From owner-freebsd-security Thu Dec 26 12: 0:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3774537B405 for ; Thu, 26 Dec 2002 12:00:28 -0800 (PST) Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id B52A743EDC for ; Thu, 26 Dec 2002 12:00:22 -0800 (PST) (envelope-from ru@whale.sunbay.crimea.ua) Received: from whale.sunbay.crimea.ua (root@localhost) by whale.sunbay.crimea.ua (8.12.6/8.12.6/Sunbay) with SMTP id gBQK0GxV074726 for ; Thu, 26 Dec 2002 22:00:16 +0200 (EET) (envelope-from ru@whale.sunbay.crimea.ua) Received: from whale.sunbay.crimea.ua (ru@localhost [127.0.0.1]) by whale.sunbay.crimea.ua (8.12.6/8.12.6/Sunbay) with ESMTP id gBQK0AeY074695 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 26 Dec 2002 22:00:14 +0200 (EET) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.12.6/8.12.6/Submit) id gBQK09fu074688; Thu, 26 Dec 2002 22:00:09 +0200 (EET) Date: Thu, 26 Dec 2002 22:00:08 +0200 From: Ruslan Ermilov To: Eugene Grosbein Cc: net@freebsd.org, security@freebsd.org Subject: Static ARP (was: Re: NOARP - gateway must answer and have frozen ARP table) Message-ID: <20021226200008.GA70966@sunbay.com> References: <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> <200112051835.fB5IZqH95521@whizzo.transsys.com> <20011205204526.B89520@sunbay.com> <200112051852.fB5IqmH95809@whizzo.transsys.com> <20011205121928.A3061@blossom.cjclark.org> <200112062059.MAA02282@windsor.research.att.com> <20011207110542.J13705@sunbay.com> <3C11C24B.A980A646@svzserv.kemerovo.su> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6zdv2QT/q3FMhpsV" Content-Disposition: inline In-Reply-To: <3C11C24B.A980A646@svzserv.kemerovo.su> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --6zdv2QT/q3FMhpsV Content-Type: multipart/mixed; boundary="CUfgB8w4ZwR/yMy5" Content-Disposition: inline --CUfgB8w4ZwR/yMy5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Dec 08, 2001 at 02:33:31PM +0700, Eugene Grosbein wrote: > > OK, I have a proposal that should fit both opinions. I'll keep the > > net.link.ether.inet.static_arp to mean what it means now (keep ARP > > table static, no updates except from local process through a routing > > socket writes), and will add another sysctl that will switch the > > meaning of IFF_NOARP from "no arp" to "static arp on this interface". > > How about this? >=20 > This would be the best souliution at least for us :-) >=20 OK, enough of cooling off. :-) The attached patch (for 5.0-CURRENT) adds the IFF_STATICARP per-interface flag, which does the obvious thing. Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --CUfgB8w4ZwR/yMy5 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=p Content-Transfer-Encoding: quoted-printable Index: sys/net/if.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/net/if.h,v retrieving revision 1.81 diff -u -p -r1.81 if.h --- sys/net/if.h 14 Nov 2002 23:16:18 -0000 1.81 +++ sys/net/if.h 26 Dec 2002 19:57:41 -0000 @@ -150,6 +150,7 @@ struct if_data { #define IFF_POLLING 0x10000 /* Interface is in polling mode. */ #define IFF_PPROMISC 0x20000 /* user-requested promisc mode */ #define IFF_MONITOR 0x40000 /* user-requested monitor mode */ +#define IFF_STATICARP 0x80000 /* static ARP */ =20 /* flags set internally only: */ #define IFF_CANTCHANGE \ Index: sys/netinet/if_ether.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sys/netinet/if_ether.c,v retrieving revision 1.96 diff -u -p -r1.96 if_ether.c --- sys/netinet/if_ether.c 31 Jul 2002 16:45:16 -0000 1.96 +++ sys/netinet/if_ether.c 26 Dec 2002 19:57:41 -0000 @@ -448,12 +448,12 @@ arpresolve(ifp, rt, m, dst, desten, rt0) return 1; } /* - * If ARP is disabled on this interface, stop. + * If ARP is disabled or static on this interface, stop. * XXX * Probably should not allocate empty llinfo struct if we are * not going to be sending out an arp request. */ - if (ifp->if_flags & IFF_NOARP) { + if (ifp->if_flags & (IFF_NOARP | IFF_STATICARP)) { m_freem(m); return (0); } @@ -654,6 +654,8 @@ match: itaddr =3D myaddr; goto reply; } + if (ifp->if_flags & IFF_STATICARP) + goto reply; la =3D arplookup(isaddr.s_addr, itaddr.s_addr =3D=3D myaddr.s_addr, 0); if (la && (rt =3D la->la_rt) && (sdl =3D SDL(rt->rt_gateway))) { /* the following is not an error when doing bridging */ Index: sbin/ifconfig/ifconfig.8 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sbin/ifconfig/ifconfig.8,v retrieving revision 1.66 diff -u -p -r1.66 ifconfig.8 --- sbin/ifconfig/ifconfig.8 25 Nov 2002 16:01:28 -0000 1.66 +++ sbin/ifconfig/ifconfig.8 26 Dec 2002 19:57:41 -0000 @@ -227,6 +227,18 @@ addresses and .It Fl arp Disable the use of the Address Resolution Protocol .Pq Xr arp 4 . +.It Cm staticarp +If the Address Resolution Protocol is enabled, +the host will only reply to requests for its addresses, +and will never send any requests. +.It Fl staticarp +If the Address Resolution Protocol is enabled, +the host will perform normally, +sending out requests, +listening for replies, +and allowing gratuitous requests to update the +.Tn ARP +table. .It Cm broadcast (Inet only.) Specify the address to use to represent broadcasts to the Index: sbin/ifconfig/ifconfig.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sbin/ifconfig/ifconfig.c,v retrieving revision 1.85 diff -u -p -r1.85 ifconfig.c --- sbin/ifconfig/ifconfig.c 15 Nov 2002 00:02:21 -0000 1.85 +++ sbin/ifconfig/ifconfig.c 26 Dec 2002 19:57:41 -0000 @@ -243,6 +243,8 @@ struct cmd { { "-link2", -IFF_LINK2, setifflags }, { "monitor", IFF_MONITOR, setifflags }, { "-monitor", -IFF_MONITOR, setifflags }, + { "staticarp", IFF_STATICARP, setifflags }, + { "-staticarp", -IFF_STATICARP, setifflags }, #ifdef USE_IF_MEDIA { "media", NEXTARG, setmedia }, { "mediaopt", NEXTARG, setmediaopt }, @@ -1065,7 +1067,7 @@ setifmtu(const char *val, int dummy __un #define IFFBITS \ "\020\1UP\2BROADCAST\3DEBUG\4LOOPBACK\5POINTOPOINT\6SMART\7RUNNING" \ "\10NOARP\11PROMISC\12ALLMULTI\13OACTIVE\14SIMPLEX\15LINK0\16LINK1\17LINK2= " \ -"\20MULTICAST\023MONITOR" +"\20MULTICAST\023MONITOR\024STATICARP" =20 #define IFCAPBITS \ "\003\1RXCSUM\2TXCSUM\3NETCONS\4VLAN_MTU\5VLAN_HWTAGGING\6JUMBO_MTU" --CUfgB8w4ZwR/yMy5-- --6zdv2QT/q3FMhpsV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+C1/IUkv4P6juNwoRAn9FAJ9X1HFqxXl//v/dEMvEy1bW0Cgu6QCfXm3L sA/tpDjtJkSEG+4D0XDIXdU= =XcqZ -----END PGP SIGNATURE----- --6zdv2QT/q3FMhpsV-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Dec 27 5:18:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B210037B401 for ; Fri, 27 Dec 2002 05:18:10 -0800 (PST) Received: from mail.konvergencia.hu (konvergencia.hu [195.228.254.