Re: trapdoor.merit.edu and other impatient Postfix mailers everywhere (fwd)
It is interesting to see some of the sites that not only use(d) the MAPS lists for free, but didn't even bother to do the zone transfer mode (which reduces the load on the MAPS servers and speeds up your local use).
At least one of us thinks the zone transfer mode was not free; and, at least one of us thinks the sendmail configuration we were using was taken from the vix.com site as is. At least one of us has a reputation for being wrong from time to time.
On Thu, 2 Aug 2001, Larry Sheldon wrote:
It is interesting to see some of the sites that not only use(d) the MAPS lists for free, but didn't even bother to do the zone transfer mode (which reduces the load on the MAPS servers and speeds up your local use).
At least one of us thinks the zone transfer mode was not free
It was, until just recently. -- JustThe.net LLC - Steve "Web Dude" Sobol, CTO - sjsobol@JustThe.net Donate a portion of your monthly ISP bill to your favorite charity or non-profit organization! E-mail me for details.
I think MAPS managed to DOS themselves. Since they are refusing queries BIND can't cache the response and so it just keeps trying with every new e-mail. The traffic hitting MAPS servers has to be impressive. Mark Radabaugh Amplex (419) 833-3635 -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Steven J. Sobol Sent: Thursday, August 02, 2001 4:33 PM To: Larry Sheldon Cc: nanog@nanog.org Subject: Re: trapdoor.merit.edu and other impatient Postfix mailers everywhere (fwd) On Thu, 2 Aug 2001, Larry Sheldon wrote:
It is interesting to see some of the sites that not only use(d) the
MAPS
lists for free, but didn't even bother to do the zone transfer mode (which reduces the load on the MAPS servers and speeds up your local use).
At least one of us thinks the zone transfer mode was not free
It was, until just recently. -- JustThe.net LLC - Steve "Web Dude" Sobol, CTO - sjsobol@JustThe.net Donate a portion of your monthly ISP bill to your favorite charity or non-profit organization! E-mail me for details.
At 5:17 PM -0400 8/2/01, Mark Radabaugh - Amplex wrote:
I think MAPS managed to DOS themselves. Since they are refusing queries BIND can't cache the response and so it just keeps trying with every new e-mail. The traffic hitting MAPS servers has to be impressive.
This seems very similar to what happened to a couple of the ORBS mirrors when ORBS shut down. Eventually, one of them decided to just start returning "127.0.0.2" for every lookup (or some such), which caused lots of people to reject-all-mail until they fixed their configs. Not that I think MAPS would do such a thing, but it may be one of the few ways they can fix the large installed base pointing at them and not ceasing as they're supposed to. D -- +---------------------+-----------------------------------------+ | dredd@megacity.org | "Conan! What is best in life?" | | Derek J. Balling | "To crush your enemies, see them | | | driven before you, and to hear the | | | lamentation of their women!" | +---------------------+-----------------------------------------+
On Thu, 2 Aug 2001, Derek Balling wrote:
At 5:17 PM -0400 8/2/01, Mark Radabaugh - Amplex wrote:
I think MAPS managed to DOS themselves. Since they are refusing queries BIND can't cache the response and so it just keeps trying with every new e-mail. The traffic hitting MAPS servers has to be impressive.
This seems very similar to what happened to a couple of the ORBS mirrors when ORBS shut down.
Eventually, one of them decided to just start returning "127.0.0.2" for every lookup (or some such), which caused lots of people to reject-all-mail until they fixed their configs.
Not that I think MAPS would do such a thing, but it may be one of the few ways they can fix the large installed base pointing at them and not ceasing as they're supposed to.
Which is to show you what can happen to those that entrust control of their communications to a third party. The commercialization of the lil' MAPS charity proves beyond a reasonable doubt that it was just another clever ploy for them to make a living at it. The brilliant idea: have everybody pay a small toll on email. Blackhole thy opponents. Quote: "There will be a day when folks will need to pay to transit email." (Paul Vixie, 1998) That day has come. The inclusion of maps.vix.com references in the sendmail code has lead to predictable consequences. Let's hope this will serve as a warning to all sysadmins who can infere what's wrong with enterprises like MAPS from this incident. --Mitch NetSide
On Thu, 2 Aug 2001, Mitch Halmu wrote:
Which is to show you what can happen to those that entrust control of their communications to a third party. The commercialization of the lil' MAPS charity proves beyond a reasonable doubt that it was just another clever ploy for them to make a living at it.
That's right! I think it's just evil that they might want to cover their costs and maybe be able to eat, drink, and pay their rent. All the necessities of life should be provided by the state after all! Whatever. If you find the service valuable, then you'll pay for it, if you don't, then don't use it and go away. -- Brandon Ross 404-522-5400 EVP Engineering, NetRail http://www.netrail.net AIM: BrandonNR ICQ: 2269442 Read RFC 2644!
On Thu, 2 Aug 2001, Brandon Ross wrote:
On Thu, 2 Aug 2001, Mitch Halmu wrote:
Which is to show you what can happen to those that entrust control of their communications to a third party. The commercialization of the lil' MAPS charity proves beyond a reasonable doubt that it was just another clever ploy for them to make a living at it.
