Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Long-Dead ORDB Begins Returning False Positives

kdawson posted more than 6 years ago | from the waking-the-dead dept.

Spam 265

Chapter80 writes "At noon today (Eastern Standard Time), the long dead ORDB spam identification system began returning false positives as a way to get sleeping users to remove the ORDB query from their spam filters. The net effect: all mail is blocked on servers still configured to use the ORDB service, which was taken out of commission in December of 2006. So if you're not getting any mail, check your spam filter configuration!"

cancel ×

265 comments

Nope. (5, Funny)

TheLazySci-FiAuthor (1089561) | more than 6 years ago | (#22863948)

No emails, but it's not the ORDB system. I just don't have any friends.

Re:Nope. (2, Funny)

neonmonk (467567) | more than 6 years ago | (#22863974)

Well that makes sense! I was starting to get anxious that I wouldn't be able to order some p3 nis pi11z.

Phew!

Re:Nope. (1)

Gat0r30y (957941) | more than 6 years ago | (#22864016)

No emails, but it's not the ORDB system. I just don't have any friends.

Darn slashdot taking all my time!

Re:Nope. (4, Funny)

morgan_greywolf (835522) | more than 6 years ago | (#22864208)

Now you do. Don't you feel better now?

Re:Nope. (4, Funny)

orkysoft (93727) | more than 6 years ago | (#22865230)

What, did you sell his address to the spammers, or add him as friend? It's a rather big ambiguity, you know...

Re:Nope. (5, Funny)

blhack (921171) | more than 6 years ago | (#22864244)

No emails, but it's not the ORDB system. I just don't have any friends.
I have tons and tons of emails.
None of them are from people who are friends :(.

Recieved email, instead of loving signs of friendship, message contained bobcat.
Would not communicate with again.

Re:Nope. (1)

kat_skan (5219) | more than 6 years ago | (#22864520)

Recieved email, instead of loving signs of friendship, message contained bobcat.

Well sorry buddy, but we told you and told you not to blindly open email attachments, and it was obvious it was going to require a more object lesson to get the point across.

Re:Nope. (3, Funny)

flyingfsck (986395) | more than 6 years ago | (#22864534)

Well, if you are feeling very lonely, then you could always sign up for some spam.

I've Got Tons of Friends. Want Some? (1)

BadboyGeek (1144389) | more than 6 years ago | (#22864814)

Send me an email. I'll gladly hook you up with some friends. Friends who want to help you find a new home. Friends who can tell you how to enhance your manhood and give you mind boggling stamina. Even friends who will build your downline for you and who have a check waiting for you right now! I've got tons of friends I can share with you. So many, in fact that I get about 500 emails a day. I'd be glad to share the love. 30 days later... $$chaching$$ HAHAHA What a sucker! HAHAHA $$chaching$$

What kind of friends? (1)

tepples (727027) | more than 6 years ago | (#22864880)

I just don't have any friends.
Is it that you need friend codes for some Nintendo WFC game before you can exchange in-game e-mail?

Re:Nope. (2, Funny)

172pilot (913197) | more than 6 years ago | (#22864964)

Hey - Who let YOU in here! ;-)

No luck (4, Funny)

smackenzie (912024) | more than 6 years ago | (#22863990)

I tried to sign up with Slashdot to comment on this post, but it told me that I would need to validate a confirmation email.

I haven't received my confirmation email yet... seriously, how long does this take? Anyone? Is Slashdot broken? Do people post comments on Slashdot?

Re:No luck (0)

Anonymous Coward | more than 6 years ago | (#22864036)

How did you post that one logged in, eh ?

Remember: real trolls use their primary account.

Re:No luck (3, Informative)

xiaomai (904921) | more than 6 years ago | (#22864178)

How did you post that one logged in, eh ?

Remember: real trolls use their primary account.

I'm pretty sure he was making a joke. He couldn't get the confirmation E-Mail because he hadn't removed the ORDB spam-filter from his mail system.

Re:No luck (1)

dfm3 (830843) | more than 6 years ago | (#22864196)

Whoosh...

Re:No luck (2, Funny)

dapyx (665882) | more than 6 years ago | (#22864398)

How did you post that one logged in, eh ?
He's using his girlfriend's account!

Re:No luck (0)

Anonymous Coward | more than 6 years ago | (#22864776)

Gosh, I hope his name is Zie!

Re:No luck (-1, Redundant)

ehrichweiss (706417) | more than 6 years ago | (#22865000)

"He's using his girlfriend's account!"

A girlfriend? Proof positive that he's not a regular /. reader.

Re:No luck (2, Funny)

gfilion (80497) | more than 6 years ago | (#22865260)

A girlfriend? Proof positive that he's not a regular /. reader.
Well, he could be this guy [gizmodo.com] .

Man, he's been dumped by his own robot girlfriend!

Whoa! ORDB better have a good disclaimer (3, Insightful)

mrcaseyj (902945) | more than 6 years ago | (#22864006)

Intentionally causing large numbers of emails to be lost is a risky move indeed.

Re:Whoa! ORDB better have a good disclaimer (5, Informative)

ZenDragon (1205104) | more than 6 years ago | (#22864056)

They arent being lost, simply being flagged as spam by the database. People will have to go into their respectave administration interface and "release" the mail and/or mark it as safe. Kind of a pain in the ass, but if your depending on a spam database that is over a year old, its not likley doing much for you anyway.

Re:Whoa! ORDB better have a good disclaimer (4, Insightful)

mrcaseyj (902945) | more than 6 years ago | (#22864180)

It's one thing for a spam filter to make a mistake or even be careless and put a message into the spam folder, but quite another for a filter to intentionally cause known good messages to be absent from a users inbox. Why don't they just start reporting all messages as good, or just not give any rating to any message? This might be especially bad in situations where ORDB is only given partial weighting in the spam categorization process so that many messages still get through, thus making it less likely that the errors will be noticed quickly because there will not be a total block on email. To do what they're doing might be considered wreckless. I don't know much about the law in a situation like this but I'd be worried about liability even with a good disclaimer in the user agreement.

Lighten up (1)

symbolset (646467) | more than 6 years ago | (#22864326)

email is like Doritos.

The spam filter can eat all it wants. They'll make more.

Re:Whoa! ORDB better have a good disclaimer (4, Insightful)

timmarhy (659436) | more than 6 years ago | (#22864352)

the only person to blame is the careless mail admin who leaves ORDB in. ORDB is a free service, they have every right to take it down, hell i'm pretty amazed they left it up for a year and gave all the warnings they did.

Re:Whoa! ORDB better have a good disclaimer (0, Flamebait)

Anonymous Coward | more than 6 years ago | (#22864988)

ORDB is a free service, they have every right to take it down

You really are spectacularly stupid, aren't you? This isn't about them taking it down, this is about them bringing it back up and reporting everything as spam, in other words completely the opposite of what you said.

Re:Whoa! ORDB better have a good disclaimer (5, Insightful)

MrNaz (730548) | more than 6 years ago | (#22865074)

As much as we can rail against stupid mail admins, I think it would not be remiss of us to remember that the ultimate sufferers are end users who probably have no idea what their mail server administrator is doing. In other words, this hurts the people who *rely* on mail administrators, not the mail administrators. For that reason, I think ORDB is doing the wrong thing. This is yet another reason why privately owned spam registrars like ORDB are a bad idea; they just do not understand the either the gravity of what they are doing, nor do they have the responsibility to take it seriously. If you are doing something on such a large scale, it is inevitable that there will always be stragglers. Don't get all indignant about how "dumb mail admins" should know better unless you know that all your utility providers abide by the latest best industry practices in their respective fields.

On a side note, given that this move by ORDB specifically targets people other than those who they want to change the behaviour of in an attempt to get those innocent bystanders to affect change upon the real people they want to affect, this actually meets the FBI's definition of terrorism.

Re:Whoa! ORDB better have a good disclaimer (3, Insightful)

squiggleslash (241428) | more than 6 years ago | (#22865168)

And the end users will learn what admins do, complain, and admins who subscribe to third party "anti-spam" solutions that use innuendo based logic to remove spam will get a well deserved roasting from their users.

No, I'm not happy the innocent users are suffering either, but I'd argue that they already were, just less aware of what was going on (probably suffering occasional emails removed due to false positives without realizing it was due to deliberate administrator decisions, blaming instead "unreliable email" (clue: it really isn't unreliable any more, except for the effects of some of the more incompetent anti-spam solutions)

Let's be clear here: the fact is these admins not only subscribed to an innuendo-based filtering system, but also didn't bother doing their job, monitoring the services they subscribe to and ensuring their system used it correctly. It's safe to say the users were suffering anyway, both because of the decisions the admins had made directly, and because of the general skill level of the admin whose services the users are relying upon. Hopefully for many of those users, this is a lesson in why not to trust the people they're currently relying upon.

