Now the idiots at ORBS are probing random dial-ups
Obviously random dial-ups have different hosts logged on each time they try, often no one is logged on. So of course they get to imagine whatever they like (e.g., when no one is dialed up that maybe they've been firewalled.) Somehow their broken software imagines it sees the same open relay repeatedly on some random dialup IP, which of course is incredibly unlikely. Is there any reasonable way to tell these ORBS and MAPS losers "possibly good intentions, but so badly run that: no thanks" from the net administrator community. I'm really getting sick of these incompetent self-promoters wasting peoples' times. Maybe if they heard enough voices telling them "no thanks" they'd get the hint their efforts are not appreciated and not wanted. Oh, and a word from ORBS' fearless leader: From alan@manawatu.gen.nz Sun Feb 7 23:11:52 1999
As for you, fuck off. Your attitude has got you a permanent entry in ght shub list.
No doubt something to do with all the attention I get from these jerks. -- -Barry Shein Software Tool & Die | bzs@world.std.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo*
Once upon a time, Barry Shein <bzs@world.std.com> said:
Is there any reasonable way to tell these ORBS and MAPS losers "possibly good intentions, but so badly run that: no thanks" from the net administrator community.
MAPS people are not "losers" IMHO. They don't actively scan for problem hosts; they only check a host _after_ a supposed spam has been relayed through a host. As for ORBS: I have had several customers with open relays lately (which they've shut as soon as we notified them). A couple of them used our primary mail server as a smarthost, so ORBS listed it as well. In each case, ORBS failed to notify us of the listing at all. We only found out when our customers had mail blocked at servers using ORBS. If it is okay for them to scan our hosts and not notify us, I guess it would be okay for me to write a script that continuously looks up each IP address allocated to us in the ORBS lists so I can know when there is a problem. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Information Services I don't speak for anybody but myself - that's enough trouble.
Once upon a time, Barry Shein <bzs@world.std.com> said:
Is there any reasonable way to tell these ORBS and MAPS losers "possibly good intentions, but so badly run that: no thanks" from the net administrator community.
MAPS people are not "losers" IMHO. They don't actively scan for problem hosts; they only check a host _after_ a supposed spam has been relayed through a host.
Quite right. MAPS also runs the very useful MAPS DUL that lists address ranges used for dynamic dialups. The RSS (the open relay thing) won't even test addresses in the DUL. The DUL is a very effective anti-spam filter with very few false positives, since hardly anyone other than spammers sends mail directly from dialups without relaying through their own ISP's mail server. I get the occasional whine from Linux users who think their sendmail setup is so cool they don't want to dirty it with a smarthost line, but they're easy to ignore. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 johnl@iecc.com, Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
: >> Is there any reasonable way to tell these ORBS and MAPS losers : >> "possibly good intentions, but so badly run that: no thanks" from the : >> net administrator community. : > : >MAPS people are not "losers" IMHO. They don't actively scan for problem : >hosts; they only check a host _after_ a supposed spam has been relayed : >through a host. : : Quite right. MAPS also runs the very useful MAPS DUL that lists address : ranges used for dynamic dialups. The RSS (the open relay thing) won't : even test addresses in the DUL. : : The DUL is a very effective anti-spam filter with very few false : positives, since hardly anyone other than spammers sends mail directly : from dialups without relaying through their own ISP's mail server. I : get the occasional whine from Linux users who think their sendmail : setup is so cool they don't want to dirty it with a smarthost line, : but they're easy to ignore. So, (almost) everyone agrees that PV's method is responsible, and ORBS' isn't. If you don't agree, filter all known CIDR blocks. Status quo. Let's avoid the traditional month-long arguments and say g'night. Take the spam rhetoric to inet-access or spam-l. Nothing's changed in 6 years, so there's no point in whining publicly. -brian
Brian Wallingford wrote:
So, (almost) everyone agrees that PV's method is responsible, and ORBS' isn't. If you don't agree, filter all known CIDR blocks.
Is it just me or would filtering all known CIDR blocks cause a lot of false positives? <smirk>
Let's avoid the traditional month-long arguments and say g'night. Take the spam rhetoric to inet-access or spam-l. Nothing's changed in 6 years, so there's no point in whining publicly.
Yeah. What he said. This issue has been raised and answered many times over, ad nauseum. -- North Shore Technologies, Cleveland, OH http://NorthShoreTechnologies.net Steve Sobol, BOFH - President, Chief Website Architect and Janitor Linux Instructor, PC/LAN Program, Natl. Institute of Technology, Akron, OH sjsobol@NorthShoreTechnologies.net - 888.480.4NET - 216.619.2NET
Chris Adams wrote:
As for ORBS: I have had several customers with open relays lately (which they've shut as soon as we notified them). A couple of them used our primary mail server as a smarthost, so ORBS listed it as well. In each case, ORBS failed to notify us of the listing at all. We only found out when our customers had mail blocked at servers using ORBS.
I got notified when ORBS found one of the servers under my care to be open. Ah. Here's the copy of the notification that I got. They send to postmaster@Second.Level.Domain and postmaster@Hostname.Of.The.Mail.Server. That.Is.Found.To.Be.Open[0]. Question is, is someone answering postmaster@Your.Customers.Domains.And.Your.Own.Domains? [0] My particular problem was with auth2.acclink.com. The notification went to postmaster@acclink.com and postmaster@auth2.acclink.com. I believe ORBS uses rDNS to get the hostname of the mail server, but you'd have to ask Alan Brown to be sure. -- North Shore Technologies, Cleveland, OH http://NorthShoreTechnologies.net Steve Sobol, BOFH - President, Chief Website Architect and Janitor Linux Instructor, PC/LAN Program, Natl. Institute of Technology, Akron, OH sjsobol@NorthShoreTechnologies.net - 888.480.4NET - 216.619.2NET
Once upon a time, Steve Sobol <sjsobol@NorthShoreTechnologies.net> said:
Chris Adams wrote:
As for ORBS: I have had several customers with open relays lately (which they've shut as soon as we notified them). A couple of them used our primary mail server as a smarthost, so ORBS listed it as well. In each case, ORBS failed to notify us of the listing at all. We only found out when our customers had mail blocked at servers using ORBS.
I got notified when ORBS found one of the servers under my care to be open.
Ah. Here's the copy of the notification that I got. They send to postmaster@Second.Level.Domain and postmaster@Hostname.Of.The.Mail.Server. That.Is.Found.To.Be.Open[0]. Question is, is someone answering postmaster@Your.Customers.Domains.And.Your.Own.Domains?
I have postmaster@hiwaay.net delivered to my mailbox (after procmailing out the regular automated stuff). We also have several people that check the abuse@hiwaay.net mailbox several times a day. Last time I even checked our mail log for anything that might have been misdirected or filtered out. No notification at all, multiple times now. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Information Services I don't speak for anybody but myself - that's enough trouble.
Barry Shein wrote:
Obviously random dial-ups have different hosts logged on each time they try, often no one is logged on.
Barry, MAPS' open-relay blackhole list must have had an actual spam from the IP in question for it to be placed in the testing queue. Just wanted to clarify that. ORBS and MAPS are vastly different in the way they operate.
Oh, and a word from ORBS' fearless leader:
From alan@manawatu.gen.nz Sun Feb 7 23:11:52 1999
As for you, fuck off. Your attitude has got you a permanent entry in ght shub list.
No doubt something to do with all the attention I get from these jerks.
A lot of people in the anti-spam community (myself included) disagree with the way Alan Brown runs ORBS. Alan has carte blanche to test the servers I maintain; he found a server I'd accidentally left open BEFORE the spammers found it, and I appreciate that. But I wouldn't use ORBS to filter mail. I am NOT, by any stretch of the imagination, saying you shouldn't be upset; I just wanted to clarify a couple points you made. -- North Shore Technologies, Cleveland, OH http://NorthShoreTechnologies.net Steve Sobol, BOFH - President, Chief Website Architect and Janitor Linux Instructor, PC/LAN Program, Natl. Institute of Technology, Akron, OH sjsobol@NorthShoreTechnologies.net - 888.480.4NET - 216.619.2NET
Barry Shein wrote: [a criticism of ORBS and/or MAPS] Jeezus Barry, did you have to re-start this thread? It had just freakin' died out from the last time someone started it. Q: Is there any way to get one or both to stop? A: No. I'll leave the merits of either, or both, stopping, indeed the merits of either organization overall, to the protracted thread once again making it's way through NANOG. Which I intend to miss. Thank goodness for procmail. I haven't filtered anything along these lines prior to this, for reasons I can no longer fathom. /mark
participants (6)
-
Barry Shein
-
Brian Wallingford
-
Chris Adams
-
johnl@iecc.com
-
Mark Milhollan
-
Steve Sobol