a long time since I did actually have a spam problem. By the same token, my girlfriend manages to attract the attention of every spam source on the internet, without propagating her e-mail address to the extent I do (yes, that's my address up there on the by-line, with no anti-spambot stuff on it). Anyone have an explanation for that?
BoneShintai
I'm all in favour of blackholing AOL. I have never once seen a non-troll, non-spam, non-flame, non-me-too message addressed from AOL, nor have I heard of one recently. Until their spam problem, at least, gets fixed, they deserve to be blackholed.
BoneShintai.
I havent seen anyone mention the fact that ORBS, RBL, etc. dont block *@domain.com, they block specific mail relays. How many external SMTP servers does AOL have? Do a MX lookup for AOL.COM. it was 8 servers at my last count (quite some time ago), and those are only for INBOUND smtp. ORBS blocking 2 SMTP servers for a small subset of the customer does NOT equal ORBS refusing all @aol.com email.
Perhaps a little off topic, but I continue to be amazed with how many NT sites get taken by gougeware that can't even protect itself against relay theft. The ISP I used to work for used a free mail system for over three years with very few problems and no relay spam incidents. The filter developed for this (Antirelay) blocked all of ORBS' tests successfully.
If you're an NT site visit the IMS support page above and learn how to secure your mail servers and get off of ORBS.
As for AOL, it wouldn't surprise me that they _asked_ for servers to appear on ORBS. I'm still trying to determine why they asked for two IP proxies to appear in the MAPS DUL. Granted there should only be end user SMTP traffic coming from there and they're not mail servers, but AOL users using POPAUTH to access other mail servers are getting snagged because the POP3 connection comes from a different IP than the SMTP connection. SMTP AUTH still works though.
Use Evolution instead of Outlook? Bewa
Besides the fact AOL can do whatever the fsck they want with their network since it's their property, so can ISPs running mail servers who don't want to accept SMTP directly from dial-up or end user IPs because of all the spam coming from them, refuse SMTP traffic from them. Have a look at the MAPS DUL Rationale for a better explanation.
Use Evolution instead of Outlook? Bewa
The customer complaints would be tremendous and it would cause an ISP to lose credibility with customers who don't understand things like ORBS and open relays, who only understand things like grandma can't e-mail her granddaughter happy birthday.
But I think this is exactly what needs to happen in order for AOL to change their practices. Here at Dartmouth, the system administrators regularly just stop refusing AOL e-mail onto campus. If enough administrators responded to AOL this way, I think they would wisen up quickly.
Furthermore, I think this is a much cheaper and effecient solution than relying on the court system to force them into doing it. God knows enough stuff is being forced through legally these days-- and it almost seems like a crap shoot as to whether or not the judge/jury will actually "get it" when the problem is explained to them.
As painful as it sounds, boycotting AOL e-mail when their servers get rowdy is what I think will be the best solution... I'm happy ORBS put them on the list.
And when they are wrong, the lawyers descend.
A previous post suggested that ORBS, or some organization of the same nature, sue AOL. As I pointed out in response to that post, I think getting lawyers involved at all is a bad idea, on EITHER side.
If sysadmins just start refusing all AOL e-mail when their servers act up, I think AOL will fix its problems fast. Maybe they will be dumb enough to take legal action too, but you better believe that if everyone banded together to refuse AOL mail, they would listen up FAST. Much faster than any court case could ever proceed.
Hmm, you're probably right.
(moderators, push up the score of jmorzins' post)
Now, an O.T. question : how do you figure-out where are those outgoing servers ? By just reading headers ? With a larger entity like AOL, they probably have tens of outgoing servers, how do you find them all ?
At least with Postfix you can accept mail from aol.com *and* check eveything else against your favorite(s) RBL list(s).
I had been running it under TCP wrappers (in paranoid mode) so I rejected mail from all sites who have their reverse DNS messed up
The way I have my mail server set up is so that
I'm sure you can block others. I could prolly rig up something to block/filter based on orbs.
UPS Sucks
MSN.com was on the RBL for awhile. It too caused an uproar: "Hello, MSN customer support. Yes, we know that your e-mail is bouncing and we're sorry about that. We have nothing to do with it, really. You see there's this tiny 10 person consulting firm in Redwood City..." Yah, right.
For the number of networks that honor ORBS, this will cause AOL great pain, no matter how small the fraction of the total it is. It will alert them to the cost that spam imposes on the rest of the world, and perhaps they will get a clue and invest some more time and money into blocking it. They are not a 600 pound gorilla when it comes to e-mail.
That's a great idea. Let's kill half of the traffic on the Internet. No businesses or website owners would mind that at all.
Let's make it so that those 22 million potential customers are stuck using the hundreds of companies that can afford deals to be featured on AOL. The AOL members wont care, they'd find everything they need right there anyways and I didn't want their business anyways.
This brings to light one huge problem with ORBS-- they answer to no one. You get in their database. Log on to their site and follow the instructions they give you. You can't call for help, contest the entry or ask for a grace period. All the while your ISP is tapping its toes to pull the plug on your service (we were given 24hrs by the ISP). The really weird thing is that their site even includes a threat to publish any eMails they don't like to various newsgroups-- I guess so you can be mocked in public.
ORBS is a good idea, but the more admins place blind faith in their list,
the more power this faceless entity is given.
The little NT-based (shoot me) mail server we use will query ORBS and MAPS RBL. It will either flag the message as possible spam or delete it outright. This is very cool.
:/).
Sadly, it only allows IP-based exceptions, so I can't except *.AOL.com from the deletion. Contrary to other posts I've seen on the subject, we do get legitimate mail from AOL (including some recalcitrant employees I can't get off it
AOL absolutely does need to get its head out of its ass RE spam, but this isn't the way to do it. Oddly enough, putting AOL on the ORBS list will allow more spam into my network.
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
Don't moderate this guy down like I know someone will. I was wondering this myself.
Make Seven
Username taken, please choose another one.
Somehow, I doubt AOL is going to clean up its act. In fact, I don't think AOL's going to care one bit. They don't care about the bad publicity. They get enough of that as it is. Who knows? It might even work for them. Any publicity is good publicity. Sooner or later, some misguided techno-phobic reporter is going to desperately attempt to convey this information the public, the public's going to see the word AOL, and AOL stock will go up.
And they obviously don't care about the fact that they have a problem. They've got enough of those in the inbox as it is. They never fix them. Instead, they add more "features" and make it more difficult to reach the areas that are buggy.
"I believe that a scientist looking at nonscientific problems is just as dumb as the next guy." -Richard Feynman
Now if we can just get WebTV and MSN onto it, the net will be a nicer place. Also, given the quality of service from AOL, isn't already there?
Complicated stuff. Glad I'm not an ISP or a lawyer.
Just because it CAN be done, doesn't mean it should!
(Slashdot collective attempts to pull foot from mouth.)
Uh, no. I beg to differ. The newsgroups are still crammed with crap from @home spammers. @Home's PR shifted blame to honest @home users who have home networks (specificly "insecure Linux proxy" machines with open news relays). @Home didn't fix their problems, they just pissed a bunch on people off and slammed Linux.
funny thing...the only spam I get from AOL are from some gullible friends of mine...
the only unsolicited emails I get are from dotcoms and this Asian American psycho political group 80-20.
The only time I've ever had problem with spam was in my youth when I tried out AOhelL for 2 months.
[q] But I think this is exactly what needs to happen in order for AOL to change their practices. Here at Dartmouth, the system administrators regularly just stop refusing AOL e-mail onto campus. If enough administrators responded to AOL this way, I think they would wisen up quickly. [/q]
HOLY SHIT!! I mean it sucks to be spammed (I guess I'm particulary kind to AOL cause I haven't had problems with them) but for a university to refuse email from AOL??
did I read that right?
I mean my 2 best friends use AOL...they aren't the computer-savvy types but they still are great people and we communicate through email.