That's right! I think it's just evil that they might want to cover their costs and maybe be able to eat, drink, and pay their rent. All the necessities of life should be provided by the state after all!
Until recently, MAPS was financed by Metromedia Fiber Network /Abovenet, in "mi casa su casa" fashion, aka run by their employees. Unfortunately for them, MFNX dropped to penny stock status (literally), and the fat seems to have been trimmed.
Whatever. If you find the service valuable, then you'll pay for it, if you don't, then don't use it and go away.
Valuable? Hehe. FYI, NetSide is on the MAPS RSS blackhole list: http://www.dotcomeon.com A detailed account of our "crimes"... --Mitch NetSide
On Thu, 2 Aug 2001, Mitch Halmu wrote:
Whatever. If you find the service valuable, then you'll pay for it, if you don't, then don't use it and go away.
Valuable? Hehe. FYI, NetSide is on the MAPS RSS blackhole list:
Mitch, some of us would say that anyone who is there because of operating an open relay is a good thing.
http://www.dotcomeon.com A detailed account of our "crimes"...
And enough paranoid rambling about giving up control of your network to Vixie and the government to make even me think you're a loon. You also talk about how things have always been. Lord knows that The Internet has not evolved over the past 6 years, right Mitch? The argument that sendmail has by default traditionally been implemented in an open relay configuration or that sysadmins are too lazy to change the default config are not strong arguments for your cause as there are technological improvements to the existing standards that make it possible to relay messages for remote users without running an open relay. Cry all you want, but the times have changed, and you either evolve or you die. And on a related note, I'm assuming that since you're unwilling to support things like SMTP auth that you're also not willing to implement such privacy ensuring technologies like TLS or POP w/ SSL. And if you are willing to support those new technologies, why not SMTP auth? Hell, you're not even protecting your customer's privacy and account information by allowing people to expn and vrfy accounts via your mail server. And even if you turned that off, since you allow mail relaying from anyone, a person looking to harvest accounts or just get account data could send an e-mail posing as that person to himself and you'd never be the wiser. You want to run an open relay, and that's your right to do so. It's your hardware, your software, and your time. But because you run a mail server does not mean that The Internet at-large has to accept mail from you if every goon thinking we need ink jet refills or the latest porn can send mail through your server that ultimately reaches our inboxes. We have the right to use a service that promises to stop that from happening. If you don't like that, then do something constructive about it other than whining on NANOG. Every time you post to NANOG it's either on this subject directly or you move the topic to talk about it. Regards, -- Joseph W. Shaw II Network Security Specialist/CCNA Unemployed. Will hack for food. God Bless. Apparently I'm overqualified but undereducated to be employed.
On Fri, 3 Aug 2001, Joe Shaw wrote:
On Thu, 2 Aug 2001, Mitch Halmu wrote:
Whatever. If you find the service valuable, then you'll pay for it, if you don't, then don't use it and go away.
Valuable? Hehe. FYI, NetSide is on the MAPS RSS blackhole list:
Mitch, some of us would say that anyone who is there because of operating an open relay is a good thing.
With the same reasoning, you may then blackhole all free email services that do not id their customers with a valid credit card as well. What's the difference? Legally, not technically, I mean. Anyone could subscribe in anonymity to a free service and send you a nastygram, for example. Hey, let's blackhole free websites that bother us too, while we're at it.
http://www.dotcomeon.com A detailed account of our "crimes"...
And enough paranoid rambling about giving up control of your network to Vixie and the government to make even me think you're a loon.
Let me make this clear: I would turn over control to the US government for any network function that the law in force requires. Conversely, no private party or foreign entity operating by their own laws, or outside the law, has the right to dictate rules to any provider. The loons are those short-sighted nerds that willingly give an inch to anyone bullying them on the Internet. I wouldn't give in to something like this even outside cyberspace, out of pure conviction.
You also talk about how things have always been. Lord knows that The Internet has not evolved over the past 6 years, right Mitch? The argument that sendmail has by default traditionally been implemented in an open relay configuration or that sysadmins are too lazy to change the default config are not strong arguments for your cause as there are technological improvements to the existing standards that make it possible to relay messages for remote users without running an open relay. Cry all you want, but the times have changed, and you either evolve or you die.
Funny thing is, we're blackholed for over a year now and still kicking! Evolution doesn't necessarily lead to progress. Or maybe, not all things evolve into something good. In this case, taking away a functionality for the comfort of the few giant providers with national coverage, to the detriment of ordinary users and small providers can hardly constitute progress. This whole thing started because some ISPs weren't disconnecting abusers, and evolved into an inquisition where you are blacklisted for refusing mail-abuse.org the privilege of probing your server! Let me quote an early Vixie on the subject: "we at MAPS consider that probing to be, itself, a kind of network abuse". (http://www.dotcomeon.com/vixie_sendmail_qa.html) Now read http://www.dotcomeon.com/nph-rss-remove-blocking.html
Hell, you're not even protecting your customer's privacy and account information by allowing people to expn and vrfy accounts via your mail server. And even if you turned that off, since you allow mail relaying from anyone, a person looking to harvest accounts or just get account data could send an e-mail posing as that person to himself and you'd never be the wiser.