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0E0D43EA9 for ; Fri, 27 Dec 2002 05:18:09 -0800 (PST) (envelope-from binary@konvergencia.hu) Received: from binary by mail.konvergencia.hu with local (Exim 3.36 #1) id 18QkmO-0007Bq-00 for security@freebsd.org; Tue, 24 Dec 2002 09:51:12 +0100 Date: Tue, 24 Dec 2002 09:51:12 +0100 From: Marton Kenyeres To: security@freebsd.org Subject: Jail & SYSVIPC & postgres Message-ID: <20021224095112.A27587@bsd.konvergencia.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! I'm in a middle of building a server which will run Apache + PHP + Postgresql along with a few basic services as DNS, SMTP and POP3. I plan to put the web-related services, the e-mail related services and BIND in 3 separate jail-s. Unfortunately PostgreSQL depends heavily on shared memory, so if I plan to use it in a jail i have to turn the jail.sysvipc_allowed sysctl on. One more addition: the jails are bind to aliases on the loopback interface and the connections are NAT-ed to the outer interface. The main benefit of this (apart from not paying $$-s for additional IP-addresses :) is that no service runs as root as they don't have to bind to their usual priviledged ports. From the developers handbook: "On most systems, this sysctl is set to 0. If it were set to 1, it would defeat the whole purpose of having a jail; privleged users from within the jail would be able to affect processes outside of the environment. " My question is: Do I really shoot myself in the foot with allowing SYSVIPC in the jails, if there are absolutely no processes runing as root inside the jails, nor there are any suid programs ? Any help, advice etc. greatly appreciated, cheerz: m. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 5:46:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F416A37B406; Sat, 28 Dec 2002 05:45:56 -0800 (PST) Received: from mtiwmhc12.worldnet.att.net (mtiwmhc12.worldnet.att.net [204.127.131.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC87F43ED4; Sat, 28 Dec 2002 05:45:55 -0800 (PST) (envelope-from htabak@quadtelecom.com) Received: from quadtelecom.com ([12.91.170.238]) by mtiwmhc12.worldnet.att.net (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with ESMTP id <20021228134548.FBUD12483.mtiwmhc12.worldnet.att.net@quadtelecom.com>; Sat, 28 Dec 2002 13:45:48 +0000 Message-ID: <3E0DAAF3.7090103@quadtelecom.com> Date: Sat, 28 Dec 2002 08:45:23 -0500 From: Harry Tabak Reply-To: htabak@quadtelecom.com Organization: Quad Telecom, Inc User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG Cc: Harry Tabak Subject: Bystander shot by a spam filter. Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam filter, I've had to send this from another account] I am not sure which list is best for this issue, hence the cross posting. I believe spam and anti-spam measures are security issues -- the 'Availability' part of C-I-A. I apologize if I am wrong. A FreeBSD ported package is contributing to an internet service availability problem that has me stumped. I believe that an unknowable quantity of other internet denizens are also affected. I'm a long time fan of FreeBSD -- I run it on my small mail server and I've recommended it for many applications. I even bought a CD once. I write this missive with great reluctance. I've worked with a lot of strange software over the years, But this is a new first -- Software that slanders! Software that publicly called me a spammer!!! And not to my face, but to business associate. And then took action. I recently discovered, and quite by accident, that a FreeBSD ported package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me to an unknown number of businesses and individuals on the internet. I'll probably never have to correspond with most of these people, but I'm a freelancer -- this may have already cost me a job. [Dear reader, don't be surprised if you or your clients are also blocked. I strongly suggest that you check it out.] Anti-spam products have a valuable place in the security arsenal. But, IMHO, this product is dangerous because it includes filters and rules that are overreaching, and inaccurate. Bad firewall rules and bad anti-spam rules may be OK for an individual site. However, spambnc's bad advice is being mass marketed through the good offices of FreeBSD, and it is putting potholes in the net for the rest of us. Until it is fixed, and proven harmless, FreeBSD should stop distributing this product. Basically, the default built-in policies for blocking mail aren't fully described, and there is no mechanism to universally correct the inevitable mistakes in a timely manner. Users (people who install this product) are mislead about the probably of filtering the wrong mail. I am sure that the software was developed with the very best intentions, but in its zeal to block lots and lots of spam, SB is hurting good people. The SB rule blocking my mail host has nothing to do with me. Even though, it can use dynamic anti-spam DNS services, SB hard codes its rules for filtering bad domains by name and by IP address. My nemisis is buried in a 1476 line file, sb-blockdomains.rc, which installs by default, and is not documented outside the code. Along with others, it blocks the entire 66.45.0.0/17 space because spammers might live there. This is sort of like a corporate mail room throwing away all NJ postmarked mail because of the bulk mail distribution centers in Secaucus. My mail host address gets a clean bill of health from every anti-spam site that I can find, such as SPEWS. I've checked at least 30 of them. My tiny x/29 block is sub-allocated from my DSL provider's x/23 block. The DSL provider's block is a sub-allocation from Inflow.com's 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they have a right to their opinions, they don't have a right to publicly tar me because of my neighbors. If I read sb-blockdomains # comments correctly, it is policy to not only block known spammers, but to ALSO block entire networks based on their handling of spam complaints. This is like as a business receptionist checking callerID and then ignoring incoming calls from Verizon subscribers because Verizon tolerates (and probably invented) telemarketing. I have written to both the Spambouncer contact address and the FreeBSD maintainer, but without a response. Possibly they are on holiday, or spambouncer is eating my mail. Perhaps I'm just too impatient. I have also contacted my ISP's support. They don't know how to help me. They vouch for Inflow. They don't recommend it, but for a fee, my service could be switched to a different PVC, and I'd get an address from a different carrier. But of course, the new address could be black-listed on a whim. Regardless, I assume that these are reasonable people, and that they will oil the squeaky wheel as soon as it is convenient. But how will I ever know that EVERY copy of spambouncer has been fixed? What about other innocent ISP subscribers who are also black-listed? Harry Tabak QUAD TELECOM, INC. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 8:16:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A8DDD37B401; Sat, 28 Dec 2002 08:16:39 -0800 (PST) Received: from mtiwmhc13.worldnet.att.net (mtiwmhc13.worldnet.att.net [204.127.131.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83A7A43ED8; Sat, 28 Dec 2002 08:16:38 -0800 (PST) (envelope-from htabak@quadtelecom.com) Received: from quadtelecom.com ([12.91.171.95]) by mtiwmhc13.worldnet.att.net (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with ESMTP id <20021228161631.DJUR20003.mtiwmhc13.worldnet.att.net@quadtelecom.com>; Sat, 28 Dec 2002 16:16:31 +0000 Message-ID: <3E0DCE46.30803@quadtelecom.com> Date: Sat, 28 Dec 2002 11:16:06 -0500 From: Harry Tabak Reply-To: htabak@quadtelecom.com Organization: Quad Telecom, Inc User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Chuck Rock , freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG Cc: Harry Tabak Subject: Re: Bystander shot by a spam filter. References: <3E0DC89D.3010203@quadtelecom.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Subject: Re: Bystander shot by a spam filter. > Date: Sat, 28 Dec 2002 09:19:32 -0600 (CST) > From: Chuck Rock > To: Harry Tabak > CC: freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG > > There's not much you can do but what you already are doing. Complain. > > You complain to the people using the software, and if they can't > configure it, they will probably stop using it if they care. I know only one user, that is how I discovered the problem. I have no way of identifying other users. That frightens me. > > You complain to the people that actually wrote the software. Usually found > in the source code and such. Unfortunately, the author hasn't replied to my complaints yet. Possibly she has taken a holiday. > > You can try to complain to FreeBSD Ports, but removing this goes against > the very nature of "Open Source" Good or bad, there's not much to convince > people not to distribute a piece of software that's free and > open. There is a significant difference between this port and the others. My other ports at worst only harm the intended user when things go wrong. This port harms random and anonymous individuals. I don't believe that FreeBSD redistributes spamming software or list managers that don't provide the proper opt-in safeguards by default. I can't really stop the Spambouncer people from shouting "fire" from their own website -- freedom of speech and all that. But should FreeBSD act as an amplifier. > Everyone knows when they install these softwares that you do so at > your own risk. If your ISP is spending money to support problems caused by > it's use and they have control over it, they will probably stop using > it. Most ISP's care about expenses, so you can bet if it's not worth > using, they will eventually stop. > > If you have any capacity, you can attempt to fix the program, and submit > it to the author for distribution. This is how Open Source works. > I will be happy to fix it, the author may not like my philosophy. I believe in Free Speech and a working internet mail system. I would attempt to minimize "false positives", and require testing. But as I said earlier, the author doesn't respond. Even if the software is adjusted, it will be impossible to recall all the older versions. > If people would stop sending spam or harden their computers connected to > the Internet to keep from sending spam accidentally, there would be no > need for this software either. Might as well wish for world peace though. > amen. Unfortuately, good people are making a bad situation even worse by "hip-shooting". > Chuck To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 8:51:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B54837B405; Sat, 28 Dec 2002 08:51:42 -0800 (PST) Received: from boreas.primus.ca (mail.tor.primus.ca [216.254.136.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F79243E4A; Sat, 28 Dec 2002 08:51:41 -0800 (PST) (envelope-from 937863@primus.ca) Received: from dialin-135-152.hamilton.primus.ca ([209.90.135.152] helo=BirdOfPrey) by boreas.primus.ca with esmtp (Exim 3.36 #3) id 18SKBN-0003y1-0A; Sat, 28 Dec 2002 11:51:29 -0500 From: "Allan Jude" <937863@primus.ca> To: Cc: , Subject: RE: Bystander shot by a spam filter. Date: Sat, 28 Dec 2002 11:51:43 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal In-Reply-To: <3E0DAAF3.7090103@quadtelecom.