From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jim Kingdon To: overseers@sourceware.cygnus.com Subject: ORBS redux, round n Date: Fri, 24 Mar 2000 08:22:00 -0000 Message-ID: <200003241622.LAA16172@devserv.devel.redhat.com> X-SW-Source: 2000-q1/msg00078.html Message-ID: <20000324082200.GEBQLROMytmv8lsYVJkBdw2bbsV1fOiJ03XKivR8zA0@z> OK, let me try to approach the ORBS thing in a calmer manner (yeah, I know, fat chance, but I'll try :-)). The current problem with ORBS is that there are situations in which someone's mail is getting blocked and I don't know what to tell them. For example, someone wrote in with 24.95.79.12 as their IP ("nslookup 12.79.95.24.relays.orbs.org" returns 127.0.0.4). Note that this is a static ORBS listing - not a listing because it was tested and found to be an open relay (see discussion of 127.0.0.4 at http://www.orbs.org/usingindex.html ). Actual open relays will get listed by RSS in due course, so people who have open relays are still going to need to fix them, with or without ORBS. So what are our options? * Do nothing. Comfort ourselves with the fact that the people annoyed by ORBS are fewer in number than the people annoyed by spam. * Tell people "you need to allow ORBS to probe for open relays on your network". Do we really want to require this as a condition for sending email to us? And is it known that concern over being probed is the only reason people get a static ORBS listing? * Modify our tester so that we only consider ORBS listings of 127.0.0.2. I guess the main downside for me is just that it would make our configuration more complicated at a time when we are having fewer and fewer resources (that I've noticed, anyway) available for maintain a complex configuration. * Stop using ORBS and rely on RSS for open relay blocking. There are certain problems which the above solutions don't solve (multi-level relays, the PR factor of whether ORBS is widely respected quite aside from whether those perceptions are justified, there might be others). The question is how much spam RSS would let through that is currently being blocked by ORBS. [kingdon@sourceware /qmail]$ grep RSS /var/log/rbl-checks | wc -l 112 [kingdon@sourceware /qmail]$ grep ORBS /var/log/rbl-checks | wc -l 396 [kingdon@sourceware /qmail]$ If memory serves, rblcheck checks RSS first, then ORBS, so the above numbers are pretty bad for RSS. * Any others? I guess I'm leaning towards "do nothing" until/unless RSS gets more effective.