Mailing List SIMS@mail.stalker.com Message #7185
From: Bill Cole <listbill@scconsult.com>
Subject: Re: Anti SPAM methods
Date: Wed, 22 Nov 2000 01:13:44 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
At 8:01 PM +1100 11/21/00, Ken Howchin  imposed structure on a stream of
electrons, yielding:

>I'll get SIMS 1.8b8 shortly, but meanwhile I seemed to have stopped (or at
>least discouraged??) our friends at telodigm.net (using version 1.7) by
>checking "Relay for Clients Only" with only my own IP address and my parent
>server (is this necessary?), checking "Verify return path" and "use
>Blacklist DNS server" (specifying relays.orbs.org), and put the offending
>IP address in the blacklist.
>
>Seems to be working :-)

That's probably overkill. I'm not clear on why just listing the IP in the
blacklist didn't stop that IP from being serviced, but that's not terribly
important: relaying for clients only and verifying return paths really
should be on by default and cause big ugly warnings if you try to turn
them off.

As for using ORBS as a basis for rejecting mail, that's a decision that
you should make with great care. ORBS does not just list open relays, but
a whole lot more including sites which are not and never have been open
relays or in any way involved in sending spam. You *might* be OK using
ORBS if you only reject on 127.0.0.2 responses.  However, there have been
reports of ORBS  playing games with their responses, so I wouldn't trust
even that.

>I got a notification from ORBS about 6 months ago that my server was an
>open relay, but didn't really understand what they were on about, and it
>didn't seem to be important, so I ignored it, as one does. Not til it
>actually affected me (my pocket) did I realise it WAS important, so the
>small amount it has cost me in downloads (maybe AUD$20-30 = US$10-15) was
>probably worth it in both what I've learnt and in the satisfaction of
>knowing that I've now done the "right thing" by other net users.
>
>Similarly to David (above), I have been running an unprotected server for
>about 2 years, and I am not aware of not receiving any mail that I was
>expecting, no-one seems to have had any trouble sending me anything. I've
>never felt so unimportant or insignificant before!! ;-)

Being only in ORBS is rather low-impact. My employer's machines are all in
ORBS and I have yet to see a rejection. (No, they are not open relays.)

Being in the MAPS RSS  is a different matter. To get listed you must be an
open relay and you must have been actually used as a relay by a spammer.
If you get into RSS, a noticeable fraction of your mail will bounce. Open
relays that get abused repeatedly and whose owners don't close them when
asked nicely can end up in the RBL, which results in big ugly problems.
The last estimate we made was that 40% of all users live behind the RBL
for mail, and some smaller number live behind the BGP version, meaning
they cannot see listed sites at all.

--
Bill Cole
Senior Consultant, MAPS L.L.C. Consulting Services Group
wkc@mail-abuse.org (work)
bill@scconsult.com (personal)
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster