Security Incidents mailing list archives
Re: ORBZ shut down
From: <jlewis () lewis org>
Date: Wed, 20 Mar 2002 12:19:04 -0500 (EST)
On Wed, 20 Mar 2002, David Ulevitch wrote:
I'm sending this forward to incidents for two reasons. 1) The reason ORBZ appears to have been shut down is because of the problem with Lotus Domino servers crashing/hanging when receiving bounces with null envelope senders.(check archives for exact issue)
Does anyone have a complete list of any other from addresses/formats that will cause load issues on Domino. I know from Ian's bugtraq post that anything@[127.0.0.1] will do it. What about anything@localhost, anything@[servers-IP], etc.? Has Lotus fixed this in any Domino release, or are they all brain damaged.
2) A lot of mail servers will HANG or be EXTREMELY slow if they are setup to check against ORBZ name service for spamboxes.
Just like when MAPS surprised everyone with no more free service.
A good solution is to switch to using something like ORDB (www.ordb.org)
Or any number of other dnsbl's. -- ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- ORBZ shut down David Ulevitch (Mar 20)
- Re: ORBZ shut down jlewis (Mar 20)
- Re: ORBZ shut down Brad Arlt (Mar 20)
- Re: ORBZ shut down jlewis (Mar 20)