Re: [exim] UCEPROTECT, APEWS and the truth about Marc Perkel

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] UCEPROTECT, APEWS and the truth about Marc Perkel
Johann Steigenberger wrote:
> Hi all,
> sorry to bug you with this thread, but we want to give you a statement
> after all those lies we have seen here by Marc Perkel here after he
> has started the thread: Who is APEWS?


Johann,

I'll take it on faith that you are trying to clear the air, but gasoline on a
fire few are really interested in is not really helpful...

Let's see if we can 'level' this a bit..

>
> 1. UCEPROTECT is not related to APEWS.
> We just mirror their blacklist, as TQMCUBE and SORBS do too.
> We do not import their data into our zones.
> But it seems Marc Perkel is related to Moris :-) because both are
> claiming the same lies.
>


Yawn....

> 2. UCEPROTECT lists for SAV because it is abusive.


Perhaps it can be. Sometimes. But...

> Yes we had also listed Verizon for about 1 year for permanently hitting
> our spamtraps with their SAV.
> Then they stopped SAV and got delisted.


If/as/when Sender Address Verification is hitting a spamtrap, one or more OTHER
tests have not been made first.

And that probably IS wrong.

But what is being ID'ed is not that SAV is 'always bad'.

Rather that a server has been carelessly configured.

Which, in and of itself, may - or may not - justify blacklisting.

> And it is a pure lie that we charge users for removals.
> IP's listed are expiring 7 days after the Abuse was stopped, free of charge.
> There is an option only to pay for an expedited immediate removal.
>


24 hours - or even 12 hours - should work just as well, then, if you only
purport to list chronic, repeat offenders, should it not?

> 3. SAV is a bad idea. It is not an Exim invention.
> It is an invention made by spammers, long before Exim had that "feature".
> Spammers are using the same technique for dictionary attacks.
>


Exim 'invention' or not, SAV is near-zero use for dictionary
attacks *IF* the server is configured to even moderately close observance of RFC's.

Simply put, it should not be 'entertaining' connections from IP that cannot be
resolved properly either 'at all', (sometimes too strict) or on some
score-and-decide-later basis that provides for accepting traffic from badly
configured, but not overtly malicious, servers.

How many spambots are on fixed-IP with proper DNS & PTR RR AND NOT on major RBL's?

Damned few.

In either case, the determination can be made no later than, if not well before
'RECPT TO:', and the connection 'managed' (denied or deferred) - SAV or otherwise.

> What Lusers as Marc Perkel do not understand is, that if there is a Spammer
> faking to be you@??? (assuming that would be your address) and he
> would
> send out 15 Millions of spammail with that forged from, you will get about 1
> Million
> "Verification Requests" from Systems around the globe, where each of them is
> just doing ONE try to "Verify" you@??? is deliverable.
>


Nothing of the sort. More 'proper' servers are dropping that sort of forgery
right up front with every passing day. SAV use is not growing, if only because
it is not, and has never been, a reliable general purpose tool.

Nor was it intended to be.

SAV is at its most 'predictable and reliable' within a complex of servers under
common control, where it can be a usefull alternative to synchronizing entire
databases.

The utility of SAV for legitimate purposes drops off - sharply - the further
away from common control, or at least 'common philosophy' of control one moves.

> That results in a very high load on your server, and delays for your regular
> mails,
> because all of your sockets are busy with lamerz just "veryifiing" your
> address.
>


Not unless you are doing everything ELSE in a sloppy manner.

How much time do you suppose a well-configured server will waste on a connection
from a spambot arriving from a dynamic IP with no DNS records, let alone a PTR?

Not a great deal.

Feel free to try it on any of my servers. We have broad shoulders.

> It is not the problem that you do it, the problem is that some million
> others are too.
> Millions of Systems connecting to one target at nearly the same time are
> the problem. That leads to a DDOS. And you are part of it ...
>



Beg to disagree. Exim's docs - let alone the general tone of list traffic - do
not recommend the *blanket* use of SAV. One size does NOT fit all.

It is a tool that needs careful and specific application if it is used at all.

> And last not least:
> RFC 821 knows a command "VRFY" to do that test.
> Most Administrators have chosen to disable this, because Spammers were
> abusing it.
> Anyone trying to circumvent a restriction on a remote system is an Abuser.
> So faking to be a null sender and going up to RCPT TO means you are an
> Abuser.
> That is what Exim's SAV does.
>


No one is requiring that you *respond* to that sort of SAV.

We don't make SAV callouts. We do permit them.

But it costs us nothing near the risk of DDoS - simply becasue the arrivee must
have passed other, simpler, tests first.

SAV from a legitimate server is responded to. This list's server, for example.

A spambot/zombie is not.

> 4. Marc Perkel tries to discredit UCEPROTECT since a long time now.
> What you might find interesting is, that Marc has started a blacklist
> himself,
> he calls this "HOSTKARMA", where he lists IP's which have never done any
> Abuse or Spammings.


Yawn... May wear his shoes on the wrong feet, too. Or not.
Who cares?

> Just goto DNSSTUFF and test 194.95.224.137 if you do not trust me.
> This IP is listed just because we list Marc for his abusive SAV :-)
>


BFD.

> Ok it does not matter to us, because no one is using Marc's fraudulent
> Hostkarma".


Finally. Something we can agree on....

;-)

> But it should be an indicator for his bad trustworthy.
>
> Whatever happend to Marc, there are always the others resonsible for that
> :-)
> He never got the Idea that he could be the problem.
>


You are overstating both 'the problem', his influence, and yours.

Dramatically so.

> If you ever have been on Marcs Website and have seen who he thinks "sucks",
> then you might get an idea of who really sucks: Mr. Escrow Service Himself:
> Marc Perkel.
>
> Thank you for your time.
>
> Johann Steigenberger
> UCEPROTECT-Network
>


Johann,

Give it a rest.

You only have a problem with Herr Perkel if you take him seriously.

Or he, you.

'Great Expectations', both. Don't hold your breath while waiting...

Bill