Believe it or not, whenever someone relays a message from anywhere, the ip is clearly identifiable. Now all you have to do is trace the source and notify the spammer's provider, who should be the one responsible for booting the offender.
You want to run an open relay, and that's your right to do so. It's your hardware, your software, and your time. But because you run a mail server does not mean that The Internet at-large has to accept mail from you if every goon thinking we need ink jet refills or the latest porn can send mail through your server that ultimately reaches our inboxes. We have the right to use a service that promises to stop that from happening.
The goon may be YOUR customer. Or another provider who shares your views. Why should I be held responsible to prevent your or your pal's customer from doing evil?
If you don't like that, then do something constructive about it other than whining on NANOG. Every time you post to NANOG it's either on this subject directly or you move the topic to talk about it.
Well, we all tackle the topics that interest or irk us most. You, as a Network Security Specialist, want everything locked up tight. Me, as a provider, want the freedom to conduct my business in peace, and want my users considered innocent until proven guilty. Let the one that first brought up MAPS in this thread be stoned. We can't all be cheerleaders either, or we would have nothing to argue about. --Mitch NetSide
Let me make this clear: I would turn over control to the US government for any network function that the law in force requires. Conversely, no private party or foreign entity operating by their own laws, or outside the law, has the right to dictate rules to any provider. The loons are those short-sighted nerds that willingly give an inch to anyone bullying them on the Internet. I wouldn't give in to something like this even outside cyberspace, out of pure conviction.
I am not sure how to read that, but what I see says ' I trust the US government. I ignore all other jurisdictions.' ? Sorry, but while this is NANOG, there is a whole other world out there. Including Canada to be NA-objective about it. Peter
On Fri, 3 Aug 2001, Peter Galbavy wrote:
Let me make this clear: I would turn over control to the US government for any network function that the law in force requires. Conversely, no private party or foreign entity operating by their own laws, or outside the law, has the right to dictate rules to any provider. The loons are those short-sighted nerds that willingly give an inch to anyone bullying them on the Internet. I wouldn't give in to something like this even outside cyberspace, out of pure conviction.
I am not sure how to read that, but what I see says ' I trust the US government. I ignore all other jurisdictions.' ? Sorry, but while this is NANOG, there is a whole other world out there. Including Canada to be NA-objective about it.
Trust doesn't figure in my statement. Regardless of trust, the laws in force in your country must be obeyed. While in Canada, do as the Canadians do. Surely you don't mean to imply I should worry about, for example, communist China's laws regarding censorship of communications? --Mitch NetSide
As this topic has exploded and boiled up to some insane level, I feel I have to summarize a few things here, and point out some simple facts. - Wietse Venema was friendly enough to email me on his own, pointing out that the timeout-waiting-for-SMTP-banner is indeed 300s, as stipulated by RFC 1123. My article indeed contained language saying that I have not researched this, but logically concluded that its operator's dirty hands that are fiddling with the knobs - the fact that Postfix is in the spotlight is probably BECAUSE it uses such small amounts of resources (ram*time product, cpu-time), which makes it popular with very large operators, who yet STILL can't resist making it try to use even less resources in an irresponsible manner. Thanks also go to John A. Martin, who was the first respondent who dumped the Postfix default via "postconf -d|grep 'smtp_.*time'" on me, also showing a SMTP EHLO timeout of 300s. - Wietse Venema had some trouble with his posts to the lists getting silently discarded due to not being member of the NANOG-Post list. Someone at Merit.Central please take note that silent discards rather than proper bounce-backs are not the preferred modus operandi for any mail system. Then again, what do I know about their list mailer :) No thanks to AOL for doing their part of silent discards of legitimate mailing list mail sent to their subscribers. - freeloading users of MAPS RBL (direct DNS queries) vs. people pulling zones as confidential secondaries: this is purely a question of resources: how many DNS queries directed at MAPS consume the same amount of resources as a zone transfer at regular intervals? It's probably a well-known number to MAPS LLC, and highly dependent on the refresh times (10 minutes?) for the zones. And then there is the legal/confidentiality problems, at least with their specific way of running the service. - All the conspiracy theories aside: MAPS has provided a (largely) free service to the community for a number of years, something I wish to profoundly thank them for in this forum. You built, they came. As we all know from the dancing hamster website: sometimes popularity will kill you, because it starts to consume resources that you can no longer afford, not as an individual, not even as a group. Even if your group consists of relatively wealthy MFNX shareholders who had the good fortune of initiating structured longterm sell-offs before the dot-com bubble imploded :) (and I think that a certain NANOG poster has no idea about what is insider trading and what is not in this context) Speculation: ORBS going away has increased pressure on MAPS' resources quite a bit, probably at a time when funding for MAPS was already critical. Someone from MAPS LLC may want to comment on this idle speculation. Their pricing scheme is probably experiemental: how do you price a service in a new market, covering your