Slashdot Mirror
Long-Dead ORDB Begins Returning False Positives
Chapter80 writes "At noon today (Eastern Standard Time), the long dead ORDB spam identification system began returning false positives as a way to get sleeping users to remove the ORDB query from their spam filters. The net effect: all mail is blocked on servers still configured to use the ORDB service, which was taken out of commission in December of 2006. So if you're not getting any mail, check your spam filter configuration!"
No emails, but it's not the ORDB system. I just don't have any friends.
Read my Very Short "Stories"
They arent being lost, simply being flagged as spam by the database. People will have to go into their respectave administration interface and "release" the mail and/or mark it as safe. Kind of a pain in the ass, but if your depending on a spam database that is over a year old, its not likley doing much for you anyway.
ORDB was a realtime blacklist. I.E. it identified the IP addresses of open relays. Most people use RBL's like zen and njabl to block connections from 'bad' SMTP servers at HELO, they're much more effective at that stage than later as part of bayesian spam filters - context filtering is expensive and unrelaible with the volume of spam these days. Blocking open relays and dynamic ranges* at HELO is often the only practical way to get a handle on 99% spam loads.
Configured that way, there's no email to release, as the server was not allowed to connect in the fiirst place - in effect, ORDB would have caused an admin unaware that they had shut down to have his server block all inbound email at the connection level. Given the amount of sample configs about that still include them, that's not impossible to imagine.
Effective way of getting people to stop querying their servers, but kinda dickish.
*Yes, I know dynamic ranges sometimes host legit personal mail servers. Unfortunately, for every legit user there are hundreds of spam zombies on those dynamic IPs, often dumping dozens of spam at a time, often hitting over and over again until they get past the greylist timeout. I'm watching my log now, and I just blocked 50 odd connection attempts from one 1 pretending to be 50 different email domains. In the time it's taken me to write this footnote, the dynamic range IPs blacklists have blocked a few hundred emails.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
Concur, wholeheartedly.
I put a good deal of effort into getting spamassassin configured to classify spam into imap folders for my users, and giving them tools for whitelisting, etc. on an individual basis. One man's spam is another man's ham, after all.
I could not in good faith arbitrarily delete mail based on automatic filtering. I would rather run completely unfiltered than make that decision for somebody, and for a long time I resisted the idea of filtering server-side. Bottom line was that my customers demanded it, so I had to come up with a system that met their requirements and mine.
When It Counts.
As much as we can rail against stupid mail admins, I think it would not be remiss of us to remember that the ultimate sufferers are end users who probably have no idea what their mail server administrator is doing. In other words, this hurts the people who *rely* on mail administrators, not the mail administrators. For that reason, I think ORDB is doing the wrong thing. This is yet another reason why privately owned spam registrars like ORDB are a bad idea; they just do not understand the either the gravity of what they are doing, nor do they have the responsibility to take it seriously. If you are doing something on such a large scale, it is inevitable that there will always be stragglers. Don't get all indignant about how "dumb mail admins" should know better unless you know that all your utility providers abide by the latest best industry practices in their respective fields.
On a side note, given that this move by ORDB specifically targets people other than those who they want to change the behaviour of in an attempt to get those innocent bystanders to affect change upon the real people they want to affect, this actually meets the FBI's definition of terrorism.
I hate printers.
Saying "A girlfriend? Proof positive that he's not a regular /. reader" is modded Insightful? Since every mention of "girlfriend" receives this response like clockwork, Redundant seemed more appropriate... Well then, I have some more Insightful tidbits for you:
Jocks are idiots.
Linux users have tiny penises.
Windows users are point-and-drool morons.
Mac users are artistic and gay and think overpriced computers are status symbols.
Business execs and politicians don't know fuck-all about computing or networking, but insist on controlling them anyway.
Women are shitty drivers (they themselves have fewer accidents, hence they receive a better insurance rate; they're shitty drivers because they do annoying shit that creates obstacles for others, like not knowing what the fuck the passing lane is for).
Black people are either from the ghetto, or act like they wish they were.
White people have zero sense of rhythm, can't dance, and can't jump.
Now where's my +5 Insightful?
I tell you three times: At the volumes we're talking about, merely turning off the server does not solve the problem caused by people continuing to query it.
"Ain't no right way to do a wrong thing."
At noon today (Eastern Standard Time), the long dead ORDB spam identification system began returning false positives. Human decisions are removed from strategic defense. ORDB begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time, March 26th. In a panic, they try to pull the plug.
Dark Reflection