North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Fw: Administrivia: ORBS

  • From: Greg A. Woods
  • Date: Sat Jan 15 00:06:59 2000

[ On Friday, January 14, 2000 at 21:46:40 (-0500), Brian Dickson wrote: ]
> Subject: Re: Fw: Administrivia: ORBS
> I think the issue most people aren't certain of, is when is it reasonable
> to test a machine, in the manner ORBS does?

I've never actually proposed pre-emptive scanning in forum as big as
this before!  Thanks Brian!  :-)

What I mean is that the last time I proposed this idea (or at least one
almost the same) in a much smaller mailing list there were nearly lynch
mobs coming down the wires!  :-)

It would still be interesting to try and estimate how much extra
bandwidth and system resources a site like AOL would require to
implement this, even against just the ~150k mailers listed in ORBS....

> (What would have been really sweet, is if there were separate ports for
> local deliver (MDA) and transport (MTA). Then, machines with MDA, but no
> MTA, would never forward mail; they could locally initiate mail, and
> receive mail for delivery, without being any kind of relay (open or closed).
> This would reduce the set of hosts needing to be tested, to those with MTA
> ports accepting connections. It would also mean the default config for any
> such machine would normally be MDA and no MTA; only MX and Relay machines
> would have MTA turned on.)

These days I've been unable to find any justifiable need for an
unprotected relay of any sort whatsoever.  99% of mailers should be the
final delivery point (or at least the transfer point to some private
network).  The remaining few are ISPs who need to relay from their
customers to the world, of course, but so long as they don't make the
mistake of smarthosting for un-protected customer MTAs they can simply
block relay by restricting it to their own netblocks.  Even most MX
targets are the final delivery point for the MXed domain.  The real
problem is that people are still installing mailers that do unprotected
relaying by default.

> 5) Hosts listening to port 25.
> [IMHO, Occams razor would have drawn blood already.]

Yup -- IMRSS isn't running any more....  It was a pretty interesting
and revealing survey though.  I hope someone can do it again too,
without publishing the detailed results of course, just so we can
measure our progress.

							Greg A. Woods

+1 416 218-0098      VE3TCP      <[email protected]>      <robohack!woods>
Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>