|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Now the idiots at ORBS are probing random dial-ups
On Mon, 21 Aug 2000 21:55:18 EDT, Barry Shein <[email protected]> said: > Is there any reasonable way to tell these ORBS and MAPS losers > "possibly good intentions, but so badly run that: no thanks" from the > net administrator community. OK.. I'm *not* trying to restart the MAPS/ORBS war *again* (personally, I believe that BOTH sides are partially correct), but I have a few questions for the audience: 1) The ORBS stuff currently returns an IP of 127.0.0.2 for things it thinks are tested open relays. Personally, I've never caught it returning 127.0.0.2 and *not* had a test message on their web page - has anybody seen it do that? (Remember - 127.0.0.2 *only*). 2) A big part of the ORBS furor seems to be related to hosts that return 127.0.0.4 (for sites that have router blocks against ORBS), and 127.0.0.5 (which seems to be a catch-all "screw you spammer" code). Part of the problem is that currently, it's hard to get Sendmail to distinguish between case (1) and (2). Sendmail 8.12 may come out with features to allow disambiguating the two cases (and a patch for 8.11 may happen as well). I *cant* commit to it being in there, or a date - I can just say it's "being looked at". Would that at least help address the "innocent bystanders" concerns? (and yes, I know there's the scanning concern too - that's a seperate issue which may be finessed as well - sites that don't like it put in blocks, they get 127.0.0.4's, and sites that only check ORBS for 127.0.0.2 get the benefit they want....) 3) (Ok, I'll admit it) one of our large Listserv hubs checks in ORBS, mostly to save *my* sanity - it has been cutting out a *large* amount of attempted spamming (most of which would otherwise have dropped into my lap as a postmaster double-bounce). ORBS got added in because MAPS *just didnt have the hosts listed*. For yesterday, I had 466 ORBS rejections for 122 hosts, and 35 for 5 distinct hosts from mail-abuse.org. Of the 5 mail-abuse.org hosts, 2 were in ORBS as well, and of the 122 ORBS hosts, only 13 were in relays.mail-abuse.org as well. It's nice to be able to say "yes, MAPS does 43 different hand-checks to make sure that we don't list a site by accident". However, if it only lists 10% of the sites that you're being spammed from, it's not a useful tool to make any meaningful dent. And yes, I *could* sit here all day and for each of the 100 or so extra pieces of bounced mail I'd get, nominate it for MAPS - but *I* only see the ones that double-bounce. The problem is that *both* sides are right, in their mindset - the MAPS crew is correct in their goals, but the ORBS crew is correct in noticing that by the time a MAPS entry shows up for a box, it's probably already forwarded tens or hundreds of thousands of pieces of e-mail. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Attachment:
pgp00019.pgp
|