Re: [Exim] Detecting open relays in Received path

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Nigel Metheringham
Fecha:  
A: exim-users
Asunto: Re: [Exim] Detecting open relays in Received path
Peter.Galbavy@??? said:
> One of the "discussions" going on in NANOG is the use of ORBS *by*
> spammers to spot open relays, since ORBS (apperently - I have not
> looked) publish their lists on the web.


> This may mean that if an MX is in ORBS, it will mean that it gets used
> more for spam.


The policy is roughly, when an open relay is reported to or detected by
ORBS (they use probing to check suspected relays), it is put into the
database and made available on the RBL lookup mechanism. The
postmaster@... is also informed by mail (this often won't work too well
for various reasons, but what can you do...).

Second level relays (ie additional hosts that are outwardly relaying
for open relays) are given 7 days grace before they get listed in the
RBL lists (this actually means that if a 2nd level relay uses ORBS
itself to block mail, it will never get into ORBS for 2nd level
relaying since the post 7 day test probe will be blocked by the ORBS
check).

When a machine has been in ORBS for a week or more, and is still
relaying, the information is made public.

Whether this is a good thing or not, it is the publically stated policy
that ORBS work to, and exactly like security problem full disclosure,
has both good and bad points.

Discussions on merits, morals etc of this sort of policy should be
taken off list - the exim-list is a "how to" or "tool based" list
rather than a "should we" or "mail policy" list.

    Nigel.
-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]