cost, and not horribly shooting over the mark or making terrible losses? Give these guys a break. I think we can only speculate on the cost of live bodies running the system vs. infrastructure cost - if the infrastructure cost is the lions share, they'd probably happily run 20 secondaries to their zones (legal issues of non-disclosure of their db contents aside), and add however many are needed to keep cost to them at a minimum and the burden to secondary DNS server operators at a minimum. - yesterday's event indeed points at an unintended MAPS failure - some people have speculated that them not answering non-paying networks' DNS queries resulted in an explosion of (then negatively cached) queries. Sometimes during the day, all zones returned to being publicly queryable and available, and the behavior of their servers returned to normal - for the time, so the waves calm down, I am sure. As I asked yesterday: how do you shred/drop traffic you are no longer willing to accept while continuing to provide the same service to a select group of (paying) subscribers? A tough cookie as far as DNS is concerned, as former ORBS DNS secondary provider Ronald F. Guilmette found out a while ago: the left-over DNS queries for the defunct ORBS zones started to kill his limited bandwidth, and he was the one starting to answer all ORBS zone queries positively, as a means to 'notify' operators by means of their mail systems starting to reject every single piece of mail they received. Identifying and contacting all querying operators (1000's) was likely beyond his means, rather than his abilities. - notifying users of DNS RBL zones: certainly doable, judging from mail I received as a POC for a netblock, saying that my netblock contained Code Red-infested machine(s). That certainly required a significant effort, and 100,000 queries to whois.arin.net (explaining it's uhm, limited availability lately?). Free services are disappearing from the Internet every single day, and barely ever do you hear about them going away in advance. I am not sure if there is a MAPS/RBL-announce mailing list, but I am just as guilty as a lot of other people for not subscribing to it after starting to use the their RBL zones. - if you don't like MAPS LCC's idea of getting compensated for the resources they spend on running their RBL - go start your own. A few people have tried. A few people have realized the amount of resources required and backed out of it. A few will probably succeed until their resources are getting as drained as MAPS' when their services have grown in popularity. Or, someone do us all a big favor and invent a highly distributed, yet authenticated and trustworthy structure for large-scale distribution of information about sources of abuse, and be able to run it in a less centralized and US-lawyer-vulnerable fashion than say: Napster or my.MP3.com. We can certainly use some new ideas in this field, but that's for the SPAMTOOLS list. bye,Kai
Mitch Halmu wrote:
"There will be a day when folks will need to pay to transit email." (Paul Vixie, 1998)
That day has come.
The inclusion of maps.vix.com references in the sendmail code has lead to predictable consequences. Let's hope this will serve as a warning to all sysadmins who can infere what's wrong with enterprises like MAPS from this incident.
Put away the tinfoil hat, Mitch. -- JustThe.net LLC - Steve "Web Dude" Sobol, CTO - sjsobol@JustThe.net Donate a portion of your monthly ISP bill to your favorite charity or non-profit organization! E-mail me for details.
On Thu, 2 Aug 2001, Steve Sobol wrote:
Mitch Halmu wrote:
"There will be a day when folks will need to pay to transit email." (Paul Vixie, 1998)
That day has come.
The inclusion of maps.vix.com references in the sendmail code has lead to predictable consequences. Let's hope this will serve as a warning to all sysadmins who can infere what's wrong with enterprises like MAPS from this incident.
Put away the tinfoil hat, Mitch.
Just as soon as they drop the bag, Steve. --Mitch NetSide
On Thu, 2 Aug 2001, Mitch Halmu wrote:
Which is to show you what can happen to those that entrust control of their communications to a third party. The commercialization of the lil' MAPS charity proves beyond a reasonable doubt that it was just another clever ploy for them to make a living at it. The brilliant idea: have everybody pay a small toll on email. Blackhole thy opponents. Quote:
Mitch, we are all aware of your stake in this battle. Personally, I have been using MAPS on my personal mail server simply because I get maybe one spam per week at that address compared to hundreds per day at my old work email address. Both addresses are in whois contacts, both have posted to public lists and to newsgroups, etc. I see value in that service. You don't see value because people like me have decided that they trust MAPS procedures for putting mail servers on the list and removing them, and those policies have impacted you. Yes, I am fully aware that some people who I might want to receive email from will be bounced, but I think that is a reasonable price for the spam reduction. BTW, I check the logs periodically and that is about 1 legitimate message per month. The only problem I have is I didn't see any notification of this change anywhere until I noticed I wasn't getting any email this morning. Then their web server was so overloaded it took a while to find out about the change. As it happens, my personal mail server will still be free and my current employer will be very cheap, so there is no reason not to continue. I understand they have a problem notifying everyone since they don't know contact information for the people using the service, but I would have expected to see an announcement here, for example.
"There will be a day when folks will need to pay to transit email." (Paul Vixie, 1998)
That day has come.
??? There are no costs related to MAPS for sending email. The only people that pay anything to MAPS are those who find value in the service for filtering incoming email. If you don't want that service, don't pay for it.
