Slashdot Mirror
Open Relays, Free Speech, and Virus Propagation
sirsnork writes: "There is a story about John Gilmore running an open relay that is being used by a virus to propagate running over at Newsbytes. His defence? He wants his friends to be able to send email through his server from whereever they are. You'd think he'd know better." Gilmore has been skirmishing with Verio for some time over his open mail relay. Is it a good thing because it promotes the free flow of information? Is it bad for promoting the free flow of spam? Do the ethics change because someone writes a virus that uses the server to propagate? Interesting questions.
I agree.
But weird how the article said Gilmore, a life member of the Libertarian party, has accused Verio of censorship and said he configured the mail server to accept and forward e-mail from anyone in part so that friends could use it while traveling around the world.
(Emphasis mine).
Seems to imply there are other motives...
Information wants to be beer.
That means that he would have to be paying out large amounts of money to anyone who is a victim of spam through his server.
It is interesting to know that a while back, Verio was scraping the register.com database to spam people who had registered with register.com
Fight Spammers!
Is that too much of him to ask of his users? Or is he just unaware of how and what to do?
Clue me in, folks.
--SC
You read fiction? I write it! Lemme know what you th
I vaguely remember that at one point, Richard Stallman didn't want to use any Unix machine that didn't support guest accounts (user: "guest"; password: ""), because he thought that was a violation of freedom. For a while, that meant he didn't use any system hooked up to the Internet.
It's not that he didn't understand the security implications; it's that he thought they were less important than what he considered the moral implications.
Can anyone back this up?
Stupid job ads, weird spam, occasional insight at
Verio allows postmastergeneral.com, a known spamhaus, to operate. I don't think that they are going to be concerned with the negligence of one of their customers facilitating criminal activity when another of their customers is openly engaging in criminal activity.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Please mod the parent up. You have to read some of Gilmore's own words to believe how aggressively and unreasonably stubborn he is on this issue. Gilmore has done some wonderful things, but he flat out refuses to ignore the changing realities of living on the 'net, calling anti-spammers "extortionists", "thugs", "blackmailers", and asserting that this is an "antitrust" issue. Regarding spam itself, Gilmore says: "I don't even want a "tyranny of the majority", if the majority happens to prefer to smash spammers (and suspected spam-sympathizers). I don't want a rerun of Joe McCarthy's witch- hunt, with spammers in place of Communists. I want to have everyone's right to communicate with each other protected, whether or not they disagree with the majority."
Which is all well and good. Gilmore argues that any censorship is reprehensible. OK, then why did Gilmore voluntarily censor mail passing through his gateway in a token attempt to appease Verio? He argues on a point of principle, then breaks that principle quite cynically so as to create an appearance of having offered a reasonable compromise (when the real solution is much simpler: authorisation). He is a very jolly, persuasive and genial old hypocrite. Harsh comment, but judge him by his actions, not his protestations.
Gilmore is an extremely confused man, well intentioned, but in severe denial that the world has changed around him. He has found a cause to fight (using EFF lawyers) and is enjoying playing hardball on an issue of principle (while breaking that principle himself) when there's good grounds for believing that the real issue is that he's just pissed at Verio for buying up the ISP he founded and imposing terms of usage on him. Any terms. Gilmore is pro-free speech in the shouting-fire-in-a-crowded-theatre-is-OK way. Information doesn't just want to be free, it wants to be thrown out of the door and helped along with a cattle prod. While he's done a lot of good in his life, I believe that this extremist stance actually damages the EFF and the free-speech lobby.
Before you judge him, go and read his specific thoughts on this issue, and decide for yourself whether he deserves contempt or pity. I'm rather leaning towards the latter.
If you were blocking sigs, you wouldn't have to read this.
I wonder if John Gilmore administrates his mail server and reads Postmaster mails on his own. If he did, he would spend the whole day on cleaning it up.