I'm surprised that the students (and related relatives) at dartmouth haven't raised a stink over this. I'd raise holy hell.
A lawsuit, yes, but to unilaterally cut off email from the largest ISP in america, ridiculous. This sounds like that censorshipt/mattel issue: "lets just block any site with 's' 'e' and 'x' on it."
Today, I received 347 identical messages--I kid you not--that were all relayed through AOL.com's servers. While I deleted them (I have a spam catcher that, among other things, automatically deletes identical messages), I sure wish there was something I could do. I spent a considerable amount of time spam-proofing my mailbox. AOL should pay, if not have to go out of business. Putting Steve Case behind bars for a few years would make me feel better, too. I guess we have to wait 'til some Important Politician finds hundreds of spam letters in his mailbox before something gets done.
--- Speaking only for myself,
In the immortal words of an extreme idiot: "I feel your pain". I've grown to despise my own inbox. Thats very similar to hating your own arms or something. Unfortunatly, unless we plan a clandestine militia of ray-gun blasting anti-spammers, then there isn't much we can do. The corporate types don't really care, nor do they have to. I think the matter is strongly in the hands of the consumer... I think we need some creativity! Maybe an anti-spam chip? A 'v-chip' of the spammer world.. Speaking of spam, anybody ever been in the supermarket and seen the 'spam' ripoffs? "TREAT" and the ever generic "LUNCHEON MEAT" are always on the shelf in quantity! What exactly is the stuff made of? --cr@ckwhore
Skiers and Riders -- http://www.snowjournal.com
I used to use ORBS (not on the box I'm talking in this message) until all of a sudden I've found the block my box is in (RoadRunner) in their database. When I tried to convince ORBS admin that my box doesn't belong on the list (I block any incoming traffick except ssh) the response I got was basically "go fuck yourself". It's all too bad that some very respectable by me folks still think that the rules are those of ORBS and not, say, those used by the MAPS people. Hmmm, I'm still very bitter about this... :-( Cheers!
Yes I agree, but the basic element still reamins.
If Police are allowed to use force to stop perpetrators, you are allowed to do so too.
There will be different details for both that are regulated by law, but on a basic level you are allowed to do the same as the police.
When your operation increase you get more responsibility, but the resposibilities for those who interact with any you will also increase as you gain authority.
(I not saying that ORBS is an authority now,
or that should be treated as one).
If you decided to start a security company,
laws would change your authorative powers
but law would also regulate what people can do with, for and against such companies and persons working for them.
> Users trust them to provide even-handed and consistent service.
I feel the many of the complaints against ORBS are due to lack of knowledge on how ORBS operate,
and due to the attitude of the people working at ORBS.
I feel that the attitude is largely due all the people giving them responsibilities they certainly don't have or is in any way connected to being listed in ORBS.
This seems to be linked to the lack of knowledge often aswell, things like "Why want't ORBS
- remove "me" from the list when I ask them."
- remove "me" from the list when I block ORBS and have no Open Relays."
- remove "me" give me a few extra days before listing me so I can fix the problem."
- give "me" proof of SPAM."
There is also some complains about the intrusivness of there test,
which I feel is a very subjective opinions.
Even tough Open Relay checking can be used to find servers to abuse,
any checking MUST be defined be the (re)action and intention of the user/org doing it.
Regards...
As you surely understand...
Locking your door is LEGAL!
Killing your neightbor is IL-LEGAL!
... I hope that make things clear, Global or NOT.
Regards...
As long as they don't break any laws,
there is no reason for me to do anything.
As long as their intentions are good,
there is no way i would mind.
As long as they respected my wishes when asked to stop checking my doors/windows,
even if it resulting in being publicly listed as "wan't let us check his door, it might be open",
I can't realy see why this should bother me.
Besides this statement it's more and more obvious that ORBS have somehow hurt your feelings,
seriously you should try to resolv this matter insted of turning news and chat into your personal battleground for vendetta.
Regards...
You are still having problems understanding the differsence between reason and proof.
Regards...
Don't fool yourself, child!
Regards...
Regards...
Your statement is uther BULLSHIT!
1. ORBS does not to perform any PORT-SCANS what-so-ever!
2. ORBS perform SMTP relay checks on mail-servers which users nominate after suspect behaviour.
3. ORBS only block proven Open Relay servers, and server which ORBS can't check.
4. BOZO-admins who treaten ORBS with lawsuits and other bogus stuff gets promptly rejected,
as it should be if you ask me.
MAPS doesn't protect my servers from unwanted SPAM at all, they only tell me from which server
i got my SPAM yesterday.
I like ORBS, MAPS is far from sufficient.
Regards...
Regards...
> As a behavior-modification tool, the ORBS is useless.
I disagree.
After using ORBS for almost a year,
I've helped many admins fix their mail-servers.
(a small proof of it's power)
The more serveres using ORBS protection,
the faster/better the result will come.
The court is no smart way to solve problems
with lack of competence and understanding
of mail-server administration.
Regards...
Regards...
You forget that ORBS is an Open Relay list, and NOT a ANTI-SPAM list.
The reasons for listing those who deny or block ORBS tester is obvious, if you can't determind
if their secure they are presumed unsecure.
Would you open your FireWall for unknown traffic, to find out later that you have been hacked?
Hardly, you would block everything and then open
the traffic you knew and needed to allow.
Regards...
Regards...
I have devotion to the truth, your outright LIES doesn't change this.
And while your socalled truth are based on lies, I'll find other truths based on facts.
Your conduct in this tread is proof enough for me that whatever ORBS or any other organization has done to you, it can never warrant such bashing or rude behaviour.
Regards...
You missunderstand the point of the list,
it lists Open Relay servers.....
If they compromized the list with delays and leaving out "freinds", it would be useless and it would be UNFAIR!
ORBS provide information to help you on their web page,
ORBS can if they have the resources give you tips aswell.
BUT...
You must understand the the problem of fixing an
Open Relay server is the responsibility of the administor,
and not ORBS or anyone associated with them.
BTW: You dog-story just could make it trough my "abnormal reality" filter.
Regards...
>> As long as they don't break any laws,
>> there is no reason for me to do anything.
>
> If you are talking about the door-knob turner,
> they ARE breaking the law.
> It is called prowling. And Trespass.
> And if they keep doing it, stalking
What LAWS do I break, entering a door
beliving it to be my destination?
What LAWS do I break, if as a janator if I
check the building for open doors.
Do I break any LAW doing the same as a security
guard, friendly neightbor, police and so on.
There are reasonable limits to any action,
and it varies depending on the situation.
But you are obviously far from realising this,
in this and in any exampel you have used.
I heard a rumor once that a fire victim sued
his savior for breaking into his house,
I never belived this story to be true but...
If someone told me that you where this victim,
I would belive it after reading this tread.
> Resolution is possible with reasonable people.
> ORBS are not reasonable with their methology.
Unfortunately, your methology of "shoot first, be reasonable later" aren't as good as you think.
> They blindly attack hosts,
The only blind attack I've seen so far is yours,
and it's against the fabric of reason and judgement.
> and when asked for proof as to why my host was attacked,
> they can provide NO PROOF OF SPAM
> so that I might figure out how to stop that
> 'alledged spam' in the future.
You logic is not only flawed, it's lame.
WHY should they give "proof of spam" when they
are surveing for Open Relays?
WHY do you make up fact to support you argument?
(Is it to weak to stand on it's own "feet"?)
[taken from another tread]
> This behaviour is as annoying and rude when a spammer does it,
> as it is when ORBS does it.
> The difference is the spammer tries once. ORBS keeps trying.
This is, as every statment you make, not true!
SPAMMERS port-scan entiry NET-BLOCKS,
ORBS doesn't do this.
(no matter how much you belive it to be so)
Spammers won't stop ABUSEing your server,
even if you try asking og pleading.
ORBS stops if you ask them to,
and add you to their list as "asked not to be tested".
Spammer try over and over til they find an Open Relay,
then they ABUSE this security problem.
ORBS report it, the DON'T ATTACK or ABUSE it!
(Contrary to you endless wordtwisting,
this is far from what you are telling everyone.)
The same thing happens when you are using IRC,
when you connect the server, another server test one or more port on your computer.
This to check for security problems,
either to warn or block you from connecting.
Same thing happens when using other services,
they send you ident datagrams to confirm your
"identity" and might reject your connection.
If YOU don't like this, don't act like a crybaby,
please unplugg your computer insted.
YOU try over and over to fuse false accusation
against ORBS without any proof.
Even when confrontet of false statements
YOU ignore it, making YOU WORSE than SPAMMERS!
Right now, YOU are the net-terrorist!
Regards...
I feel sorry for you in some way,
but this could be avoided with smarter solutions.
(Those who sold your "mailsystem" should have been force-fed their own software-package)
But I must blame your for not taking the time and resources to fix this server once and for all,
it should not be such a big hazle.
Some type of authentication, or DNS manipulation to give them correct mailserver IP when they travel (their ISP mailserver).
Regards...
Regards...
I vote they Rule!
They stopped you from relaying mail from an Open Relay, and thats always nice.
Regards...
Regards...
1)
I agree that this "can" be a problem, but seriusly if an ISP allowed SPAM to be openly relayed through their servers. The customer must be instructed to fix it ASAP!
2)
This is the BEST part of RSS!
3)
This never helps the customer, the open relay mailserver will wrongly translate the error to "unknown user". Even when the REAL error message is listed close by you can bet your "sweet ass" they wan't understand or even locate this message. If they call to complain explaining is often waisted, and as long as they don't send SPAM themselvs they can't understand that someone did.
Regards...
Regards...
You are talking politics, something you obviously no nothing about.
Question:
Ever read any customer/ISP agreements?
Please do, spesially the legal part!
Regards...
Regards...
Obviusly you have a flawed brain.
Not seing the difference in testing and abusing makes you unsuitable to questioning anyones logic!
Regards...
Regards...
>> The more serveres using ORBS protection, the faster/better the result will come.
>
> The endorsement of rude behavior (baseless port scans) helps no one.
Since ORBS testing is neither PORT SCAN or BASELESS, I would have to say your agrument makes no sense.
The spreading of false information and halftruths surely can't help anyone either.
Regards
Regards...
The word "listed" should have been used insted of "blocked", but this does not I agree with you.
You say blocking ORBS is ok,
but it isn't ok for ORBS to block anyone.
Seriusly, you must be kidding!
Regards
Regards...
> ORBS is unable to provide any PROOF that my host was used for spam.
They are still not a anti-spam list,
they are however a Open Relay list.
WHY should they prove this then ???
> And telling the admins at ORBS you are going to block them because you find their behavoir rude gets you listed in the ORBS database.
If you are free to block them,
how can you say they can't block you?
>> BOZO-admins who treaten ORBS with lawsuits and other bogus stuff
>
> Oh, so if you find ORBS rude, you should get blocked?
Please, if you like shuffeling...
...shuffel cards and not my statments.
My statement was reffering to treats of lawsuits against ORBS, i still think ORBS should reject them no matter the treats.
Regards...
Regards...
No, it's more like "withholding evidence".
Regards...
Regards...
I find your arguement with ORBS less suitable for public chat/news/mail, it smells quite biased and frankly unfair.
The wording net-terrorist is in itself rude, calling ORBS's actions rude in several of your postings today doesn't realy make me take your case seriously.
You should be more concerned about your own behaviour, your high-nose attitude could make any admin block your mail, server or network.
Regards...
Regards...
For the n'th time!
ORBS does NOT scan networks,
they only test nominated servers.
Regards...
Regards...
ORBS, is not a SPAM-server list.
It's checks and lists Open Relay servers,
or servers that block/deny testing.
This allows other mail-admins to handle
mail from these servers differently,
usualy blocking them with a 553 error-message.
Regards...
Regards...
The CLUE is prevention!
You don't prevent SPAM by first getting 10'000 SPAM messages, then block server A for sending them just to see the SPAMMER use server B the next time.
Did you wait to buy UPS til after the first powerloss, did you wait to buy FIREWALL until
i single bad guy took down your entire network?
If your answere to this is YES,
YOU need to get the CLUE!
Regards...
Regards...
> Say you run a network.
> You don't want certain groups accessing your network, say ORBS.
> It's your network, so its your prerogative, right?
True, as long as you accept my perrogative to use any list I feel is needed for security.
> However, ORBS claims to be offering a viable
> service by maintaining a list of offending
> open relays on the Internet.
True, and to be "viable" you must test the servers.
> Say that you don't run any open relays,
> but you don't let ORBS check your servers
> as above. Is it fair for them to list all
> your addresses as open relays?
The static listings imply WHY it's listed,
so can see if it's realy an Open Realy or just listed for blocking ORBS.
Even the unexpecting sender from that block
will get an correct error message, like:
"553 above.net has multiple open relays and has blocked the ORBS tester."
> The way I see it is that you have a responsibility for your network;
> ORBS has taken on much more responsibility than that,
> whether they like it or not
The amount of responseblity a network ADMIN is losing,
is ONLY controlled by the ADMIN himself.
If he doesn't understand what he is doing,
YES then any list will take control away from any ADMIN.
Regards...
Since you can't differ PORT-SCAN from sending E-MAIL for Open Relay testing,
or even can't differ "reason" from "proof" you have A big problem.
You might wanna buy a dictionary!
Your claims of net-terrorism is funny at most.
Regards...
So who knows, maybe AOL will catch on. But somehow I'm a bit pessimistic. As somebody pointed out, AOL has been put on blacklists before, and obviously it didn't phase them. Maybe ORBS is a more prominent list, maybe not. I'm not very familiar with the background here (AOL doesn't exactly consume my every waking moment)
I certianly hope AOL does get the message, however. God only knows how much spam I get from AOL accounts, yet I can't afford to block them because I need to be able to communicate with customers that only have AOL.
NOW if it will only tell me what they have done to several spammers I've reported. All I'm getting is a virtual "We're won't tell you anything. It's our 'security' policy. NYAH!" when I'm still getting junk from AOL's dialups and servers are slowly banning AOL manually. This isn't just for spamming, it also encompases harrassment of the users of those non-AOL servers. (IRC, MUCK's, interative services, even AOL's own AIM are examples of this)
---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
All I'm looking for is a semi-personal form letter saying you've nuked the account afflicted. This is insanely eazy to implement, and can even be hooked up into an existing reporting database. Infact, I wrote one up in this Usenet post to news.admin.net-abuse.email for UUNet. Just this setup time works well with ISP's as big as AOL.
We can't tell you any specific details of any action we take against a member's account, because AOL's privacy policy guidelines prohibit this.
[humor] I don't care if you used a five-kiloton thermonuke missile to get a spammer off your system, or a three-kiloton. [/humor] All I ask is that the user who sent me the junk to my account has been delt with. Not "We'll deal with it." I'm looking for a "We've dealt with him. He will not be spamming from us again."
All I'm getting is a "We're looking into it." I've gotten too many "We're looking into it's" from ISPs. I've gotten too many bounce messages, too. I've already helped get Real Networks on the MAPS RBL for being unrepentant in sending me junk. XOOM's getting there now. I have 84 spams waiting for LARTS to be fired off again, 4 relays to nominate to the RSS, and 74 spams filtered out according to the RBL or RSS. I'm tempted to start doing a spam or four a day. I only delete spams when I see the user responsible removed or reeducated. I wouldn't be suprized if I get a third of the load cut down because it's all AOL origionating stuff.
I'm not saying that the job gets done. I just don't have any proof of it, and it shows on other servers.