Re:Whoa! ORDB better have a good disclaimer (3, Insightful)

MrNaz (730548) | more than 6 years ago | (#22865286)

I appreciate the ideas in your response, but I cannot even concede as far as your position. Let me ask you this: Would you be happy with somebody cutting the electricity to your house for a week to get you to complain to your power company about the fact that your neighbourhood has not yet been updated to use the latest most efficient transformers?

Re:Whoa! ORDB better have a good disclaimer (4, Informative)

interiot (50685) | more than 6 years ago | (#22864462)

Why don't they just start reporting all messages as good, or just not give any rating to any message?

That's precisely what they did [readlist.com] for the last 15 months (a pretty reasonable amount of time):

DNS and the mailing lists will vanish today, December 18, 2006.

I don't know... do they still own a machine that responds to DNS requests, and are therefore paying for bandwidth? Probably not.

Do they want to sell the domain to someone, who wouldn't want to get hit with a bandwidth bill as soon as they throw some servers up? More likely.

Re:Whoa! ORDB better have a good disclaimer (1, Insightful)

Anonymous Coward | more than 6 years ago | (#22864808)

That's precisely what they did [readlist.com] for the last 15 months (a pretty reasonable amount of time):

Serves 'em right! Like anyone but the most brain dead administrator on EARTH is going to expect an anti-spam product to continue working a year or more after they've purchased it. I mean the whole reason they ORDB went out of business is because these asshats were expecting something for nothing. So if they loose a little important email, then that's just tough love isn't it? They should have been keeping ORDB management in Porches and million dollar homes at the least. Hell, they could make more than that being spammers themselves, so the cheap bastards better pay up.

Re:Whoa! ORDB better have a good disclaimer (4, Insightful)

brassman (112558) | more than 6 years ago | (#22865282)

What you're missing is that if ORDB flags all mail as "good," then clueless soi-disant 'admins' will continue to hammer the site with their useless queries, up to thousands of them per second. Blocking world+dog is a desperation move -- which has been used a few times in the past by other RBL administrators -- just to make people stop doing that.


When someone just plain will not check back to see if your free service is still working (and free), how else do you get their attention?

Re:Whoa! ORDB better have a good disclaimer (4, Insightful)

iangoldby (552781) | more than 6 years ago | (#22864238)

When I had a run-in with my old ISP a few years ago, the issue was that a) they did not advertise anywhere that they weren't accepting mail from blacklisted peers, and b) mail from blacklisted peers was simply discarded. There was no 'administration interface' to '"release" the mail and/or mark it as safe.' There was in fact no way for the recipient (i.e. me) to ever know that a mail addressed to them that had not been delivered had even been sent.

That said, the approach of ORDB does seem to be the right way to stop administrators from using it. If you don't force the issue by stopping all mail, then random non-spam emails will continue to be blocked indefinitely. Short-term pain for long-term gain...

Re:Whoa! ORDB better have a good disclaimer (5, Interesting)

Naurgrim (516378) | more than 6 years ago | (#22864668)

Concur, wholeheartedly.

I put a good deal of effort into getting spamassassin configured to classify spam into imap folders for my users, and giving them tools for whitelisting, etc. on an individual basis. One man's spam is another man's ham, after all.

I could not in good faith arbitrarily delete mail based on automatic filtering. I would rather run completely unfiltered than make that decision for somebody, and for a long time I resisted the idea of filtering server-side. Bottom line was that my customers demanded it, so I had to come up with a system that met their requirements and mine.

Re:Whoa! ORDB better have a good disclaimer (5, Interesting)

arkhan_jg (618674) | more than 6 years ago | (#22864278)

ORDB was a realtime blacklist. I.E. it identified the IP addresses of open relays. Most people use RBL's like zen and njabl to block connections from 'bad' SMTP servers at HELO, they're much more effective at that stage than later as part of bayesian spam filters - context filtering is expensive and unrelaible with the volume of spam these days. Blocking open relays and dynamic ranges* at HELO is often the only practical way to get a handle on 99% spam loads.

Configured that way, there's no email to release, as the server was not allowed to connect in the fiirst place - in effect, ORDB would have caused an admin unaware that they had shut down to have his server block all inbound email at the connection level. Given the amount of sample configs about that still include them, that's not impossible to imagine.

Effective way of getting people to stop querying their servers, but kinda dickish.

*Yes, I know dynamic ranges sometimes host legit personal mail servers. Unfortunately, for every legit user there are hundreds of spam zombies on those dynamic IPs, often dumping dozens of spam at a time, often hitting over and over again until they get past the greylist timeout. I'm watching my log now, and I just blocked 50 odd connection attempts from one 1 pretending to be 50 different email domains. In the time it's taken me to write this footnote, the dynamic range IPs blacklists have blocked a few hundred emails.

