From owner-nanog@merit.edu Tue Mar 15 12:53:30 2005 Date: Tue, 15 Mar 2005 10:53:22 -0800 From: Micah McNelly <micah@style.net> Subject: Re: sorbs.net
Actually I got a response quickly from a list member who represent sorbs at some level. Do you really think opinion has a place in mail delivery?
*MY* opinion on that matter doesn't count for sh*t. Neither does yours. The _only_ opinion that matters is that of the *owner* of the destination mail-server. As in "My server, *my* rules." Quite obviously, the server operator at the place you were trying to mail _to_ *DOES* believe that 'opinion' has a place in e-mail delivery. Like I said, the _first_ place you should take your 'problem' is to *them*. *NOBODY* is 'forced' to use SORBS, or any othe blocklist. The mail-system owners/administrators that *CHOOSE* to do so, have made a voluntary decision to restrict incoming mail to their system on that basis. THEY did it, nobody else.
a few questions o could this be used as a dos and then become extortion? has this actually happened, or is it just black heli? o the ts&cs would seem to indicate that the donation is voluntary, and proportional to the spam generated. e.g., if you generated no spam, no donation. do i understand this correctly? randy
On Tue, Mar 15, 2005 at 11:21:35AM -0800, Randy Bush wrote:
o could this be used as a dos and then become extortion?
Unlikely. Blocklists are used by choice, and blocklists which either aren't effective or don't have sane policies don't get chosen often. (See "BLARS", which even blars was recommending that you don't use the last time I checked.) So if someone tried this approach, the most likely outcome is that those using it would stop and the problem would evaporate. ---Rsk
----- Original Message ----- From: "Rich Kulawiec" <rsk@gsp.org> To: <nanog@merit.edu> Sent: Tuesday, March 15, 2005 5:43 PM Subject: Re: sorbs.net
On Tue, Mar 15, 2005 at 11:21:35AM -0800, Randy Bush wrote:
o could this be used as a dos and then become extortion?
Unlikely. Blocklists are used by choice, and blocklists which either aren't effective or don't have sane policies don't get chosen often. (See "BLARS", which even blars was recommending that you don't use the last time I checked.)
unfortunately, that *still* didn't stop people from using it, which translated into an unresolvable headache for me as a sp. if you don't consider a blacklist to be usable by the public, don't publish it. however, publishing a draconian blacklist seems to get you a 'hardcore' label/clout in certain circles and is thus irresistible for some. -p
On Tue, Mar 15, 2005 at 05:44:41PM -0500, Paul G wrote:
unfortunately, that *still* didn't stop people from using it, which translated into an unresolvable headache for me as a sp.
Then gripe at the people who chose to use it: it was *their* decision, and if it was a poor one, then they are the people who need to be held accountable for it. Look, if I want to publish a blocklist of all domains with the string "er" in them and all IP addresses ending in .7, that would be a silly thing to do: but after all, it's just a list. It doesn't _do_ anything until someone decides to use it for some purpose. And if they're insane enough to do so, well, <shrug>, so be it. It's their system/network; they're free to decline any inbound traffic they don't wish to receive. And you, and I, and everyone else who's not on their system/network, don't get a vote. ---Rsk
On Tue, 15 Mar 2005, Paul G wrote:
unfortunately, that *still* didn't stop people from using it, which translated into an unresolvable headache for me as a sp. if you don't consider a blacklist to be usable by the public, don't publish it. however, publishing a draconian blacklist seems to get you a 'hardcore' label/clout in certain circles and is thus irresistible for some.
Sorry if this thread is older, but I ran into a PRIME operational example of this last week that cost one of the techs here a few hours headache. Lady was running exchange. She had the Symantec virus/spam/crap filter for it installed.. All email to her was bouncing with a 550 spam site deny. We jerked around with it for quite some time before we realized that one of the dnsbl's that the Symantec product was using was returning positive for ALL queries. This is the risk you run - this product either had it on by default, or it was in a list of options to turn on. End users don't know what it is, and only know it'll help eliminate spam, and they turn it on. Then they generate support load when their email breaks. Average user, or even sysadmin, doesn't know about dnsbl's. To state that you make a concerted effort to use them nowadays may be false. Spamassassin comes out of the box poking SORBS and adding score if it's in there. I turned it off because of questionable listings, but how many users of SA know how to do that? Food for thought. Jason -- Jason Slagle /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . X - NO HTML/RTF in e-mail . / \ - NO Word docs in e-mail .
On Mon, Mar 21, 2005 at 10:55:13AM -0500, Jason Slagle wrote:
This is the risk you run - this product either had it on by default, or it was in a list of options to turn on. End users don't know what it is, and only know it'll help eliminate spam, and they turn it on. Then they generate support load when their email breaks.
Average user, or even sysadmin, doesn't know about dnsbl's. To state that you make a concerted effort to use them nowadays may be false. Spamassassin comes out of the box poking SORBS and adding score if it's in there. I turned it off because of questionable listings, but how many users of SA know how to do that?