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Disposition-Notification-To: "Allan Jude" <937863@primus.ca> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is not all that surprising The behavior you are talking about, blocking entire isp's and blocks of ips, is the same as the other service you mentioned earlier, SPEWS. SPEWS has blocked 2 entire c-classes at my isp, preventing my company from sending mail to many large email sites, like mail.com and others. When I enquired about having the block removed, or made more specific to block the spammers, but not block my /28, I was told to go to hell. I think you are in the same situation. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Harry Tabak Sent: Saturday, December 28, 2002 8:45 AM To: freebsd-questions@FreeBSD.ORG; security@FreeBSD.ORG Cc: Harry Tabak Subject: Bystander shot by a spam filter. [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam filter, I've had to send this from another account] I am not sure which list is best for this issue, hence the cross posting. I believe spam and anti-spam measures are security issues -- the 'Availability' part of C-I-A. I apologize if I am wrong. A FreeBSD ported package is contributing to an internet service availability problem that has me stumped. I believe that an unknowable quantity of other internet denizens are also affected. I'm a long time fan of FreeBSD -- I run it on my small mail server and I've recommended it for many applications. I even bought a CD once. I write this missive with great reluctance. I've worked with a lot of strange software over the years, But this is a new first -- Software that slanders! Software that publicly called me a spammer!!! And not to my face, but to business associate. And then took action. I recently discovered, and quite by accident, that a FreeBSD ported package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me to an unknown number of businesses and individuals on the internet. I'll probably never have to correspond with most of these people, but I'm a freelancer -- this may have already cost me a job. [Dear reader, don't be surprised if you or your clients are also blocked. I strongly suggest that you check it out.] Anti-spam products have a valuable place in the security arsenal. But, IMHO, this product is dangerous because it includes filters and rules that are overreaching, and inaccurate. Bad firewall rules and bad anti-spam rules may be OK for an individual site. However, spambnc's bad advice is being mass marketed through the good offices of FreeBSD, and it is putting potholes in the net for the rest of us. Until it is fixed, and proven harmless, FreeBSD should stop distributing this product. Basically, the default built-in policies for blocking mail aren't fully described, and there is no mechanism to universally correct the inevitable mistakes in a timely manner. Users (people who install this product) are mislead about the probably of filtering the wrong mail. I am sure that the software was developed with the very best intentions, but in its zeal to block lots and lots of spam, SB is hurting good people. The SB rule blocking my mail host has nothing to do with me. Even though, it can use dynamic anti-spam DNS services, SB hard codes its rules for filtering bad domains by name and by IP address. My nemisis is buried in a 1476 line file, sb-blockdomains.rc, which installs by default, and is not documented outside the code. Along with others, it blocks the entire 66.45.0.0/17 space because spammers might live there. This is sort of like a corporate mail room throwing away all NJ postmarked mail because of the bulk mail distribution centers in Secaucus. My mail host address gets a clean bill of health from every anti-spam site that I can find, such as SPEWS. I've checked at least 30 of them. My tiny x/29 block is sub-allocated from my DSL provider's x/23 block. The DSL provider's block is a sub-allocation from Inflow.com's 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they have a right to their opinions, they don't have a right to publicly tar me because of my neighbors. If I read sb-blockdomains # comments correctly, it is policy to not only block known spammers, but to ALSO block entire networks based on their handling of spam complaints. This is like as a business receptionist checking callerID and then ignoring incoming calls from Verizon subscribers because Verizon tolerates (and probably invented) telemarketing. I have written to both the Spambouncer contact address and the FreeBSD maintainer, but without a response. Possibly they are on holiday, or spambouncer is eating my mail. Perhaps I'm just too impatient. I have also contacted my ISP's support. They don't know how to help me. They vouch for Inflow. They don't recommend it, but for a fee, my service could be switched to a different PVC, and I'd get an address from a different carrier. But of course, the new address could be black-listed on a whim. Regardless, I assume that these are reasonable people, and that they will oil the squeaky wheel as soon as it is convenient. But how will I ever know that EVERY copy of spambouncer has been fixed? What about other innocent ISP subscribers who are also black-listed? Harry Tabak QUAD TELECOM, INC. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 9:19: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C54537B401; Sat, 28 Dec 2002 09:19:03 -0800 (PST) Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06CDD43EC2; Sat, 28 Dec 2002 09:19:02 -0800 (PST) (envelope-from avalon@caligula.anu.edu.au) Received: (from avalon@localhost) by caligula.anu.edu.au (8.9.3/8.9.3) id EAA13036; Sun, 29 Dec 2002 04:18:35 +1100 (EST) From: Darren Reed Message-Id: <200212281718.EAA13036@caligula.anu.edu.au> Subject: Re: Bystander shot by a spam filter. To: 937863@primus.ca (Allan Jude) Date: Sun, 29 Dec 2002 04:18:35 +1100 (Australia/ACT) Cc: htabak@quadtelecom.com, freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG In-Reply-To: from "Allan Jude" at Dec 28, 2002 11:51:43 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In some mail from Allan Jude, sie said: > > This is not all that surprising > The behavior you are talking about, blocking entire isp's and blocks of > ips, is the same as the other service you mentioned earlier, SPEWS. > > SPEWS has blocked 2 entire c-classes at my isp, preventing my company > from sending mail to many large email sites, like mail.com and others. > > When I enquired about having the block removed, or made more specific to > block the spammers, but not block my /28, I was told to go to hell. > > I think you are in the same situation. Ah, no wonder theo wants to use SPEWS with his new anti-spam SMTP mail handler - the two parties have matching personalities. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 12:31:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 682EB37B401; Sat, 28 Dec 2002 12:31:22 -0800 (PST) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 259AB43EA9; Sat, 28 Dec 2002 12:31:21 -0800 (PST) (envelope-from campbell@localhost.neotext.ca) Received: from localhost.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.12.6/8.12.5) with ESMTP id gBSKWYiL012004; Sat, 28 Dec 2002 13:32:34 -0700 (MST) (envelope-from campbell@localhost.neotext.ca) Received: (from campbell@localhost) by localhost.neotext.ca (8.12.6/8.12.5/Submit) id gBSKWYbn012003; Sat, 28 Dec 2002 13:32:34 -0700 (MST) Date: Sat, 28 Dec 2002 13:32:24 -0700 From: Duncan Patton a Campbell To: htabak@quadtelecom.com Cc: freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Bystander shot by a spam filter. Message-Id: <20021228133224.4f3a774f.campbell@neotext.ca> In-Reply-To: <3E0DAAF3.7090103@quadtelecom.com> References: <3E0DAAF3.7090103@quadtelecom.com> Organization: Index Express Ltd. X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-unknown-freebsd4.7) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="=.+o60fG'uI)AlQ=" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=.+o60fG'uI)AlQ= Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit How do you find if you are on the list? And who has the list? Can they be sued? Thanks, Duncan (Dhu) Campbell On Sat, 28 Dec 2002 08:45:23 -0500 Harry Tabak wrote: > [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam > filter, I've had to send this from another account] > > I am not sure which list is best for this issue, hence the cross > posting. I believe spam and anti-spam measures are security issues -- > the 'Availability' part of C-I-A. I apologize if I am wrong. A FreeBSD > ported package is contributing to an internet service availability > problem that has me stumped. I believe that an unknowable quantity of > other internet denizens are also affected. > > I'm a long time fan of FreeBSD -- I run it on my small mail server and > I've recommended it for many applications. I even bought a CD once. I > write this missive with great reluctance. I've worked with a lot of > strange software over the years, But this is a new first -- Software > that slanders! Software that publicly called me a spammer!!! And not to > my face, but to business associate. And then took action. > > I recently discovered, and quite by accident, that a FreeBSD ported > package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me > to an unknown number of businesses and individuals on the internet. I'll > probably never have to correspond with most of these people, but I'm a > freelancer -- this may have already cost me a job. [Dear reader, don't > be surprised if you or your clients are also blocked. I strongly suggest > that you check it out.] > > Anti-spam products have a valuable place in the security arsenal. But, > IMHO, this product is dangerous because it includes filters and rules > that are overreaching, and inaccurate. Bad firewall rules and bad > anti-spam rules may be OK for an individual site. However, spambnc's > bad advice is being mass marketed through the good offices of FreeBSD, > and it is putting potholes in the net for the rest of us. Until it is > fixed, and proven harmless, FreeBSD should stop distributing this product. > > Basically, the default built-in policies for blocking mail aren't fully > described, and there is no mechanism to universally correct the > inevitable mistakes in a timely manner. Users (people who install this > product) are mislead about the probably of filtering the wrong mail. I > am sure that the software was developed with the very best intentions, > but in its zeal to block lots and lots of spam, SB is hurting good people. > > The SB rule blocking my mail host has nothing to do with me. Even > though, it can use dynamic anti-spam DNS services, SB hard codes its > rules for filtering bad domains by name and by IP address. My nemisis is > buried in a 1476 line file, sb-blockdomains.rc, which installs by > default, and is not documented outside the code. Along with others, it > blocks the entire 66.45.0.0/17 space because spammers might live there. > This is sort of like a corporate mail room throwing away all NJ > postmarked mail because of the bulk mail distribution centers in Secaucus. > > My mail host address gets a clean bill of health from every anti-spam > site that I can find, such as SPEWS. I've checked at least 30 of them. > > My tiny x/29 block is sub-allocated from my DSL provider's x/23 block. > The DSL provider's block is a sub-allocation from Inflow.com's > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they have a > right to their opinions, they don't have a right to publicly tar me > because of my neighbors. > > If I read sb-blockdomains # comments correctly, it is policy to not > only block known spammers, but to ALSO block entire networks based on > their handling of spam complaints. This is like as a business > receptionist checking callerID and then ignoring incoming calls from > Verizon subscribers because Verizon tolerates (and probably invented) > telemarketing. > > I have written to both the Spambouncer contact address > and the FreeBSD maintainer, but without a > response. Possibly they are on holiday, or spambouncer is eating my > mail. Perhaps I'm just too impatient. > > I have also contacted my ISP's support. They don't know how to help > me. They vouch for Inflow. They don't recommend it, but for a fee, my > service could be switched to a different PVC, and I'd get an address > from a different carrier. But of course, the new address could be > black-listed on a whim. > > Regardless, I assume that these are reasonable people, and that they > will oil the squeaky wheel as soon as it is convenient. But how will I > ever know that EVERY copy of spambouncer has been fixed? What about > other innocent ISP subscribers who are also black-listed? > > Harry Tabak > QUAD TELECOM, INC. > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --=.+o60fG'uI)AlQ= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE+DgpiXgQtJ7uBra8RAqkgAJ99t1zQXEa5ms4lNoUlX4n8CW7M4ACdElYV KCTMW/hMq1ylDLiwixkO5Is= =2VFc -----END PGP SIGNATURE----- --=.+o60fG'uI)AlQ=-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 12:48:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A6F2937B401; Sat, 28 Dec 2002 12:48:21 -0800 (PST) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE9CF43E4A; Sat, 28 Dec 2002 12:48:20 -0800 (PST) (envelope-from campbell@localhost.neotext.ca) Received: from localhost.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.12.6/8.12.5) with ESMTP id gBSKnWiL012101; Sat, 28 Dec 2002 13:49:32 -0700 (MST) (envelope-from campbell@localhost.neotext.ca) Received: (from campbell@localhost) by localhost.neotext.ca (8.12.6/8.12.5/Submit) id gBSKnWju012100; Sat, 28 Dec 2002 13:49:32 -0700 (MST) Date: Sat, 28 Dec 2002 13:49:31 -0700 From: Duncan Patton a Campbell To: Shawn Duffy Cc: freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Bystander shot by a spam filter. Message-Id: <20021228134931.373541d9.campbell@neotext.ca> In-Reply-To: <1041108369.3504.47.camel@pitbull> References: <3E0DAAF3.7090103@quadtelecom.com> <20021228133224.4f3a774f.campbell@neotext.ca> <1041108369.3504.47.camel@pitbull> Organization: Index Express Ltd. X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-unknown-freebsd4.7) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="=.rqC5Ml3Hp_j./O" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=.rqC5Ml3Hp_j./O Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Seems to me that this is an invitation to government regulation -- interfering with the mail is a criminal offense for good reason. Dhu On 28 Dec 2002 15:46:10 -0500 Shawn Duffy wrote: > The lists are usually kept on the websites of whatever particular > organizations are doing it... they are quite a few... > As far as suing them, I would venture to say no... If you dont want > someone to be able to connect to your mail server that is certainly > within your right to do... and if other people want to agree with you, > well then, what can you do... although I am sure someone somewhere will > probably sue over it and win... > > shawn > > > On Sat, 2002-12-28 at 15:32, Duncan Patton a Campbell wrote: > > How do you find if you are on the list? And who has the list? > > > > Can they be sued? > > > > Thanks, > > > > Duncan (Dhu) Campbell > > > > On Sat, 28 Dec 2002 08:45:23 -0500 > > Harry Tabak wrote: > > > > > [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam > > > filter, I've had to send this from another account] > > > > > > I am not sure which list is best for this issue, hence the cross > > > posting. I believe spam and anti-spam measures are security issues -- > > > the 'Availability' part of C-I-A. I apologize if I am wrong. A FreeBSD > > > ported package is contributing to an internet service availability > > > problem that has me stumped. I believe that an unknowable quantity of > > > other internet denizens are also affected. > > > > > > I'm a long time fan of FreeBSD -- I run it on my small mail server and > > > I've recommended it for many applications. I even bought a CD once. I > > > write this missive with great reluctance. I've worked with a lot of > > > strange software over the years, But this is a new first -- Software > > > that slanders! Software that publicly called me a spammer!!! And not to > > > my face, but to business associate. And then took action. > > > > > > I recently discovered, and quite by accident, that a FreeBSD ported > > > package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me > > > to an unknown number of businesses and individuals on the internet. I'll > > > probably never have to correspond with most of these people, but I'm a > > > freelancer -- this may have already cost me a job. [Dear reader, don't > > > be surprised if you or your clients are also blocked. I strongly suggest > > > that you check it out.] > > > > > > Anti-spam products have a valuable place in the security arsenal. But, > > > IMHO, this product is dangerous because it includes filters and rules > > > that are overreaching, and inaccurate. Bad firewall rules and bad > > > anti-spam rules may be OK for an individual site. However, spambnc's > > > bad advice is being mass marketed through the good offices of FreeBSD, > > > and it is putting potholes in the net for the rest of us. Until it is > > > fixed, and proven harmless, FreeBSD should stop distributing this product. > > > > > > Basically, the default built-in policies for blocking mail aren't fully > > > described, and there is no mechanism to universally correct the > > > inevitable mistakes in a timely manner. Users (people who install this > > > product) are mislead about the probably of filtering the wrong mail. I > > > am sure that the software was developed with the very best intentions, > > > but in its zeal to block lots and lots of spam, SB is hurting good people. > > > > > > The SB rule blocking my mail host has nothing to do with me. Even > > > though, it can use dynamic anti-spam DNS services, SB hard codes its > > > rules for filtering bad domains by name and by IP address. My nemisis is > > > buried in a 1476 line file, sb-blockdomains.rc, which installs by > > > default, and is not documented outside the code. Along with others, it > > > blocks the entire 66.45.0.0/17 space because spammers might live there. > > > This is sort of like a corporate mail room throwing away all NJ > > > postmarked mail because of the bulk mail distribution centers in Secaucus. > > > > > > My mail host address gets a clean bill of health from every anti-spam > > > site that I can find, such as SPEWS. I've checked at least 30 of them. > > > > > > My tiny x/29 block is sub-allocated from my DSL provider's x/23 block. > > > The DSL provider's block is a sub-allocation from Inflow.com's > > > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they have a > > > right to their opinions, they don't have a right to publicly tar me > > > because of my neighbors. > > > > > > If I read sb-blockdomains # comments correctly, it is policy to not > > > only block known spammers, but to ALSO block entire networks based on > > > their handling of spam complaints. This is like as a business > > > receptionist checking callerID and then ignoring incoming calls from > > > Verizon subscribers because Verizon tolerates (and probably invented) > > > telemarketing. > > > > > > I have written to both the Spambouncer contact address > > > and the FreeBSD maintainer, but without a > > > response. Possibly they are on holiday, or spambouncer is eating my > > > mail. Perhaps I'm just too impatient. > > > > > > I have also contacted my ISP's support. They don't know how to help > > > me. They vouch for Inflow. They don't recommend it, but for a fee, my > > > service could be switched to a different PVC, and I'd get an address > > > from a different carrier. But of course, the new address could be > > > black-listed on a whim. > > > > > > Regardless, I assume that these are reasonable people, and that they > > > will oil the squeaky wheel as soon as it is convenient. But how will I > > > ever know that EVERY copy of spambouncer has been fixed? What about > > > other innocent ISP subscribers who are also black-listed? > > > > > > Harry Tabak > > > QUAD TELECOM, INC. > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > -- > email: pakkit at codepiranha dot org > web: http://codepiranha.org/~pakkit > pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A > having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html > --=.rqC5Ml3Hp_j./O Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE+Dg5bXgQtJ7uBra8RAgxSAJ4t1R1e1ji5YOBNw47lXSkkyGQw/ACgidcb MfS/bNfZxselDXcW4rQiAEM= =l3h7 -----END PGP SIGNATURE----- --=.rqC5Ml3Hp_j./O-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 12:49: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3770A37B405; Sat, 28 Dec 2002 12:49:02 -0800 (PST) Received: from manual-override.net (manual-override.net [65.42.236.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90B9A43EC5; Sat, 28 Dec 2002 12:49:01 -0800 (PST) (envelope-from chris@manual-override.net) Received: from manual-override.net (localhost [127.0.0.1]) by manual-override.net (8.12.6/8.7.1) with ESMTP id gBSKksxQ058148; Sat, 28 Dec 2002 15:46:54 -0500 (EST) Chris-is-the-man: Yes Received: from localhost (chris@localhost) by manual-override.net (8.12.6/8.12.6/Submit) with ESMTP id gBSKksPo058145; Sat, 28 Dec 2002 15:46:54 -0500 (EST) Date: Sat, 28 Dec 2002 15:46:54 -0500 (EST) From: Chris Orr To: Duncan Patton a Campbell Cc: htabak@quadtelecom.com, , Subject: Re: Bystander shot by a spam filter. In-Reply-To: <20021228133224.4f3a774f.campbell@neotext.ca> Message-ID: <20021228154425.X58019-100000@manual-override.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Here is _all_ of the lists that spam bnc supports. One of them will have your ip range on it im sure. http://www.spambouncer.org/#BlacklistSupport I think spamBNC is GPL'ed software. You use it at your own risk. Dont quote me on that one though. :) -chris On Sat, 28 Dec 2002, Duncan Patton a Campbell wrote: > How do you find if you are on the list? And who has the list? > > Can they be sued? > > Thanks, > > Duncan (Dhu) Campbell > > On Sat, 28 Dec 2002 08:45:23 -0500 > Harry Tabak wrote: > > > [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam > > filter, I've had to send this from another account] > > > > I am not sure which list is best for this issue, hence the cross > > posting. I believe spam and anti-spam measures are security issues -- > > the 'Availability' part of C-I-A. I apologize if I am wrong. A FreeBSD > > ported package is contributing to an internet service availability > > problem that has me stumped. I believe that an unknowable quantity of > > other internet denizens are also affected. > > > > I'm a long time fan of FreeBSD -- I run it on my small mail server and > > I've recommended it for many applications. I even bought a CD once. I > > write this missive with great reluctance. I've worked with a lot of > > strange software over the years, But this is a new first -- Software > > that slanders! Software that publicly called me a spammer!!! And not to > > my face, but to business associate. And then took action. > > > > I recently discovered, and quite by accident, that a FreeBSD ported > > package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me > > to an unknown number of businesses and individuals on the internet. I'll > > probably never have to correspond with most of these people, but I'm a > > freelancer -- this may have already cost me a job. [Dear reader, don't > > be surprised if you or your clients are also blocked. I strongly suggest > > that you check it out.] > > > > Anti-spam