Previous Politech message: http://www.politechbot.com/p-03959.html --- From: "Suresh Ramasubramanian" <sureshat_private> To: <declanat_private>, <politechat_private> Cc: <annaleeat_private> Subject: Re: Earthlink's anti-spam rules imperil subculture mailing list Date: Sat, 7 Sep 2002 17:14:39 +0800 declanat_private (Declan McCullagh) [Saturday, September 07, 2002 1:11 PM]: First: I don't work for Earthlink, or speak for them. However, I do work for a rather large ISP as their postmaster and abuse admin, and have interacted extensively with their abuse staffers, several of whom I have the highest professional respect for. Annalee Newitz <brainsploitationat_private> writes: > Hey Declan. Readers may be interested in this story > about Earthlink's (lack of) policy related to whose > mail servers they block and why. A large subculture Lack of? The word "open relay" sounds perfectly clear to me. Please do take a look at http://www.mail-abuse.org/tsi/ to see what an open relay means and why administrators block open relays (like the fact that a single spammer pumping out spam through an open relay can easily send out FAR more mail - all of it junk - than the rest of that server's users send out in a week). Also, Earthlink issues a much more verbose 5xx error than most. 550-EarthLink's inbound mail servers do not allow mail from your site. 550-Please contact your ISP to find out how to send e-mail using a 550-proper mail server. If you are an EarthLink customer, and need 550-assistance configuring your e-mail software, please contact 550-EarthLink's technical support department at 1-800-EARTHLINK. 550-Server administrators that feel they are being blocked in error 550 may send e-mail to OpenRelayat_private for assistance. > list in San Francisco was blocked because an obscure > security hole in their servers came up as an "open > relay" when Earthlink hacked (erm, "scanned") their > mail server. Raises some interesting questions about > free speech. Hm... the wording used in the article Ms. Newitz quoted (and, most likely, wrote as well) is >> By hacking into his servers (erm, I mean "auditing") >> and attempting to relay mail through them Is that "auditing" word supposed to be a dig at something in Earthlink's background or history? [google google] Ah. Yes, I think my guess was right. Speaking for myself, I believe that discussion of the entity associated with the word "auditing" is not really germane to what appears to be an instance of earthlink's long standing policy of blocking open relays, so I will not get sidetracked by that word. Please note that most ISPs around the world block open relays, and in several cases, actively search for open relays (that is, if you connect to their mailservers to send mail, and maybe that mail also matches a heuristic like say "mail from hotmail.com - but not originating through a hotmail.com server") If Ms. Newitz will give me the actual IP of the blocked mailserver, I'll be happy to verify for her (and the readers of politech) as to whether it is an open relay or not. That will, unfortunately, also have the side effect of getting that IP blocked from the ~ 30 million users for whom we serve mail - so that might not be an option :) So she, or the laughingsquid admin, can try sites like http://www.abuse.net/relay.html or just telnet to relay-test.mail-abuse.org - these sites are run by people with a long and respected history in the fight against spam, fwiw. A much more comprehensive tester script by Ronald F. Guilmette is available at http://www.monkeys.com/mrt/ Finally - yes, I understand why people used to have open relays in the late 80s and early 90s - where providing an open relay was a courtesy, given patchy interconnectivity and routing. Anyone in the last 4 years who has configured a mailserver to be an open relay, given that just about every mailserver in the world these days ships CLOSED to third party relay by default, might want to get some refresher courses in mail systems administration. -srs ps - Please feel free to publish this on politech if you see fit to do so. --- From: "Suresh Ramasubramanian" <sureshat_private> To: <declanat_private>, <politechat_private> Cc: <annaleeat_private> Subject: Re: Earthlink's anti-spam rules imperil subculture mailing list Date: Sat, 7 Sep 2002 17:44:22 +0800 declanat_private (Declan McCullagh) [Saturday, September 07, 2002 1:11 PM]: > mail servers they block and why. A large subculture > list in San Francisco was blocked because an obscure > security hole in their servers came up as an "open > relay" when Earthlink hacked (erm, "scanned") their Hmm... just how squid8.laughingsquid.net's admin managed to configure _qmail_ (widely regarded as one of the most secure mailservers on earth) into an open relay, I really don't know ... -srs Return-Path: Delivered-To: marvinat_private Received: from www.laughingsquid.net (laughingsquid.net [207.235.7.177]) by groundzero.ordb.org (Postfix) with ESMTP id B700F5B117 for ; Sat, 7 Sep 2002 08:52:50 +0000 (GMT) Received: from squid8.laughingsquid.net (squid8.laughingsquid.net [64.49.223.227]) by www.laughingsquid.net (8.9.3/8.9.3) with SMTP id BAA07206 for ; Sat, 7 Sep 2002 01:52:49 -0700 Date: Sat, 7 Sep 2002 01:52:49 -0700 From: spamtestat_private Message-Id: <200209070852.BAA07206at_private> Received: (qmail 25202 invoked from network); 7 Sep 2002 08:52:49 -0000 Received: from groundzero.ordb.org (62.242.0.190) by squid8.laughingsquid.net with SMTP; 7 Sep 2002 08:52:49 -0000 To: "marvin%marvin.ordb.org"@www.laughingsquid.net X-ORDB-Envelope-From: spamtestat_private X-ORDB-Envelope-To: "marvin%marvin.ordb.org" Subject: ORDB.org check (0.4320693411718680.1301413941) ip=64.49.223.227 --- From: "Allen Smith" <easmithat_private> Date: Sat, 7 Sep 2002 05:19:12 -0400 To: Declan McCullagh <declanat_private>, annaleeat_private Subject: Re: FC: Earthlink's anti-spam rules imperil subculture mailing list Earthlink's rules? Not really, although I will agree that it is preferable that people be able to select what filtering takes place. That the admin of the server isn't as competent as he thinks he is is the problem. And the server in question (64.49.223.227/squid8.laughingsquid.net) is still an open relay by a pretty standard test, namely checking to see if it does source routing by '%' (it did, with the input relay being the above and the output being 207.235.7.177/www.laughingsquid.net). The server in question is now listed by ORDB.org (which has sent an email to the postmaster at the server, incidentally) and may soon be listed by relays.osirusoft.com. Notifications like ORDB's are a nice idea, but I'm willing to bet they've gotten at least as much flack from the notifications as they have from any testing; people (e.g., Paul Vixie) have been known to consider notification emails a variety of spam... (roll eyes). There's also that postmaster@[various hosts] frequently bounces - the database of such at www.rfc-ignorant.org currently contains ~8678 hosts... and that's just ones that have been (generally) manually noticed, manually reviewed, and added to that one database. -Allen -- Allen Smith http://cesario.rutgers.edu/easmith/ September 11, 2001 A Day That Shall Live In Infamy II "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin --- From: charlie oriez <coriezat_private> Organization: lumber cartel [tinlc] To: declanat_private Subject: Re: FC: Earthlink's anti-spam rules imperil subculture mailing list Date: Sat, 7 Sep 2002 08:49:49 -0600 On Friday 06 September 2002 11:11 pm, you wrote: >A large subculture > list in San Francisco was blocked because an obscure > security hole in their servers came up as an "open relay" article tells a different story. Earthlink got spam through that open relay. Obviously, it wasn't so obscure that spammers couldn't find it. If Laughing Squid wants to use my server, which is my property, without my permission to facilitate spammers sending spam to my customers, they should expect to be blocked until they fix their problem. -- coriezat_private Charles Oriez 39 34' 34.4"N / 105 00' 06.3"W ** If you are going to try cross-country skiing, start with a small country. --- ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ Recent CNET News.com articles: http://news.search.com/search?q=declan CNET Radio 9:40 am ET weekdays: http://cnet.com/broadband/0-7227152.html -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Sep 07 2002 - 09:25:21 PDT