ORBS - NOT!

[Chris Olson]

rrent methods and actions that are taking 
place:

e.g.
- Scanning of private networks without permission from targets
- No REMOVE capability from the ORBS scanner
- When someone tries to stop or block the ORBS scans, they are blocked
by 
ORBS.
- No warning, as well as false public statements about the individuals 
scanned or their provider. THAT IS: If you have a relay (known, or
unknown 
to you) you are called a SPAM supporter publicly without any warning to 
correct it before ORBS adds you.
- Misinformation on ORBS' own web site
(http://www.orbs.org/whatisthis.html) 
"What is ORBS? The short answer: ORBS is a validated database of open
mail 
relays and open mail relay output points, accessable via DNS lookup."
- The addition of Road Runner hosts to a database which are not listed
via 
their normal web lookup at http://www.orbs.org/verify_1.html - this is 
deceptive to most end users.

Road Runner believes strongly in the fight against SPAM.  We have
address it 
with strong policies, enforcement and our own relay detection methods. 
We 
will continue this effort, work together with other providers and the 
Internet community (including ORBS) to make a difference.  However, we 
reserve the right to assess the methods used, by whom and determine the
best 
way to accomplish the desired results for our business.

At 04:35 PM 11/22/2000 -0600, you wrote:
> Not sure what this all means to me.  What are multiple open relays?  What is 
> a 451 and why is it untestable?  help

Thank you
kathy g.

Transcript of session follows ---
[EMAIL PROTECTED]
451 untestable - rr.com has multiple open relays and its admins have 
demanded that ORBS not test further. Complaints to [EMAIL PROTECTED]
*

ORBS not recommended

[Len Budney]

[EMAIL PROTECTED] wrote:
> 
> I would strongly recommend *against* using ORBS, because it blocks a
> lot of legitimate mail.

Agreed. (I cut a similar caution for space reasons; should've just omitted
mention of ORBS.)

Fascism is seductive to techies--in particular, the ORBS fellow does
seem to have a bit of a god complex. 
gives a good example.

Len.

--
Unfortunately, spammers make their ``bad'' messages indistinguishable
from ``good'' messages. Whatever you try, they will avoid it.
-- Dan Bernstein, author of qmail

Re: ORBS - NOT!

[markd]

> 
> Road Runner customers and Affiliates initially contacted us with a
> security 
> issue. They were concerned with their privacy and security when an
> unknown 
> entity (to them) began scanning them without permission. We initially
> tried 
> to address this case by case and later contacted the ORBS administrators
> and 
> requested this unwelcome scanning terminated. This is analogous to
> someone 
> requesting they be removed from a list that they did not subscribe to.
> With 
> this request, all Road Runner IP space was unexpectedly added to the
> ORBS 
> list with a public statement on the ORBS WWW site, as well as the bounce 
> message which our subscriber has received. As scanning continued against
> our 
> repeated requests, the individual ORBS scanning hosts were filtered out
> of 
> our network.
> 
> Although we strongly believe in stopping SPAM on the Internet, as well
> as 
> respect the initial work and charter ORBS has been under in the past, we 
> have serious concerns at the current methods and actions that are taking 
> place:
> 
> e.g.
> - Scanning of private networks without permission from targets
> - No REMOVE capability from the ORBS scanner
> - When someone tries to stop or block the ORBS scans, they are blocked
> by 
> ORBS.
> - No warning, as well as false public statements about the individuals 
> scanned or their provider. THAT IS: If you have a relay (known, or
> unknown 
> to you) you are called a SPAM supporter publicly without any warning to 
> correct it before ORBS adds you.
> - Misinformation on ORBS' own web site
> (http://www.orbs.org/whatisthis.html) 
> "What is ORBS? The short answer: ORBS is a validated database of open
> mail 
> relays and open mail relay output points, accessable via DNS lookup."
> - The addition of Road Runner hosts to a database which are not listed
> via 
> their normal web lookup at http://www.orbs.org/verify_1.html - this is 
> deceptive to most end users.
> 
> Road Runner believes strongly in the fight against SPAM.  We have
> address it 
> with strong policies, enforcement and our own relay detection methods. 
> We 
> will continue this effort, work together with other providers and the 
> Internet community (including ORBS) to make a difference.  However, we 
> reserve the right to assess the methods used, by whom and determine the
> best 
> way to accomplish the desired results for our business.
> 
> At 04:35 PM 11/22/2000 -0600, you wrote:
> > Not sure what this all means to me.  What are multiple open relays?  What is 
> > a 451 and why is it untestable?  help
> 
> Thank you
> kathy g.
> 
> Transcript of session follows ---
> [EMAIL PROTECTED]
> 451 untestable - rr.com has multiple open relays and its admins have 
> demanded that ORBS not test further. Complaints to [EMAIL PROTECTED]
> *

Re: ORBS - NOT!

