important people (!) unable to use sourceware

important people (!) unable to use sourceware

[Mark Galassi]

Amigos, I'd like to propose that we drop the current RBL scheme for
blacklisting.

A few things have me thinking about it:

1. I'm in Italy for a couple of months and it turns out that TIN (the
   Italian telecom's ISP, which is by far the biggest here) is
   blacklisted.  This is kind of selfish and whine-ey, so let me go
   on:

2. Norm Walsh, the most important person in the DocBook world, is on
   our docbook-tools list.  He's one of the most agreeable people
   you'll ever meet, and he just wrote me this:


> I'm certainly interested. I have a real problem with this
> mailing list though. It turns out that the ISP I use when I
> travel, and I travel too much ;-), has been blacklisted by
> whatever service this mailing list uses to avoid spammers. So I
> can't post here when I'm on the road.

> I'm so pissed about this that I'm "this close" to unsubscribing.

Since I'm going through the same stuff, I fully agree with him, and I
feel embarassed offering the sourceware services to the person I
really want to participate in my list.  And to think I was so honored
when he joined...  Without him my "next generation DocBook thrust"
will be severely diminished.

3. It turns out that the mechanism for white-listing a person
   (i.e. allowing him through even if his ISP is black-listed) does
   not do the job for me or for Norman or for anyone who uses an ISP
   when traveling: Jason says you can't blank out a whole range of IP
   address -- you can only blank them out one at a time.  Almost all
   ISPs give you a dynamic IP address....

4. When traveling I usually work offline, and I suspect others do too.
   I wrote a dozen or more messages on three sourceware lists last
   night, connected to send them off, and found that they had *all*
   bounced.  This makes the problem even worse in the case where it
   manifests itself more easily.

This makes me think that our criteria are too harsh, too much of a
blanket statement, and that they get in the way of work instead of
promoting it.

Is there a better way?  Who's a scholar on spam blacklisting?

I would propose that a "requirement" on the system be that people be
able to travel and hook up their laptops to major ISPs and still use
our system.  Unfortunately outside the US it is not really an option
to telnet back home to send email: things are too slow and people have
to work offline.

Re: important people (!) unable to use sourceware

[Gerald Pfeifer]

On 9 Mar 2000, Mark Galassi wrote:
> Amigos, I'd like to propose that we drop the current RBL scheme for
> blacklisting.

This will cause a ten-fold increase of Spam to the GCC lists.

For one of my old accounts which I stopped using four years ago, I got 39
pieces of spam last month, nearly 100% via ORBS or MAPS RSS listed hosts.

> 1. I'm in Italy for a couple of months and it turns out that TIN (the
>    Italian telecom's ISP, which is by far the biggest here) is
>    blacklisted.

I know. They have open relays some of which I complained about a year
ago. Neither did I get any response nor did they solve the problem.

> 2. Norm Walsh, the most important person in the DocBook world, is on
>    our docbook-tools list.

Well, I guess we could disable the RBL checks for the docbook-tools list,
but I don't think this solution is acceptable for many/most(?) other lists
on sourceware.

> Is there a better way?  Who's a scholar on spam blacklisting?

Some thoughts:

 1. The only way to fix the problem of mail servers which still act as
    open relays today is to create pressure on the admins of those
    servers -- either directly or indirectly via their customers/users.

 2. Use a mail server that provides SMTP SASL or SMTP-after-POP. Both
    solutions allow legitimate users to relay mail from anywhere in the
    world, still blocking spammers!

 3. In the worst case, use SSH to tunnel the SMTP connection to a hosts
    where you have a regular user account.

 4. If your provider does not implement current standards, consider
    switching to a different one which does. Or complain. Loudly.
    After all, you pay for the service!