Is it really necessary? (1)

Pinky's Brain (1158667) | more than 6 years ago | (#22865108)

Flagging everything from those IPs as spam is obviously just as reliable as throwing them away, so lets forget about the reliability non issue ... Which leaves us with the expense. How much would it cost to do it the Right Way from a user's point of view? (Flagging and opt-in or opt-out filtering.)

Re:Whoa! ORDB better have a good disclaimer (0)

Anonymous Coward | more than 6 years ago | (#22864282)

ORDB's argument for EVERYTHING they do -- sorry, did -- is that all they do is mark things as spam. All the blacklist vigilantes use the same tired lies; they aren't responsible for anything they do, say, cause, or propogate, it's the mean old ISPs using their data.

Worthless shitbags. Glad they're gone.

Re:Whoa! ORDB better have a good disclaimer (0)

Anonymous Coward | more than 6 years ago | (#22864646)

did they block you a little too effectively or something?

Re:Whoa! ORDB better have a good disclaimer (1)

rekoil (168689) | more than 6 years ago | (#22864652)

Depending on the way the DB is being used - some mail servers are configured to 554-reject DNSBL matches. If so, they're going to be rejecting *everything* that comes in until the check is removed from the server.

If the server is just using it for a scoring system a la spamassassin, you're probably right.

Re:Whoa! ORDB better have a good disclaimer (4, Funny)

neonmonk (467567) | more than 6 years ago | (#22864090)

Don't worry, they're completely covered, they did- of course - send an email.

Wait...

Re:Whoa! ORDB better have a good disclaimer (1)

WarJolt (990309) | more than 6 years ago | (#22864096)

It automatically gets moved to your spam box.

Re:Whoa! ORDB better have a good disclaimer (2, Insightful)

Sentry21 (8183) | more than 6 years ago | (#22864158)

I think the worst part of it is that the systems that are rejecting mail (because they're still configured to use ORDB) are the ones that are the least-maintained, and quite possibly completely forgotten about - and therefore are least likely to be noticed quickly or fixed intentionally.

That said, if you're that crappy of a sysadmin, you deserve a wake-up call. It's just too bad that other people have to suffer for you to learn to do your job properly.

Re:Whoa! ORDB better have a good disclaimer (1)

SeaFox (739806) | more than 6 years ago | (#22864708)

Intentionally causing large numbers of emails to be lost is a risky move indeed.

Yeah, someone might sue them for missing important emails from the poor service ORDB is offering.
Oh, wait...

Re:Whoa! ORDB better have a good disclaimer (1)

Schraegstrichpunkt (931443) | more than 6 years ago | (#22865284)

When you discontinue services people rely on, things break. If you're providing that service for free, it's people's own fault.

If they had just let the domain expire, it would have caused spam to just silently get through until somebody malevolent registered the domain and started configuring it to block select targets . . . for a modest fee.

At least this way, people will _notice_ that the service is discontinued. Failing loudly is almost always better than failing silently.

Why DNS-RBLs suck (4, Informative)

Anonymous Coward | more than 6 years ago | (#22864038)

Re:Why DNS-RBLs suck (0, Redundant)

djce (927193) | more than 6 years ago | (#22864298)

Last-Modified: Mon, 15 May 2006 15:28:07 GMT

Anti-spam advice that's that old is often worth taking with a big fat dose of NaCl. Of course it might still be OK, but it's worth bearing in mind the age of the advice.

Re:Why DNS-RBLs suck (3, Insightful)

whoever57 (658626) | more than 6 years ago | (#22864346)

I'll take the DNS-RBLs out of my email configuration when there is a realistic alternative. Clicking the "Conclusions" link on the referenced page, the author provides no solutions, other than throwing pies at Bill Gates. Not very credible.

Re:Why DNS-RBLs suck (1)

ender81b (520454) | more than 6 years ago | (#22865268)

Buy or use a decent filter? Use RBLs as a scoring mechanism?

RBLs are horribly broke & you should never use them as a sole method of determining if an email is spam.

Nice (3, Insightful)

topham (32406) | more than 6 years ago | (#22864088)


Dealing with Email and Spam issues can be enough of a pain in the ass without the added hassle of this shit.

It isn't that the recipient complains they aren't getting email, it's when the sender (my customer) complains to me that their mail isn't making it to the recipient and blames me when it's the spam filters at the other end causing the problem. And now this?
Nice.

Re:Nice (4, Insightful)

TubeSteak (669689) | more than 6 years ago | (#22864230)

It's like hotlinking an image off someone's website after you've been told not to. Yes, the site owner is a dick for replacing the pic with goatse, but it's still your fault for linking to it in the first place.

