From: Derek Balling [mailto:dredd@megacity.org] Sent: Sunday, May 27, 2001 10:49 AM
At 9:11 AM -0700 5/27/01, Roeland Meyer wrote:
A system that tests positive for ORBS , yet is using MAPS, will not be used as a spam relay. Yet, ORBS will list such a system.
I'm not sure I understand this logic:
1.) They test positive for orbs... so they ARE an open relay 2.) That system is using MAPS, which means that there is some subset of systems the open relay itself rejects mail from
I somehow missed your logic here. A MAPS blocked system is, by definition NOT an open-relay, since it IS MAPS-blocked. Yet, ORBS will list it as an open-relay. I agree, there is a disconnect here. Your second premis invalidates the first. This may be a semantic issue, please examine and clarify. A MAPS-blocked system may show as an open-relay to another system not listed in MAPS. However, it will show as closed to a system that is listed in MAPS. It all depends on the source of the test. AHA! Maybe ORBS should be listed in MAPS? That will certainly resolve this problem and ORBS will no longer show false positives.
Somehow that means that non-MAPS-listed sources (of which there are many) are somehow magically restricted from relaying through the open relay?
Since your first sylogy didn't parse, this one didn't either. I might point out that, since MAPS has been running for a few years, most if not all, the spammer sources are now listed.
At 11:10 AM -0700 5/27/01, Roeland Meyer wrote:
I'm not sure I understand this logic:
1.) They test positive for orbs... so they ARE an open relay 2.) That system is using MAPS, which means that there is some subset of systems the open relay itself rejects mail from
I somehow missed your logic here. A MAPS blocked system is, by definition NOT an open-relay, since it IS MAPS-blocked. Yet, ORBS will list it as an open-relay. I agree, there is a disconnect here. Your second premis invalidates the first. This may be a semantic issue, please examine and clarify.
I think this is all a phrasology thing. Assuming "a MAPS-blocked system" means a system that is listed/blocked by MAPS as a spam source. Then your statement makes no sense because in all likelihood, that host IS an open relay. Assuming "a MAPS-blocked system" means a system that is partaking of the MAPS lists to block inbound mail to it Then your statement further makes no sense, because any non-MAPS-listed host could (in theory) send mail to/through that system. If the system using MAPS is an open relay, then non-MAPS-listed hosts could quite happily/easily pump mail through that system regardless of whether or not it is using MAPS. So in conclusion - unless you're defining a third case, I don't know what you're talking about. :)
I might point out that, since MAPS has been running for a few years, most if not all, the spammer sources are now listed.
I think my personal evidence (that about 90-95% of my spam that is blocked is NOT from MAPS sources) does not seem to bear that out. If you really believe your above statement, there's a wonderful slightly used bridge I'd love to sell you. D -- +---------------------+-----------------------------------------+ | dredd@megacity.org | "Conan! What is best in life?" | | Derek J. Balling | "To crush your enemies, see them | | | driven before you, and to hear the | | | lamentation of their women!" | +---------------------+-----------------------------------------+
At 11:10 AM 5/27/2001 -0700, Roeland Meyer wrote:
From: Derek Balling [mailto:dredd@megacity.org] Sent: Sunday, May 27, 2001 10:49 AM
At 9:11 AM -0700 5/27/01, Roeland Meyer wrote:
A system that tests positive for ORBS , yet is using MAPS, will not be used as a spam relay. Yet, ORBS will list such a system.
I'm not sure I understand this logic:
1.) They test positive for orbs... so they ARE an open relay 2.) That system is using MAPS, which means that there is some subset of systems the open relay itself rejects mail from
I somehow missed your logic here. A MAPS blocked system is, by definition NOT an open-relay, since it IS MAPS-blocked. Yet, ORBS will list it as an open-relay. I agree, there is a disconnect here. Your second premis invalidates the first. This may be a semantic issue, please examine and clarify.
A MAPS-blocked system may show as an open-relay to another system not listed in MAPS. However, it will show as closed to a system that is listed in MAPS. It all depends on the source of the test. AHA! Maybe ORBS should be listed in MAPS? That will certainly resolve this problem and ORBS will no longer show false positives.
Although I do not really like ORBS, but I thought the first explanation was closer. (NOTE: I assume we are only discussing the MAPS RSS, not other MAPS products.) I was under the impression that an open relay listed in MAPS is still an open relay. MAPS cannot reconfigure other people's mail servers. However, if my mail server subscribes to MAPS, my mail server will automatically reject mail from your server if it is listed in MAPS. This does not make your mail server a "closed relay", I just deny all mail from you. As such, even "good" e-mail from your own end users will be denied. This is what some call "collateral damage". Also, two systems listed in MAPS will still accept e-mail from each other (assuming they do subscribe to MAPS, which would be silly since they are both open relays and listed in MAPS). So, listing ORBS in MAPS would not really do much good. Besides, ORBS is not an open relay, not a whole lot of mail (unless they are probing you :) and probably no spam comes from ORBS, so who cares? Did you know that MAPS has been listed in ORBS for quite a while. :) (It is rumored - proven to some of us - that ORBS will list servers out of spite. And by ORBS' own documentation, it will list any server which blocks an ORBS probe, whether open or not.) I think we can pretty much end this thread. Anyone who wants to block as much spam as they can, even at the cost of a lot of "real" e-mail, please use ORBS. Your server, your choice. Those of us who like a more surgical approach with less collateral damage can use MAPS. And those of us who love their delete key can use nothing. :) All I suggest is that EVERYONE close their relays. Period. Now, can't we all just get along? :) TTFN, patrick
participants (3)
-
Derek Balling -
Patrick W. Gilmore -
Roeland Meyer