The inclusion of maps.vix.com references in the sendmail code has lead to predictable consequences. Let's hope this will serve as a warning to all sysadmins who can infere what's wrong with enterprises like MAPS from this incident.
How do you think those references got there? Could it be that enough people requested it and asked how to do it with older versions of sendmail that it was made an optional part of the standard configuration? John A. Tamplin jat@jaet.org 770/436-5387 HOME 4116 Manson Ave 770/431-9459 FAX Smyrna, GA 30082-3723
On Thu, Aug 02, 2001 at 06:12:10PM -0500, John A. Tamplin wrote:
As it happens, my personal mail server will still be free [...]
What about those of us using BGP for residential and recreational purposes, who favor an eBGP multihop-based blackhole to something DNS-based? I realize BGP state is expensive, and the good people at MAPS are well worthy of compensation for the excellent service they offer, but it's kinda difficult to justify paying $1k/yr to rid our personal boxen of spam and spam-related abuse. -adam
On Thu, 2 Aug 2001, Adam Rothschild wrote:
I realize BGP state is expensive, and the good people at MAPS are well worthy of compensation for the excellent service they offer, but it's kinda difficult to justify paying $1k/yr to rid our personal boxen of spam and spam-related abuse.
I also feel that the structure makes it easy for a really large customer to justify, as costs dwindle down to pennies/user, but kind of punishes a small ISP where you're not seeing the "volume discount". Not even a "thanks for the DUL entries". Perhaps they'll negotiate rates for smaller companies on the side? Otherwise, they're just driving "customers" to brightmail. Charles
-adam
Once upon a time, Charles Sprickman <spork@inch.com> said:
I also feel that the structure makes it easy for a really large customer to justify, as costs dwindle down to pennies/user, but kind of punishes a small ISP where you're not seeing the "volume discount". Not even a "thanks for the DUL entries". Perhaps they'll negotiate rates for smaller companies on the side? Otherwise, they're just driving "customers" to brightmail.
We've got ~30,000 mailboxes, so we aren't exactly small, but for us, MAPS is significantly less expensive than Brightmail (we use both). -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 2 Aug 2001, Mitch Halmu wrote:
On Thu, 2 Aug 2001, Derek Balling wrote:
"There will be a day when folks will need to pay to transit email." (Paul Vixie, 1998)
That day has come.
The inclusion of maps.vix.com references in the sendmail code has lead
The above is exactly the reason (well not the only reason), that we now use Qmail instead of sendmail. I never liked the idea of someone else, with an agenda that I'm sure doesn't coinside with mine, telling me who I should talk to or not. When the source code defaulted to using these "services" that's when I bailed on sendmail. Matt __________________________ http://www.invision.net/ _______________________ Matthew E. Martini, PE InVision.com, Inc. (631) 543-1000 x104 Chief Technology Officer matt@invision.net (631) 864-8896 Fax _______________________________________________________________________pgp_ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iQEVAwUBO2nvEmtXn16/JS7ZAQGFlAgAiN96O+dK2WqVYz2Eh+f7JJ7oTKyoMoOQ nZuvJtKUmU8iA3vYzQtKUNBRK/oW888nJJtBzMxg7OwUdZAZr8Qx7MemnV0aLfll DrrtadPh2lhfgN7SommRRSYpioTo65908pXZjQKnepxdYinZ2hjTtzCPZTt92+fq Sbr1up267dtGeywAeRHk4nwCzLqr3qvwx5jld0gCN+vpCrWRbXi/nB7Y/FYlewo/ xjkMwLXfUOgIMcFI/bGZBZ+yiVfdhHMIOPL2HMofkAP70skayfFcoe8XqdI6FWTO UI6P1Ue9ugWpruzYZQiKayAq50r9A1CDSmG/ureByYWuh7Pf+P9Zvg== =8h4C -----END PGP SIGNATURE-----
On Thu, 2 Aug 2001, Matt Martini wrote:
I never liked the idea of someone else, with an agenda that I'm sure doesn't coinside with mine, telling me who I should talk to or not. When the source code defaulted to using these "services" that's when I bailed on sendmail.
No one forces people to use the dnsbl feature, nor are they forced to use the default settings. dnsbl is turned off by default. Give me a break. I can't believe I'm hearing the crap I'm hearing from people who should know better. -- JustThe.net LLC - Steve "Web Dude" Sobol, CTO - sjsobol@JustThe.net Donate a portion of your monthly ISP bill to your favorite charity or non-profit organization! E-mail me for details.
The above is exactly the reason (well not the only reason), that we now use Qmail instead of sendmail.
I never liked the idea of someone else, with an agenda that I'm sure doesn't coinside with mine, telling me who I should talk to or not. When the source code defaulted to using these "services" that's when I bailed on sendmail.