[Chris Johnson]

On Mon, Nov 27, 2000 at 06:28:42PM -0600, Chris Olson wrote:
> How do I configure qmail to *NOT* use ORBS.org for spam filtering?  I tried
> to remove the line in the startup scripts relating to ORBS, and the SMTP
> server refuses to run without it. 

There's no such thing as "the" line in the startup script relating to ORBS, and
nobody has any idea what your particular startup line looked like before or
what it looks like now.

Why don't you tell us?

Chris

Re: ORBS - NOT!

[Chris Olson]

Chris Johnson wrote:
 
> There's no such thing as "the" line in the startup script relating to ORBS, and
> nobody has any idea what your particular startup line looked like before or
> what it looks like now.

OK.  I assumed that all installations of qmail used this.  I'm running a
Corel Server Version (Debian) Linux box and qmail 1.03 came with the
distribution.  This is a fresh install and the script has not been
modified.  The startup script is /etc/init.d/qmail   Here's a copy of
the startup script for your review.
--
Chris

#!/bin/sh

if [ -f /var/qmail/control/qmail_environment ]; then
/var/qmail/control/qmail_environment
fi
QMAILDUID=`id -u qmaild`
QMAILDGID=`id -g qmaild`

case "$1" in
start)
echo -n "Starting qmail: qmail-send"
csh -cf '/var/qmail/rc &'

killall  supervise > /dev/null
killall  tcpserver > /dev/null
supervise /var/lock/qmail-smtpd tcpserver -v -x/etc/tcp.smtp.cdb
-u$QMAILDUID -g$QMAILDGID 0 25 \
rblsmtpd -rrelays.orbs.org /var/qmail/bin/qmail-smtpd 2>&1 | setuser
qmaill accustamp | \
setuser qmaill cyclog -s500 -n5 /var/log/qmail/qmail-smtpd &

echo  "."
;;
stop)
echo -n "Stopping mail-transfer agent: qmail"
killall -TERM qmail-send

echo "."
;;
restart)
$0 stop
$0 start
;;
reload|force-reload)
echo "Reloading 'locals' and 'virtualdomains' control files."
killall -HUP qmail-send
;;
*)
echo 'Usage: /etc/init.d/qmail {start|stop|restart|reload}'
exit 1
esac
exit 0

Re: ORBS - NOT!

[markd]

On Mon, Nov 27, 2000 at 07:01:20PM -0600, Chris Olson wrote:
> Chris Johnson wrote:
>  
> > There's no such thing as "the" line in the startup script relating to ORBS, and
> > nobody has any idea what your particular startup line looked like before or
> > what it looks like now.
> 
> OK.  I assumed that all installations of qmail used this.  I'm running a
> Corel Server Version (Debian) Linux box and qmail 1.03 came with the
> distribution.  This is a fresh install and the script has not been

Great. Yet more Frankinmail...

Change this line:

rblsmtpd -rrelays.orbs.org /var/qmail/bin/qmail-smtpd 2>&1 | setuser

to:

/var/qmail/bin/qmail-smtpd 2>&1 | setuser

then restart.


Regards.

Re: ORBS - NOT!

[Ben Beuchler]

On Mon, Nov 27, 2000 at 07:01:20PM -0600, Chris Olson wrote:

> OK.  I assumed that all installations of qmail used this.  I'm running a
> Corel Server Version (Debian) Linux box and qmail 1.03 came with the
> distribution.  This is a fresh install and the script has not been
> modified.  The startup script is /etc/init.d/qmail   Here's a copy of
> the startup script for your review.



> supervise /var/lock/qmail-smtpd tcpserver -v -x/etc/tcp.smtp.cdb
> -u$QMAILDUID -g$QMAILDGID 0 25 \
> rblsmtpd -rrelays.orbs.org /var/qmail/bin/qmail-smtpd 2>&1 | setuser

Two options: replace "-rrelays.orbs.org" with "-routputs.orbs.org" or
delete "rblsmtpd -rrelays.orbs.org" from the line, leaving the rest
intact.

The first option would continue to give you the benefit of spam
filtering without blocking the 'manual list' and the second option would
remove RBL filtering entirely.

Ben


-- 
Ben Beuchler [EMAIL PROTECTED]
MAILER-DAEMON (612) 321-9290 x101
Bitstream Underground   www.bitstream.net

Re: ORBS - NOT!

