Hello List,
Since I don't know who the admin is (I thought Larry?) of vger.kernel.org, I'm
sending this mail here.
Since yesterday eve, 19PM GMT+2, I stopped receiving emails from linux-kernel.
Today, I investigated on the issue, and found (using mxverify) out that
vger.kernel.org has been listed in the blacklist of spamcop.
http://www.spamcop.net/w3m?action=blcheck&ip=67.72.78.212
Unfortunately, all the email addresses I have are 'spamcopped' by the
respective ISP's.
Can action be undertaken by the admin so that all the world can once again
have the full gory^Wglory of LKML (and the other mailling lists @ vger)?
Thanks,
Jan
--
What did Mickey Mouse get for Christmas?
A Dan Quayle watch.
-- heard from a Mike Dukakis field worker
On Wed, Apr 21, 2004 at 07:22:32AM +0200, Jan De Luyck wrote:
> Hello List,
>
> Since I don't know who the admin is (I thought Larry?) of vger.kernel.org,
> I'm sending this mail here.
Ever heard of [email protected] type of addresses ?
> Since yesterday eve, 19PM GMT+2, I stopped receiving emails from
> linux-kernel. Today, I investigated on the issue, and found (using
> mxverify) out that vger.kernel.org has been listed in the blacklist
> of spamcop.
>
> http://www.spamcop.net/w3m?action=blcheck&ip=67.72.78.212
>
> Unfortunately, all the email addresses I have are 'spamcopped' by the
> respective ISP's.
>
> Can action be undertaken by the admin so that all the world can once
> again have the full gory^Wglory of LKML (and the other mailling lists
> @ vger)?
Reading SPAMCOP pages I think they are most unwilling to make
any exceptions. Per this document:
http://www.spamcop.net/fom-serve/cache/298.html
The only way to handle this is to have smarter people, who are always
vigilant enough to look deeply into the message headers and do realize
that some spam has leaked thru VGER's lists. They may report those
_ONLY_ to VGER's postmaster (several people), who can (to an extent)
add keyword based filters to Majordomo.
Any single less savvy person receiving the list could still
accidentally get VGER again listed in a number of spam-block
lists.
Another would be to run the lists in fully CLOSED mode, which
would still let a bunch of viruses thru... (filters are mostly
biting on those already, though.) But it would be most nasty
mode in other forms...
> Thanks,
> Jan
/Matti Aarnio -- one of those <[email protected]>
Matti Aarnio <[email protected]> writes:
> The only way to handle this is to have smarter people, who are always
> vigilant enough to look deeply into the message headers and do realize
> that some spam has leaked thru VGER's lists.
I'm confused -- the spamcopy info page you listed implies that hosts are
listed if they are an _open relay_, which is a completely different
thing from `spam leaking though VGER's lists.'
If VGER actually is an open relay, that's very bad, but presumably
something easily solved by the machine's maintainers. Some spam getting
through to VGER list recipients, on the other hand, is just annoying
(and certainly shouldn't be the cause of any blacklisting).
The spamcop report page seems to say that the listings are due to user
reports; could the real problem be clueless users who don't understand
the difference above?
Does anyone have a better idea of what's actually going on?
Thanks,
-Miles
--
Fast, small, soon; pick any 2.
On Wed, Apr 21, 2004 at 05:56:41PM +0900, Miles Bader wrote:
> Matti Aarnio <[email protected]> writes:
> > The only way to handle this is to have smarter people, who are always
> > vigilant enough to look deeply into the message headers and do realize
> > that some spam has leaked thru VGER's lists.
>
> I'm confused -- the spamcopy info page you listed implies that hosts are
> listed if they are an _open relay_, which is a completely different
> thing from `spam leaking though VGER's lists.'
Vger is not an open relay:
% telnet vger.kernel.org smtp
Connected to vger.kernel.org.
Escape character is '^]'.
220 vger.kernel.org ZMailer Server 2.99.57-pre1 #11 ESMTP ready at Wed, 21 Apr 2004 05:56:30 -0400
EHLO harddisk-recovery.com
250-vger.kernel.org expected "EHLO xxx.xxx.xxx"
250-SIZE 0
250-8BITMIME
250-PIPELINING
250-CHUNKING
250-ENHANCEDSTATUSCODES
250-DSN
250-X-RCPTLIMIT 10000
250-ETRN
250 HELP
MAIL FROM: <>
250 2.0.0 Ok (sourcechannel 'error' accepted) Ok
RCPT TO: <[email protected]>
550 5.7.1 Your IP address [xx.xx.xx.xx] is not allowed to relay to email address <[email protected]> via our server; MX rule
Spamcop is wrong. Some spammer targeted one of the lists on vger. That
doesn't make vger an open relay.