Where does sendmail "default" to using the MAPS RBL? Not a single "default" mc file contains any reference to it: $ grep dnsbl /usr/local/src/sendmail-8.12.0.Beta17/cf/cf/*.mc $ It must be explicitly enabled with the FEATURE(dnsbl) rule in your sendmail.mc file. Try to connects facts and reality before making statements like that, ok? Unless, of course, you work in M$'s FUD department, in which case, its part of the job description, and understandable. D -- +---------------------+-----------------------------------------+ | dredd@megacity.org | "Conan! What is best in life?" | | Derek J. Balling | "To crush your enemies, see them | | | driven before you, and to hear the | | | lamentation of their women!" | +---------------------+-----------------------------------------+
On Thu, 2 Aug 2001, Matt Martini wrote:
The above is exactly the reason (well not the only reason), that we now use Qmail instead of sendmail.
I never liked the idea of someone else, with an agenda that I'm sure doesn't coinside with mine, telling me who I should talk to or not. When the source code defaulted to using these "services" that's when I bailed on sendmail.
The source code does not include any references at all. There is an M4 source file that includes the rulesets that do DNS lookups but you have to explicitly include them in your configuration source. John A. Tamplin jat@jaet.org 770/436-5387 HOME 4116 Manson Ave 770/431-9459 FAX Smyrna, GA 30082-3723
Once upon a time, Matt Martini <martini@invision.net> said:
I never liked the idea of someone else, with an agenda that I'm sure doesn't coinside with mine, telling me who I should talk to or not. When the source code defaulted to using these "services" that's when I bailed on sendmail.
You must be talking about some other MTA. Sendmail has never defaulted to using any of the MAPS (or any other DNS-based) lists. You don't think DJB has an agenda? -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
On Thu, 2 Aug 2001, Chris Adams wrote:
Once upon a time, Matt Martini <martini@invision.net> said:
I never liked the idea of someone else, with an agenda that I'm sure doesn't coinside with mine, telling me who I should talk to or not. When the source code defaulted to using these "services" that's when I bailed on sendmail.
You must be talking about some other MTA. Sendmail has never defaulted to using any of the MAPS (or any other DNS-based) lists.
You don't think DJB has an agenda?
Relevant sendmail source code extracted: http://www.dotcomeon.com/release_notes.html Quote: "The default is rbl.maps.vix.com." Never say never again ;) --Mitch NetSide
On Fri, 3 Aug 2001, Mitch Halmu wrote:
On Thu, 2 Aug 2001, Chris Adams wrote:
Once upon a time, Matt Martini <martini@invision.net> said:
I never liked the idea of someone else, with an agenda that I'm sure doesn't coinside with mine, telling me who I should talk to or not. When the source code defaulted to using these "services" that's when I bailed on sendmail.
You must be talking about some other MTA. Sendmail has never defaulted to using any of the MAPS (or any other DNS-based) lists.
You don't think DJB has an agenda?
Relevant sendmail source code extracted:
http://www.dotcomeon.com/release_notes.html
Quote: "The default is rbl.maps.vix.com." Never say never again ;)
--Mitch NetSide
Dot-COME-ON now Mitch. I don't consider .m4 files to be source for the MTA. They're simply an aid for creating complex configuration files. Beyond that, NONE of the "generic-*.mc" files (at least in the 8.11.0 tarball) have "FEATURE(dnsbl" in them, AT ALL. You have to specifically add it to your own .mc file and then create a .cf. --- John Fraizer EnterZone, Inc
On Fri, 03 Aug 2001 00:36:41 EDT, Mitch Halmu said:
Relevant sendmail source code extracted:
http://www.dotcomeon.com/release_notes.html
Quote: "The default is rbl.maps.vix.com." Never say never again ;)
Yes, what that *MEANS* is that: FEATURE(`dnsbl',`output.orbs.org')dnl willl query that ORBS serer FEATURE(`dnsbl',`rbl.maps.vix.com')dns will query that MAPS server explicitly FEATURE(`dnsbl')dnl and this one will too, by default If you *MANUALLY TYPE IN* "FEATURE(`dnsbl')", it will supply a server name if you don't give one. Now give it a rest, Mitch.
On Today, Mitch Halmu wrote:
On Thu, 2 Aug 2001, Chris Adams wrote:
Once upon a time, Matt Martini <martini@invision.net> said:
I never liked the idea of someone else, with an agenda that I'm sure doesn't coinside with mine, telling me who I should talk to or not. When the source code defaulted to using these "services" that's when I bailed on sendmail.
You must be talking about some other MTA. Sendmail has never defaulted to using any of the MAPS (or any other DNS-based) lists.
You don't think DJB has an agenda?
Relevant sendmail source code extracted:
http://www.dotcomeon.com/release_notes.html
Quote: "The default is rbl.maps.vix.com." Never say never again ;)
Make it sttooppppppppppppp. that server is the default for a feature that isn't even ENABLED by default and appears to be part of an OPTIONAL m4 that you would have to MANUALLY add. blah blah blah. Another line for .procmailrc...*SIGH* -Gordo -------------------------------------------------- Gordon Ewasiuk, Sun Firefighter, Winstar VHC O: 703.889.4035 C: 703.731.4828 IM: wanjunkie The REAL office number is here-----> 703.893.4901 Have you had your Solaris today? -------------------------------------------------- 12:40am up 19 day(s), 2:17, 2 users, load average: 0.00, 0.06, 0.09
On Thu, 02 Aug 2001 20:23:46 EDT, Matt Martini <martini@invision.net> said:
The above is exactly the reason (well not the only reason), that we now use Qmail instead of sendmail.
I never liked the idea of someone else, with an agenda that I'm sure doesn't coinside with mine, telling me who I should talk to or not. When the source code defaulted to using these "services" that's when I bailed on sendmail.
Hmm... so you went to all the trouble of converting to qmail instead of actually finding out what was going on? Yes, qmail is probably a better choice if you can't be bothered to read the documentation enough to understand that *if* you specify a 'dnsbl' feature *yourself*, but forget to provide a DNS server name, it will suggest one for you. But then, McDonald's has a sign "Ask about alternate toys for children under 3". Valdis Kletnieks Operating Systems Analyst Virginia Tech
Once upon a time, Larry Sheldon <lsheldon@creighton.edu> said:
It is interesting to see some of the sites that not only use(d) the MAPS lists for free, but didn't even bother to do the zone transfer mode (which reduces the load on the MAPS servers and speeds up your local use).
At least one of us thinks the zone transfer mode was not free; and,
You always had to sign a paper for the RBL zone transfer, but RSS and DUL were not restricted at all. All three were restricted a couple of months ago with the requirement that you pay. We decided that it was well worth it. If this is truly what is happening with Yahoo (and others - just mentioning them by name because someone else said they are one with the problem), even after the subscription for zone transfer went into effect, I would have figured they could afford to pay 5¢ per mailbox per year (and MAPS might have even worked out a better rate than that for the big guys).
at least one of us thinks the sendmail configuration we were using was taken from the vix.com site as is.
You don't have to change your MTA config for zone transfer mode. You just configure the nameservers your MTA uses to do the zone transfers. The MTA still makes the requests to the nameserver, but the nameserver now has the data directly without having to go look it up on the Internet.
At least one of us has a reputation for being wrong from time to time.
I don't think I've been around here enough to come up with a reputation, good, bad, or indifferent. :-) -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Yo Chris! On Thu, 2 Aug 2001, Chris Adams wrote:
..., I would have figured they could afford to pay 5� per mailbox per year (and MAPS might have even worked out a better rate than that for the big guys).
http://www.mail-abuse.org/feestructure.html Per year, for $1,000 users, cheapest option, standard pricing RBL+ $1,250 DUL $500 RSS $700 $2,450 or $2.40/per mailbox per year. Sorry my budget does not go there... RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Gary E. Miller Sent: August 2, 2001 5:53 PM To: Chris Adams Cc: nanog@nanog.org Subject: Re: trapdoor.merit.edu and other impatient Postfix mailers everywhere (fwd)
On Thu, 2 Aug 2001, Chris Adams wrote:
..., I would have figured they could afford to pay 5¢ per mailbox per year (and MAPS might have even worked out a better rate than that for the big guys).
http://www.mail-abuse.org/feestructure.html
Per year, for $1,000 users, cheapest option, standard pricing RBL+ $1,250 DUL $500 RSS $700 $2,450
or $2.40/per mailbox per year. Sorry my budget does not go there...
but RBL+ seems to include every one of their databases. Vivien -- Vivien M. vivienm@dyndns.org Assistant System Administrator Dynamic DNS Network Services http://www.dyndns.org/
At 2:53 PM -0700 8/2/01, Gary E. Miller wrote:
..., I would have figured they could afford to pay 5¢ per mailbox per year (and MAPS might have even worked out a better rate than that for the big guys).
http://www.mail-abuse.org/feestructure.html
Per year, for $1,000 users, cheapest option, standard pricing RBL+ $1,250 DUL $500 RSS $700 $2,450
or $2.40/per mailbox per year. Sorry my budget does not go there...
RBL+ includes RBL,DUL, and RSS in a single lookup Which means it'd be $1.25 per user, because paying twice for DUL and RSS is mondo-silly. D -- +---------------------+-----------------------------------------+ | dredd@megacity.org | "Conan! What is best in life?" | | Derek J. Balling | "To crush your enemies, see them | | | driven before you, and to hear the | | | lamentation of their women!" | +---------------------+-----------------------------------------+
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RBL+ includes the DUL and RSS data, so you're only asked to pay $1.25 per mailbox.
Per year, for $1,000 users, cheapest option, standard pricing RBL+ $1,250 DUL $500 RSS $700 $2,450
or $2.40/per mailbox per year. Sorry my budget does not go there...
RGDS GARY ------------------------------------------------------------------ --------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBO2nOLkksS4VV8BvHEQKccgCfaXaaL5ZwQAiHT41J4Tc0tFK6+B8AoNkB q/qA2UnqtLL17dlpXgdRR+SH =yd+Q -----END PGP SIGNATURE-----
Once upon a time, Gary E. Miller <gem@rellim.com> said:
On Thu, 2 Aug 2001, Chris Adams wrote:
..., I would have figured they could afford to pay 5¢ per mailbox per year (and MAPS might have even worked out a better rate than that for the big guys).
http://www.mail-abuse.org/feestructure.html
Per year, for $1,000 users, cheapest option, standard pricing RBL+ $1,250 DUL $500 RSS $700 $2,450
or $2.40/per mailbox per year. Sorry my budget does not go there...
