ORBS redux, round n - Jim Kingdon

public inbox for overseers@sourceware.org
 help / color / mirror / Atom feed

From: Jim Kingdon <kingdon@redhat.com>
To: overseers@sourceware.cygnus.com
Subject: ORBS redux, round n
Date: Sat, 30 Dec 2000 06:08:00 -0000	[thread overview]
Message-ID: <200003241622.LAA16172@devserv.devel.redhat.com> (raw)

OK, let me try to approach the ORBS thing in a calmer manner (yeah, I
know, fat chance, but I'll try :-)).

The current problem with ORBS is that there are situations in which
someone's mail is getting blocked and I don't know what to tell them.
For example, someone wrote in with 24.95.79.12 as their IP ("nslookup
12.79.95.24.relays.orbs.org" returns 127.0.0.4).  Note that this is a
static ORBS listing - not a listing because it was tested and found to
be an open relay (see discussion of 127.0.0.4 at
http://www.orbs.org/usingindex.html ).  Actual open relays will get
listed by RSS in due course, so people who have open relays are still
going to need to fix them, with or without ORBS.

So what are our options?

* Do nothing.  Comfort ourselves with the fact that the people annoyed
  by ORBS are fewer in number than the people annoyed by spam.

* Tell people "you need to allow ORBS to probe for open relays on your
  network".  Do we really want to require this as a condition for
  sending email to us?  And is it known that concern over being probed
  is the only reason people get a static ORBS listing?

* Modify our tester so that we only consider ORBS listings of
  127.0.0.2.  I guess the main downside for me is just that it would
  make our configuration more complicated at a time when we are having
  fewer and fewer resources (that I've noticed, anyway) available for
  maintain a complex configuration.

* Stop using ORBS and rely on RSS for open relay blocking.  There are
  certain problems which the above solutions don't solve (multi-level
  relays, the PR factor of whether ORBS is widely respected quite
  aside from whether those perceptions are justified, there might be
  others).  The question is how much spam RSS would let through that
  is currently being blocked by ORBS.

    [kingdon@sourceware /qmail]$ grep RSS /var/log/rbl-checks | wc -l
	112
    [kingdon@sourceware /qmail]$ grep ORBS /var/log/rbl-checks | wc -l
	396
    [kingdon@sourceware /qmail]$ 

  If memory serves, rblcheck checks RSS first, then ORBS, so the above
  numbers are pretty bad for RSS.

* Any others?

I guess I'm leaning towards "do nothing" until/unless RSS gets more
effective.

WARNING: multiple messages have this Message-ID

From: Jim Kingdon <kingdon@redhat.com>
To: overseers@sourceware.cygnus.com
Subject: ORBS redux, round n
Date: Fri, 24 Mar 2000 08:22:00 -0000	[thread overview]
Message-ID: <200003241622.LAA16172@devserv.devel.redhat.com> (raw)
Message-ID: <20000324082200.GEBQLROMytmv8lsYVJkBdw2bbsV1fOiJ03XKivR8zA0@z> (raw)

OK, let me try to approach the ORBS thing in a calmer manner (yeah, I
know, fat chance, but I'll try :-)).

The current problem with ORBS is that there are situations in which
someone's mail is getting blocked and I don't know what to tell them.
For example, someone wrote in with 24.95.79.12 as their IP ("nslookup
12.79.95.24.relays.orbs.org" returns 127.0.0.4).  Note that this is a
static ORBS listing - not a listing because it was tested and found to
be an open relay (see discussion of 127.0.0.4 at
http://www.orbs.org/usingindex.html ).  Actual open relays will get
listed by RSS in due course, so people who have open relays are still
going to need to fix them, with or without ORBS.

So what are our options?

* Do nothing.  Comfort ourselves with the fact that the people annoyed
  by ORBS are fewer in number than the people annoyed by spam.

* Tell people "you need to allow ORBS to probe for open relays on your
  network".  Do we really want to require this as a condition for
  sending email to us?  And is it known that concern over being probed
  is the only reason people get a static ORBS listing?

* Modify our tester so that we only consider ORBS listings of
  127.0.0.2.  I guess the main downside for me is just that it would
  make our configuration more complicated at a time when we are having
  fewer and fewer resources (that I've noticed, anyway) available for
  maintain a complex configuration.

* Stop using ORBS and rely on RSS for open relay blocking.  There are
  certain problems which the above solutions don't solve (multi-level
  relays, the PR factor of whether ORBS is widely respected quite
  aside from whether those perceptions are justified, there might be
  others).  The question is how much spam RSS would let through that
  is currently being blocked by ORBS.

    [kingdon@sourceware /qmail]$ grep RSS /var/log/rbl-checks | wc -l
	112
    [kingdon@sourceware /qmail]$ grep ORBS /var/log/rbl-checks | wc -l
	396
    [kingdon@sourceware /qmail]$ 

  If memory serves, rblcheck checks RSS first, then ORBS, so the above
  numbers are pretty bad for RSS.

* Any others?

I guess I'm leaning towards "do nothing" until/unless RSS gets more
effective.

next             reply	other threads:[~2000-12-30  6:08 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2000-12-30  6:08 Jim Kingdon [this message]
2000-03-24  8:22 ` Jim Kingdon
2000-12-30  6:08 ` Chris Faylor
2000-03-24  8:28   ` Chris Faylor
2000-12-30  6:08   ` Jonathan Larmour
2000-03-24  8:32     ` Jonathan Larmour
2000-12-30  6:08     ` Chris Faylor
2000-03-24  8:33       ` Chris Faylor
2000-12-30  6:08       ` Jim Kingdon
2000-03-24  8:41         ` Jim Kingdon
2000-12-30  6:08         ` Tom Tromey
2000-03-24  8:50           ` Tom Tromey
2000-12-30  6:08           ` Chris Faylor
2000-03-24  8:53             ` Chris Faylor
2000-12-30  6:08         ` Jonathan Larmour
2000-03-24  8:54           ` Jonathan Larmour
2000-12-30  6:08           ` Chris Faylor
2000-03-24  8:58             ` Chris Faylor
2000-12-30  6:08             ` Chris Faylor
2000-03-24  9:02               ` Chris Faylor
2000-12-30  6:08               ` Jim Kingdon
2000-03-24  9:54                 ` Jim Kingdon
2000-12-30  6:08           ` Jeffrey A Law
2000-03-24  9:19             ` Jeffrey A Law
2000-12-30  6:08             ` Jonathan Larmour
2000-03-24  9:22               ` Jonathan Larmour
2000-12-30  6:08               ` Chris Faylor
2000-03-24  9:57                 ` Chris Faylor
2000-12-30  6:08         ` Jeffrey A Law
2000-03-24  9:11           ` Jeffrey A Law
2000-12-30  6:08 Phil Edwards
2000-03-24  9:04 ` Phil Edwards

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200003241622.LAA16172@devserv.devel.redhat.com \
    --to=kingdon@redhat.com \
    --cc=overseers@sourceware.cygnus.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).