North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Alright, ORBS sucks - next topic, please ;) [was RE: RBL-type BGP service for known rogue networks?]

  • From: rdobbins
  • Date: Sat Jul 08 15:22:22 2000


I -do- have a postmaster account, and there's nothing broken on my mail
server.  I *don't run an open relay*.  I provide SMTP service to my clients
*in conformance with the relevant RFCs*, as well as reasonable and prudent
security practices.  I'm not a spam-house; I have internal mechanisms for
detecting such activity before it becomes a problem for others, in most
cases.  When something slips through the cracks, I jump on it immediately.

It's great that their 'service' helped you; however, some of us would prefer
to rely upon our own skills and experience to ensure that our systems are
properly set-up.  I no more want the ORBS people forging mail via my server
than I do the 'MAKE MONEY FAST' people, and their attitude belies a stunning
arrogance coupled with extreme shortsightedness, which isn't something any
of us should wish for in an organization whose stated aim is to improve the
user experience.

And that's enough of that.

-----Original Message-----
From: Eric A. Hall [mailto:ehall@ehsco.com]
Sent: Saturday, July 08, 2000 12:08 PM
To: rdobbins@netmore.net
Cc: nanog@merit.edu
Subject: Re: RBL-type BGP service for known rogue networks?



> ORBS forge headers (thereby violating the RFC) to look as if they're
> coming from domains you host, then if it goes through, they put you
> in their little black book for being an 'open relay'.  No notice,
> nothing.

The last part of that statement is simply untrue. I got ORBS'd once and
they notified me via postmaster@domain. If you don't get notified then
you don't have a postmaster account for the domain, and it is you who
are in violation of the RFCs.

As for the "forge headers in violation" part, they have to test the
common variations. Who cares if they do that as a one-off probe. If they
were doing it all the time it would be a problem, but once is nothing.
Of course, the spammers who are using your server as an open relay are
certainly violating that and much more, so if it really bothers you
close your freaking relay. ;)

I for one was happy for the free and comprehensive testing. It pointed
out a whole I had missed in my config. Once patched, I was out of the
ORBS database in less than 24 hourse, and was able to get out on my own
just by filling out a form on their web site that kicked off an
automated retesting.

I think ORBS provides an excellent service, and I say that because my
experience says that they rely entirely upon factual evidence before
they block, and it is easy to get out of the database once you provide
evidence that you have fixed your server.

-- 
Eric A. Hall                                      http://www.ehsco.com/
Internet Core Protocols        http://www.oreilly.com/catalog/coreprot/