From: woods@weird.com [mailto:woods@weird.com] Sent: Saturday, May 26, 2001 11:02 PM
[ On Sunday, May 27, 2001 at 00:17:29 (-0400), William Allen Simpson wrote: ]
But, ORBS remains indefensible.
It would seem that I have no problems either defending it, or using it. Whether I'm successful in the latter endeavour is only for me to decide. Whether I'm successful in the former endeavour is a larger question.
The MAPS leads to far fewer mistakes -- does not block non-relaying servers just because they don't think the network has sufficient "action against spammers in recent months." That's entirely judgmental, not operational.
The mechanically verified part of ORBS cannot, by definition, lead to any
Greg, it all comes down to ONE major issue ... collateral damage.
We've been falsely accused by ORBS,
Which list were you on again? Wasn't it the manual netblocks list?
without any evidence of spamming.
He makes a perfectly valid point here. In the past few days I have seen much testimony, from folks right here on this list, that were listed on ORBS. I've also read testimony that their systems were never used for spam. I can't imagine a spammer being on this list for long. Nor, can I imagine those illustrious folks being spammers. Yet, they were on the ORBS list. BTW, MHSC systems were also carried on ORBS for a while and when they were, over 50% of my bandwidth was used to fend off crack attempts. Thank gawd I was using MAPS at the time. None of the relay attempts got through. Although, I *did* have to replace a couple of weak BIND boxen (thanks for the extra work, BTW >:P ). Brother, that is the very definition of collateral damage. In fact, it was worse. It's "friendly fire". If we start taking out innocents and even our own guys, the spammers will win. We need to start fighting the PURE WAR against spammers. What ORBS does is to find innocents and paints bulls-eyes on them for the spammers to find easier. The argument ORBS presented, on their web-site, to justify this, is terribly weak. It still amount to pointing the guns ... in the WRONG direction.
Please do not forget that ORBS goal is not to detect or prevent spamming per se.
But, without spammer behavior, open-relays are perfectly acceptable. Else, why was it the default option in sendmail for so long? The "anti" argument falls over dead without spammers. It's not the gun, it's the bloke pointing it.
It's full name should make this clear: Open Relay Behaviour- modification System. Any open relay is a bad thing regardless of whether it has yet been abused by a spammer (because it will undoubtably be abused unless it is closed first).
You make my point here. Remove spammers and ORBS becomes nothing more than a totalitarian tool for a political agenda without merit. If I can run a relay system safely (without spammer abuse) then you have lost the right to tell me I can't do so because there is no possible damage to your systems. It's also a control issue, I strongly resent someone, whom isn't paying the rent here, trying to modify my behavior. I get enough of that from my government.
ORBS blocks for political reasons, rather than technical.
I guess I can't really disagree with that, though I will point out that I am using ORBS as a deterrent against such acts of theft of service and fraud and thus it is in fact what's known as a "technical control".
Can't you see how inherently corrupt that is? Drop ORBS and go with MAPS. Be friendly to your friends and disdain only those that are truely your enemies.

[ On Sunday, May 27, 2001 at 00:01:36 (-0700), Roeland Meyer wrote: ]
Subject: RE: Scanning (was Re: Stealth Blocking)
The mechanically verified part of ORBS cannot, by definition, lead to any
Greg, it all comes down to ONE major issue ... collateral damage.
All my friends, colleagues, etc., who were still stupid enough to be running open relays on the day I started using ORBS had their mailers secured by sundown. (and any that didn't, well, perhaps they weren't smart enough to be my friends and colleagues after all.... :-)
He makes a perfectly valid point here. In the past few days I have seen much testimony, from folks right here on this list, that were listed on ORBS. I've also read testimony that their systems were never used for spam. I can't imagine a spammer being on this list for long. Nor, can I imagine those illustrious folks being spammers. Yet, they were on the ORBS list.
You keep, conveniently it seems, forgetting that ORBS is not designed to block spammers -- it's designed to convince people not to run open relays. So, in other words, those illustrious folks were being less-than- professional, one way or another (either they were insisting on running open relays, or they were blocking the tester for political reasons). Please also try harder to remember that there's ORBS, and then there are the other adjunct lists that are offered under the same domain name but which are not mechanically tested open relays. These days ORBS doesn't completely confuse untestable hosts with hosts that are open relays!
But, without spammer behavior, open-relays are perfectly acceptable. Else, why was it the default option in sendmail for so long? The "anti" argument falls over dead without spammers. It's not the gun, it's the bloke pointing it.
Open relays are unacceptable on any public network, since they lead not only to plain old theft-of-service, but also to much more dangerous things, such as theft-of-service for the purpose of committing fraud. They would be unacceptable even in a spam-free world. Sendmail started out as an open relay mailer by default for so long because it was the de facto mailer on an effectively private academic network where peer pressure is more of a deterrent than any technical control can ever be! Think about it -- true hackers (in the MIT sense) find technical controls to be a challenge. (Hmmm... maybe sendmail should always have been secure by default and then the early hackers would have long ago identified all its weak spots! ;-) Obviously the problem on the public Internet wouldn't be quite so bad if mailers didn't start out as open relays by default. Unfortunately even though most mailer authors and maintainers have long ago fixed their software to be secure by default, their vendors have often failed to work to erradicate the old insecure instances and as such we still see new open relays installed every day. Technical controls are the only feasible way to identify and deter the use of such new open relays. Your USA-centric view of the world is also part of the problem. If all perpetrators of theft of service and fraud could be prosecuted equally under a common law then it would be much more difficult for them to get away with the illegal acts they are committing. However given that the Internet is actually a global service, and given that open relays can be installed in any legal jurisdiction and used from any other legal jurisdiction, it's almost impossible to ever make legal action into any serious deterrent, at least not within any reasonable Internet-based timeframe. Only technical controls can ever stand a chance of creating such a deterrent in this kind of disjoint legal quagmire. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <woods@robohack.ca> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
participants (2)
Roeland Meyer