nanog mailing list archives
ORBS (Re: Scanning)
From: "E.B. Dreger" <eddy+public+spam () noc everquick net>
Date: Sun, 27 May 2001 15:05:07 +0000 (GMT)
Date: Sun, 27 May 2001 02:02:24 -0400 (EDT) From: Greg A. Woods <woods () weird com>
But, ORBS remains indefensible.
It would seem that I have no problems either defending it, or using it.
ORBS catches far more than MAPS. My take is that anybody who has a problem with the infrequent ORBS probes should have a huge problem with the daily bombardment of relay attempts. Besides, whoever said that one must use ORBS "out of the box"? I maintain a whitelist of IP addresses to override ORBS. As much as I'd like to see Earthlink get a clue, MSN close their relays (have they yet?), and RoadRunner cooperate, I allow their MXes through when I find them. Modern spammers have gotten nasty. They use hundreds of different relays, each time changing the source address: a57e6s () t8iji7 somedomain tld in46hi () diief4 anotherdomain tld xkm8ey () ithi62 yetanotherdomain tld with * DNS so that all subdomains resolve, and the subject: I have no respect for netiquette!!!!! [i35ed7] I have no respect for netiquette!!!!! [ed8ooe] I have no respect for netiquette!!!!! [h8qi2h] So as to throw off MXes that look for the same message again and again. I suppose that scanning the body and looking for repetition is possible, but it's only a matter of time until _that_ get perturbed in 100 different fashions. Bottom line: Blocking mail from rogue servers is the best way to stop spam and to not be a party to somebody else getting relay-raped. Anyone with clue closed relays how many years ago? I don't buy the "we need open relay for nationwide users" argument, either. Build a cheap MX that does nothing but take mail from a given POP, and send it to the world. Anti-spoofing at the border, don't accept mail from the outside world, and you're done. Eddy --------------------------------------------------------------------------- Brotsman & Dreger, Inc. EverQuick Internet Division Phone: (316) 794-8922 --------------------------------------------------------------------------- Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist () brics com> To: blacklist () brics com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist () brics com>, or you are likely to be blocked.
Current thread:
- ORBS (Re: Scanning) E.B. Dreger (May 27)
- <Possible follow-ups>
- RE: ORBS (Re: Scanning) Roeland Meyer (May 27)
- RE: ORBS (Re: Scanning) E.B. Dreger (May 27)
- Re: EMAIL != FTP Adam Rothschild (May 27)
- Re: ORBS (Re: Scanning) Steve Sobol (May 27)
- RE: ORBS (Re: Scanning) Derek Balling (May 27)
- RE: ORBS (Re: Scanning) Dan Hollis (May 27)
- RE: ORBS (Re: Scanning) Mitch Halmu (May 27)
- Mitch tries to defend his open relay again (was Re: ORBS (Re: Scanning)) J.D. Falk (May 27)
- Re: Mitch tries to defend his open relay again (was Re: ORBS (Re: Scanning)) Mitch Halmu (May 28)
- Re: Mitch tries to defend his open relay again (was Re: ORBS (Re: Scanning)) Stephen J. Wilcox (May 28)