[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OT: opem mail relays





Nadav Har'El wrote:
> 
> On Wed, Aug 15, 2001, Alon Barzilai wrote about "OT: opem mail relays":
> > I recently (in fact, today) set up my sendmail to use the RBL.
> > now I see that some of the big ISP's in israel
> > are in those lists.
> >
> > (netvision and bezekint mail servers are both on orbz.org)
> 
> Just to clear one confusion, these ISPs are not on the RBL (the original
> black list containing only hard-core spammers - this is list is no longer
> freely available, by the way) - they are on blacklists of open relays
> (as you said in the subject line), such as orbz.org, ordb.org, orbl.org,
> and so on.

sorry.

> 
> By the way, none of the Israeli ISPs seem to have mail servers which are
> open relay by themselves. The problem is that they have clients running
> an open relay, and these clients in turn uses the ISP server to spew out
> mail.
> 
> So you may notice the offending ISP mail servers appear on outputs.orbz.org,
> but not in inputs.orbz.org. Other blacklists, like orbl.org (if I remember
> correctly) don't have this seperation, and even multi-level relay output
> like these end up on the main list. Yet other blacklists (like ordb, if I
> remember correctly) don't list multilevel relay outputs at all, so you
> won't have this problem with them.

in the orbz.org I use only inputs.
and netvision, for example, is in both inputs and outputs.


> 
> See http://www.orbz.org/io.php for more information.
> 
> > I can not afford myself not getting mail from netvision.
> >
> > what should I do ?
> 
> Tell Netvision to fix the problem. This is not only the "shame" of appearing
> on a black list: spammers actually *do* find those multilevel relays and
> send spam through them! If find it strange that an ISP doesn't care that a
> lot of spam is being pumped through its servers... Remember, none of the
> blacklists in existance today are scanning the net for open relays: open
> relays only appear on these black list after there is suspected spam from
> them!
> 

do really do not expect that to work, do you?
Im not even their customer.
and, BTW, I got a spam that passed through netvision.



> ISPs should periodically look in those blacklists whether any of their
> non-dialup clients (i.e., fixed addresses that are allowed to relay through
> their main server) are open relays, and if they are they shouldn't allow these
> clients to relay through them until the problem is fixed. After all, these
> clients don't *have* to relay through the ISP's server - they can send email
> directly if they still wish to operate open relays deliberately.
>
> P.S. If you're writing a spam filter and want to make sure that this false-
> positive problem doesn't effect you, there's a solution: normally you get
> from the email the IP address A from which the email came. Now, if A is
> on inputs.orbz.org, it's a single-level relay, and you can safely mark this
> as spam. However, if it's not on inputs.orbz.org but is on outputs.orbz.org,
> you continue reading the headers, looking for other addresses. If any one
> of them is on inputs.orbz.org, this *is* a multi-level relay, and this is
> probably spam. If none of them is on inputs.orbz.org, then this is not a
> multi-level relay in action, and it probably isn't spam.
> 
> I haven't yet fixed my filters to use this complicated "algorithm", because
> strangely this isn't real problem with any decent ISP in the world - except
> Israeli ISPs... :(
>

are you using orbz.org? ( and reject mail from isralies ISP's)

can you post it here if/when you do?

Alon.

 
Alon.

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il