[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OT: opem mail relays
- To: "Nadav Har'El" <nyh(at-nospam)math.technion.ac.il>
- Subject: Re: OT: opem mail relays
- From: Alon Barzilai <alon(at-nospam)skyline.co.il>
- Date: Wed, 15 Aug 2001 14:07:28 +0200
- CC: "linux-il(at-nospam)cs.huji.ac.il" <linux-il(at-nospam)cs.huji.ac.il>
- References: <3B7A5998.DDD8E376@skyline.co.il> <20010815134846.A4484@leeor.math.technion.ac.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Nadav Har'El wrote:
>
> On Wed, Aug 15, 2001, Alon Barzilai wrote about "OT: opem mail relays":
> > I recently (in fact, today) set up my sendmail to use the RBL.
> > now I see that some of the big ISP's in israel
> > are in those lists.
> >
> > (netvision and bezekint mail servers are both on orbz.org)
>
> Just to clear one confusion, these ISPs are not on the RBL (the original
> black list containing only hard-core spammers - this is list is no longer
> freely available, by the way) - they are on blacklists of open relays
> (as you said in the subject line), such as orbz.org, ordb.org, orbl.org,
> and so on.
sorry.
>
> By the way, none of the Israeli ISPs seem to have mail servers which are
> open relay by themselves. The problem is that they have clients running
> an open relay, and these clients in turn uses the ISP server to spew out
> mail.
>
> So you may notice the offending ISP mail servers appear on outputs.orbz.org,
> but not in inputs.orbz.org. Other blacklists, like orbl.org (if I remember
> correctly) don't have this seperation, and even multi-level relay output
> like these end up on the main list. Yet other blacklists (like ordb, if I
> remember correctly) don't list multilevel relay outputs at all, so you
> won't have this problem with them.
in the orbz.org I use only inputs.
and netvision, for example, is in both inputs and outputs.
>
> See http://www.orbz.org/io.php for more information.
>
> > I can not afford myself not getting mail from netvision.
> >
> > what should I do ?
>
> Tell Netvision to fix the problem. This is not only the "shame" of appearing
> on a black list: spammers actually *do* find those multilevel relays and
> send spam through them! If find it strange that an ISP doesn't care that a
> lot of spam is being pumped through its servers... Remember, none of the
> blacklists in existance today are scanning the net for open relays: open
> relays only appear on these black list after there is suspected spam from
> them!
>
do really do not expect that to work, do you?
Im not even their customer.
and, BTW, I got a spam that passed through netvision.
> ISPs should periodically look in those blacklists whether any of their
> non-dialup clients (i.e., fixed addresses that are allowed to relay through
> their main server) are open relays, and if they are they shouldn't allow these
> clients to relay through them until the problem is fixed. After all, these
> clients don't *have* to relay through the ISP's server - they can send email
> directly if they still wish to operate open relays deliberately.
>
> P.S. If you're writing a spam filter and want to make sure that this false-
> positive problem doesn't effect you, there's a solution: normally you get
> from the email the IP address A from which the email came. Now, if A is
> on inputs.orbz.org, it's a single-level relay, and you can safely mark this
> as spam. However, if it's not on inputs.orbz.org but is on outputs.orbz.org,
> you continue reading the headers, looking for other addresses. If any one
> of them is on inputs.orbz.org, this *is* a multi-level relay, and this is
> probably spam. If none of them is on inputs.orbz.org, then this is not a
> multi-level relay in action, and it probably isn't spam.
>
> I haven't yet fixed my filters to use this complicated "algorithm", because
> strangely this isn't real problem with any decent ISP in the world - except
> Israeli ISPs... :(
>
are you using orbz.org? ( and reject mail from isralies ISP's)
can you post it here if/when you do?
Alon.
Alon.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il