Gerald
-- 
Gerald "Jerry" pfeifer@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at/~pfeifer/

Re: important people (!) unable to use sourceware

[Jim Kingdon]

It sounds like you are mostly talking about the DUL
( http://mail-abuse.org/dul/ ) which basically says "we don't accept
mail directly from a dial-up".  This is a separate issue (in terms of
what it lists) from the other blocking lists (RBL, ORBS, or RSS).
Last I looked the DUL blocks a *lot* of spam so I'm sure that if we
turned it off we'd get lots of complaints from the spammed ones.  It
isn't like ORBS where we could probably do without it and not miss it
much.

> I would propose that a "requirement" on the system be that people be
> able to travel and hook up their laptops to major ISPs and still use
> our system.

You just need some mail server which you can authenticate yourself to
(or which otherwise will accept mail from you).  Sometimes this will
be the "major ISP" that you dial into, sometimes it will be your home
ISP/company (using POP-before-SMTP usually, although it could be
something more exotic like smtpauth).  Or, as has been suggested, use
an SSH tunnel to a machine where you can send the mail.

No one has a really nice solution to the problem of sending email
while on the road.  But just counting on being able to send from your
laptop to the destination mail server is becoming less possible (for
example, more and more dialup ISPs are blocking port 25 outbound,
which would foil this kind of usage quite aside from anything which
sourceware is doing).

Re: important people (!) unable to use sourceware

[Jason Molenda]

On Thu, Mar 09, 2000 at 04:21:58PM -0700, Mark Galassi wrote:
> 
> Amigos, I'd like to propose that we drop the current RBL scheme for
> blacklisting.

Project maintainers have several choices:

  1.  Stop ORBS checking.  ORBS is the most aggressive RBL and it
      is also the RBL which blocks the highest number of real users.
      Jim Kingdon can do this on a per-list basis.

  2.  Drop all RBL checking on a per-list basis.

  3.  Drop all RBL checking on a per-list basis and enable a
      subscribers-only-may-post policy.

  4.  Require moderator approval for any mail notes to a list.
      ezmlm easily supports multiple moderators so the workload
      can be distributed.

#3 is untenable for any large mailing list.  cygwin-developers and
libc-hackers are (IIRC) the only two lists taking this approach
right now.  (and both of them require moderator approval for new
people to get subscribed)

No matter what, ezmlm will reject any mail note that doesn't have the
mailing list name in the To: or the Cc: line, so even if all spam
blocking measures are dropped, _some_ spam will be stopped.


The spam blocking is critical for high-visiblity large-subscriber
mailing lists like cygwin and gcc.  Every spam note we get on cygwin
is a major nuisance, and with enough of them, it makes Cygnus look
incompetant.  Other mailing lists with fewer subscribers and lower
visibility have more flexibility.

Jason

Re: important people (!) unable to use sourceware

[Bob Manson]

In message < Pine.BSF.4.21.0003100031190.83132-100000@deneb.dbai.tuwien.ac.at >, 
Gerald Pfeifer writes:
> 1. The only way to fix the problem of mail servers which still act as
>    open relays today is to create pressure on the admins of those
>    servers -- either directly or indirectly via their customers/users.

I totally agree.  Yes, it's being fascist.  That's fine.  Some ISPs
will always insist on running open relays because it's too much work
to do something more rational, and I believe their customers should be
suitably annoyed with them for doing so.  In no way should it become
my annoyance.

Jason and I have discussed the "only allow subscribers to post" policy
in the past.  IMO it's the best overall solution, but I guess new
lusers can't forge mail when they need to or something.  If the
mailing list software allowed the subscriber to specify multiple
allowed from addresses, there wouldn't be any excuse for not doing
this...

Another idea is to require PGP-signed mail, but I bet nobody'd go for
that :-) A similar idea is to require a magic cookie in the mail
header, which is sorta what "subscriber-only" is but is more flexible.
There are definitely easy-to-implement solutions for the mailing
list/spam issue, but so far nobody's bothered to do it...
						Bob

Re: important people (!) unable to use sourceware

[Bob Manson]

In message < 200003100013.TAA04899@devserv.devel.redhat.com >, Jim Kingdon writes
:
>No one has a really nice solution to the problem of sending email
>while on the road.

Actually, there's been an (unofficial?) extension to POP3 (XTND XMIT)
that's been around for at least 10 years, but most of the major pop
servers and mail programs don't appear to use it (the exception being
Eudora and the Qualcomm POP3 server).  It's a shame, really--it's a
bit of a kludge, but we used it extensively when I was doing admin at
OSU and it worked quite well.

Doing it via the POP protocol always seemed like a lot cleaner way of
sending outgoing mail than using SMTP directly, and with a few
appropriate tweaks it was impossible for users to forge mail via the
POP service.  This is an area where again, things are easy to fix, but
nobody wants to do it because it's not terribly interesting...and
there are other forces at work.  (email is free right now, and I'm
quite certain that bothers some commercial interests...never mind, I'm
babbling.)

I believe IMAP has a way to send outgoing mail, but IMAP has other...
problems.
						Bob

Re: important people (!) unable to use sourceware

[Chris Faylor]

On Thu, Mar 09, 2000 at 06:30:48PM -0800, Jason Molenda wrote:
>Every spam note we get on cygwin is a major nuisance, and with enough
>of them, it makes Cygnus look incompetant.

Absolutely.  I am very happy to have the blocks in place.  I was getting
very tired of the knee jerk responses to spam on the cygwin mailing list.
That bothers me almost as much as the spam itself.

Since we've made it clear that we're trying to block spam from the cygwin
mailing list, most people let the occasional errant message go without
comment.

cgf

Re: important people (!) unable to use sourceware

[Jason Molenda]

On Thu, Mar 09, 2000 at 07:25:47PM -0800, Bob Manson wrote:

> Jason and I have discussed the "only allow subscribers to post" policy
> in the past.  IMO it's the best overall solution, but I guess new
> lusers can't forge mail when they need to or something.  If the
> mailing list software allowed the subscriber to specify multiple
> allowed from addresses, there wouldn't be any excuse for not doing
> this...

Actually, ezmlm supports this pretty well.  It has both a subscriber
and an "allow" list.  I would subscribe "jason@domain.org" to
libc-hacker by sending a mail note to

 libc-hacker-subscribe-jason=domain.org@sourceware.cygnus.com

I would specify an alternate e-mail address which should be accepted,
"jason@foo.org" by sending a mail note to

 libc-hacker-allow-subscribe-jason=foo.org@sourceware.cygnus.com

The libc-hacker list is a closed subscription list, so both of thes
need to be approved by the moderator (Uli) before they take effect.

The biggest problem with ezmlm's only-subscribers-may-post is that
it bases its check on the SMTP envelope From_ address, not the
"From:" header in the mail note.  Most people don't realize that
these address may be different.  For instance, Mark Galassi sends
mail as "rosalia@lanl.gov", but his SMTP envelope From_ address
when sending mail from inside LANL is actually "rosalia@nis.lanl.gov".
He would have to know to add that address to the 'allow' list.

Worst case, if they're at an organization where all their client
systems stick the client hostname in the envelope addr, this kind
of posting policy would be nearly useless.  You don't see that kind
of lameo configuration much these days, though.


For a smaller group of subscribers (like cygwin-developers or
libc-hacker) where the participants are generally savvy,
only-subscribers-may-post can work OK.  But if you've got a large
number of people, or a number of clueless users, this arrangement
will cause many headaches for the list maintainer.

Jason

Re: important people (!) unable to use sourceware

[Bart Veer]

>>>>> "Jason" == Jason Molenda <jason@molenda.com> writes:

    <snip>
    Jason> The spam blocking is critical for high-visiblity
    Jason> large-subscriber mailing lists like cygwin and gcc. Every
    Jason> spam note we get on cygwin is a major nuisance, and with
    Jason> enough of them, it makes Cygnus look incompetant. Other
    Jason> mailing lists with fewer subscribers and lower visibility
    Jason> have more flexibility.

