[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
My attitude
I hope the following message, which I sent to my collegue (we had
some unfinished discussion about the spam filtering), will
explain something about my attitude regarding closed mailing list
and other stuff. It's rather longish, but what can I do... Some
things which are too private are substitute to something
meaningless and put in [BRACKETS].
V.
----- Forwarded message from vadik@cs.huji.ac.il -----
Subject: Spam
Just to finish the unfinished discussion...
I know that banning the probably legitimate ads is very bad. I
know that there is responsible commerce on the Net. I know that
fighting spam with spam filters is not the correct way to kill
spam -- the correct way is to kill spammers, each one,
individually. But then, think about it: if I start negotiating
with each spam domain, [BOSS] will need to hire me full time, and
I will need to abandon all my projects. Yes, I'm lazy. Yes, I'm
wrong. And I know it.
Do I want to fight spam? No. Do I want to have a spam filter
installed on our mailserver? No. I want my system to be open
for anybody to send mail. I want anybody to look at our web
pages, and I want my users to have the right to make symbolic
links to /, if they feel like it. I WANT OUR MAIL SERVER TO BE
OPEN FOR RELAY! Yes, I want the relay open. If machine foo
can't deliver mail to machine bar, and they choose for some
reason to use our mailserver to deliver this mail, fine. You ask
us for a favor, in proper polite SMTP, we'll do it. Do you know
what was our main reason to migrate from Sendmail to Exim?
Closing the mail relay. I still get complaints about open mail
relays in the Hebrew University, and I have managed several wars
against the admins who left their mail relays open. Why the
bloody hell should I waste my precious time TO CLOSE SERVICES?
I want my users NOT to think twice before they post their address
anywhere on the Net. I want to post to any USENET newsgroup
without thinking about the bots searching the Net for my address.
I want to put my address at the homepage, and give it to anyone
who wants. I want to enter it at the web pages without being
afraid that the site will sell my address to some freaks which
will then flood my mailbox with spam.
I want to allow VRFY and EXPN to anyone who wishes to speak SMTP
and check whether some address exists in our domain. I want
anyone to be able to retrieve the list of addresses subscribed to
our mailing lists, and, while we're at it, I want all the mailing
lists to be open for posting to anyone, and I don't want ANY
moderated mailing lists on our mailservers. Yes, I want our
group mailing lists to be open for anyone who wishes to post
there, and I don't want to see the approval requests in our
system mailbox ever in my fscking life. Do you know how many
mailing lists are already running on Listar? Twenty or so. Do
you know how many are advertised when you send the 'lists'
command to the Listar address? Exactly two. Linux-IL, and
Linux-IL-Announce. Why? I let you answer this.
I want to nuke the router access list and the firewall, and open
telnet to our machines from anywhere. I want anyone to run X
applications between our site and any other site on the Net. I
want MY users to read local news from anywhere. Today, I got
mail from one of the TAs who wanted to read and post to the local
newsgroups from anywhere in this bloody country. For some
reason, he didn't want to telnet in and use nn/rn/trn/tin. Do
you know what my answer was? It was simple: 'NO'. Do you know
how I felt when I was typing it?
LIKE SHIT.
Every fscking time when I deny any service to anybody, I feel
like shit. I'm not talking about things like 'give me the root
password'. I'm talking about things like 'let me post news to
anywhere', 'let me put symlinks to any local file from my home
page', 'let me telnet from any part of the world to our computers
directly'. There are lots of reasonable requests from our users,
which I, as a system administrator of the site, must deny. Yes,
I WANT MY USERS TO BE HAPPY. You may call me BOFH, which I am.
The users drive me crazy sometimes, granted, but I do want them
to use any damn service we provide, and I want those services to
be many, and I want the users, wherever they are at the moment,
to use them. But I must tell them 'NO', and throw IP packets in
their face, when they ask me something. Why? Does reading news
from anywhere in the world seem ridiculous? No. Do we still
deny this service TO OUR OWN USERS? Yes.
We changed our network infrastructure from hubs to switches some
time ago, and the efficiency of the switched network was NOT our
main concern. We did it for security reasons. Just because we
are afraid of our users sniffing the network, we threw lots of
money out of this University.
Just look at the bloody router. This piece of hardware filters
IP packets and drops many of them on the floor. There is ONE IP
address which gets incoming IP packets to the telnet port, ONE to
the SMTP port, five or so (all of which point to one machine, if
I'm not mistaken) to the HTTP port, TWO to the FTP port, and ONE
of the said FTP servers denies ANY login except anonymous. Why?
For security reasons. How do I feel when I think about it?
I hope you already guessed the answer.
Now, when I got on the Net, [NUMBER] years ago, this wasn't the
situation. The Net was open, and you know it. Finger? On any
site. VRFY and EXPN on mailservers? Sure. Mail relay? Use us,
poor guy who can't deliver his own mail. Firewall? What the
hell is a firewall?
Now, there are two main problems on the Net. One is the script
kiddies who feel cool by cracking servers and doing bad things to
them. The other is the spammers, who think that by annoying
people they will get tons of money. I want the Net open, and I
want responsible commerce. But by setting up the spam filter, we
not only kill legitimate spam, but also mail from the responsible
commercial companies who just send updates to their users, who
really want to hear about their latest marketing changes. We
kill responsible commerce, although we do wish we could promote
it.
So, in the modern world, a sysadmin must be a policeman. We need
to close any fscking hole which is suspect to be exploitable by
some kid from his bloody PC on a dialup. On my shelf, you can
find the 4.3BSD System Manager Manual. Go ahead, take it, find
the Sendmail manual, something about /etc/aliases. The mail
alias file at Berkeley at that time was open for writing to
anyone. They found that telling the people who screw up the file
not to do it in the future was easier than handling their
requests to add some address or mailing list to the file. Do we
open this file for writing? No, because we have been cracked
from inside, and we are afraid that it can happen tomorrow. Mail
IS important. Mail IS security-sensitive. If we let anyone to
write to our alias file, then, well, oops, we've got a problem.
So now the system administrator must administer the systems,
protect his users from outside users, protect his users from
another users from inside, manage battles against irresponsible
system admins from other sites (including spamhaus admins), and
punish his own users when they do something wrong. Hell, if I
wanted to be a cop, I would just shave my head, dress blue, and
go to the nearest police departament to get my gun. But I went
to work with computers, and I hoped that I will deal with
software, hardware, networks, and other interesting stuff.
Instead, I deal with battles, protection, discipline,
negotiations with foreign spammers, negotiations between our
crackers and foreign victims, negotiations between Israeli
spammers and foreign sysadmins, negotiations between foreign
users and Israeli open mail relays.
Do you know that some admins already know me by e-mail, by full
name, that I work from home in the nights, that I go to sleep at
5am, that I don't get much money in this job, that I plan to
[CENSORED] one day, that I prefer BSD over SysV, and other
useless data like why I receive the abuse complaints about way
too many Israeli sites, and all that just because they sent us
too many spam complaints and I sent them too many replies back?
Do you know that after many spam complaints, I start to just say
"Hi" to my good friends from some hole in the Midwest, because we
got familiar on the basis of spam complaints? Sheesh. There are
people whom I know only because some HUJI users tried to crack
their site. I believe that I will soon have several friends in
FBI...
Let me finish this with a quote from Russ Allbery, one of the
founders of Usenet II:
and by God I *KNOW* what this network is for, and you
can't have it.
Vadik.
----- End forwarded message -----
--
Strange Fruit. A brilliant way to describe
somebody hanging from a tree...
-- Marcus Miller