> If VGER actually is an open relay, that's very bad, but presumably
> something easily solved by the machine's maintainers. Some spam getting
> through to VGER list recipients, on the other hand, is just annoying
> (and certainly shouldn't be the cause of any blacklisting).
>
> The spamcop report page seems to say that the listings are due to user
> reports; could the real problem be clueless users who don't understand
> the difference above?
Yes.
Erik
--
+-- Erik Mouw -- http://www.harddisk-recovery.com -- +31 70 370 12 90 --
| Lab address: Delftechpark 26, 2628 XH, Delft, The Netherlands
Miles Bader <[email protected]> writes:
> The spamcop report page seems to say that the listings are due to user
> reports; could the real problem be clueless users who don't understand
> the difference above?
They also tell you that you MUST NOT report spam received through a
mailing list. Only the mailing list administrators are supposed to
report spam sent to a mailing list.
On Wed, 21 Apr 2004, Graham Murray wrote:
> Miles Bader <[email protected]> writes:
>
> > The spamcop report page seems to say that the listings are due to user
> > reports; could the real problem be clueless users who don't understand
> > the difference above?
>
> They also tell you that you MUST NOT report spam received through a
> mailing list. Only the mailing list administrators are supposed to
> report spam sent to a mailing list.
> -
Spam-Cop is another Nazi-like organization that is clue-less.
For instance, my email address and practically every email address
in the known universe is routinely stolen by the spammers to do
their dirty work. In the past month, I've gotten more email from
the black-listers, telling me that I've been black-listed, than
SPAM in a year! They just generate FUD.
The company network administrator has been informed many times;
"YOU HAVE BEEN WARNED!! Lawsuits may follow!" with big threatening
letters about my machines defecating on the Internet. Yawn.
Eventually very machine that routes on the Internet will filter and
drop any packets that have my email or IP address. They will claim
that my Linux machines, using pine, are infested with W$WORM-crap. I
already have worm-mongers trying to sell me anti-virus software, claiming
that my machine is infecting the universe.
FYI, the open-source SpamCop project was killed. Some other
organization claimed the name and became just another Net Nazi.
Cheers,
Dick Johnson
Penguin : Linux version 2.4.26 on an i686 machine (5557.45 BogoMips).
Note 96.31% of all statistics are fiction.
On Wed, 21 Apr 2004, Jan De Luyck wrote:
> Can action be undertaken by the admin so that all the world can once again
> have the full gory^Wglory of LKML (and the other mailling lists @ vger)?
Ask your mail server admin. The only people who need to
take action are the ones stupid enough to use spamcop's
blocklist for outright mail blocking.
The spamcop site even says that their list probably
shouldn't be used for outright blocking.
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
On 21 Apr 2004, Miles Bader wrote:
> The spamcop report page seems to say that the listings are due to user
> reports; could the real problem be clueless users who don't understand
> the difference above?
Absolutely. While most of the spamcop administrators
seem pretty smart, their system definitely is vulnerable
to the "Garbage In, Garbage Out" principle.
I'm certain than vger got listed on spamcop due to
linux-kernel subscribers reporting to spamcop some of
the spam that leaked onto lkml, through Matti's strict
filters.
I wouldn't be surprised if some of those same users
were now complaining they couldn't get their linux-kernel
email. ;)
In my opinion, there are only two types of anti-spam lists
that can be responsibly used:
- lists run by people smart enough to recognise
that they make mistakes and are willing to
correct them whenever they happen
- lists run in an entirely automated fashion, with
no human input whatsoever -- but only when the
software is administrated by people willing to
correct problems that happen
Lists that take the philosophy of "sorry that was our
mistake, but we're still not going to make an exception"
probably aren't the right lists to use if you care about
your email.
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
Followup to: <[email protected]>
By author: Miles Bader <[email protected]>
In newsgroup: linux.dev.kernel
>
> The spamcop report page seems to say that the listings are due to user
> reports; could the real problem be clueless users who don't understand
> the difference above?
>
Almost certainly. I get clueless users mailing [email protected]
about this all the time (it's not even the correct postmaster
address...)
A lot of them seem to use scripts, which is just totally destructive.
