Re: REFUSED MAIL (please everyone read)
1) There is not a 1:1 relationship between open relays and spam 2) Most open relays will never have any spam touch them 3) Systems such as ORBL punish mostly non-spammers, and are abusive about the way they go about their probing and listing. They don't make a decent effort to inform server owners of an impending blacklist entry, and if they follow in the footsteps of their predecessor (ORBS) they would actually act as a spam PROMOTER because they would PUBLISH lists of spam-relays which makes it even more trivial for spammers to abuse those hosts. (ORBL's predecessor ORBS, in large part due to such obnoxious tactics, has been hounded off the net twice now) 4) Huge amounts of non-spam email are blocked or lost as a result of systems such as ORBL's. As you can see already, perfectly legitimate email from list users has already been blocked on this list. 5) If your intent is to address the spam problem, I suggest using one of the MAPS/RBL lists (or something more sophisticated), not the ORBL one. MAPS at least tries to make a good-faith effort to contact mail admins before blackholing their SMTP servers. 6) I don't know the current status, but I don't see any reason to allow posting to the list by non-members. On 28 Jul 2001, at 20:38, Douglas J. Hunley boldly uttered: Seems some people are having issues posting to the list lately. Their mail is being rejected. For those who didn't bother to read the reject, or cant make sense of what it is saying, read on.. everyone else, feel free to delete this message. linux.nf and hunley.homeip.net both use http://or.orbl.org as a DNS blacklisting site for incoming mail. I hate to use this feature cause I do realize that it is not 100%, however the amount of spam that hits the domains on my machines necessitate it. here's how it works. A user on 65.24.128.219 sends mail to linux.nf. the sendmail daemon on linux.nf sees the mail coming from this machine, initiates a dns lookup to 219.128.24.65.or.orbl.org. That lookup either indicates that 65.24.128.219 is listed as on open mail relay or is not. If it is listed, the sendmail daemon issues a 550 error stating that email from 65.24.128.219 is blocked and dumps the incoming mail into /dev/null. If it is not lsted, then the mail is accepted and everyone is happy. If you find that you are getting these rejection messages, READ the message. Write down what machine was rejected and contact your admin. Tell them that the machine in question is listed as an open relay and they need to go to http://or.orbl.org and follow the directions therein to have their site removed from the blacklist. If they refuse, I suggest you find another provider... there is really no excuse for running open relays. Thanks and sorry about the inconvenience and hassle; however, I do feel it is worth it. -- Douglas J. Hunley ([EMAIL PROTECTED]) - Linux User #174778 Admin: http://hunley.homeip.net/ Admin: http://linux.nf/ Brainbench Linux Administration Certified -- Philip J. Koenig [EMAIL PROTECTED] Electric Kahuna Systems -- Computers Communications for the New Millenium ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: REFUSED MAIL (please everyone read)
On Sunday 29 July 2001 19:23, Philip J. Koenig wrote: 6) I don't know the current status, but I don't see any reason to allow posting to the list by non-members. Is that the case? If it is I would agree with you. Terence ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
QT?
Am I correct in thinking that qt2 (latest version) a complete replacement for all previous versions of QT? If so, is there any compelling reasons to keep QT 1.xx around on the harddrive? Thank you, in advance. -- ** Registered Linux User Number 185956 http://groups.google.com/groups?hl=ensafe=offgroup=linux 4:15pm up 18:35, 5 users, load average: 0.07, 0.11, 0.14 ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Test
Hoping I can FINALLY get through!! Darn orbl! Mike -- A world where some live in comfort and plenty, while half of the human race lives on less than $2 a day, is neither just, nor stable. -PRESIDENT BUSH (dubya) ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: QT?
You will need the QT 2.3.0 if you upgrade to KDE2.1.1 or higher. If you are going to keep/use any KDE1.1.2 programs, you will need to keep QT 1.44. QT 2.x is not backward compatible to QT 1.xx. Likewise when QT 3.x is release early next year, it will not be backward compatible to QT2.x. Jim On Sunday July 29, 2001 3:27 pm, Jerry McBride wrote: Am I correct in thinking that qt2 (latest version) a complete replacement for all previous versions of QT? If so, is there any compelling reasons to keep QT 1.xx around on the harddrive? Thank you, in advance. -- 3:42pm up 5 days, 16:16, 3 users, load average: 0.07, 0.21, 0.25 Running Caldera eD2.4 - Linux - because life is too short for reboots... _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: REFUSED MAIL (please everyone read)
On Monday 30 July 2001 07:30, Terence McCarthy wrote: On Sunday 29 July 2001 19:23, Philip J. Koenig wrote: 6) I don't know the current status, but I don't see any reason to allow posting to the list by non-members. Is that the case? If it is I would agree with you. seems like a case of using a sledge-hammer to crack a nut. If this is a subscribed list, by defintition? it is spam-free? Think Doug found one of those 'good ideas at the time' thing. -- http://linux.nf -- [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Fwd: [cert-advisory@cert.org: Public Alert about the Code Red worm]
gonna be an interesting week, boys and girls. - Forwarded message from CERT Advisory [EMAIL PROTECTED] - Date: Sun, 29 Jul 2001 16:20:45 -0400 (EDT) From: CERT Advisory [EMAIL PROTECTED] To: [EMAIL PROTECTED] Organization: CERT(R) Coordination Center - +1 412-268-7090 List-Help: http://www.cert.org/, mailto:[EMAIL PROTECTED]?body=help List-Subscribe: mailto:[EMAIL PROTECTED]?body=subscribe%20cert-advisory List-Unsubscribe: mailto:[EMAIL PROTECTED]?body=unsubscribe%20cert-advisory List-Post: NO (posting not allowed on this list) List-Owner: mailto:[EMAIL PROTECTED] List-Archive: http://www.cert.org/ Subject: Public Alert about the Code Red worm We the CERT/CC, along with other organizations listed below are jointly publishing this alert about a serious threat to the Internet For Immediate Release: 3:00 PM EDT July 29, 2001 A Very Real and Present Threat to the Internet: July 31 Deadline For Action Summary: The Code Red Worm and mutations of the worm pose a continued and serious threat to Internet users. Immediate action is required to combat this threat. Users who have deployed software that is vulnerable to the worm (Microsoft IIS Versions 4.0 and 5.0) must install, if they have not done so already, a vital security patch. How Big Is The Problem? On July 19, the Code Red worm infected more than 250,000 systems in just 9 hours. The worm scans the Internet, identifies vulnerable systems, and infects these systems by installing itself. Each newly installed worm joins all the others causing the rate of scanning to grow rapidly. This uncontrolled growth in scanning directly decreases the speed of the Internet and can cause sporadic but widespread outages among all types of systems. Code Red is likely to start spreading again on July 31st, 2001 8:00 PM EDT and has mutated so that it may be even more dangerous. This spread has the potential to disrupt business and personal use of the Internet for applications such as electronic commerce, email and entertainment. Who Must Act? Every organization or person who has Windows NT or Windows 2000 systems AND the IIS web server software may be vulnerable. IIS is installed automatically for many applications. If you are not certain, follow the instructions attached to determine whether you are running IIS 4.0 or 5.0. If you are using Windows 95, Windows 98, or Windows Me, there is no action that you need to take in response to this alert. What To Do If You Are Vulnerable? a. To rid your machine of the current worm, reboot your computer. b. To protect your system from re-infection: Install Microsoft?s patch for the Code Red vulnerability problem: * Windows NT version 4.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30833 * Windows 2000 Professional, Server and Advanced Server: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30800 Step-by-step instructions for these actions are posted at www.digitalisland.com/codered Microsoft's description of the patch and its installation, and the vulnerability it addresses is posted at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/s ecurity/bulletin/MS01-033.asp Because of the importance of this threat, this alert is being made jointly by: Microsoft The National Infrastructure Protection Center Federal Computer Incident Response Center (FedCIRC) Information Technology Association of America (ITAA) CERT Coordination Center SANS Institute Internet Security Systems Internet Security Alliance - End forwarded message - -- Bob Bernstein |http://www.ruptured-duck.com at| 1024D/4A93E562 Esmond, R.I. | 115B 8AA0 D418 F33B F0B1 USA | 6230 8014 B8D5 4A93 E562 --- -- dep one day, you'll wish it was now. your wish has been granted. don't waste it. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: fine. no more orbl
On Sun, 29 Jul 2001 22:16:38 -0400 Douglas J. Hunley [EMAIL PROTECTED] wrote: ---snip--- ...enjoy your spam. Message recieved, Doug. No problem... filters in place... ;') -- ** Registered Linux User Number 185956 http://groups.google.com/groups?hl=ensafe=offgroup=linux 10:15pm up 5:31, 3 users, load average: 0.07, 0.08, 0.09 ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: fine. no more orbl
Well, let's play it by ear. If spam becomes a major problem, we can discuss a solution for it at that time. Jim On Sunday July 29, 2001 9:16 pm, Douglas J. Hunley wrote: Well, enough people complained to me that their admins are unresponsive, don't care, whatever. Fine. I figured as much. ORBs sucked. they got political. orbl actually checks it's hosts and keeps records up to date. but I understand some service providers simply can't be bothered. so fine, no more spam filters on linux.nf. enjoy your spam. and before anyone gets bitchy with me a couple of points: 1. my columbus.rr.com address is blocked from a *lot* of places. thats why I run my own mail. plain and simple. 2. this list didn't even exist until I thunk it up. and I was just trying to provide the best resource for the group. i felt that having an open-list and using DNS blocking for the worst offending sites was a Good Thing(c). my other customers seem to agree 3. DONT bitch about any spam that makes it onto this list. I tried. -- 9:42pm up 5 days, 22:16, 2 users, load average: 0.00, 0.00, 0.00 Running Caldera eD2.4 - Linux - because life is too short for reboots... _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: (no subject)
It worked. Interesting, I've only had sporadic trouble with @Home and Yahoo on this list. Jim On Sunday July 29, 2001 4:34 pm, Collins Richey wrote: test -- 9:42pm up 5 days, 22:16, 2 users, load average: 0.00, 0.00, 0.00 Running Caldera eD2.4 - Linux - because life is too short for reboots... _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: fine. no more orbl
The blocking also come from improper reverse lookup tables on the senders ISP DNS server. It seems if there is no reverse that corresponds to a MX server you get rejected as a possibly forged IP address. Each of the following recipients was rejected by a remote mail server. The reasons given by the server are included to help you determine why each recipient was rejected. Recipient: [EMAIL PROTECTED] Reason:5.7.1 [EMAIL PROTECTED]... Relaying denied. IP name possibly forged [206.152.110.5] Ronnie On Sunday 29 July 2001 22:17, you wrote: =snip= 3. You say, fine, no more orbl, but my original account is still blocked by your server. /rant Thanks,Collins -- Ronnie == Life can be a dream; or it can be a nightmare it's all in your mind ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: Help
ok. correction: there is nothing wrong with console mode admin via telnet or secured remote-shells Net Llama wrote: --- Linuxism Chang [EMAIL PROTECTED] wrote: btw, there is nothing wrong with telnet.. :) Other than the fact that its a huge gaping security risk. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: fine. no more orbl
from Douglas J. Hunley: [...] 2. this list didn't even exist until I thunk it up. and I was just trying to provide the best resource for the group. i felt that having an open-list and Thankyou for doing it. Gotta remember, tho, that you can't please everyone and there'd be some who wouldn't like it if you could;). Most of the lists I've seen (not many) eventually and reluctantly went to 'posts by subscribers only' despite the problems and extra work. using DNS blocking for the worst offending sites was a Good Thing(c). my other customers seem to agree 3. DONT bitch about any spam that makes it onto this list. I tried. On the whole, I prefer to block/filter my own spam anyway but I guess the closer to source the trash is trashed, the better for overall 'bandwidth conservation', etc. There doesn't seem to be any really good answer. Thanks for trying to find one. R -- Don't steal. The government hates competition. ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
Re: fine. no more orbl
On Sun, Jul 29, 2001 at 09:17:51PM -0600, Collins Richey wrote: Now I'll get bitchy. rant 1. You provided no warning for this unilateral action. Nobody has a clue By long tradition, system administrators are free to do as they see fit with the system(s) they administer. While it may have been more courteous to users to have provided some warning in advance, I maintain that you are out of line to complain about the unilateral action because, bottom line, you get to use, for free and without strings, a service someone else provides. I know you know this, but perhaps it helps to be reminded. Eh? when they get a return address denied by mail service message. I tried unsubscribing and resubscribing, but that did no good. The icing on the The mail headers provided all of the information you needed. Doug is right, too, if an ISP doesn't close an open mail relay, even though they are not now a spam source, they *will* eventually become one. Code Red should remind everyone how easy it is to scan a range of addresses. It only takes about 10 more lines of code to scan every port on an address for one that can be probed more completely for potential exploit. Kurt ___ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc -http://linux.nf/mailman/listinfo/linux-users
