I -do- have a postmaster account, and there's nothing broken on my mail server. I *don't run an open relay*. I provide SMTP service to my clients *in conformance with the relevant RFCs*, as well as reasonable and prudent security practices. I'm not a spam-house; I have internal mechanisms for detecting such activity before it becomes a problem for others, in most cases. When something slips through the cracks, I jump on it immediately. It's great that their 'service' helped you; however, some of us would prefer to rely upon our own skills and experience to ensure that our systems are properly set-up. I no more want the ORBS people forging mail via my server than I do the 'MAKE MONEY FAST' people, and their attitude belies a stunning arrogance coupled with extreme shortsightedness, which isn't something any of us should wish for in an organization whose stated aim is to improve the user experience. And that's enough of that. -----Original Message----- From: Eric A. Hall [mailto:ehall@ehsco.com] Sent: Saturday, July 08, 2000 12:08 PM To: rdobbins@netmore.net Cc: nanog@merit.edu Subject: Re: RBL-type BGP service for known rogue networks?
ORBS forge headers (thereby violating the RFC) to look as if they're coming from domains you host, then if it goes through, they put you in their little black book for being an 'open relay'. No notice, nothing.
The last part of that statement is simply untrue. I got ORBS'd once and they notified me via postmaster@domain. If you don't get notified then you don't have a postmaster account for the domain, and it is you who are in violation of the RFCs. As for the "forge headers in violation" part, they have to test the common variations. Who cares if they do that as a one-off probe. If they were doing it all the time it would be a problem, but once is nothing. Of course, the spammers who are using your server as an open relay are certainly violating that and much more, so if it really bothers you close your freaking relay. ;) I for one was happy for the free and comprehensive testing. It pointed out a whole I had missed in my config. Once patched, I was out of the ORBS database in less than 24 hourse, and was able to get out on my own just by filling out a form on their web site that kicked off an automated retesting. I think ORBS provides an excellent service, and I say that because my experience says that they rely entirely upon factual evidence before they block, and it is easy to get out of the database once you provide evidence that you have fixed your server. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/