Politech mailing list archives

Previous By Date Next
Previous By Thread Next

FC: Sysadmins reply to Politech to defend Earthlink's anti-spam rules

From: Declan McCullagh <declan () well com>
Date: Sat, 07 Sep 2002 11:38:26 -0400
Previous Politech message:
http://www.politechbot.com/p-03959.html

---

From: "Suresh Ramasubramanian" <suresh () hserus net>
To: <declan () well com>, <politech () politechbot com>
Cc: <annalee () techsploitation com>
Subject: Re: Earthlink's anti-spam rules imperil subculture mailing list
Date: Sat, 7 Sep 2002 17:14:39 +0800

declan () well com (Declan McCullagh) [Saturday, September 07, 2002 1:11 PM]:

First: I don't work for Earthlink, or speak for them.  However, I do work
for a rather large ISP as their postmaster and abuse admin, and have
interacted extensively with their abuse staffers, several of whom I have the
highest professional respect for.

Annalee Newitz <brainsploitation () yahoo com> writes:

> Hey Declan. Readers may be interested in this story
> about Earthlink's (lack of) policy related to whose
> mail servers they block and why. A large subculture

Lack of?  The word "open relay" sounds perfectly clear to me.

Please do take a look at http://www.mail-abuse.org/tsi/ to see what an open
relay means and why administrators block open relays (like the fact that a
single spammer pumping out spam through an open relay can easily send out
FAR more mail - all of it junk - than the rest of that server's users send
out in a week).

Also, Earthlink issues a much more verbose 5xx error than most.

550-EarthLink's inbound mail servers do not allow mail from your site.
550-Please contact your ISP to find out how to send e-mail using a
550-proper mail server.  If you are an EarthLink customer, and need
550-assistance configuring your e-mail software, please contact
550-EarthLink's technical support department at 1-800-EARTHLINK.
550-Server administrators that feel they are being blocked in error
550 may send e-mail to OpenRelay () Corp EarthLink Net for assistance.

> list in San Francisco was blocked because an obscure
> security hole in their servers came up as an "open
> relay" when Earthlink hacked (erm, "scanned") their
> mail server. Raises some interesting questions about
> free speech.

Hm... the wording used in the article Ms. Newitz quoted (and, most likely,
wrote as well) is

>> By hacking into his servers (erm, I mean "auditing")
>> and attempting to relay mail through them

Is that "auditing" word supposed to be a dig at something in Earthlink's
background or history? [google google] Ah.  Yes, I think my guess was right.
Speaking for myself, I believe that discussion of the entity associated with
the word "auditing" is not really germane to what appears to be an instance
of earthlink's long standing policy of blocking open relays, so I will not
get sidetracked by that word.

Please note that most ISPs around the world block open relays, and in
several cases, actively search for open relays (that is, if you connect to
their mailservers to send mail, and maybe that mail also  matches a
heuristic like say "mail from hotmail.com - but not originating through a
hotmail.com server")

If Ms. Newitz will give me the actual IP of the blocked mailserver, I'll be
happy to verify for her (and the readers of politech) as to whether it is an
open relay or not.  That will, unfortunately, also have the side effect of
getting that IP blocked from the ~ 30 million users for whom we serve mail -
so that might not be an option :)

So she, or the laughingsquid admin, can try sites like
http://www.abuse.net/relay.html or just telnet to
relay-test.mail-abuse.org - these sites are run by people with a long and
respected history in the fight against spam, fwiw.  A much more
comprehensive tester script by Ronald F. Guilmette is available at
http://www.monkeys.com/mrt/

Finally - yes, I understand why people used to have open relays in the late
80s and early 90s - where providing an open relay was a courtesy, given
patchy interconnectivity and routing.  Anyone in the last 4 years who has
configured a mailserver to be an open relay, given that just about every
mailserver in the world these days ships CLOSED to third party relay by
default, might want to get some refresher courses in mail systems
administration.

    -srs

ps - Please feel free to publish this on politech if you see fit to do so.

