1 Sep
2004
1 Sep
'04
2:49 p.m.
Bruce Lane <kyrrin(a)bluefeathertech.com> wrote:
This tells me right away that he has absolutely no
concept of what I,
as a self-hosted SysAdmin, go through each and every DAY, trying to
protect my network effectively against outside abuse.
I have always advocated for a law that bans both spam and spamblocking,
and imposes penalties for spamblockers 10 times as stiff as those for
spammers. 1 year in prison for spam, 10 years in prison for spamblocking.
Or 10 years in prison for spam, execution by guillotine on live TV for
spamblocking.
MS,
who is also a completely self-host sysadmin, publishes his E-mail
address far and wide, and uses absolutely no filtering of any kind.
Former president of American Internet Relay League and proud open
ARPA Internet mail relay operator, until being forced down by harassment
from criminal paramilitary death squad organisations
like MAPS and ORBS.
1 Sep
1 Sep
3:21 p.m.
n Sep 1, 2004, at 7:49 PM, Michael Sokolov wrote:
I have always advocated for a law that bans both spam and spamblocking,
and imposes penalties for spamblockers 10 times as stiff as those for
spammers.
Why are you against spamblocking? If I understand correctly, you wish
that I not
have a choice to ignore and not read mail that I am not interested in?
4 p.m.
MS wrote...
who is also a completely self-host sysadmin, publishes
his E-mail
address far and wide, and uses absolutely no filtering of any kind.
What is this term "self-host sysadmin"?
Former president of American Internet Relay League and
proud open
ARPA Internet mail relay operator, until being forced down by harassment
from criminal paramilitary death squad organisations like MAPS and ORBS.
Anyone who runs an open relay mail service is quite frankly the very
definition of harassment and criminal. There is never, ever, under any
circumstance whatsoever, a reason to have an open relay. For any situation
that you can propose as to why an open relay is needed, I can show you an
example of clear lack of understanding in how to configure the system.
Sorry, raw nerve.
Jay
4:58 p.m.
Former
president of American Internet Relay League and proud open
ARPA Internet mail relay operator, until being forced down by harassment
from criminal paramilitary death squad organisations like MAPS and ORBS.
Anyone who runs an open relay mail service is quite frankly the very
definition of harassment and criminal.
4:58 p.m.
Seconded. No excuse for it in this day and age with
just about everyone
having access to locally supported mail hosts they can use for outgoing
mail. Open relays serve no purpose except to be abused.
Every single time I've heard a sendmail newbie (or any mail admin wannabe)
saying "oh, but, an open relay is the only way to solve THIS particular
problem".... it's turned out that the admin was totally unaware of the
facilities built into the software (or the engineering of the entire mail
infrastructure) that handle doing exactly what was desired, without opening
up relaying. An open relay is a clear indicator of one of two things:
ignorance, or malicious intent.
Jay
2 Sep
2 Sep
1:46 a.m.
>>>> "Cameron" == Cameron Kaiser
<spectre(a)floodgap.com> writes:
> > Former president of American Internet Relay
League and proud
> open > ARPA Internet mail relay operator, until being forced down
> by harassment > from criminal paramilitary death squad
> organisations like MAPS and ORBS.
>
> Anyone who runs an open relay mail service is quite frankly the
> very definition of harassment and criminal.
Cameron> Seconded. No excuse for it in this day and age with just
Cameron> about everyone having access to locally supported mail hosts
Cameron> they can use for outgoing mail. Open relays serve no purpose
Cameron> except to be abused.
Indeed. But only fools react to open relays by blacklisting an entire
ISP domain, as (I think) ORBS has done.
paul
4:24 a.m.
New subject: SMTP Relays...
>>
>> Indeed. But only fools react to open relays by
>> blacklisting an entire ISP domain, as (I think) ORBS has done.
>>
But what IF a major service provider was to decide to "reduce spam" by
prefenting ALL of their residential customers from accessing and SMTP server
but their own [the cable company's].....
This has actually happended here in NY. You MUST use their SMTP server!!!!
[they have blocked ALL outbound traffic on port 25 except to their IP!]
5:59 a.m.
New subject: SMTP Relays...
But what IF a major service provider was to decide to
"reduce spam" by
prefenting ALL of their residential customers from accessing and SMTP
server
but their own [the cable company's].....
This has actually happended here in NY. You MUST use their SMTP server!!!!
[they have blocked ALL outbound traffic on port 25 except to their IP!]
You are missing the big picture of how this all works. Them insisting you
use their smtp server (for outbound) is a perfectly sane and reasonable
thing. And what do you mean "this actually happened in new york"? What you
describe is the way it HAS been at probably more than 90% of ISP's for the
past 5+ years.
Jay West
---
[This E-mail scanned for viruses by Declude Virus]
5:42 a.m.
Indeed. But only fools react to open relays by
blacklisting an entire
ISP domain, as (I think) ORBS has done.
Blocking a whole domain is silly, to me at least from the ISP prospective. I
defend an end client's right to do so though.
I am not aware of ORBS blocking whole domains, however, there ARE some
domains out there that are so exclusively the home of spammers I can
certainly understand it.
Of course mail server admins are free to do what they want, including open
relaying. However, I am also free to disallow my servers from talking to
servers run by such admins. Not a whole domain, but a particular mail
server. I guess is someone is infected with a contagious disease, one can
argue it is their right to stand on a street corner and intentionally cough
on everyone. But... I also have every right to walk away and not put myself
in contact with them. Same thing for mail servers. If someone configures
their server in such a careless way that my server connecting to it can
cause my server a problem (50gb of spam), I have every right to decide not
to allow connections to that mail server.
Jay
---
[This E-mail scanned for viruses by Declude Virus]
6 a.m.
>>>> "Jay" == Jay West
<jwest(a)classiccmp.org> writes:
> Indeed. But only fools react to open relays by
blacklisting an
> entire ISP domain, as (I think) ORBS has done.
Jay> Blocking a whole domain is silly, to me at least from the ISP
Jay> prospective. I defend an end client's right to do so though.
Jay> I am not aware of ORBS blocking whole domains, however, there
Jay> ARE some domains out there that are so exclusively the home of
Jay> spammers I can certainly understand it.
I'm not sure if it was ORBS or another one of those blacklist
"services". In any case, it was blacklisting all domains belonging to
SPRINT and SPRINTnet. I found out because our company uses or used
SPRINT as its ISP, as do millions of others. It turned out that this
was done on purpose.
I concluded that the people running that blacklist are utter morons,
and since then I have seen similar idiotic actions either by that same
outfit or by others like it (for example, blacklisting adelphia.net
smtp servers because one Adelphia customer sent spam via that server).
It may be that there exist blacklist operators with more than room
temperature IQ. But the samples I have seen to date are not
encouraging.
paul
7:08 a.m.
I'm not sure if it was ORBS or another one of
those blacklist
"services". In any case, it was blacklisting all domains belonging to
SPRINT and SPRINTnet. I found out because our company uses or used
SPRINT as its ISP, as do millions of others. It turned out that this
was done on purpose.
I concluded that the people running that blacklist are utter morons,
and since then I have seen similar idiotic actions either by that same
outfit or by others like it (for example, blacklisting adelphia.net
smtp servers because one Adelphia customer sent spam via that server).
They're not morons, they just have a ruthless attitude about companies
that won't enforce their own AUP. That's how Sprint got whole IP blocks
blacklisted. It likely never would have happened had they actually gone
after the spammers lurking on their networks.
g.
7:03 a.m.
>>>> "Gene" == Gene Buckle
<geneb(a)deltasoft.com> writes:
> I'm not sure if it was ORBS or another one of
those blacklist
> "services". In any case, it was blacklisting all domains
> belonging to SPRINT and SPRINTnet. I found out because our
> company uses or used SPRINT as its ISP, as do millions of others.