This will cause some confusion at first, but if it hit /. word will get out soon enough.
I just hope no one's spam filter defaults to automatic-deletion.

Re:Nice (0, Flamebait)

fm6 (162816) | more than 6 years ago | (#22864926)

The site owner is a dick and a moron — it's not very hard to configure a web server so that hotlinking isn't possible.

And is it the fault of the individual users who had all their email discarded? Many of which are individuals who didn't even know their service providers were using ORDB.

Why TF did ORDB's owners choose such an obnoxious way to make their point? If they were trying to establish once and for all that blacklist maintainers are self-rightous, mentally-challenged assholes, well, they convinced me a long time ago.

Told not to? (1)

phorm (591458) | more than 6 years ago | (#22865122)

How about if you were told you could hotlink the image, and thus did. Later, the site posts up a notice somewhere saying it is no longer allowed, but as you haven't visited their main page you weren't aware of the policy change.

More like what may be happening here to a bunch of those who use this RBL, I know that I had to check my mail config after seeing the /. story to make sure I wasn't one of them...

No kidding. (4, Funny)

raehl (609729) | more than 6 years ago | (#22864532)

If my spam filter service did this to me, I would never us them again!

Re:No kidding. (-1, Redundant)

Baricom (763970) | more than 6 years ago | (#22864690)

That's kind of the point behind this.

Re:Nice (1)

Just Some Guy (3352) | more than 6 years ago | (#22864810)

It isn't that the recipient complains they aren't getting email, it's when the sender (my customer) complains to me that their mail isn't making it to the recipient and blames me when it's the spam filters at the other end causing the problem. And now this?

If you've been pestering their DNS servers for the last 15 months because you've been too lazy to remove those entries and can't be bothered to even remotely follow technical newssites, then your customers are placing the blame right where it belongs. Honestly, you're trusting the integrity of your email system to a third party and can't even be bothered to check up on them now and again? Like once a year or so? No, this is entirely your problem to own.

We had one NDR today because of this (1)

IronTeardrop (913955) | more than 6 years ago | (#22864100)

I just changed my company's ISP a week ago. Guess who's shiny new external IP address was apparently reported as an Open Relay prior to December, 2006?

Oh joy...

Re:We had one NDR today because of this (1)

MightyMartian (840721) | more than 6 years ago | (#22864114)

An ample demonstration of why blacklists/whitelists are worthless.

Re:We had one NDR today because of this (2, Informative)

RollingThunder (88952) | more than 6 years ago | (#22864170)

You're right, the 90% of inbound mail that gets dropped at the pure IP level before it even hits my more CPU intensive filters is "worthless".

Re:We had one NDR today because of this (2, Insightful)

pe1rxq (141710) | more than 6 years ago | (#22864268)

You can have 100% of inbound mail dropped simply by unplugging the network cable....
However, such a filter wouldn't score good if it were judged on the really important metrics like number of false positives.

Re:We had one NDR today because of this (1)

RollingThunder (88952) | more than 6 years ago | (#22865038)

False positives.... hmm. Let me think.

Nope, not one in 10 years has been reported to me via the alternate (non-RBL'ed) communication channel.

That's pretty damn good.

Make your own blacklist (2, Interesting)

tepples (727027) | more than 6 years ago | (#22865090)

You're right, the 90% of inbound mail that gets dropped at the pure IP level before it even hits my more CPU intensive filters is "worthless".
The trick is to make your server use CPU-intensive filters to construct its own IP address blacklist. These pages explain how one admin did it [acme.com] .

wow thanks (0)

Anonymous Coward | more than 6 years ago | (#22864104)

we got nailed here with it and caused panic, gee thanks for the warning.

Re:wow thanks (1)

Oktober Sunset (838224) | more than 6 years ago | (#22864192)

The service has been dead for a year and a half, maybe if people actually payed attention to them telling they were shut down, they wouldn't have had to do this. Blah, some people.

It was SPAM (0)

Anonymous Coward | more than 6 years ago | (#22864608)

The service has been dead for a year and a half, maybe if people actually payed attention to them telling they were shut down, they wouldn't have had to do this

They probably thought is was SPAM. You know: " ORDB is offline, enlarge you P3N1S, V!@GR@ 4 S@13!

I'm in Algeria with 20 million and the ORdB is off line. Send me $5,000 to get it back online!"

Wow, they've got that ass-backwards. (0, Redundant)

One Childish N00b (780549) | more than 6 years ago | (#22864150)

Why not just make it let all mail through, i.e. turning itself off? Wouldn't that wake people up enough to stop using it? Or automate it to send an email notifying the user that the filter they are using is outdated and unsupported?

Blocking all incoming email seems a surefire way to get their asses sued, and doesn't even make the source of the problem all that obvious.

Re:Wow, they've got that ass-backwards. (1)

teh moges (875080) | more than 6 years ago | (#22864258)

Maybe, but if all email is getting through, then the sysadmin may just add another layer of spam protection. This forces them to fix the fault (the fault being the reliance on an outdated system).

Re:Wow, they've got that ass-backwards. (2, Insightful)

gujo-odori (473191) | more than 6 years ago | (#22864368)

It was already letting all mail through after they took ORDD out of service, that obviously didn't make a difference at any domain that was using it on auto-pilot.

What really gets me about this case is that this is at least the third time a defunct BL has done this (Osirusoft and monkeys.com being the other two examples I know of), and in this case, returning false positives was particularly unnecessary. Since ORDB is defunct, the domain could have been just allowed to expire. Or, make sure that no IP space is associated with the domain at all. For the upstream ISP(s) who owned the IPs formerly used by ORDB, they might have to let them lie fallow forever, though, since queries would never stop in the absence of this sort of event.

OTOH, I have to assign more than the usual amount of blame to those who kept using ORDB so long after it went defunct, just because it is at least the third time this has happened. Anyone responsible for a mail server should stop to think that "Gee, continuing to query a defunct BL service over a year after it was shut down could someday be hazardous to my mail stream. I'd better update my config." I'm not absolving anyone from ORDB for not just getting rid of all ORDB IPs and having no routes to any of the ones they used to use, but willfully ignorant admins are also played a starring role in this tragedy. Or comedy of errors, depending on your point of view.

Re:Wow, they've got that ass-backwards. (1)

palegray.net (1195047) | more than 6 years ago | (#22865192)

Since ORDB is defunct, the domain could have been just allowed to expire.
That approach doesn't work very well well if you're planning on selling the domain.

Re:Wow, they've got that ass-backwards. (2, Insightful)

TheVelvetFlamebait (986083) | more than 6 years ago | (#22864514)

Why not just make it let all mail through, i.e. turning itself off?
Because people won't notice. Long time, blindly faithful customers will just assume that spam is becoming increasingly wily, or that all spam filters have this problem, etc. When they start flagging ordinary emails as spam, people may actually realise that not only wasn't the filter doing anything at all, but now it's far more hassle than it's worth (i.e. nothing).

Why not just close the server? (4, Insightful)

Em Adespoton (792954) | more than 6 years ago | (#22864152)

Why don't they just close the server so it no longer accepts connections? Are they doing this to stop the server currently at that location from being hammered with requests?

Re:Why not just close the server? (4, Informative)

travisd (35242) | more than 6 years ago | (#22864344)

Because the requests will still come. And even without a response, the request will consume bandwidth that someone is paying for, and consuming an IP address that someone would like to re-use.

Re:Why not just close the server? (4, Insightful)

ashridah (72567) | more than 6 years ago | (#22864468)

While that's accurate to a point, Seems to me that doing this at the DNS level (deleting a DNS record, or pointing it to 127.0.0.1 and giving it a TTL of a few decades) would do the trick better than BLOCKING EMAIL.

My bet is this is going to really REALLY negatively affect all of those mailservers that have been setup, for which there is *no* administrator. You know. the ones setup for smaller companies who have no inhouse admin, who hired a consultant, but wouldn't pay for ongoing maintenance (either due to tightness or actual lack of funds, etc). The response time here, and time to resolution is likely to be high to non-existent.

All in all, this is a pathetic (understandable, mind you) move, and reeks of inconsideration.

Re:Why not just close the server? (1)

krewemaynard (665044) | more than 6 years ago | (#22865050)

My bet is this is going to really REALLY negatively affect all of those mailservers that have been setup, for which there is *no* administrator. You know. the ones setup for smaller companies who have no inhouse admin, who hired a consultant, but wouldn't pay for ongoing maintenance (either due to tightness or actual lack of funds, etc). The response time here, and time to resolution is likely to be high to non-existent.
EXACTLY. I had a couple of messages dropped today. Fortunately, a customer called to verify that we had received a message and I caught the problem almost immediately. If I had taken the day off, or if, as you said, I had put a similar setup in for someone else, no telling how many messages could have been dropped.

Re:Why not just close the server? (0)

Anonymous Coward | more than 6 years ago | (#22864486)

If it's not using DNS, that's darn silly, but if it isn't, just give up the IP address (or probably range). Sure there's a shortage, but it's not worth sabotaging the clueless. I wouldn't mind someone being charged or sued for being an asshat.

Re:Why not just close the server? (1)

harryjohnston (1118069) | more than 6 years ago | (#22864376)

Or, better still, remove the address from DNS?

Re:Why not just close the server? (0)

Anonymous Coward | more than 6 years ago | (#22864422)

As far as I can tell, that's what they did. I've been wondering for a year why my machine took forever to process mail until I realized that I had been using the ORDB that has been dead. Each time I received mail it checked a dead server! When I finally found out this was the issue and removed ORDB from the checklist, things were fast again.

Now the question is, why did it take me a year to figure out that ORDB died? At first glance at debugging the issue, it wasn't really doing anything (didn't see any suspicious network activity) so I thought it was just a benign nuisance. Was there a better way? Though this probably is going farther than expected, it at least should help increase awareness...

Re:Why not just close the server? (1)

IronChef (164482) | more than 6 years ago | (#22865002)

It's their machine and they can do what they want... but sending false positives is a dick maneuver.

Obfuscation (0, Redundant)

Protonk (599901) | more than 6 years ago | (#22864176)

I'm not an sysadmin. What is a "sleeping user"? What is ORDB? What does this summary mean?

Note: Don't tell me to RTFA, I will. Don't tell me to "justfuckingoogleit", because my returns on doing that will likely be pretty low.

Re:Obfuscation (0)

Anonymous Coward | more than 6 years ago | (#22864572)

Turn in your nerd card then GTFO.

Re:Obfuscation (1)

The End Of Days (1243248) | more than 6 years ago | (#22864676)

Or what? Be subject to snide remarks and sidelong glances?

Re:Obfuscation (0)

Anonymous Coward | more than 6 years ago | (#22864720)

Exactly. It's news for nerds, not mouthbreathing morons who can't even be bothered to use google to cover up their ignorance. If that's really too much to handle you can always go hang out at digg or reddit.

Re:Obfuscation (1)

cercie (1129875) | more than 6 years ago | (#22864586)

I agree! WTF??? Are we now creating discussions about posts on other discussion groups about of all things frigin old email filters. If there is anything of value to share in the original thread then kindly show how this is news worthy.

Why? (0)

Anonymous Coward | more than 6 years ago | (#22864182)

Why don't they just stop responding at all? If they're not running the service any more, why do they care if people are still trying to query it?

Re:Why? (3, Informative)

sjames (1099) | more than 6 years ago | (#22864562)

Even unanswered DNS queries cost bandwidth. Perhaps they just don't want the traffic anymore.

Whew. I read that as Long-Dead ODB begins... (1)

SensitiveMale (155605) | more than 6 years ago | (#22864200)

returning false positives and thinking "WTF? He's back?"

Wu-Tang!

Heh... (4, Funny)

FlyByPC (841016) | more than 6 years ago | (#22864216)

I'm imagining the ORDB server basically doing the 'Net equivalent of the Monty Python "SPAM" skit...

Spam spam spam spam...
What's that there? An email from your supervisor? SPAM, I say. SPAM SPAM SPAM!

Re:Heh... (1)

Oktober Sunset (838224) | more than 6 years ago | (#22864516)

oh the irony...

Why not just turn it off? (0)

Anonymous Coward | more than 6 years ago | (#22864260)

?fffffffffffffffsfsfsdf

Bonehead (2, Insightful)

Ritz_Just_Ritz (883997) | more than 6 years ago | (#22864266)

Who is the bonehead who approved that move? It would have taken 5-10 seconds to just refuse connections, but someone has gone out of their way to create difficulty for people "to make a point." And the point was just "don't connect to our servers anymore." Idiots. Granted, any responsible admin probably commented out the ordb entry in their spam blackhole armory, but still....stupid...stupid...stupid.

Re:Bonehead (4, Informative)

WarJolt (990309) | more than 6 years ago | (#22864366)

One connection refused doesn't take up a lot of bandwidth. Thousands of connections refused per day does. Clients often times aren't smart enough to figure out the site is down permanently.

Re:Bonehead (2, Informative)

Joe U (443617) | more than 6 years ago | (#22864372)

Are you paying for their bandwidth? How about the servers that are being hammered, are you paying for them?

Short of removing themselves from DNS, this is the most effective way to reduce bandwidth usage in the long term AND teach mail admins on how to properly run their mail servers.

So... (1)

Guppy06 (410832) | more than 6 years ago | (#22864654)

"At noon today (Eastern Standard Time)"

It happened at 13:00 Eastern Daylight Time?

(Just a pet peeve of mine)

No wikipedia entry for ORDB (4, Funny)

SurturZ (54334) | more than 6 years ago | (#22864710)

No wikipedia entry for ORDB, so they never existed.

rblcheck.pl and other embedded rbl lists (2, Insightful)

erice (13380) | more than 6 years ago | (#22864712)

One problem with a draconian cut-off like this is that people can be affected who are totally unaware of the problem.

Somewhat recently, I started using a perl version of rblcheck in some of my procmail recipes. A lengthy list of rbl's is embedded in the source code. I removed some obvious losers but was unaware until reading this article that ordb was a problem. How many people out there are using this script and are unaware that a bomb like this is lurking in the code? How many are using it and don't even remember that they even use this script?

Re:rblcheck.pl and other embedded rbl lists (0)

Anonymous Coward | more than 6 years ago | (#22864886)

Perhaps you are partially at fault for using such a crappy perl module?

Re:rblcheck.pl and other embedded rbl lists (1)

epine (68316) | more than 6 years ago | (#22865052)

Amazing the number of "ignorance is bliss" responses on this thread. What you don't know is not allowed to hurt you. Wish I lived in that world. I concede the emotional appeal.

I have a question for the "ignorance is bliss" crowd. When a fat husband and wife completely block the grocery aisle nattering with each other about the best flavour of Twinkies, how long do you stand patiently behind them waiting for them to clue in to the blockade capacity of four lumbering Super-Size-Me ham haunches?

A little more cleverness on the part of the ORDB could have improved the spin. They could implemented a quota of 10,000 queries since noon today until the false positives begin for that query source. And that number could have been slowly tapered down. Then the serious abusers would have felt the pain before the mom and pop shops whose consultant shows up twice annually, and it would have been more apparent to people who put convenience ahead of reality that rejecting connections is not a proper solution to terminating the unwanted traffic.

You've got mail (1)

davidwr (791652) | more than 6 years ago | (#22864858)

Or not.

ORDB rules! (0)

Anonymous Coward | more than 6 years ago | (#22864872)

All of my received email is spam, so ORDB's new approach sounds excellent!
It'll be able to block spam from IP addresses before any of the other block lists
even realize that the IP is spewing spam. I'm going to start using ORDB right away!

So, ORBS is now functionally identical to SPEWS? (1)

Jailbrekr (73837) | more than 6 years ago | (#22865236)

Who would've thought eh?

It's the only way to get them to stop (4, Insightful)

bl968 (190792) | more than 6 years ago | (#22865250)

I closed my lists and two years later after checking my dns server and seeing traffic for a couple of dnsbl lists which had been empty for the last 2 years and finding that we were still getting several hundred requests per minute.

Our blackhole lists are defunct. We announced their closure over 2 years ago and it was widely covered by the press at the time. We are still recording several hundred lookups per minute so Friday December 9th 2005 we started answering positive to all requests. If your mail is being blocked simply contact any isp blocking you using these lists and let them know they need to remove them ASAP! If they have questions they can contact me directly. [email removed]

To identify whom to contact please reference the error message you receive.

Look for something similar to:

----- Transcript of session follows -----
... while talking to mail.somedomain.com.:
>>> MAIL From:<youremail@yourdomain.com>
<<< 518 Your SMTP server is listed at something.domainremoved.net
554 5.0.0 Service unavailable


In this case you would contact somedomain.com you would tell them that the whatever.compu.net dnsbl is defunct and is now answering postiive on all lookups. As such they should remove it and any other compu.net dnsbl ASAP to prevent legitimate emails from being blocked.

If they need verification send them to this web site.

I announced this upcoming change to both the SPAM-L mailing list and the news.admin.net-abuse.email newsgroup

"Over 2 years ago I shutdown blackhole.somedomain.net, pacbelldsl.somedomain.net, and pm0-no-more.somedomain.net then announced the shutdown on the news.admin.net-abuse.email and several other mail and abuse related lists. As of today I am still logging several hundred requests per minute to it two years later. In one week I am going to start answering positive on every lookup to those domains. I don't want to do this however I am not going to continue to bear the load for something that ceased to exist over two years ago. So basically check your mail servers and if you are using the blackhole.somedomain.net, pacbelldsl.somedomain.net or pm0-no-more.somedomain.net dnsbls remove it asap!

Thanks."


It was the only way to get them to stop and if I check my server today, I will likely find I am still getting some requests on them. So it's not dickish at all as another commentator claimed.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...