As far as the ecos-discuss mailing list is concerned, it would not be
that difficult for spam messages to outnumber the real traffic. I
consider strict spam blocking to be essential, even if inconveniences
some eCos users.

Bart

Re: important people (!) unable to use sourceware

[Jim Kingdon]

> The biggest problem with ezmlm's only-subscribers-may-post is that
> it bases its check on the SMTP envelope From_ address

Thanks for the information.

I've added a page http://sourceware.cygnus.com/sourceware/lists.html
to cover things like this.  Hopefully I've correctly balanced things.
On the one hand to provide some predictability/advice and on the other
hand to let the projects get things done and run things in a way that
will work for them.  Not that the page is a change from the status quo
as I understand it.

Re: important people (!) unable to use sourceware

[Chris Faylor]

On Thu, Mar 09, 2000 at 11:32:26PM -0800, Jason Molenda wrote:
>For a smaller group of subscribers (like cygwin-developers or
>libc-hacker) where the participants are generally savvy,
>only-subscribers-may-post can work OK.  But if you've got a large
>number of people, or a number of clueless users, this arrangement
>will cause many headaches for the list maintainer.

It's odd that this should have come up now.  I just noticed that
somebody was mirroring the cygwin-developers-digest back to
cygwin-developers.

It looks like cygwin-developers-digest does not have the
subscribers-only post policy and ezmlm is not asking me to verify each
subscriber.

I've looked at the ezmlm documents but I can't see any way to change
this behavior myself.  Is that correct?

cgf

Re: important people (!) unable to use sourceware

[Bob Manson]

In message < 20000309233226.A26572@shell17.ba.best.com >, Jason Molenda writes:
>The biggest problem with ezmlm's only-subscribers-may-post is that
>it bases its check on the SMTP envelope From_ address, not the

'course, fixing that is probably a one-line change.  I can understand
why they might do this (to make it harder for people to post spam by
forging mail from one of the list members) but it should be a
configuration option, not hard-coded policy.
						Bob

Re: important people (!) unable to use sourceware

[Jason Molenda]

On Thu, Mar 09, 2000 at 04:21:58PM -0700, Mark Galassi wrote:
> 
> Amigos, I'd like to propose that we drop the current RBL scheme for
> blacklisting.

Project maintainers have several choices:

  1.  Stop ORBS checking.  ORBS is the most aggressive RBL and it
      is also the RBL which blocks the highest number of real users.
      Jim Kingdon can do this on a per-list basis.

  2.  Drop all RBL checking on a per-list basis.

  3.  Drop all RBL checking on a per-list basis and enable a
      subscribers-only-may-post policy.

  4.  Require moderator approval for any mail notes to a list.
      ezmlm easily supports multiple moderators so the workload
      can be distributed.

#3 is untenable for any large mailing list.  cygwin-developers and
libc-hackers are (IIRC) the only two lists taking this approach
right now.  (and both of them require moderator approval for new
people to get subscribed)

No matter what, ezmlm will reject any mail note that doesn't have the
mailing list name in the To: or the Cc: line, so even if all spam
blocking measures are dropped, _some_ spam will be stopped.


The spam blocking is critical for high-visiblity large-subscriber
mailing lists like cygwin and gcc.  Every spam note we get on cygwin
is a major nuisance, and with enough of them, it makes Cygnus look
incompetant.  Other mailing lists with fewer subscribers and lower
visibility have more flexibility.

Jason

Re: important people (!) unable to use sourceware

[Bart Veer]

>>>>> "Jason" == Jason Molenda <jason@molenda.com> writes:

    <snip>
    Jason> The spam blocking is critical for high-visiblity
    Jason> large-subscriber mailing lists like cygwin and gcc. Every
    Jason> spam note we get on cygwin is a major nuisance, and with
    Jason> enough of them, it makes Cygnus look incompetant. Other
    Jason> mailing lists with fewer subscribers and lower visibility
    Jason> have more flexibility.