[Henning Brauer]

Am Dienstag, 28. November 2000 02:01 schrieb Chris Olson:

> rblsmtpd -rrelays.orbs.org /var/qmail/bin/qmail-smtpd 2>&1 | setuser
> qmaill accustamp | \
> setuser qmaill cyclog -s500 -n5 /var/log/qmail/qmail-smtpd &

Sorry Chris,

how braindead are you? Is it really _so_ hard to see where orbs is used here? 
You should have read a least the documentation before wasting bandwidth and 
our time.
 
-- 

Henning Brauer |  BS Web Services
Hostmaster BSWS  |  Roedingsmarkt 14
[EMAIL PROTECTED]  |  20459 Hamburg
www.bsws.de|  Germany

Re: ORBS - NOT!

[Ben Beuchler]

On Tue, Nov 28, 2000 at 05:42:58AM +0100, Henning Brauer wrote:

> Am Dienstag, 28. November 2000 02:01 schrieb Chris Olson:
> 
> > rblsmtpd -rrelays.orbs.org /var/qmail/bin/qmail-smtpd 2>&1 | setuser
> > qmaill accustamp | \
> > setuser qmaill cyclog -s500 -n5 /var/log/qmail/qmail-smtpd &
> 
> Sorry Chris,
> 
> how braindead are you? Is it really _so_ hard to see where orbs is used here? 
> You should have read a least the documentation before wasting bandwidth and 
> our time.

plonk

-- 
Ben Beuchler [EMAIL PROTECTED]
MAILER-DAEMON (612) 321-9290 x101
Bitstream Underground   www.bitstream.net

Re: ORBS - NOT!

[Piotr Kasztelowicz]

Hello

On Mon, 27 Nov 2000 [EMAIL PROTECTED] wrote:

> I don't know what sort of qmail install you are running but qmail does run
> without ORBS. In fact the default qmail does not have any ORBS testing. What
> must have happened is that someone specifically added the ORBS test on
> your server.

A standard settings presented in /var/qmail/boot does not provide
using ORBS, also if you will chosen appropriate for your box/dir
format rc file, shall all be OK.

I has gone more wait and I had added to smtp settings on tcpserver
lines

orbs.relay.nl:deny
manawatu.co.nz:deny

thus I have rejected all proofs of tests, if ORBS would perform

Best Wishes

Piotr
---
Piotr Kasztelowicz <[EMAIL PROTECTED]>
[http://www.am.torun.pl/~pekasz]

Re: ORBS not recommended

[Jon Rust]

At 9:20 PM -0500 2/6/00, Len Budney wrote:
>[EMAIL PROTECTED] wrote:
>>
>> I would strongly recommend *against* using ORBS, because it blocks a
>> lot of legitimate mail.
>
>Agreed. (I cut a similar caution for space reasons; should've just omitted
>mention of ORBS.)
>
>Fascism is seductive to techies--in particular, the ORBS fellow does
>seem to have a bit of a god complex. 
>gives a good example.
>
>Len.


I use maildrop and a hacked version of rblcheck to simply add a 
header to suspected spam. If the last server before ours matches RBL, 
rblcheck's return code is incremented by 1. If it matches at 
RBL.maps.vix.com, incremented by 2. DUL.maps.vix.com, by 4. 
relays.mail-abuse.org, by 8. Then I throw the return value into the 
header. The results have been informative.

 Delivered-To: [EMAIL PROTECTED]
 Date: Mon, 7 Feb 2000 03:58:15 GMT
 From: [EMAIL PROTECTED]
 To: <[EMAIL PROTECTED]>
 Subject: 2 FREE GAMBLING CRUISE TICKETS  L@@K
 Status:  U
 X-Spam: based on relay(1) 199.171.54.114

So in this case the spam was spotted by only ORBS. In the next 
example, ORBS and relays.mail-abuse caught it:

 Delivered-To: [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Bcc: 
 From: <[EMAIL PROTECTED]>
 Subject: Earn Big $$$ From Home!
 Status:  U
 X-Spam: based on relay(9) 205.168.240.10

And one that surely isn't spam:

 Delivered-To: [EMAIL PROTECTED]
 Date: Wed, 2 Feb 2000 17:02:31 -0500 (EST)
 From: [EMAIL PROTECTED]
 Subject: MODIFY DOMAIN somedomain.com
 Reply-To: <[EMAIL PROTECTED]>
 X-Spam: based on relay(1) 198.41.0.91
 Status:  U

ORBS catches a lot of spam, but they also hit a lot of big sites. 
Like Network Solutions in the above example. PacBell Internet. Ebay. 
Discover Brokerage. The thing is, all these sites DO HAVE open 
relays. Just because they're big, they should be able to get away 
with it? I've let all of them know (I'm sure they already knew), but 
haven't seen any of them change it.

Anyway, the plan is to eventually let users decide for themselves how 
much filtering they want, or if they're happy with just a header 
being added. If they want to chance lost mail and use ORBS, that's 
their choice.

jon