A bit more than a year ago I worked at a company which was running an open relay to allow their customers sending mails through it. It has been blacklisted everywhere, no one has ever read Postmaster, they just reinstalled the mail server (out-of-the-box system, which they are developing) or removed the entire mail spool if it got too bad.
Yet they had of course plenty of problems with sending their own mail - so had their customers who used the relay, too. Being blacklisted on RSS, ORBS and dozens of other DNS-based lists causes quite some mails to be rejected - the percentage is certainly too high to ignore.
To make it short, it took several weeks to persuade each customer to change his mail server's configuration into using the ISP's mail relay instead of ours. Meanwhile the company moved its former 64k Internet connection to a 2Mbit/s line, which made relayed spam spread as fire.
Within the few weeks between the new line went up and we were finally able to replace the old mail server with a new system running Postfix, the mail relay was almost unusable for us - it took about a minute to even have a TCP connection of any type accepted, the system load was always between 10 and 20, and the ISP bill was _really_ high.
After putting Postfix into work, it was my job to keep the mail system running. As it ran on the same IP address as the old server, the spammers didn't stop trying to relay their trash through it. AFAICT almost no spam flood mailer checks SMTP return codes, and if it does, it tries to connect to the secondary MX. As a consequence the syslog has been filled with thousands of "Relaying denied" messages, SMTP sessions have been kept up for hours, and as they discovered after some time that this relay has been closed, they scanned our networks for some more open SMTP servers - not only - they scanned almost everything, so as if they can't relay spam through us, they at least want to look for an open FTP or HTTP server to share pr0n and w4r3z. It didn't take them too long to find an open proxy, and they caused 80 GB (the ISP bill was 6000 € that month) of bandwidth until we discovered it. They found an open FTP server, too, and uploaded about 5 GB of m0v13z until the partition went full what made us notice it.
What is more, the mail server has been fixed, but the IP address has still been blacklisted. After two weeks of notifying blacklist operators and having our mail server tested as secure, it has been unlisted from most services. Spam continued, of course, Postmaster notifications due to recipients who blacklisted our mail server manually continued to occur, and some customers who forgot to change their mail relay or were unable to do so (it's an easily-installable out-of-the-box system which they bought from us, so they just lacked basic knowledge to run a mail server). It has been a mess even months after we closed the mail relay.
So my advice for John Gilmore and anyone else who operates an open relay, intentionally or not: Close it! You are having the worst problems of all involved parties! If possible, move to a different IP network or you won't get any rest in the near future.
OKay. now, why do I argue that Gilmore is right? Well its quite simple. You see, if we want to get rid of the chickenboners, we have to:
a) Get rid of all open relays (impossible!)
b) Get rid of all socksproxys (Do we want to get rid of this great way of staying anonymous?)
c) Get rid of all open squid-servers (Do we want to get rid of this great way of staying semi-anonymous?)
d) Get rid of all other ways you can use/abuse all sorts of relays.
The problem is that the fight against spam hurts not only email administrators anymore, but hostmasters, webmasters, people that want to run anonymous proxies of any sort, and so forth. If one wins the fight against anonymous relaying, one removes the option of staying completely (or semi-completely) anonymous in many cases.
Do you think the "antispammers" like anonymous remailers? Nope, not unless you're the customer of one, or that there are ways they may limit/stop the spamflow.
I hate the spam as much as anyone, but I really don't think the solution is to block every possibility of staying anonymous. The solution is to rewrite the fucking mail protocol, not to let _everything_ suffer because of spam beeing intolerable.
end of rant.
"Rune Kristian Viken" - http://www.nwo.no - arca
From: Michael Merritt
/. "junk filter")
To: drg@verio.net
Cc: gnu@toad.com
Date: Thu, 7 Mar 2002 12:47:17 -0600
Mr. Darren Grabowski
Verio Security
Mr. Grabowski,
I write to you in response to the web page located at
http://www.toad.com/gnu/verio-censorship.html
I encourage you to continue your actions against Mr. Gilmore in response to
his refusal to comply with the terms of your company's AUP.