---

From: "Suresh Ramasubramanian" <suresh () hserus net>
To: <declan () well com>, <politech () politechbot com>
Cc: <annalee () techsploitation com>
Subject: Re: Earthlink's anti-spam rules imperil subculture mailing list
Date: Sat, 7 Sep 2002 17:44:22 +0800

declan () well com (Declan McCullagh) [Saturday, September 07, 2002 1:11 PM]:

> mail servers they block and why. A large subculture
> list in San Francisco was blocked because an obscure
> security hole in their servers came up as an "open
> relay" when Earthlink hacked (erm, "scanned") their

Hmm... just how squid8.laughingsquid.net's admin managed to configure
_qmail_ (widely regarded as one of the most secure mailservers on earth)
into an open relay, I really don't know ...

    -srs


Return-Path:
Delivered-To: marvin () groundzero ordb org
Received: from www.laughingsquid.net (laughingsquid.net [207.235.7.177])
        by groundzero.ordb.org (Postfix) with ESMTP id B700F5B117
        for ; Sat,  7 Sep 2002 08:52:50 +0000 (GMT)
Received: from squid8.laughingsquid.net (squid8.laughingsquid.net
[64.49.223.227])
        by www.laughingsquid.net (8.9.3/8.9.3) with SMTP id BAA07206
        for ; Sat, 7 Sep 2002 01:52:49 -0700
Date: Sat, 7 Sep 2002 01:52:49 -0700
From: spamtest () squid8 laughingsquid net
Message-Id: <200209070852.BAA07206 () www laughingsquid net>
Received: (qmail 25202 invoked from network); 7 Sep 2002 08:52:49 -0000
Received: from groundzero.ordb.org (62.242.0.190)
  by squid8.laughingsquid.net with SMTP; 7 Sep 2002 08:52:49 -0000
To: "marvin%marvin.ordb.org"@www.laughingsquid.net
X-ORDB-Envelope-From: spamtest () squid8 laughingsquid net
X-ORDB-Envelope-To: "marvin%marvin.ordb.org"
Subject: ORDB.org check (0.4320693411718680.1301413941) ip=64.49.223.227


---

From: "Allen Smith" <easmith () beatrice rutgers edu>
Date: Sat, 7 Sep 2002 05:19:12 -0400
To: Declan McCullagh <declan () well com>, annalee () techsploitation com
Subject: Re: FC: Earthlink's anti-spam rules imperil subculture mailing list

Earthlink's rules? Not really, although I will agree that it is preferable
that people be able to select what filtering takes place. That the admin of
the server isn't as competent as he thinks he is is the problem. And the
server in question (64.49.223.227/squid8.laughingsquid.net) is still an open
relay by a pretty standard test, namely checking to see if it does source
routing by '%' (it did, with the input relay being the above and the output
being 207.235.7.177/www.laughingsquid.net). The server in question is now
listed by ORDB.org (which has sent an email to the postmaster at the server,
incidentally) and may soon be listed by relays.osirusoft.com. Notifications
like ORDB's are a nice idea, but I'm willing to bet they've gotten at least
as much flack from the notifications as they have from any testing; people
(e.g., Paul Vixie) have been known to consider notification emails a variety
of spam... (roll eyes). There's also that postmaster@[various hosts]
frequently bounces - the database of such at www.rfc-ignorant.org currently
contains ~8678 hosts... and that's just ones that have been (generally)
manually noticed, manually reviewed, and added to that one database.

        -Allen

--
Allen Smith                     http://cesario.rutgers.edu/easmith/
September 11, 2001              A Day That Shall Live In Infamy II
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin

---

From: charlie oriez <coriez () oriez org>
Organization: lumber cartel [tinlc]
To: declan () well com
Subject: Re: FC: Earthlink's anti-spam rules imperil subculture mailing list
Date: Sat, 7 Sep 2002 08:49:49 -0600

On Friday 06 September 2002 11:11 pm, you wrote:

>A large subculture
> list in San Francisco was blocked because an obscure
> security hole in their servers came up as an "open relay"

article tells a different story.  Earthlink got spam through that open relay.
Obviously, it wasn't so obscure that spammers couldn't find it.

If Laughing Squid wants to use my server, which is my property, without my
permission to facilitate spammers sending spam to my customers, they should
expect to be blocked until they fix their problem.

--
coriez () oriez org     Charles Oriez
39  34' 34.4"N / 105 00' 06.3"W
**
If you are going to try cross-country skiing, start with a small country.

---




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
Recent CNET News.com articles: http://news.search.com/search?q=declan
CNET Radio 9:40 am ET weekdays: http://cnet.com/broadband/0-7227152.html
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: