North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: and other impatient Postfix mailers everywhere (fwd)

  • From: Mitch Halmu
  • Date: Fri Aug 03 03:39:11 2001

On Fri, 3 Aug 2001, Joe Shaw wrote:
> On Thu, 2 Aug 2001, Mitch Halmu wrote:
> > > Whatever.  If you find the service valuable, then you'll pay for it, if
> > > you don't, then don't use it and go away.
> >
> > Valuable? Hehe. FYI, NetSide is on the MAPS RSS blackhole list:
> Mitch, some of us would say that anyone who is there because of operating
> an open relay is a good thing.

With the same reasoning, you may then blackhole all free email services
that do not id their customers with a valid credit card as well. What's
the difference? Legally, not technically, I mean. Anyone could subscribe
in anonymity to a free service and send you a nastygram, for example.

Hey, let's blackhole free websites that bother us too, while we're at it.
> >
> > A detailed account of our "crimes"...
> And enough paranoid rambling about giving up control of your network to
> Vixie and the government to make even me think you're a loon.

Let me make this clear: I would turn over control to the US government
for any network function that the law in force requires. Conversely, no
private party or foreign entity operating by their own laws, or outside
the law, has the right to dictate rules to any provider. The loons are
those short-sighted nerds that willingly give an inch to anyone bullying
them on the Internet. I wouldn't give in to something like this even
outside cyberspace, out of pure conviction.

> You also
> talk about how things have always been.  Lord knows that The Internet has
> not evolved over the past 6 years, right Mitch?  The argument that
> sendmail has by default traditionally been implemented in an open relay
> configuration or that sysadmins are too lazy to change the default config
> are not strong arguments for your cause as there are technological
> improvements to the existing standards that make it possible to relay
> messages for remote users without running an open relay.  Cry all you
> want, but the times have changed, and you either evolve or you die.

Funny thing is, we're blackholed for over a year now and still kicking!
Evolution doesn't necessarily lead to progress. Or maybe, not all things
evolve into something good. In this case, taking away a functionality
for the comfort of the few giant providers with national coverage, to
the detriment of ordinary users and small providers can hardly constitute
progress. This whole thing started because some ISPs weren't disconnecting
abusers, and evolved into an inquisition where you are blacklisted for
refusing the privilege of probing your server! Let me
quote an early Vixie on the subject:

"we at MAPS consider that probing to be, itself, a kind of network abuse".
Now read

> Hell, you're not even protecting your customer's privacy and account
> information by allowing people to expn and vrfy accounts via your mail
> server.  And even if you turned that off, since you allow mail relaying
> from anyone, a person looking to harvest accounts or just get account data
> could send an e-mail posing as that person to himself and you'd never be
> the wiser.

Believe it or not, whenever someone relays a message from anywhere, the
ip is clearly identifiable. Now all you have to do is trace the source
and notify the spammer's provider, who should be the one responsible for 
booting the offender.

> You want to run an open relay, and that's your right to do so.  It's your
> hardware, your software, and your time.  But because you run a mail
> server does not mean that The Internet at-large has to accept mail from
> you if every goon thinking we need ink jet refills or the latest porn can
> send mail through your server that ultimately reaches our inboxes.  We
> have the right to use a service that promises to stop that from happening.

The goon may be YOUR customer. Or another provider who shares your views. 
Why should I be held responsible to prevent your or your pal's customer 
from doing evil?

> If you don't like that, then do something constructive about it other than
> whining on NANOG.  Every time you post to NANOG it's either on this
> subject directly or you move the topic to talk about it.

Well, we all tackle the topics that interest or irk us most. You, as a
Network Security Specialist, want everything locked up tight. Me, as a
provider, want the freedom to conduct my business in peace, and want my
users considered innocent until proven guilty. Let the one that first
brought up MAPS in this thread be stoned. We can't all be cheerleaders
either, or we would have nothing to argue about.