This sounds like an excellent sales point for value added mail processing... Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Designer Baylink RFC 2100 Ashworth & Associates The Things I Think '87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system adminstrator. Or two. --me
On Mon, 21 Mar 2005 10:58:00 -0500, Jay R. Ashworth <jra@baylink.com> wrote:
This sounds like an excellent sales point for value added mail processing...
It is not just clueless end user exchange admins who deploy dumb filter rules. If I had a nickel for every time I've run into stupid spam filtering (read: filtering that affects mail from my over 40 million users, because an admin was too dumb to read forged headers) at surprisingly large operators [ISPs, huge corporate networks etc] I'd be rich. Luckily, quite a few people who turn on dumb spam filters do turn them off when contacted and told about their bad filtering. Some make the mistake of not doing so - and they'll be destined to lose email for their users, on a permanent basis. Its that old Spiderman quote - With great power comes great responsibility. Having root / enable / postmaster access at a site means its not enough to know how to do "access list 101 deny" or "vi /etc/mail/access" .. it means that the guy should know when to do it - and when not to. And he should be reachable, and should know enough to realize he's screwed up, and to fix it. Sadly, this is rather less common than simply knowing how to throw filters in - that's the easy part. Kind of like the difference between a mining engineer triggering carefully shaped and placed demolition charges, and Wile E Coyote lighting the fuse on a bundle of dynamite. -- Suresh Ramasubramanian (ops.lists@gmail.com)
.. it means that the guy should know when to do it - and when not to. And he should be reachable, and should know enough to realize he's screwed up, and to fix it. Sadly, this is rather less common than simply knowing how to throw filters in - that's the easy part. Kind of like the difference between a mining engineer triggering carefully shaped and placed demolition charges, and Wile E Coyote lighting the fuse on a bundle of dynamite.
There are a lot of people in this industry who claim to be engineers but they're not. In fact, I am of the opinion that there is no such thing as an Internet network engineer because there are no published best practices for Internet network engineering and there is no formal oversight for Internet network engineering. This is the fundamental problem in Internet operations today. Too many cowboys and Wile E Coyotes. --Michael Dillon P.S. Has anyone else had a look at the PITAC report to the President on Cyber Security? http://www.itrd.gov/pitac/
On Tue, Mar 22, 2005 at 09:47:00AM +0000, Michael.Dillon@radianz.com wrote:
There are a lot of people in this industry who claim to be engineers but they're not. In fact, I am of the opinion that there is no such thing as an Internet network engineer because there are no published best practices for Internet network engineering
If there were a centralized site to which to contribute such things, a site based on MediaWiki, for example (the engine which drives Wikipedia), would the members of this list contribute to it? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Designer Baylink RFC 2100 Ashworth & Associates The Things I Think '87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system adminstrator. Or two. --me
On Tue, Mar 22, 2005 at 09:47:00AM +0000, Michael.Dillon@radianz.com wrote:
There are a lot of people in this industry who claim to be engineers but they're not. In fact, I am of the opinion that there is no such thing as an Internet network engineer because there are no published best practices for Internet network engineering
If there were a centralized site to which to contribute such things, a site based on MediaWiki, for example (the engine which drives Wikipedia), would the members of this list contribute to it?
For those who have never heard of Wikipedia, it is an online encyclopedia that anyone can contribute to. However, it is not a free-for-all. There is some structure to it and it has evolved to the point where where it really does provide accurate and comprehensive information at least equal to the big paper encyclopedias. It could actually help us solve the problem of getting best practices published. However, the Mediawiki tool itself is not the solution to the problem, only a vehicle towards a solution. We would need a large percentage of NANOG members to write (or review and correct) sections relating to their expertise. And Jay, before you put up this site, I suggest that you think long and hard about who will run/promote the site. The technical aspect of getting MediaWiki running on a server are trivial. The real challenge is in promoting the site and getting a high enough calibre of contributor. That will mean repeated status update presentations at NANOG meetings and a lot of chasing people in hallway discussions to get them to contribute. However, it could work and I'm glad that you suggested this because it is a nice incremental and evolutionary technique to collect and publish the knowledge of the "profession". --Michael Dillon
On Tue, Mar 22, 2005 at 04:38:27PM +0000, Michael.Dillon@radianz.com wrote: [ Me: ]
If there were a centralized site to which to contribute such things, a site based on MediaWiki, for example (the engine which drives Wikipedia), would the members of this list contribute to it?
For those who have never heard of Wikipedia, it is an online encyclopedia that anyone can contribute to. However, it is not a free-for-all. There is some structure to it and it has evolved to the point where where it really does provide accurate and comprehensive information at least equal to the big paper encyclopedias.
In general, and you can get a fairly good idea of the provenance of a given fact if you need to rely on it for something.
It could actually help us solve the problem of getting best practices published. However, the Mediawiki tool itself is not the solution to the problem, only a vehicle towards a solution. We would need a large percentage of NANOG members to write (or review and correct) sections relating to their expertise.
Correct: we would. I'm a fairly good general and structural editor, but for this, I'd likely even need for someone(s) to contribute a good structural framework onto which to hang the necessary information. Wiki's *do* have the nice advantage that the content is structure free: you can build and rebuild any ontology around the information that suits you, and indeed multiple ones (topic index, tutorial, etc) around the *same* information.
And Jay, before you put up this site, I suggest that you think long and hard about who will run/promote the site. The technical aspect of getting MediaWiki running on a server are trivial. The real challenge is in promoting the site and getting a high enough calibre of contributor. That will mean repeated status update presentations at NANOG meetings and a lot of chasing people in hallway discussions to get them to contribute.
As far as running it, I was considering letting Wikipedia do it. They've got a service that the founder of Wikipedia cooked up called Wikicities; same rough idea as Geocities (centralized hosting, your content), but they're pickier about who'll they'll start one for (for obvious reasons). I need to investigate whether they host those sites on the Wikipedia cluster (where, in general, the connectivity and support are reasonably good and improving)... though as you note, installing and maintaining a small one is pretty trivial. As far as promoting it? If we build it, they will come. Google is your friend. Making clear what it is and who's writing for it is enough for the second-tier visitors, and they'll likely word-of-mouth it to the first-tier. As far as I can see, the fact that it's all in one place makes the "making the net a better place" motivation more applicable.
However, it could work and I'm glad that you suggested this because it is a nice incremental and evolutionary technique to collect and publish the knowledge of the "profession".
I've become *quite* fond of Wiki's for knowledge capture. The ease of editing and linkage locality of reference they provide make it *much* simpler for people to post the things they know and believe (though distinguishing the two can be ... interesting at times). Not alone because I *am* a network operator (however customer-side and small) who knows that they don't know everything, it's something I'd like to see happen. Somehow. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Designer Baylink RFC 2100 Ashworth & Associates The Things I Think '87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system adminstrator. Or two. --me
On Tue, 22 Mar 2005 09:35:02 +0530, Suresh Ramasubramanian <ops.lists@gmail.com> said:
Suresh> Luckily, quite a few people who turn on dumb spam filters do Suresh> turn them off when contacted and told about their bad Suresh> filtering. Some make the mistake of not doing so - and Suresh> they'll be destined to lose email for their users, on a Suresh> permanent basis. I wish it were always so easy. I've been talking to an administrator lately who's policy is that "loosing occasional email is ok if it means we keep out a whole bunch of spam". If they're that far over the fence I'd need a strong bull with a long rope to try to pull them back to my side. I keep trying to tell him I'm potentially losing business due to his position, but he's convinced spam is worse. Some people simply can't be educated. -- "In the bathtub of history the truth is harder to hold than the soap, and much more difficult to find." -- Terry Pratchett
On Tue, 22 Mar 2005 07:27:21 PST, Wes Hardaker said:
I wish it were always so easy. I've been talking to an administrator lately who's policy is that "loosing occasional email is ok if it means we keep out a whole bunch of spam". If they're that far over the fence I'd need a strong bull with a long rope to try to pull them back to my side. I keep trying to tell him I'm potentially losing business due to his position, but he's convinced spam is worse.
Some people simply can't be educated.
On the other hand, which should he choose - *you* losing business due to his position, or *HIM* losing business if he takes the other position? If he lowers his spam filters enough to allow your *potentially* lost business through, and he loses 10% of his customers to someplace that has a heavier-duty spam filter policy, are you going to repay him for that lost revenue?
On Tue, 22 Mar 2005 07:27:21 -0800, Wes Hardaker <wjhns61@hardakers.net> wrote:
I wish it were always so easy. I've been talking to an administrator lately who's policy is that "loosing occasional email is ok if it means we keep out a whole bunch of spam". If they're that far over
That is a far cry from far dumber filtering mistakes that keep happening, and that I have an issue with. If an admin has spam in hand - go ahead. Block till its fixed, if the numbers add up the way this guy says. And be prepared to listen, and to unblock If you are blocking based on your misreading of forged spam, or are implementing over-extreme filters, and dont want to listen to complaints about it, or to address false positives, consider downgrading the infrastructure you manage from "production mailserver" to "etch a sketch" More on spam-l or some other more appropriate list. I'm starting to repeat myself -srs -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Mon, 21 Mar 2005, Jason Slagle wrote:
Lady was running exchange. She had the Symantec virus/spam/crap filter for it installed.. All email to her was bouncing with a 550 spam site deny.
We jerked around with it for quite some time before we realized that one of the dnsbl's that the Symantec product was using was returning positive for ALL queries.
This is the risk you run - this product either had it on by default, or it was in a list of options to turn on. End users don't know what it is, and
actually the risk being run is 'not understanding what you are doing' :( mark this admin of mail systems up with the others who blithely use ANY RBL without knowing how/what/where/when it gets made. -Chris
participants (11)
-
Christopher L. Morrow -
Jason Slagle -
Jay R. Ashworth -
Michael.Dillon@radianz.com -
Paul G -
Randy Bush -
Rich Kulawiec -
Robert Bonomi -
Suresh Ramasubramanian -
Valdis.Kletnieks@vt.edu -
Wes Hardaker