---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
Yet even with all that, I _still_ am beginning to hate uunet more and more. I've taken to adding little personal notes to my customary remarks- like "Please kill this spammer's account, oh UUnet source of my unending torments and target of my everlasting loathing and hatred. -postmaster@airwindows.com" It seems to make no difference and only relieves my feelings a bit. UUnet never stops giving spammers accounts and I'm damned if I can figure out if they even restrict them in the slightest way. I've heard they might do something like give warnings and say 'Send to other emails, ones that don't complain to us!' which is not an acceptable response.
Could _somebody_ please rip uunet's head off and #*$% down their neck? As a personal favor to me and Denor here? :P
Ohhhhh, I like this. I like it very much. I would point out that it's much much better to not have the others making threatening (and actionable) remarks at all. Have them just be there in a chillingly disciplined manner, saying nothing.
Ohhhhh, I'd pay to get to do that. Maybe someone should try to organize this :) pity I don't have a black suit. I do have imitation Blues Bros. sunglasses :)
If you don't want to get rid of the NT box yet, couldn't you use a Sendmail your public server which would only do basic relay checking and then relay the mail to your NT box for actual delivery?
That should be easier than moving your whole operation to Sendmail all at once.
--
"L'IT c'est moi!"
They don't even require a spam incident -- they will launch this "test" against any host that is nominated REGARDLESS OF WHETHER IT HAS EVER SENT SPAM.
I suspect that this is why ORBS is still accused of scanning for open relays. Some spammer is probably "nominating" whole IP blocks so they can check the ORBS list later. Since nobody smart uses ORBS, they now have a list of open relays, which are not on any real blacklist.
Either this is the case, the ORBS kiddies actually *are* doing scans, or AboveNET and many other ISPs are lying when they claim ORBS is scanning them.
-Chris
I rather like the RSS. It's suitably aggressive to catch a lot of spam, and has several advantages over ORBS:
/16s of AboveNet listed.
1) It doesn't list multi-level relays[*] -- I count this as an advantage, because it cuts out the "block an entire ISP because of a few rogue customer" effect.
2) They can actually produce a spam for each listing, something that ORBS cannot do in most cases.
3) [related to (2)] When explaining to a (non-)admin why you are blocking their mail, you can point them to an ACTUAL SPAM INCIDENT and say
"here's why."
4) [also related to (2)] There are no "manual listings" on the RSS -- every RSS-listed host is actually an open relay. Many ORBS-listed hosts are not open relays.... perhaps even most, with the multiple
[*] I really dislike the way ORBS handles this problem. Basically, if you run a (closed) relay, you apparently need to subscribe that relay to ORBS in order to keep it off of ORBS. Oh, yeah... there is one other alternative: you can enforce a no-servers policy, or (ack!) filter all incoming port 25 traffic to customers.
-Chris
If you are free to block them,
how can you say they can't block you?
It's not that they can't, because clearly they can. It's that they shouldn't. They have attained a position of significant repspectability (fairly wide-spread use) with their service, this separates them from the common user or isp. Users trust them to provide even-handed and consistent service, just like we trust our local police not to shoot someone in the knee caps for saying "Fuck you" to an officer.
When such brutality does occur, as we all know it does from time to time, the Police must be taken to task for weilding state-level power on a personal basis.
ORBS has successfully become a sort of 'Police' of the Internet. If they aren't grown-up enough to handle the responsibility in an enlightened manner, they will be replaced, and rightfully so.
I think (hope) that such things are growing pains, and that as they come to realize that their new-found influence comes with certain responsibilities.
.
.
**>>BELCH
The 'CLUE of prevention' you speak of is valid at the local level. At the global level things aren't so clear. You, as a fully functional human being, have untold potential to wreak havoc upon your neighbors. Should they kill you now to prevent that possibility?
**>>BELCH
First, a note to say that I *highly* disagree with the moderator consensus relegating your post to mere 'flamebait'. It's a jury of our peers, tho', and we can't expect to agree all the time. Bad moderation happens, as we see here. Fact of /. life. For the record, overall, I think moderation works pretty well.
That said, I disagree with your post for the simple reason that this is an interesting and important issue, and it's good to have it a bit further in the public eye. I care about such things, but I'm not a full-time administrator, so I don't (yet) peruse the specialist forums. Your annoyance is understandable, but I still disagree.
Respectfully,
skent
**>>BELCH
Brilliant post, doomed to the slush-pile.
Oh well!
**>>BELCH
This clearly demonstrates the problems associated with one entity having too much market share in any particular market. Any blacklist that bans AOL is shooting itself in the foot, because there's too much legitimate mail coming from the aol.com domain. For millions of people, AOL basically is the Internet. That's a problem. It demonstrates a problem we all know so well from the operating systems field: when one player has too much market share, they can basically act with reckless abandon. Everyone has to work with them or risk locking out their own customers, or potential customers.
--
Tired of FB/Google censorship? Visit UNCENSORED!
I'm sure the vast majority of the AOL machines are NOT in ORBS, and most mail will get through.
---
The ORBS people have always been sitting ducks for a restraint-of-trade lawsuit.
Now they've taken on someone who knows very well how to spell "lawyer".
The last I saw a discussion with the ORBS kids, their attitude was "we decide who is in the wrong, and how to punish them". Even when they are right, such an attitude creates enemies.
And when they are wrong, the lawyers descend.
I have been an opponent of the RBL for a while. There is absolutely no checks and balances to prevent personal grudges from taking a toll on businesses, etc. The company I work for was placed on the RBL by one of the board members, without any contact. The reason: He received an email he didn't want from a customer which had a website with us. Mind you they didn't use our mail system to send him this email, nor was it SPAM.
Subjective control of the Net is wrong, for the same reason that censorware is wrong.
The RBL is a heavy handed approach to solving problems. Rather than taking the approach ESR took with Netscape, they are extorting email providers into compliance. That's just wrong.
ORBS only serves to make an application level RBL. These approaches are entirely wrong, diplomatic approaches must be made to solve the problem, not heavy handed politics.
Our relay is partially open - it allows relay only if the sender's e-mail address or at least one recipient's e-mail address is from a locally-hosted domain. Not the most secure method, perhaps, but it seems to be enough extra work that spammers simply find a wide-open relay and use it instead of us. There's a much better way to do this. I modified our POP server at a previous employer such that it placed an IP on an approved relay list for up to two hours after a valid authentication. This worked great for people on the road because all they had to know was that they had to check their mail before trying to send anything (something people usually do anyway). c.
Log in or piss off.
Tough luck. When you sign with an ISP you sign with the Acceptable Use Policy, Term of Service and other appropriate stuff. If it says no SPAM this means no SPAM. If unhappy change the ISP. You have no legal grounds to sue the sysadmin after you have signed that you actually allow the sysadmin to do the filtering. So long and thank you for the Fish...
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
AOL has been in the RBL in the past. It has not invalidated the RBL. Actually it brought more popularity.
I did not consider using ORBS till now, I do now.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
These are not AOL mail outputs. These are the inputs.
As a person who had been hit by an AOL end-user generated mail D.O.S. at one of my previous jobs I can tell you for sure. You are checking the wrong IPs. Better scan your logs for AOL incoming and get the IPs from there. Thus you will get the tier 1 relays. From what I recall there are at least two more tiers which you can determine by firewalling Tier1 and than the appearing Tier2.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
A company I just got a job with is having the same problems with NT. It use to allow open relying for customers, but guessed what happened? Yep, spammers found us. Now were closed, but the mail package is a real peice of crap and I got the boss to let us switch over to qmail. I guess enough with the side story.
Linux O Muerte!
You miss the point: If my system is closed, there is no reason for ORBS to list it in such a way that everyone using ORBS will think it is an open relay and bounce messages from it.
Unless, of course, it's a power trip, and has nothing to do with stopping spam.
Should people with buggy MTA's upgrade? Probably. But ORBS shouldn't spite-list them, and shouldn't keep testing them; it should leave them alone.
Keep in mind, we're not talking about "any random SMTP". We're talking about servers that move thousands of messages an hour, and never, ever, crash *EXCEPT WHEN ORBS HITS THEM*.
