[26708] in North American Network Operators' Group
Re: Fw: Administrivia: ORBS
daemon@ATHENA.MIT.EDU (Shawn McMahon)
Thu Jan 13 21:12:52 2000
Message-Id: <4.3.0.29.0.20000113210727.00a832f0@george.he.net>
Date: Thu, 13 Jan 2000 21:10:20 -0500
To: "Edward S. Marshall" <emarshal@logic.net>
From: Shawn McMahon <smcmahon@eiv.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.21.0001131946150.10392-100000@labyrinth>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
Please refer to this paragraph from their FAQ:
If you'd like to firewall the test machine, go right ahead. You'll test as
fixed, then be removed from the database and you can bask in the false
sense of security that you're not included as an open relay. Meantime, what
will probably happen is that various spammer probes will find you, add your
machine to the lists which they sell and hundreds of junkmailers will relay
their crud through you - then you'll end up in our static table as a
verified open relay when someone mails us that spam and we confirm there's
a firewall up against our tester. Additionally, you'll most likely end up
in dozens, if not hundreds of blocking lists operated by individual admins
as they receive spam via your server - and it's far easier to get out of
ORBS than out of a whole bunch of lists you've never heard of. If you must
firewall, do it properly and only allow your own machines access to the
open relay.
I refer you specifically to the last part of the third sentence:
"...and we confirm there's a firewall up against our tester."
And we *CONFIRM*. Not speculate, not hear, CONFIRM.
If they aren't doing that, they're wrong. That's my position.
To say that my position denotes ignorance as to their policies is asinine.
I'm done with this thread.
At 07:59 PM 1/13/2000 -0600, you wrote:
>Why should the ORBS maintainers attempt to work around that very explicit
>request from the network administrators to not probe their network? Their
>most ethical and reasonable option is to add that address block manually
>to the listing, because they cannot (without explicitly acting against the
>wishes of that network's administration) verify that the addresses in that
>space are relaying or not.