Let me state that I firmly uphold Mr. Gilmore's RIGHTS to run an open mail
relay as "free speech". Yet, I also firmly uphold your company's ("Verio")
RIGHTS to deny him service if he does not adhere to the terms of the service
contract which you offer him. Mr. Gilmore's continual payment of the service
charge for his T1 connection is acceptance of the terms of Verio's service
contract.
Furthermore, I firmly support the RIGHTS of Internet users, system and
network administrators, and blacklists to REFUSE to accept mail from Mr.
Gilmore's server/connection/domain.
I am exercising my RIGHTS to freedom of speech and expression in this
message, as any American citizen is permitted. I also respect the fact that
you have a RIGHT to disregard, ignore, or otherwise disagree with my views,
beliefs, and practices.
If Mr. Gilmore is truly concerned about everyone having the freedom to
exercise their RIGHTS, he will accept the fact that Verio has the RIGHT to
deny him a connection, and he has the RIGHT to seek a connection to the
Internet elsewhere. I do not find a law or governing statute anywhere that
declares every free man has a RIGHT to access the Internet.
Thank you for your time and consideration of this matter,
--
Michael Merritt
SPAM filtering by SubLimeMail -- http://www.sublimemail.com/
(remainder of signature snipped for
Come on people! John Gilmore is going on and on about his freedom of speech and how he is running a mail relay for his friends.
He is lying.
If he really wanted to run a mail relay for his friends you could authenicate them on a properly administered CLOSED mail relay. Here are a few ways to do this:
POP before SMTP authentication
SMTP authentication
SSH accounts for his friends
Webmail accounts
And John Gilmore certainly knows these and other methods of properly administering his mail server.
I doubt he is running a spam relay for profit, I think he is just trying to stubbornly make some minor point of personal philosophy, and hiding it with his words.
- For the complete works of Shakespeare: cat
To: drg@NOSPAMverio.net
2 13&mode=nested&tid=153), here are my thoughts.
n c/data/w32.yaha@mm.html) This in and of itself should be grounds for immediate termination of Gilmore's T1, or at least an ACL entry on your router serving his connection to block all outbound port 25 traffic, until he straightens this mess out by implementing some sort of security on his relay. I understand this is already the case. If not, perhaps it should be?
Cc: gnu@NOSPAMtoad.com, gnu@NOSPAMeff.org, nospam@NOSPAMeff.org
Darren:
Further to my phone call of a few minutes ago, here's a followup email of which I'm also sending copies to John Gilmore and the EFF.
Having just learned of this whole saga (http://slashdot.org/article.pl?sid=02/03/07/1623
I find Mr. Gilmore's behaviour and attitude absolutely abhorrent. He apparently thinks that he has the moral right to run an open relay, and that noone should stop him.
Has he never heard of SMTP authentication (http://www.imc.org/rfc2554)? This would allow his mail server to accept socket connections from anyone, yet only allow his authorized users to send mail through his relay. Most modern MUAs support this.
Now, supposedly, a virus is (or has been) using his relay to propagate. (http://securityresponse.symantec.com/avcenter/ve
If this were 1992, one could see how beneficial an open relay might be on the Internet. Unfortunately, this is no longer the case under any circumstances.
Being a paying member of the EFF ([My EFF-registered email address went here]), I am sincerely disappointed that the EFF is taking such an anti-Internet stance as to support the maintenance of an open relay which has, without any doubt, been abused in the past (and will no doubt continue to be). This makes me sincerely rethink my desire to continue to be a paying member, as well as my advice to friends and relatives to make donations to the EFF in lieu of giving me gifts at the holidays.
I find it amusing that Mr. Gilmore himself asks (http://www.toad.com/gnu/verio-censorship.html) for a copy of any correspondence regarding this matter be sent to nospam@eff.org -- how ironic.
Thanks in advance for helping to keep the Internet free from spam and virii, Darren. Knowledgeable Internet users everywhere thank you.
[My sig went here.]