[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] RE: OT ORBZ

Subject: [cobalt-users] RE: OT ** ORBZ **
From: Charlie Summers <charlie@xxxxxxxxxx>
Date: Sat Mar 23 13:44:44 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 4:20 PM -0500 3/23/02, baltimoremd@xxxxxxxxxxxxxxx is rumored to have typed:

> OK...SPEWS sets up a system where an entire block of IP addresses is
> tagged if only one of those addresses is labeled by SPEWS as a spammer.

   I mentioned that I personally don't use SPEWS...but I have no complaint
about anyone who does. Perhaps this is a more sensible system than currently
in place;

> Using that logic, one should set up port sentry to autoblock an entire
> block of IPs if one of them attempts to probe your system.

   If one _wanted_ to do so, one is welcomed to. The point you made is that
it's somehow illegal to control access into one's own server, which is wrong.

> But, from your post, you'd just write off any collateral damage, right?

   There _is_ no collateral damage. Look, if you want to block an entire
netblock from your server, you're welcomed to do so. If you want to block
_my_ netblock from your server, you are welcomed to; I hope you won't, and I
make sure any machine there is not open to relay nor a spammer, but you are
permitted to block my netblock if you don't like my eye color.

> And what if you block out someone who:
>
> A. never spammed you
> B. doesn't operate and open relay?

   I already do EXACTLY that, and _told_ you I do so intentionally. I have
most of China walled off. Certainly most people in China know how to secure a
relay from outside use; but enough of them don't that there's no point in
allowing them to practically no a lot of legitimate mail that comes in from
there, and a _tremendous_ amount of spam. So I don't talk to a large number
of A-blocks which are assigned to China by APNIC. (In one case I had to cut a
hole in my blocks to allow someone I _wanted_ to receive mail from.)

   Heck, there are a couple of people (and I use the term loosely) on this
_list_ who aren't allowed to mail into my server, both by address and by
netblock. And you can bet in those netblocks there are some "innocents" who
may not be able to mail into my server. But it isn't "collateral damage,"
since I'm _intentionally_ using a bomb large enough to blow up not only their
building, but any building into which they might run. It isn't an accident I
hit the machines next to 'em, it's carefully calculated. (War is hell, and I
don't believe in wasting time with carefully-targeted tactical strikes, since
the bad guys just move a few IPs away and start shooting at me again. I plan
to win...or at least not lose.)

   If a spammer moves into a machine next to you, and you get listed in a
blackhole list, you shouldn't gripe at those who block you, you should gripe
at your provider for allowing spammers to live in your netblock. Someone else
used the analogy, if you live next door to a crackhouse, don't blame Dominoes
for not delivering to you - blame the owner of the crackhouse.

   Years ago, I have a virtual domain on a machine hosted by Media3. I _know_
that Joe Hayes hosts spammers, and I have talked to him at length about it
(he's one of those, "Just hit delete" people); it's one of the reasons I'm no
longer with them. A couple of years ago, MAPS listed one (just one) of their
C-blocks in the RBL...Joe immediately moved some "innocents" into that
netblock and then had the innocents co-file suit against MAPS using the same
argument you used.

   Media3 got their head handed to them.

> Ah well, no sense arguing about the number of angels that can dance upon
> the head of a pin.

   Our argunment is much more corporial than that; the argument is whether or
not someone _else_ can control who _you_ allow into _your_ server. You are
welcomed to talk to as many, or as few, SMTP servers on the Net as _you_
want. Since you apparently don't like SPEWS, please don't use it. (I
mentioned before that I find them too draconian for my tastes, so I don't,
either.) But don't assume that someone _else_ shouldn't use them, should they
choose to do so. I can guarantee you someone who uses it gets a whole lot
less spam than we do.

   You are welcomed to have the last word on this on-list, since I think I've
contributed to enough off-topic threads. But I'll be happy to continue this
conversation off-list, if you'd like. And apologies to those on the list who
do _not_ find this topic as facinating as I do.

         Charlie

Follow-Ups:
- Re: [cobalt-users] RE: OT ** ORBZ **
  - From: flash22

References:
- [cobalt-users] RE: OT ** ORBZ **
  - From: Charlie Summers
- [cobalt-users] RE: OT ** ORBZ **
  - From: baltimoremd

Prev by Date: Re: [cobalt-users] D-Link and RaQ4 question
Next by Date: Re: [cobalt-users] see a virtual site before nameservers are changed to it
Previous by thread: [cobalt-users] RE: OT ** ORBZ **
Next by thread: Re: [cobalt-users] RE: OT ** ORBZ **

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index

[cobalt-users] RE: OT ** ORBZ **

[cobalt-users] RE: OT ORBZ