-hpa
Rik van Riel <[email protected]> writes:
> I'm certain than vger got listed on spamcop due to linux-kernel
> subscribers reporting to spamcop some of the spam that leaked onto
> lkml, through Matti's strict filters.
Does that mean that spamcop does no verification of user reports?
I was under the impression that it's fairly easy to automatically check
whether a particular host is an open-relay or not, so it would seem kind
of irresponsible for spamcop not to do this if some people are relying
on their lists to do blocking (even if there's a disclaimer saying not
to do that, clearly people are ignorant or dumb, so why not play it safe?).
-Miles
--
P.S. All information contained in the above letter is false,
for reasons of military security.
On 22 Apr 2004, Miles Bader wrote:
> Rik van Riel <[email protected]> writes:
> > I'm certain than vger got listed on spamcop due to linux-kernel
> > subscribers reporting to spamcop some of the spam that leaked onto
> > lkml, through Matti's strict filters.
>
> Does that mean that spamcop does no verification of user reports?
Indeed.
> I was under the impression that it's fairly easy to automatically check
> whether a particular host is an open-relay or not, so it would seem kind
> of irresponsible for spamcop not to do this if some people are relying
> on their lists to do blocking (even if there's a disclaimer saying not
> to do that, clearly people are ignorant or dumb, so why not play it safe?).
Spamcop isn't doing any vulnerability checks I'm aware of.
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
It appears that we've been de-listed from SpamCop, probably because I,
amongst certainly countless others, complained to them about it.
Perhaps they will be smart and permanently whitelist vger.kernel.org.
On Thursday 22 April 2004 04:30, Rik van Riel wrote:
> On 22 Apr 2004, Miles Bader wrote:
> > Rik van Riel <[email protected]> writes:
> > > I'm certain than vger got listed on spamcop due to linux-kernel
> > > subscribers reporting to spamcop some of the spam that leaked
> > > onto lkml, through Matti's strict filters.
> >
> > Does that mean that spamcop does no verification of user reports?
>
> Indeed.
A part of the fun begins from spamcop not even trying to maintain a list
of open relays. Spamcop attempts to maintain a list of spam sources,
where an IP gets listed if X number of spams have been reported from IP
Y within time period Z.
Based on my by no means complete understanding of all the issues
involved, the problem begins with the parser, there's no way to
distinguish legitimate mailing list servers from a spammer's mailing
list server without user intervention. When parsing the Received
headers, (fx. the one in the mail I'm replying to), the parser sees
that mx1.redhat.com threw it to vger, which for some reason passed it
on to my ISP's mail server. The spamcop engine does not know why vger
is relaying mail from redhat to my ISP, and checking the MX records
reveals no justification for vger to be doing this, thus, the only
thing it can reasonably trust, is my ISP's incoming smtp server, which
reported it received the mail from vger. The scenario"ISP1 -> ISP2" it
might still understand, but not this "ISP1 -> ???? -> ISP2" thing.
This is why spamcop users should not report spam sent to mailing lists.
> > I was under the impression that it's fairly easy to automatically
> > check whether a particular host is an open-relay or not, so it
> > would seem kind of irresponsible for spamcop not to do this if some
> > people are relying on their lists to do blocking (even if there's a
> > disclaimer saying not to do that, clearly people are ignorant or
> > dumb, so why not play it safe?).
>
> Spamcop isn't doing any vulnerability checks I'm aware of.
There are numerous RBL's which specifically list open relays (such as
Blitzed's OPM), and spamcop is NOT one of them. Mail administrators
need to understand that.
Supposedly, most of the spam traffic today goes through zombied machines
running that Other OS, on consumer broadband connections. You can throw
any amount of open proxy / relay checking at those spam sources, and
find nothing. There are lists which try to list these exploited boxen
as well (such as the XBL), but spamcop is not doing that, either, and
mail administrators need to understand that.
The advantage of spamcop is response-time. A spam source gets quickly
listed, and falls off the list if spam is no longer reported from that
source, based on a fully automated reporting system. The disadvantage
is that it's only as reliable as its weakest link: the human factor,
its users.
Anyone using spamcop RBL for outright blocking for an entire ISP has no
clue about what they're doing. Using any single blacklist for outright
blocking is a bit daft, IMO.
As a side-note, for each reported spam, spamcop tries to find a best
contact email address in attempt to contact the administrator of what
it thinks is the spam source, with links to pages with copies of the
spam in question and output from the spamcop parser engine... I suspect
spamcop sent this a few levels upstream of [email protected],
though :(