As far as the ecos-discuss mailing list is concerned, it would not be
that difficult for spam messages to outnumber the real traffic. I
consider strict spam blocking to be essential, even if inconveniences
some eCos users.

Bart

Re: important people (!) unable to use sourceware

[Bob Manson]

In message < 20000309233226.A26572@shell17.ba.best.com >, Jason Molenda writes:
>The biggest problem with ezmlm's only-subscribers-may-post is that
>it bases its check on the SMTP envelope From_ address, not the

'course, fixing that is probably a one-line change.  I can understand
why they might do this (to make it harder for people to post spam by
forging mail from one of the list members) but it should be a
configuration option, not hard-coded policy.
						Bob

important people (!) unable to use sourceware

[Mark Galassi]

Amigos, I'd like to propose that we drop the current RBL scheme for
blacklisting.

A few things have me thinking about it:

1. I'm in Italy for a couple of months and it turns out that TIN (the
   Italian telecom's ISP, which is by far the biggest here) is
   blacklisted.  This is kind of selfish and whine-ey, so let me go
   on:

2. Norm Walsh, the most important person in the DocBook world, is on
   our docbook-tools list.  He's one of the most agreeable people
   you'll ever meet, and he just wrote me this:


> I'm certainly interested. I have a real problem with this
> mailing list though. It turns out that the ISP I use when I
> travel, and I travel too much ;-), has been blacklisted by
> whatever service this mailing list uses to avoid spammers. So I
> can't post here when I'm on the road.

> I'm so pissed about this that I'm "this close" to unsubscribing.

Since I'm going through the same stuff, I fully agree with him, and I
feel embarassed offering the sourceware services to the person I
really want to participate in my list.  And to think I was so honored
when he joined...  Without him my "next generation DocBook thrust"
will be severely diminished.

3. It turns out that the mechanism for white-listing a person
   (i.e. allowing him through even if his ISP is black-listed) does
   not do the job for me or for Norman or for anyone who uses an ISP
   when traveling: Jason says you can't blank out a whole range of IP
   address -- you can only blank them out one at a time.  Almost all
   ISPs give you a dynamic IP address....

4. When traveling I usually work offline, and I suspect others do too.
   I wrote a dozen or more messages on three sourceware lists last
   night, connected to send them off, and found that they had *all*
   bounced.  This makes the problem even worse in the case where it
   manifests itself more easily.

This makes me think that our criteria are too harsh, too much of a
blanket statement, and that they get in the way of work instead of
promoting it.

Is there a better way?  Who's a scholar on spam blacklisting?

I would propose that a "requirement" on the system be that people be
able to travel and hook up their laptops to major ISPs and still use
our system.  Unfortunately outside the US it is not really an option
to telnet back home to send email: things are too slow and people have
to work offline.

Re: important people (!) unable to use sourceware

[Jim Kingdon]

It sounds like you are mostly talking about the DUL
( http://mail-abuse.org/dul/ ) which basically says "we don't accept
mail directly from a dial-up".  This is a separate issue (in terms of
what it lists) from the other blocking lists (RBL, ORBS, or RSS).
Last I looked the DUL blocks a *lot* of spam so I'm sure that if we
turned it off we'd get lots of complaints from the spammed ones.  It
isn't like ORBS where we could probably do without it and not miss it
much.

> I would propose that a "requirement" on the system be that people be
> able to travel and hook up their laptops to major ISPs and still use
> our system.

You just need some mail server which you can authenticate yourself to
(or which otherwise will accept mail from you).  Sometimes this will
be the "major ISP" that you dial into, sometimes it will be your home
ISP/company (using POP-before-SMTP usually, although it could be
something more exotic like smtpauth).  Or, as has been suggested, use
an SSH tunnel to a machine where you can send the mail.

No one has a really nice solution to the problem of sending email
while on the road.  But just counting on being able to send from your
laptop to the destination mail server is becoming less possible (for
example, more and more dialup ISPs are blocking port 25 outbound,
which would foil this kind of usage quite aside from anything which
sourceware is doing).