You may prefer 17 messages to a spam run. I prefer no messages to 17 messages. I know enough
to keep my servers secured, and test them actively whenever anything changes. ORBS does not believe I have a right to be left alone.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
You're spoiling our fun. (Hey, folks, moderate that guy up. He's the AOL guy who makes less spam.)
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
Harmless if you happen to run the exact mail server they want.
There are mail servers, *WHICH ARE NOT OPEN RELAYS*
* where any relay attempt will create a message in postmaster's inbox.
* where certain of the ORBS tests *CRASH THE MAIL SERVER*.
The latter is a bug. So? Why should you have to let this *ASSHOLE* crash your system every time he gets the idea, when you *CAN'T* be used as a relay? He won't stop, ever, and the best you can do is have him list you as if you were a spam hydrant, even if no spam, ever, has left your machine, and you're not an open relay.
I know people who have this problem.
Anyway, if seventeen messages isn't enough resources to worry about, why do you mind spam? I only very rarely get more than 17 spams in a day after filtering...
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
Spam actually, really, from AOL accounts, or spam with "@aol.com" forged into the headers?
How much spam do you get per user? How does this compare to other ISP's?
I don't think AOL is all that bad *on a per-user basis*. The same thing that makes them so hard to block (they have an amazing number of users) pretty much guarantees that, even if they had many fewer spammers "per million users", they'd have an apparent "spam problem".
AOL isn't nearly as bad as Netcom and uu.net once were, and none of them are as bad now as what we used to take for granted as the cost of having an email address. I don't mind AOL all that much; they're not that much of my junk mail.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
When did this happen? Which company? Which board member? Post a URL pointing to all the documentation showing what the email was.
:)
Or, allow me to continue believing that the RBL is astoundingly well-managed.
(Note that everything like this I've heard dates back about to the point where they had maybe one employee, and really doesn't apply to the RBL as it exists today.)
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
I manage a mail hub that was probed by ORBS. They provided the service of informing me of the security hole, for which I am grateful. Thanks to them, I secured my server against spam relaying.
Besides the obvious desire to provoke, why would you call their probes an "attack"? From my mail logs, I see that their probes take up very little resources. There were not that many requests, and there were pauses between them. They test using legitimate SMTP requests, and they are entitled to do so once you put your SMTP server on the net. There is a big difference between a handful of probes that result in perhaps a single relayed mail, and a spammer pounding on your unsecured server with thousands of requests for relayed email. I would rather have ORBS test my server any day.
See their site for details. They do not randomly test sites, but only test when a suspected unsecured site is nominated by someone. Their probing serves, as you say, to "talk to the host accused". The admin has a whole month to secure the thing if it is found insecure, before it is publicly listed.
I'm sorry? My company's mail and web servers that run off of a 2mbps SDSL line are pirate or not legitimate? The mail and "do everything" linux box I have on my 768k ADSL line is pirate or not legitimate? Gee, that's funny. I rather thought anything that could fling packets via TCP/IP was a "legitimate" server.
This will be of great interest to my users, both at home and at work. 752 people (as of this morning) will be happy to know the services they reliably access, and have accessed for almost 2 years now, are provided by an illegitimate server.
Oh, and before posting, please learn to spell. It's an "impediment" to accurate communication.
--------------------
I am trying to convince my superiors to let me start refusing mail based on ORBS and MAPS RBL queries, but denying a large volume of legitimate mail (as the case would be with AOL on the ORBS list)...
FYI, this would still be the case even if AOL were not in the ORBS database. ORBS lists quite a lot of servers that mostly deliver legitimate mail, sometimes on the basis of pretty obscure relay tests and often even if the relay is not actively being abused by spammers. The ORBS philosophy, as far as I can tell, is essentially that it's okay to throw out a few babies as long as you get rid of the bathwater.
I would put more trust in the MAPS RBL, DUL and RSS databases as more responsibly run systems: while not as aggressive as MAPS, much less likely to discard legitimate correspondence. For many sites, that is of paramount importance.
We use three spam lists:
RSS
DUL
RBL
The RSS is a toned down version of ORBS; it only lists relays that have been used to spam, which makes it easier to explain the problem. The DUL blocks any direct from dialup spam. The RBL blocks blackhole sites. The main problem with ORBS is that it is harder to explain (with RSS you can say 'spam _has_ been sent through this server'), and it blocks a lot more sites, which makes it hard to handle on anything larger than a personal mail machine.
Maybe your grandma can handle a real ISP, mine can't.
-B
But it need not be a black hole if you don't want it to. It may not be the default that they tell you how to set up, but should you be reconfiging company e-mail if you can't make Sendmail do what you want?
AFA their criteria, all of these different lists have different criteria. It's the Admin's job to pick the one that fits best with their mentality.
Pax.
-- IANAEG - I am not an elder god.
Well, your ORBS reply message should be set that someone should understand it well enough (though I grant you that few on AOL would grasp most concepts tougher than the 'start' button) to forward a copy to their postmaster.
;-)
Say something about your mail service, aol.com (create that), is assisting spammers and illegal activity, yadda yadda. If you want to help fix this so you can send *your* e-mail, forward this to postmaster@aol.com (create that, too). With a minute or two spent on the message, you could practically tell them step by step how to properly deal with it (though some couldn't find a button with two hands and a roadmap...). Then in the next paragraph you can list the normal ORBS stuff, with the URL and all that jazz.
Tens of thousands of calls to AOL customer service may be the only way to remedy the situation, so people have to do this. I suggested in another post a rather extreme view (have the backbones cut them off from the rest of the world until they update a setting or two). Shouldn't be tough to see some action then, and then AOL could have some cute little 'art' appear on everyone's screen saying that the world has stopped being unfair to all of you wonderful AOLusers and that you can get back to that big scary internet, but we know you don't want to, so come join a chatroom...
A lawsuit would work, too
"It's tough to be bilingual when you get hit in the head."
Moderate this as off-topic if you will, but does anyone remember the days when AOL was *strictly* a propietary ISP? Before the days when AOL'ers lurked (leaked) onto the Net proper? I get nostalgic for the days of Netscape 1.0. (Or even Mosaic betas...)
This entire discussion -- ORBS, RBL, etc. -- does bring up an interesting tangent: as a community, we have a helluva pull on the marionette strings. When a company does something bad, the ball usually starts rolling here for protest pages. But why doesn't someone start an "evil-company blackhole list" and disallow *all* services to that company. Block access to www.mattel.com or, better yet, redirect to a page telling people why Mattel is being evil and then give them the option of continuing to the site or signing a petition.
It's just a thought, a random and tangential thought, but hey... I figured why not throw it out there.
----
----
Am I the only one who thinks Microsoft is a misnomer? Perhaps Macrosoft would be a better fit?
I vote they suck. I own an ISP and about a year ago got blocked by ORBS for running a mail server that allowed mail throughs. I upgraded the server, shut off access to the outside world for mailing through us and report said event to ORBS. ORBS kindly removed my name from their list and everyone was happy. Two months later, a dedicated customer of mine got stuck on the list AND my mail server got stuck on there again but this time as a relay for THEM! Needless to say, the customer was running a crappy mail server on an even crappier O/S (insert best guess here) and I had to block him to get myself off ORBS. Turns out the customer had the logs from the whopping 1000 emails that had run through his site (in the past 4 months) and we discovered what appeared to be "fishs" for a mail through situation on his server and they originated from a site on ORBS. Now they say they don't scan for mail through servers, but this evidence seems to say otherwise. It's my opinion that they will do and say anything it takes to support their cause, which isn't fair to everyone involved.
Ok, great - so AOL is on the ORBS list. However, ORBS has been known in the past to do things that they should be smacked on the ass for. They have portscanned our network once - 96 class C's!! They probed one machine which was a virtual web server running an older version of sendmail, and came up with several hundred "open mail relays" not knowing that: 1. All of the IP's were the same machine, and it has_never_ been used for SPAM. It's a web server, and it doesn't do mail. Get it? *smack* 2. This kind of network intrusion is an invitation for an ass kicking. It would be nice that at least they would have said something... The move was definetey unethical. btw... ORBS used to be based in Canada. Then they pissed some pople off and had to relocate to New Zealand. har har. Anyhow, it is nice to know that someone out there is an active anti-spamer, but hey, using brute force will only make people angry. It definetely won't help solving the spam issues... And for AOL... As long as they provide a cheap, unreliable, insecure access to the net, they will be a spammer heaven. Frankly, I don't think they give a shit about ORBS. They will sue the living shit out of everyone and their dogs, and pay whatever the price is to get their way.
--- sig moved for great justice.
Most email clients I've used try to send outgoing mail first before downloading incoming. So telling your users to check their mail first doesn't help if they're using popular POP clients like Eudora. The MSOutlook/Exchange products often do some authentication first, so they might be able to use this dodge.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
So you're guilty _because_ you're innocent!
Seriously, if the purpose of ORBS is to prevent machines from being used by SPAMMERS, and ORBS can't get in to abuse the relay as a test, then spammers can't get in to abuse it for spamming.
If you've got a site that _deliberately_ blocks ORBS, either it's got some good reason to dislike the probes (e.g. the guys whose lameNT mailer crashes), or because it's running mailer protection software that interprets ORBS as a spammer's probe (good - so they're blocking real spammers too), or perhaps they provide spamming services (in which case the real problem is users with accounts there, not relays.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
This is almost the exact word for word attitude that some of that shitty censorware stuff takes.
Essentially their argument is that you can't have anything worthwhile to say if you have a free or no cost based web site. On that basis almost all of geocities, xoom, and many other providers gets blocked (Bess).
Another question that needs asking here. I can just imagine a group of fed up people actually taking civil action against and ISP that has some sysadmin that just blithely blocks e-mail from some location because of "spam" (that's a crapy name for it).
Few of the people who actually run ISPs are in fact owners of said equipment or lines and as such do not have the moral or ethical footing to make such calls.
Unless you are actually running your own legitimate server (no not a pirated or other server off you cable modem or DSL or ISDN connection) you can't make calls like that.
I have every reason to believe that most people are just getting screwed over by the Olympians on this one because no one who is getting harmed with having their e-mail blocked has any ability to effectively do anything with it.
As another poster has already pointed out there is a really nad streak of BOFH in many people that works almost the yway it does in cartoons.
You know the two little people that stand on the sholders of various characters and represent good and evil? Well I think that many people are listening to the pointy horned one.
I know personally of several cases where judgements were filed against various sysadmins who thought that they were going to screw the users in any fashion they wanted. A teacher at a highschool was relieved of his position after taking copies of e-mail correspondence that in fact did not belond to him and then attempting to use it to further his own agenda and get the people involved kicked out of school.
Data deletion and malicious banning are also things that I have known to happen.
How would you feel if say I really didn't like you and started to actually do packet sniffing and then do an active regex search of all packets comming out of your domain. Then I systematically tamper and trash all of those packets that are e-mail messages say after a random number of packets has matched? Not so funny now is it?
When you work at a job there is a little clause in employment contracts which states something to the effect that anything you do is only permitted if you have authorization from legal representatives within the company and perhaps others in the upper eschelons of the company. Without this you cannot do anything without taking a hefty chunk of liability and as such should not try to limit access from ISPs who are trying to legitimately attempting to provide a service to their users.
The mere fact that the list of blocked sites that is being discussed has been removed from it's own service providers several times is indicitative of how draconian these people are.
There are already attempts to make intelligent AI driver mail and news filtering engines that can attempt to classify various messages by content and word analysis (similar to Eschelon). Positive results are showing up all over the place.
Then once that is done just rapidly have users check their "spam" folder rather rapidly and bam no more problem for them. After doing an analysis of my own mail box and roughly 40,000 from several unix domains I have determined that in fact on the whole 97.8956% of all spam messages that are sent during "peek" times (ie when factored for various changes in TIme Zones relative to each other) between say Monday-Friday 10:00-22:00 with the peak being at about 8pm on Wednesday (maybe more people are home then).
Messages in this time period do not exceed 8-12k in any circumstance.
I can't see how realistically when such massive bandwidth and tremendous risk is involved one can justify acting as a free speach empidement.
Slashdot social engineering at it's finest
Oh, sorry... was that a troll?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
>As long as they don't break any laws, there is no reason for me to do anything.
If you are talking about the door-knob turner, they ARE breaking the law. It is called prowling. And Trespass. And if they keep doing it, stalking
http://www.wwlia.org/ca-stalk.htm
>you should try to resolv this matter
Resolution is possible with reasonable people. ORBS are not reasonable with their methology. They blindly attack hosts, and when asked for proof as to why my host was attacked, they can provide NO PROOF OF SPAM so that I might figure out how to stop that 'alledged spam' in the future.
Go on NANOG's lists. Look around, and you will see that ORBS is believed to do more harm than good. Because ORBS is no better than the spammers who probe hosts. And because ORBS is a net terrorist.
You want change? Then get ORBS to modify their methods. Get them to contact the admins before they test. And provide proof of the SPAM from a site. Have ORBS be REASONABLE, and they won't generate all this ill-will they have.
Right now, ORBS is a net-terrorist.
If it was said on slashdot, it MUST be true!
For as long as I've figured out how to use nslookup, I've been waging my own private war against spammers.
Lately, my anger has been less and less directed toward the spammers themselves (they're still bastards), and more and more toward the companies that allow it to happen.
Specifically, PSINet and uunet, but I've also got spam from AOL, the sprint dialup network, and various lesser-known servers. Most of the time, the only kind of response I get when I send in an abuse report is a form letter, and that's it. Sometimes I get to know when the offender's account has been closed down, but when it's actually a relay acting up, that doesn't help.
And no matter how many abuse reports I send in, no matter how many times I send a letter to the administrative contacts telling them that they are allowing people to exploit security holes (the open relays) in their mailservers to send bulk e-mail to people, I've never once got any kind of reply other than a form letter.
So my question is, really, is there any way to get through to these people? Are the corporate ISPs so utterly clueless that they can't comprehend the idea that spam is a Bad Thing? What does it take to get through to these corporations? Does the Better Business Bureau take complaints about spam-enabling companies? Would writing letters to the editor every time a spam-offending company is mentioned positively in an article help? Would making an appointment with the corporate types and showing up in person even make it past the "call them up and try to arrrange something" phase?
I'm becoming really burnt out on trying to get rid of my spam. The S/N ratio on my mailbox has dropped to almost negligable levels - I'd abandon it if most people didn't e-mail me there. I want to stop spammers, but even sending e-mail to abuse departments doesn't help. What, then, can be done?
-Denor
Conversely, I haven't been able to attribute any of the last dozen or more spams I've gotten to an AOL source. Plenty have listed AOL in the headers, or included AOL e-mail addresses, but they were all forged in an effort to put people off of their trail.
Additionally, in the same period of time, I've received probably 8 or 10 e-mails from friends/family that use AOL. I would most certainly raise a stink if my ISP decided to honor ORBS lists and keep me from receiving this e-mail.
IMO, AOL doesn't account for *nearly* the amount of spam as other major ISP's out there, and despite the fact that their abuse address never really replies to my complaints (or if they do, it's usually about a month later), I rarely (if at all that I can remember) get a repeat AOL spammer. I mean I'm perfectly willing to acknowledge the possibility that I might just be lucky, and that the true majority are getting pummeled with repeated AOL spams from the same people, I'm just not one of those people, and from what I've been reading, lots of others are in the same boat as me.
I've never been particularly impressed with ORBS.. their "rules" about who gets added is entirely to subjective and not nearly objective as it needs to be. MAPS RSS has the same goals (listing open relays), but they're much more responsible about when they list someone. *shrug*.. Just my opinion.
