Re: [Exim] Text of X-RBL-Warning Header?

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: Re: [Exim] Text of X-RBL-Warning Header?
On Sun, 16 Jan 2000 11:29:50 -0500, you wrote:
>On Sun, Jan 16, 2000 at 12:05:03PM +0000,
>Marc Haber <exim-users.exim.org@???> is thought to have said:
>> Static ORBS listings return 127.0.0.4 upon query. I have my exim
>> configured to add X-RBL-Warning:-Headers. A quick grep of my recent
>> logs shows only one instance of
>>
>> |X-RBL-Warning: (rbl.maps.vix.com) Blackholed - see <URL:http://mail-abuse.org/cgi-bin/lookup?210.226.97.210>
>
>Note that this is an RBL from the MAPS RBL not ORBS.


Yes. It's the only warning I found in my rejectlog that hadn't been
compressed away.

>Here is the DNS TXT record that they're associating with this:
>
>X-RBL-Warning: (relays.orbs.org) above.net has multiple open relays and
>has blocked the ORBS tester.
>
>which is different from their normal TXT record:
>
>X-RBL-Warning: (relays.orbs.org) above.net has multiple open relays and
>has blocked the ORBS tester.


Both look the same to me.

>> Disclaimer: After the recent debate, I would recommend disabling ORBS
>> checking entirely. However, there are some sites that _want_ to use
>> ORBS. Having a possibility of selectively blocking ORBS dynamically
>> listed hosts while not blocking ORBS statically listed hosts would be
>> a point in an argument with the admin of a ORBS using site, thus
>> probably reducing the harm that ORBS does to the e-mail system.
>
>Personally I'd rather we not do that. ORBS is in the wrong here, and to
>support that by making changes to the software would be a mistake, IMO.
>Alan could have (and should have) created a new subdomain like
>blockedtester.orbs.org and let people use that instead. In fact he has
>done that for other aspects of his "service" but didn't in this case.
>Because he misuses the RBL format for his list shouldn't be a reason to
>apply workarounds to Exim to support it.


However, it would be a point in a discussion with a remote site that
uses ORBS. If they won't disable ORBS entirely, they could at least
exclude 127.0.0.4 sites.

And I would like to see that difference in warning headers I am
filtering on as a user.

>A better solution would be to drop ORBS altogether in favor of MAPS RSS
>which has a much more stringent policy of adding open relays.


A big ACK for me. Now the only problem is to make the remote side
believe the same. However, if the remote side uses exim, they probably
have a clue, so that thought might be invalid.

Let's Philip decide on that.

>See
>http://www.mail-abuse.org for details. FWIW I block on RBL, RSS, and DUL
>and warn on ORBS.


I currently don't block anything on the mail server level, but I am
using all RBL, RSS and DUL for tagging. I believe that some of my
users use filters to delete on X-RBL-Warning headers. I currently
don't do that, I like writing complaints and getting accounts nuked.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29