> It turned out that this was done on purpose.
>
> I concluded that the people running that blacklist are utter
> morons, and since then I have seen similar idiotic actions either
> by that same outfit or by others like it (for example,
> blacklisting adelphia.net smtp servers because one Adelphia
> customer sent spam via that server).
Gene> They're not morons, they just have a ruthless attitude about
Gene> companies that won't enforce their own AUP.
I guess we'll just have different opinions here. I will continue to
view them as morons and describe them as morons whenever this issue
comes up.
paul
7:22 a.m.
Gene> They're not morons, they just have a ruthless attitude about
Gene> companies that won't enforce their own AUP.
I guess we'll just have different opinions here. I will continue to
view them as morons and describe them as morons whenever this issue
comes up.
That's ok. Frankly I wish they'd issue hunting licenses for spammers so I
could firebomb their homes legally. :)
g.
8:11 a.m.
New subject: spammers
On Thu, 2 Sep 2004, Gene Buckle wrote:
That's ok. Frankly I wish they'd issue
hunting licenses for spammers so I
could firebomb their homes legally. :)
Apparently, there are already people doing that.
But, because it is inconvenient to deal with somebody who
is not local, there needs to be comprehensive, detailed,
and accurate publication of spammer identities, so that
their neighbors can help them to make the decision to stop.
8:54 a.m.
Paul Koning wrote:
That was ORBS, IIRC, and I have to agree with you concerning their
apparent intelligence. Their practices and processes seem much closer
to ideological extortion than to spam prevention.
Doc
>>>>"Jay" == Jay West <jwest(a)classiccmp.org> writes:
Jay> I am not aware of ORBS blocking whole domains, however, there
Jay> ARE some domains out there that are so exclusively the home of
Jay> spammers I can certainly understand it.
I'm not sure if it was ORBS or another one of those blacklist
"services". In any case, it was blacklisting all domains belonging to
SPRINT and SPRINTnet. I found out because our company uses or used
SPRINT as its ISP, as do millions of others. It turned out that this
was done on purpose.
I concluded that the people running that blacklist are utter morons,
and since then I have seen similar idiotic actions either by that same
outfit or by others like it (for example, blacklisting adelphia.net
smtp servers because one Adelphia customer sent spam via that server).
10:55 a.m.
It may be that there exist blacklist operators with
more than room
temperature IQ. But the samples I have seen to date are not
encouraging.
Myself, I have found ORDB (note: *not* ORBS) to be very fair and have a low
false-positive rate, and routinely use it on all incoming mail. Also, I
have had relatively good results with Spamhaus SBL.
My public E-mail addresses I use for Usenet and post on my web pages are
checked against additional, more "aggressive" lists, such as DSBL Multihop
and Spamhaus SBL/XBL. So far I have not had any false positives on these
either, although I accept the additional risk with these more intolerant
services. On the other hand, the signal:noise ratio on those addresses is
much, much lower.
--
---------------------------------- personal: http://www.armory.com/~spectre/ --
Cameron Kaiser, Floodgap Systems Ltd * So. Calif., USA * ckaiser(a)floodgap.com
-- Magic armour is not all it's cracked up to be. -- Terry Pratchett ----------
3 Sep
3 Sep
10:37 a.m.
On 03/09/2004, at 3:42 AM, Jay West wrote:
ISTR that at one stage all of .au was blacklisted by one of the
Blacklisting services.
My ISP blocks outgoing port 25 connections but my e-mail provider (not
my ISP but a very
nice VMS cluster) is now accessible on another (secured) port.
Huw Davies | e-mail: Huw.Davies(a)kerberos.davies.net.au
Melbourne | "If soccer was meant to be played in the
Australia | air, the sky would be painted green"
Indeed. But
only fools react to open relays by blacklisting an entire
ISP domain, as (I think) ORBS has done.
Blocking a whole domain is silly, to me at least from the ISP
prospective. I
defend an end client's right to do so though. 
1 Sep
1 Sep
6:36 p.m.
> Former president of American Internet Relay League
and proud open
> ARPA Internet mail relay operator, until being forced down by
> harassment from criminal paramilitary death squad organisations like
> MAPS and ORBS.
My dear sir, if you believe criminal behaviour was involved you should
be going to law enforcement, not whining here.
Anyone who runs an open relay mail service is quite
frankly the very
definition of harassment and criminal.
Hardly. At least so far, it is not actually illegal, and thus not
criminal - at least not (as far as I've heard) in any relevant
jurisdiction. Nor, as far as I can see, is it harassment, though it
certainly could be an accomplice before and during the fact. (At least
in most senses of harassment. There is a meaning for "harass", "to
irritate or torment persistently", by which it could be construed as
harassing you for such a thing to merely exist, if its bare existence
irritates you.)
There is never, ever, under any circumstance
whatsoever, a reason to
have an open relay.
Oh, nonsense. Say, on a network not connected in any way to the
worldwide Internet, where the (local) convenience *does* outweigh the
(small) risk.
For any situation that you can propose as to why an
open relay is
needed, I can show you an example of clear lack of understanding in
how to configure the system.
Not "needed". Just, like most security, a risk/benefit analysis, here
coming out in favor of the low setup and maintenance cost.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse(a)rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
2 Sep
2 Sep
5:57 a.m.
Hardly. At least so far, it is not actually illegal,
and thus not
criminal - at least not (as far as I've heard) in any relevant
jurisdiction. Nor, as far as I can see, is it harassment, though it
Are you trying
to say that when my mail server connects to theirs (or vice
versa) and gets a diskfilling denial of service due to spam that causes my
system to crash and or become unusable, which takes out service for
thousands of my customers, isn't harassment? Of COURSE it is.
Oh, nonsense. Say, on a network not connected in any
way to the
worldwide Internet, where the (local) convenience *does* outweigh the
(small) risk.
WRONG - give me an example of this "local convenience".
Just take 10 minutes
to configure the allowable src/dst and it wont be necessary. So what you are
saying is it's ok to create a dangerous situation rather than configure it
right to only allow relaying from truely local domains because it's "out of
reach". I see two problems with your stance. First, that system MAY be "off
the net". But what if a year later it's decided to add it to the net? Or
second, what happens if it's configured for open relaying and is behind a
firewall, and later some hacker gets around the firewall (read: VPN)? They
then have a machine "ready to r0ck dudez!". Just do your JOB in the first
place, instead of being LAZY and none of this is an issue.
Let me give you an analogy in response. Setting a can of gasoline and an
open flame lantern next to eachother on the sidewalk of a busy street is a
STUPID idea. But you know what? Setting a can of gasoline and an open flame
latern next to eachother in the privacy of your own home, behind locked
doors... is *STILL* irresponsible. It's just plain LAZY.
Not "needed". Just, like most security, a
risk/benefit analysis, here
coming out in favor of the low setup and maintenance cost.
setting it up right IS
low setup and low maintenance. Setting it up wrong is
begging for high cost. More specifically, an admin who takes the route of..
"Oh, I'm just going to allow open relay because it SHOULDNT cause a
problem", is someone who is careless and more importantly, leaving a large
timebomb waiting for some other admin later (or themselves) to step on.
I could ALMOST see your point if configuring the allowable src/dst was a non
trivial task. The fact is, it takes just a couple minutes. So sys admins who
use that excuse are just plain lazy, and irresponsible. Unfortunately, they
are not just putting themselves at peril, they are putting others at peril
due to their laziness.
Jay
---
[This E-mail scanned for viruses by Declude Virus]
6:11 a.m.
Nor, as far as
I can see, is it harassment,
Are you trying to say that when my mail server
connects to theirs (or
vice versa) and gets a diskfilling denial of service due to spam that
causes my system to crash and or become unusable, which takes out
service for thousands of my customers, isn't harassment? Oh, nonsense.
Say, on a network not connected in any way to the
worldwide Internet, where the (local) convenience *does* outweigh
the (small) risk.
WRONG - give me an example of this "local
convenience". Just take 10 minutes to configure the allowable
src/dst and it wont
be necessary.
It requires figuring out how to configure it, if nothing else, and it
really isn't always necessary. In particular, it is not for _you_ to
say when the risk outweighs the benefit on _somone else's_ setup.
I note that all your "but what if"s assume that the setup is an ongoing
thing. Suppose I'm experimenting with some captured malware on three
machines completely isolated from anything else (nothing but sneakernet
from the net to it, nothing at all from it to the net
except for my
knowledge resulting from the analysis), all of which will have their
disks wiped when I'm done. Where's the risk? Maybe I'll accidentally
run an Ethernet cable to the wrong side of the room? I think that's
significantly less likely than my misconfiguring an on-the-net server
as open by mistake.
Or second, what happens if it's configured for
open relaying and is
behind a firewall,
I didn't say "behind a firewall"; I said "not connected in any way to
the worldwide Internet".
Just, like
most security, a risk/benefit analysis, here coming out
in favor of the low setup and maintenance cost.
setting it up right IS low setup
and low maintenance.
11:57 a.m.
New subject: SMTP
Der Mouse... just wanted you to know I wasn't attacking you directly. Got
home and reread the posts from today and realized it could have come across
that way. My apologies. We've talked offlist and I know you're a competent
admin so I didn't want to appear to attack you personally.
We do, however, steadfastly disagree on the open relay issue, which is
perfectly ok :)
Regards,
Jay West
3:56 p.m.
New subject: SMTP
Der Mouse... just wanted you to know I wasn't
attacking you directly.
Got home and reread the posts from today and realized it could have
come across that way.
Thank you. Like a lot of geeks, I'm relatively insensitive to such,
but also tend to be insensitive when I'm on the other side of the
exchange.
Or, to put it another way, no offense taken - and none meant. :-)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse(a)rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
1 Sep
1 Sep
4:22 p.m.
on TV? this could be stranger than WWF!
Thanks Ed Sharpe archivist for SMECC
Please check our web site at
http://www.smecc.org
to see other engineering fields, communications and computation stuff we
buy, and by all means when in Arizona drop in and see us.
address:
coury house / smecc
5802 w palmaire ave
glendale az 85301
----- Original Message -----
From: "Michael Sokolov" <msokolov(a)ivan.Harhan.ORG>
To: <cctalk(a)classiccmp.org>
Sent: Wednesday, September 01, 2004 7:49 PM
Subject: Re: Does the name 'Ed Kelleher' ring any bells?
Bruce Lane <kyrrin(a)bluefeathertech.com> wrote:
This tells me right away that he has absolutely
no concept of what I,
as a self-hosted SysAdmin, go through each and every DAY, trying to
protect my network effectively against outside abuse.
I have always advocated for a law that bans both spam and spamblocking,
and imposes penalties for spamblockers 10 times as stiff as those for
spammers. 1 year in prison for spam, 10 years in prison for spamblocking.
Or 10 years in prison for spam, execution by guillotine on live TV for
spamblocking.
MS,
who is also a completely self-host sysadmin, publishes his E-mail
address far and wide, and uses absolutely no filtering of any kind.
Former president of American Internet Relay League and proud open
ARPA Internet mail relay operator, until being forced down by harassment
from criminal paramilitary death squad organisations like MAPS and ORBS.
7367
days inactive
7369
days old
22 comments
12 participants
participants (12)
-
cisin@xenosoft.com -
doc@mdrconsult.com -
dvcorbin@optonline.net -
esharpe@uswest.net -
geneb@deltasoft.com -
huw.davies@kerberos.davies.net.au -
jwest@classiccmp.org -
mouse@Rodents.Montreal.QC.CA -
msokolov@ivan.Harhan.ORG -
pkoning@equallogic.com -
ron.hudson@sbcglobal.net -
spectre@floodgap.com