You can always "whitelist" any servers that you wish to receive mail from, despite their presence on ORBS, RSS, RBL, or DUL, by putting them into /etc/mail/access (assuming you're running sendmail, and have that feature enabled), e.g.
mail.wideopenrelay.com RELAY
This, of course, diminishes the punitive value of the list, but it's better than not using the list at all. IMHO, you don't even need to give a second thought to using the RBL (which only lists serious repeat offenders, IIRC) and the DUL (dialup users should use their ISP's mailserver. The only servers I've had to whitelist at a user's request have been on RSS, which is far more agressive than the RBL. (I don't use ORBS, since I find it too aggressive.)
--
Great, AOL has been added to ORBS. This will probably serve to invalidate ORBS more than anything else. The fact of the matter is that an ISP can not refuse AOL e-mail. AOL simply puts out too much legitimate e-mail to make blocking them outright even a possibility. The customer complaints would be tremendous and it would cause an ISP to lose credibility with customers who don't understand things like ORBS and open relays, who only understand things like grandma can't e-mail her granddaughter happy birthday. What's that mean? Selective entries on ORBS will start being ignored and once you start down that slippery slope, you may as well wave bye-bye to any sort of influence that list may have.
What needs to happen is a bunch of ISPs need to get together and file a lawsuit against AOL for allowing so much spam through their systems. A groundbreaking case for responsible management of systems on the Internet would serve our fair network well.
I also find your anecdote extremely surprising, and I'd like to see some proof... I thought that the RBL was a last-ditch effort after contacts had been made.
---
In the immortal words of one of my co-workers. "You can't spell a**hole, without AOL"
"Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs." P.J. O'Rourke
As a behavior-modification tool, the ORBS is useless. Too many people run insecure mail servers for most people to be willing to filter it all out. Enforcing the ORBS list will be more painful to the enforcer than the violator.
A better method would be to get a court case to establish that people running insecure mail-servers have partial liability for spam-floods using their server. A case could easily be made that anyone with the knowlege to run a mail-server has the ability to discover that running an open relay is dangerous, and the ability to perform some minimal securing.
Completely misleading.
If you follow the naive instructions to turn on ORBS, it will bounce everything, and it will also bounce all of the "static listings" - hosts which are almost always *NOT* open relays, many of which have never emitted a single spam, ever, but just don't allow gratuitous testing.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
http://www.mail-abuse.org/rss is a "realtime" relay system. If you get a spam that used someone else as a relay, you forward them the IP of the relay, and it gets added to an RBL style list. Only after it's been proven that someone's mail server is being used for spam can it get added, and the turnaround time for off and on this list is very short. Take a look at their FAQ for more info.
Aside from the irony that the AOL listing is not for AOL itself but the dialups..
People like you who dont bother to secure themselves against spam are why the problem exists. If you had an unsafe building then you would get forced to clean it up.
ORBS exists because people don't care about open
relaying. Hey its not you being spammed, its all
those other folk, you can fix it later.
Not socially responsible at all.
Well, I know of a few people who are going to be a little dissapointed if this happens... my school properly secured the mailserver a few years ago, at which point some of the more spam oriented folks on campus realized that aol's servers were still wide open for such things... actually, so were sgi's (at the time). I'm sure that's been fixed...
/mp3 and /movies directories... There were more than a few people who got shut down because of that.
The best is when the school ran a local search, and all sorts of people got hatemail saying "we found an active relaying mailserver on the system in your room. Fix it or be assimilated... I mean, deactivated" (or something to that effect). Pretty funny. Then, of course, came the firewall, so that ended the need for that, so they only scoured internal webservers for spurious
Of course, a college can easily shut off a port on a managed hub, but for AOL, maybe Sprint, MCI, et al could just sever any links out to the rest of the world until they comply... that would be pretty funny (I can see the even dumber commericials now... "Now with re-activted internet connectivity!").
AOL... hehe
"It's tough to be bilingual when you get hit in the head."
AOL doesn't use any external 'blocking lists' in total. We maintain our own lists of problem providers and dialup IP ranges, supplemented by careful and judicious use of what's publicly available.
There's a simple reason that we don't bounce messages during the transaction, and that's because we don't verify user information during the transaction, in order to prevent spammers from dictionary-attacking us to get lists of AOL's usernames (Not that they don't try... they do... constantly).
Even though we have controls in place to try and prevent the amount of bounced mail we send to a delivering site, we still crush a number of them from time to time, because they're a: getting spammed through, or b: getting spam forged in their name.
Ask Netcom (well, you could if they were still around in other than name), MCI, Yahoo, hotmail, and more, but they're the ones that everyone knows. Hell, Vint Cerf's called personally to get us to take it easy on 'em. (I did).
We simply don't have time to respond to spam complaints... way way WAY too many of them. We can't tell you any specific details of any action we take against a member's account, because AOL's privacy policy guidelines prohibit this. (though I've been known to drop the occasional hint when it's something that needs a response)
I (up 'til yesterday) was the person that dealt with IRC abuse, and I know that it gets dealt with, albeit slowly because it takes awhile to track down the actual user.
As for MU(X|SH|CK|D)s, I'm a mux/mush coder myself, and I'm pretty damn sympathetic to those kind of abuses, and if I see 'em, they get dealt with harshly (no, that doesn't mean mail me directly... reports from people I don't know get ignored cause otherwise I'd go insane)
AIM is (supposed to be) self-policing... that's what the warning ability is there for. Sure, it gets abused, but well, you can't give something away with assholes getting in the mix.
Scott Crain
AOL Mail Ops (and up way too late. Where's dat update you mentioned, Hemos? =)
I couldn't agree more. I have a system running qmail which I'm pretty sure is not an open relay, but I can't post to mailing lists that use ORBS because ORBS blocks every single address associated with my ISP, Roadrunner. Why? Because Roadrunner objected to being scanned. Perhaps a little pigheaded on their part, but it's Roadrunner's perogative. It was even more pigheaded of ORBS to retaliate by listing every single *.rr.com host as an open relay.
. com...
I simply don't see how ORBS helps the internet community. They block hosts indiscriminately, sometimes vindictively.
Here's Roadrunner's commentary on the whole mess, taken from one of their newsgroups:
; "Jr." wrote in message
news:MPG.12ffb6474d5873d1989688@newsr2.texas.rr
HISTORY:
Road Runner customers and Affiliates initially contacted us with a
security issue. They were concerned with their privacy and security when
an unknown entity (to them) began scanning them without permission. We
initially tried to address this case by case and later contacted the ORBS
administrators and requested this unwelcome scanning terminated. This is
analogous to someone requesting they be removed from a list that they did
not subscribe to. With this request, all Road Runner IP space was
unexpectedly added to the ORBS list with a public statement on the ORBS
WWW site, as well as the bounce message which our subscriber has
received. As scanning continued against our repeated requests, the
individual ORBS scanning hosts were filtered out of our network.
Although we strongly believe in stopping SPAM on the Internet, as well as
respect the initial work and charter ORBS has been under in the past, we
have serious concerns at the current methods and actions that are taking
place:
e.g.
- Scanning of private networks without permission from targets
- No REMOVE capability from the ORBS scanner
- When someone tries to stop or block the ORBS scans, they are blocked by
ORBS.
- No warning, as well as false public statements about the individuals
scanned or their provider. THAT IS: If you have a relay (known, or
unknown to you) you are called a SPAM supporter publicly without any
warning to correct it before ORBS adds you.
- Misinformation on ORBS' own web site
(http://www.orbs.org/whatisthis.html) "What is ORBS? The short answer:
ORBS is a validated database of open mail relays and open mail relay
output points, accessable via DNS lookup."
- The addition of Road Runner hosts to a "secret" database. Road Runner
hosts are not listed via their normal web lookup at
http://www.orbs.org/verify_1.html
Road Runner believes strongly in the fight against SPAM. We have address
it with strong policies, enforcement and our own relay detection methods.
We will continue this effort, work together with other providers and the
Internet community (including ORBS) to make a difference. However, we
reserve the right to assess the methods used, by whom and determine the
best way to accomplish the desired results for our business.
Right now, 22:40 UTC, no AOL server is listed by ORBS. I mean, no MX for the domain aol.com is listed by ORBS. Maybe an AOL's client is listed by ORBS, but certainly not the entiere aol.com domain.
./bar
# host -t MX aol.com
aol.com mail is handled (pri=15) by yh.mx.aol.com
aol.com mail is handled (pri=15) by za.mx.aol.com
aol.com mail is handled (pri=15) by zb.mx.aol.com
aol.com mail is handled (pri=15) by zc.mx.aol.com
aol.com mail is handled (pri=15) by zd.mx.aol.com
aol.com mail is handled (pri=15) by yb.mx.aol.com
aol.com mail is handled (pri=15) by yc.mx.aol.com
aol.com mail is handled (pri=15) by yd.mx.aol.com
aol.com mail is handled (pri=15) by yg.mx.aol.com
Ok, each entry is a round-robin alias with 4 IPs.
With a bit of typing and http://www.xnet.com/~emarshal/rblcheck/, I verified that no IP listed by this simple query is actually listed in ORBS database, or at least the database which can be queried by the standard RBL DNS hack.
# host za.mx.aol.com >> foo
# host zb.mx.aol.com >> foo
etc...
# echo "bla 127.0.0.2" >> foo
(this is to check the script below)
(script named "bar")
#!/bin/sh
rblcheck -q -c -s relays.orbs.org $1 1>/dev/null 2>/dev/null
echo $? : $1
# sed 's,.* \([0-9.]*\)$,\1,g' foo | xargs -n1
("0 : " == not listed in ORBS
"1 : " == listed in ORBS)
0 : 152.163.224.3
0 : 152.163.224.4
0 : 152.163.224.5
(...etc...)
0 : 205.188.157.1
0 : 205.188.157.2
1 : 127.0.0.2
From their What is this? Page:
ORBS is NOT a "black hole" - we do not disseminate routing information causing included hosts to be
unreachable from portions of the Internet. Running an open relay is usually accidental and those admins who
continue to run open relays after being warned about it by ORBS and/or other entities will eventually find
themselves in the MAPS RBL - which is a "black hole" and is used by at least 40% of the mail servers on the
Internet.
ORBS tracks these systems so that people operating mailservers subscribed to our database can block
e-mail coming from open relays until such time as they are fixed to no longer permit third-party SMTP relay.
Admins may alternatively set their systems up to tag messages delivered from open servers as "possibly
spam", or just log the connections. What any admin does is entirely up to that admin. If you've been blocked
from delivering mail and given a pointer to this site please note: It is the decision of the administrator of the site
which blocked you to disallow mail from open relays. Those open relays must comply with that admin's rules
(not ours) in order to deliver mail to that site - we're just verifying to the admin whether a host is an open relay
or not.
-- IANAEG - I am not an elder god.
despite the fact that it's great fun watching people find outlets for their high horse talk, heck I'm one of 'em.
.oO0Oo.
I've never used AOL or had any problem with any of it's users. What I do know is that it's using it's muscle in the UK for force down the price of access. They are attempting to expand in the UK not by simply wooing competitors customers but by expanding the market. In this way even maintaining market share - or even losing some - is still a win. When players such as Freeserve haven't turned a profit but derive their huge revenue from bloated cost of access they are still vulnerable to the next wave.
AOL was the first major company to move to a 1p a minute 24 hour access. Previously it was 4p per minute for daytime modem access (8am-6pm). Others have quickly followed (ntl: for instance) and now we are beginning to see flat rate 24/7 access finally arrive.
The UK is finally going to come alive net wise so expect plenty more AOL users to come aboard.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
[posting anonymously for obvious reasons]
Our company's primary mail server has been in the ORBS database for a long, long time... We made the choice (mistake?) of choosing a closed-source, commercial mail package running on Windows NT Server instead of something open (like Sendmail or Qmail). I've been regretting it ever since...
Our relay is partially open - it allows relay only if the sender's e-mail address or at least one recipient's e-mail address is from a locally-hosted domain. Not the most secure method, perhaps, but it seems to be enough extra work that spammers simply find a wide-open relay and use it instead of us.
Originally, we had a completely open relay, but after a few incidents where our server was used by spammers, we paid (through the nose) for an add-on option to our mail server to allow this selective relay ability. During one of these incidents, we were added to the ORBS database. And once you're in the ORBS database, you never, ever, ever get out, even if you're clean.
We passed the ORBS test with flying colors after getting the selective relay option working on our system... until about a year later, ORBS put us back in the database, after adding a couple new tests. One of the tests (NULL sender envelope) got through our system, and we were once again considered an "open" relay.
About that time, our mail server vendor had just released a new version of their software, including a fix for the problems ORBS detected. And it was bargain priced - only $1,500 US to upgrade to version 4.0! And hey - that "unlimited" domain hosting option we paid for? Sorry, not available in version 4.0, we'll have to pay-per-domain. Oh, and we'll have to pay extra to upgrade the anti-spam option we already paid $800 extra for just a few months ago.
This is turning into a ramble... I guess my point is, thanks to needing to have a partially open relay to support our remote and traveling users (quite a large number) and getting screwed over by our software vendor, we're now considered an "open" relay. So far, in the past six months or so since we were re-classified as open, we haven't had a single message bounce back to us, and we haven't had a single incident of spammers hijacking our server... but it still drives me nuts thinking that our server is in a blacklist.
I've been looking at a few options, such as the new authenticated SMTP options available in Sendmail and Qmail, but realistically? If it's not causing us a problem (i.e. bounced/blocked mail) then it's not high enough on our priority list to allocate the time and resources required to do it right.
And that's why I'm on the blacklist, and likely to stay there for the foreseeable future...
ORBS has, for quite a long time, been a list of "open relays, sites that object to being port-scanned, systems whose admins irritate the ORBS admins, systems that block port scans", and the like.
Really, they're jerks, and you should *NOT* use them to filter mail, unless you particularly think that everyone in the world has a moral obligation to let some guy run relay-rape attempts on their servers any time he feels like it.
I like MAPS. I don't like ORBS.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
There's a much better way to do this. I modified our POP server at a previous employer such that it placed an IP on an approved relay list for up to two hours after a valid authentication
:( Alas, Outlook attempts to send email before it checks, so all those replies would be rejected. (It only has a send/recieve button, not two different "check" and "send" buttons) So, now they all have a little app that does a pop3 login, which they have to run before sending anything.
I have also this set up, but there is one problem. People dial up check their email, fine, and disconnect. Then they compose replies and reconnect (Ususally with a different IP, of course
--
Exigo spamos et dona ferentes
AOL has some new machines in place to redirect part of what would normally be the dialup (*.ipt.aol.com) mail traffic through machines where we can monitor the volume to control spam. We're just testing it at the moment, and these redirection proxy machines are the ones listed in ORBS, with my support and permission. AOL's dialups have been listed in ORBS and the MAPS DUL for a long time, because well, lots of mail shouldn't come directly from dialups to someone else's mailserver.
Now what're y'all gonna say, when ya find out that AOL added those machines to ORBS for your own good.
Scott Crain
AOL Mail Operations
This is actually quite frustrating. As a consumer, I strongly dislike AOL. However, they have a huge share of the North American e-mail market. I am trying to convince my superiors to let me start refusing mail based on ORBS and MAPS RBL queries, but denying a large volume of legitimate mail (as the case would be with AOL on the ORBS list) actually puts us in a situation where our customers would be complaining that they can't get their e-mail. O, woe is me. Is there a solution to this conundrum? I don't for one minute believe that AOL gives a rat's ass about open relays, or what list they are on -- after all, they are used to being hated. Hrmp.
--
Do daemons dream of electric sleep()?