Re: important people (!) unable to use sourceware

[Jason Molenda]

On Thu, Mar 09, 2000 at 07:25:47PM -0800, Bob Manson wrote:

> Jason and I have discussed the "only allow subscribers to post" policy
> in the past.  IMO it's the best overall solution, but I guess new
> lusers can't forge mail when they need to or something.  If the
> mailing list software allowed the subscriber to specify multiple
> allowed from addresses, there wouldn't be any excuse for not doing
> this...

Actually, ezmlm supports this pretty well.  It has both a subscriber
and an "allow" list.  I would subscribe "jason@domain.org" to
libc-hacker by sending a mail note to

 libc-hacker-subscribe-jason=domain.org@sourceware.cygnus.com

I would specify an alternate e-mail address which should be accepted,
"jason@foo.org" by sending a mail note to

 libc-hacker-allow-subscribe-jason=foo.org@sourceware.cygnus.com

The libc-hacker list is a closed subscription list, so both of thes
need to be approved by the moderator (Uli) before they take effect.

The biggest problem with ezmlm's only-subscribers-may-post is that
it bases its check on the SMTP envelope From_ address, not the
"From:" header in the mail note.  Most people don't realize that
these address may be different.  For instance, Mark Galassi sends
mail as "rosalia@lanl.gov", but his SMTP envelope From_ address
when sending mail from inside LANL is actually "rosalia@nis.lanl.gov".
He would have to know to add that address to the 'allow' list.

Worst case, if they're at an organization where all their client
systems stick the client hostname in the envelope addr, this kind
of posting policy would be nearly useless.  You don't see that kind
of lameo configuration much these days, though.


For a smaller group of subscribers (like cygwin-developers or
libc-hacker) where the participants are generally savvy,
only-subscribers-may-post can work OK.  But if you've got a large
number of people, or a number of clueless users, this arrangement
will cause many headaches for the list maintainer.

Jason

Re: important people (!) unable to use sourceware

[Jim Kingdon]

> The biggest problem with ezmlm's only-subscribers-may-post is that
> it bases its check on the SMTP envelope From_ address

Thanks for the information.

I've added a page http://sourceware.cygnus.com/sourceware/lists.html
to cover things like this.  Hopefully I've correctly balanced things.
On the one hand to provide some predictability/advice and on the other
hand to let the projects get things done and run things in a way that
will work for them.  Not that the page is a change from the status quo
as I understand it.

Re: important people (!) unable to use sourceware

[Chris Faylor]

On Thu, Mar 09, 2000 at 06:30:48PM -0800, Jason Molenda wrote:
>Every spam note we get on cygwin is a major nuisance, and with enough
>of them, it makes Cygnus look incompetant.

Absolutely.  I am very happy to have the blocks in place.  I was getting
very tired of the knee jerk responses to spam on the cygwin mailing list.
That bothers me almost as much as the spam itself.

Since we've made it clear that we're trying to block spam from the cygwin
mailing list, most people let the occasional errant message go without
comment.

cgf

Re: important people (!) unable to use sourceware

[Bob Manson]

In message < Pine.BSF.4.21.0003100031190.83132-100000@deneb.dbai.tuwien.ac.at >, 
Gerald Pfeifer writes:
> 1. The only way to fix the problem of mail servers which still act as
>    open relays today is to create pressure on the admins of those
>    servers -- either directly or indirectly via their customers/users.

I totally agree.  Yes, it's being fascist.  That's fine.  Some ISPs
will always insist on running open relays because it's too much work
to do something more rational, and I believe their customers should be
suitably annoyed with them for doing so.  In no way should it become
my annoyance.

Jason and I have discussed the "only allow subscribers to post" policy
in the past.  IMO it's the best overall solution, but I guess new
lusers can't forge mail when they need to or something.  If the
mailing list software allowed the subscriber to specify multiple
allowed from addresses, there wouldn't be any excuse for not doing
this...

