User: timjackson1

Re:Call me stupid, but

on ORBZ Shuts Down

Why the hell doesn't the ORBZ software just send out a MAIL FROM: header that doesn't have the remote side's address?

Because the point is that they are trying to find any configuration that permits relaying. If they can find it, so can spammers.

Some open relays are set up in such a way that they would not relay messages with MAIL FROM [orbz] but would with MAIL FROM [127.0.0.1].

Re:No no no no NO!

on ORBZ Shuts Down

OK, I was being slightly facetious, I was more trying to make the point that rather than ORBZ being threatened for sending packets (legitimately formed according to the RFCs? Probably) to a public server and DoSing it as a result, the people responsible for making a fragile server should be on the line. The right solution here is not for anyone to sue anyone but rather for vendors to respond quickly and effectively to security problems and admins to implement the fixes. However, there is significant debate going on at the moment about whether vendors *should* be responsible for security (or other) failings. Regardless of the result of this, authors of free programs (of any sort) should definitely be able to exempt themselves. (although in itself this opens up a can of worms...what about shareware/low cost software? etc.)