RBL+ already _includes_ DUL and RSS - that is how it differs from plain RBL. So, you only need the RBL+ (you've just about doubled your cost for no reason). Also, I was talking about zone transfer mode. If you only loaded the zone on a nameserver running on the same system as your mail server, for 1000 users your cost would be $1.30 per mailbox per year, or a little over 10¢ per mailbox per month. For big mail servers (like Yahoo), the $1250 per nameserver fee isn't all that much and is a fixed cost (they don't need to add nameservers as they add mailboxes), and the mailboxes fee is $50 per 1000 users, or 5¢ per user per year. For our 30,000 users and 2 nameservers, the annual fee is $4000, or just over 13¢ per user. For someone with 250,000 users and 5 nameservers (just to pick some numbers), the per user fee would be down to 7.5¢ per user. I'm not trying to justify MAPS price for every site out there. I was merely pointing out that if the "big guys" (some of which appear to have been just taking a free ride) had helped MAPS out before, we might not have reached this point. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Yo Chris! On Thu, 2 Aug 2001, Chris Adams wrote:
Once upon a time, Gary E. Miller <gem@rellim.com> said:
RBL+ already _includes_ DUL and RSS - that is how it differs from plain RBL. So, you only need the RBL+ (you've just about doubled your cost for no reason).
OK, I got it. I made that mistake!
Also, I was talking about zone transfer mode. Those are the prices I used.
For big mail servers (like Yahoo), the $1250 per nameserver fee isn't all that much and is a fixed cost (they don't need to add nameservers as they add mailboxes), and the mailboxes fee is $50 per 1000 users, or 5� per user per year.
Check the mail-abuse web site again. The "standard price" is $750/500users/year. So it is still $1.50/user per year. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
Yo Chis! Ooops, never mind. I was in the wrong column. You are correct that for transfer customers it is 5 cents per user per year after the 1st 1000 users. Since I have about 1,000 users my cost is still $1,25/user per year. Still out of my budget. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676 On Thu, 2 Aug 2001, Gary E. Miller wrote:
On Thu, 2 Aug 2001, Chris Adams wrote:
Once upon a time, Gary E. Miller <gem@rellim.com> said:
RBL+ already _includes_ DUL and RSS - that is how it differs from plain RBL. So, you only need the RBL+ (you've just about doubled your cost for no reason).
OK, I got it. I made that mistake!
Also, I was talking about zone transfer mode. Those are the prices I used.
For big mail servers (like Yahoo), the $1250 per nameserver fee isn't all that much and is a fixed cost (they don't need to add nameservers as they add mailboxes), and the mailboxes fee is $50 per 1000 users, or 5� per user per year.
Check the mail-abuse web site again. The "standard price" is $750/500users/year. So it is still $1.50/user per year.
My understanding is that MAPS is willing to negotiate these prices to fit the customers' ability to pay. If you say "I can afford $.XX per user/year", there's a good chance they'll give you access at that price point, provided that number is a realistic one. -C On Thu, Aug 02, 2001 at 03:36:11PM -0700, Gary E. Miller wrote:
Yo Chis!
Ooops, never mind. I was in the wrong column. You are correct that for transfer customers it is 5 cents per user per year after the 1st 1000 users. Since I have about 1,000 users my cost is still $1,25/user per year. Still out of my budget.
RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
On Thu, 2 Aug 2001, Gary E. Miller wrote:
On Thu, 2 Aug 2001, Chris Adams wrote:
Once upon a time, Gary E. Miller <gem@rellim.com> said:
RBL+ already _includes_ DUL and RSS - that is how it differs from plain RBL. So, you only need the RBL+ (you've just about doubled your cost for no reason).
OK, I got it. I made that mistake!
Also, I was talking about zone transfer mode. Those are the prices I used.
For big mail servers (like Yahoo), the $1250 per nameserver fee isn't all that much and is a fixed cost (they don't need to add nameservers as they add mailboxes), and the mailboxes fee is $50 per 1000 users, or 5� per user per year.
Check the mail-abuse web site again. The "standard price" is $750/500users/year. So it is still $1.50/user per year.
-- --------------------------- Christopher A. Woodfield rekoil@semihuman.com PGP Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB887618B
participants (22)
-
Adam Rothschild
-
Brandon Ross
-
Charles Sprickman
-
Chris Adams
-
Christopher A. Woodfield
-
Derek Balling
-
Gary E. Miller
-
Gordon Ewasiuk
-
Joe Shaw
-
John A. Tamplin
-
John Fraizer
-
Kai Schlichting
-
Larry Sheldon
-
Mark Radabaugh - Amplex
-
Matt Martini
-
Mike Batchelor
-
Mitch Halmu
-
Peter Galbavy
-
Steve Sobol
-
Steven J. Sobol
-
Valdis.Kletnieks@vt.edu
-
Vivien M.