Another idea is to require PGP-signed mail, but I bet nobody'd go for
that :-) A similar idea is to require a magic cookie in the mail
header, which is sorta what "subscriber-only" is but is more flexible.
There are definitely easy-to-implement solutions for the mailing
list/spam issue, but so far nobody's bothered to do it...
						Bob

Re: important people (!) unable to use sourceware

[Bob Manson]

In message < 200003100013.TAA04899@devserv.devel.redhat.com >, Jim Kingdon writes
:
>No one has a really nice solution to the problem of sending email
>while on the road.

Actually, there's been an (unofficial?) extension to POP3 (XTND XMIT)
that's been around for at least 10 years, but most of the major pop
servers and mail programs don't appear to use it (the exception being
Eudora and the Qualcomm POP3 server).  It's a shame, really--it's a
bit of a kludge, but we used it extensively when I was doing admin at
OSU and it worked quite well.

Doing it via the POP protocol always seemed like a lot cleaner way of
sending outgoing mail than using SMTP directly, and with a few
appropriate tweaks it was impossible for users to forge mail via the
POP service.  This is an area where again, things are easy to fix, but
nobody wants to do it because it's not terribly interesting...and
there are other forces at work.  (email is free right now, and I'm
quite certain that bothers some commercial interests...never mind, I'm
babbling.)

I believe IMAP has a way to send outgoing mail, but IMAP has other...
problems.
						Bob

Re: important people (!) unable to use sourceware

[Chris Faylor]

On Thu, Mar 09, 2000 at 11:32:26PM -0800, Jason Molenda wrote:
>For a smaller group of subscribers (like cygwin-developers or
>libc-hacker) where the participants are generally savvy,
>only-subscribers-may-post can work OK.  But if you've got a large
>number of people, or a number of clueless users, this arrangement
>will cause many headaches for the list maintainer.

It's odd that this should have come up now.  I just noticed that
somebody was mirroring the cygwin-developers-digest back to
cygwin-developers.

It looks like cygwin-developers-digest does not have the
subscribers-only post policy and ezmlm is not asking me to verify each
subscriber.

I've looked at the ezmlm documents but I can't see any way to change
this behavior myself.  Is that correct?

cgf

Re: important people (!) unable to use sourceware

[Gerald Pfeifer]

On 9 Mar 2000, Mark Galassi wrote:
> Amigos, I'd like to propose that we drop the current RBL scheme for
> blacklisting.

This will cause a ten-fold increase of Spam to the GCC lists.

For one of my old accounts which I stopped using four years ago, I got 39
pieces of spam last month, nearly 100% via ORBS or MAPS RSS listed hosts.

> 1. I'm in Italy for a couple of months and it turns out that TIN (the
>    Italian telecom's ISP, which is by far the biggest here) is
>    blacklisted.

I know. They have open relays some of which I complained about a year
ago. Neither did I get any response nor did they solve the problem.

> 2. Norm Walsh, the most important person in the DocBook world, is on
>    our docbook-tools list.

Well, I guess we could disable the RBL checks for the docbook-tools list,
but I don't think this solution is acceptable for many/most(?) other lists
on sourceware.

> Is there a better way?  Who's a scholar on spam blacklisting?

Some thoughts:

 1. The only way to fix the problem of mail servers which still act as
    open relays today is to create pressure on the admins of those
    servers -- either directly or indirectly via their customers/users.

 2. Use a mail server that provides SMTP SASL or SMTP-after-POP. Both
    solutions allow legitimate users to relay mail from anywhere in the
    world, still blocking spammers!

 3. In the worst case, use SSH to tunnel the SMTP connection to a hosts
    where you have a regular user account.

 4. If your provider does not implement current standards, consider
    switching to a different one which does. Or complain. Loudly.
    After all, you pay for the service!

Gerald
-- 
Gerald "Jerry" pfeifer@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at/~pfeifer/