products have a valuable place in the security arsenal. But, > > IMHO, this product is dangerous because it includes filters and rules > > that are overreaching, and inaccurate. Bad firewall rules and bad > > anti-spam rules may be OK for an individual site. However, spambnc's > > bad advice is being mass marketed through the good offices of FreeBSD, > > and it is putting potholes in the net for the rest of us. Until it is > > fixed, and proven harmless, FreeBSD should stop distributing this product. > > > > Basically, the default built-in policies for blocking mail aren't fully > > described, and there is no mechanism to universally correct the > > inevitable mistakes in a timely manner. Users (people who install this > > product) are mislead about the probably of filtering the wrong mail. I > > am sure that the software was developed with the very best intentions, > > but in its zeal to block lots and lots of spam, SB is hurting good people. > > > > The SB rule blocking my mail host has nothing to do with me. Even > > though, it can use dynamic anti-spam DNS services, SB hard codes its > > rules for filtering bad domains by name and by IP address. My nemisis is > > buried in a 1476 line file, sb-blockdomains.rc, which installs by > > default, and is not documented outside the code. Along with others, it > > blocks the entire 66.45.0.0/17 space because spammers might live there. > > This is sort of like a corporate mail room throwing away all NJ > > postmarked mail because of the bulk mail distribution centers in Secaucus. > > > > My mail host address gets a clean bill of health from every anti-spam > > site that I can find, such as SPEWS. I've checked at least 30 of them. > > > > My tiny x/29 block is sub-allocated from my DSL provider's x/23 block. > > The DSL provider's block is a sub-allocation from Inflow.com's > > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they have a > > right to their opinions, they don't have a right to publicly tar me > > because of my neighbors. > > > > If I read sb-blockdomains # comments correctly, it is policy to not > > only block known spammers, but to ALSO block entire networks based on > > their handling of spam complaints. This is like as a business > > receptionist checking callerID and then ignoring incoming calls from > > Verizon subscribers because Verizon tolerates (and probably invented) > > telemarketing. > > > > I have written to both the Spambouncer contact address > > and the FreeBSD maintainer, but without a > > response. Possibly they are on holiday, or spambouncer is eating my > > mail. Perhaps I'm just too impatient. > > > > I have also contacted my ISP's support. They don't know how to help > > me. They vouch for Inflow. They don't recommend it, but for a fee, my > > service could be switched to a different PVC, and I'd get an address > > from a different carrier. But of course, the new address could be > > black-listed on a whim. > > > > Regardless, I assume that these are reasonable people, and that they > > will oil the squeaky wheel as soon as it is convenient. But how will I > > ever know that EVERY copy of spambouncer has been fixed? What about > > other innocent ISP subscribers who are also black-listed? > > > > Harry Tabak > > QUAD TELECOM, INC. > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 12:51:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C1EC37B401; Sat, 28 Dec 2002 12:51:26 -0800 (PST) Received: from pitbull.homeunix.org (pcp02515519pcs.arlngt01.va.comcast.net [68.84.139.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id 767B343ED8; Sat, 28 Dec 2002 12:51:23 -0800 (PST) (envelope-from pakkit@codepiranha.org) Received: by pitbull.homeunix.org (Postfix, from userid 504) id 7DE798CE91; Sat, 28 Dec 2002 15:57:40 -0500 (EST) Subject: Re: Bystander shot by a spam filter. From: Shawn Duffy To: Duncan Patton a Campbell Cc: freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG In-Reply-To: <20021228134931.373541d9.campbell@neotext.ca> References: <3E0DAAF3.7090103@quadtelecom.com> <20021228133224.4f3a774f.campbell@neotext.ca> <1041108369.3504.47.camel@pitbull> <20021228134931.373541d9.campbell@neotext.ca> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-7PaNftaX5OiJydS1tT2y" Organization: Message-Id: <1041109059.3507.50.camel@pitbull> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.1.99 Date: 28 Dec 2002 15:57:40 -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=-7PaNftaX5OiJydS1tT2y Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Why is it? If you send me a letter, I have every right to refuse it, do I not? If a company blocks too much, they will lose customers, and eventually either will have to lighten up or go out of business... shawn On Sat, 2002-12-28 at 15:49, Duncan Patton a Campbell wrote: > Seems to me that this is an invitation to government=20 > regulation -- interfering with the mail is a criminal > offense for good reason. >=20 > Dhu >=20 > On 28 Dec 2002 15:46:10 -0500 > Shawn Duffy wrote: >=20 > > The lists are usually kept on the websites of whatever particular > > organizations are doing it... they are quite a few... > > As far as suing them, I would venture to say no... If you dont want > > someone to be able to connect to your mail server that is certainly > > within your right to do... and if other people want to agree with you, > > well then, what can you do... although I am sure someone somewhere will > > probably sue over it and win...=20 > >=20 > > shawn > >=20 > >=20 > > On Sat, 2002-12-28 at 15:32, Duncan Patton a Campbell wrote: > > > How do you find if you are on the list? And who has the list? > > >=20 > > > Can they be sued? > > >=20 > > > Thanks,=20 > > >=20 > > > Duncan (Dhu) Campbell > > >=20 > > > On Sat, 28 Dec 2002 08:45:23 -0500 > > > Harry Tabak wrote: > > >=20 > > > > [This is a resend. Ironically, the orignal was blocked by FreeBSD's= spam=20 > > > > filter, I've had to send this from another account] > > > >=20 > > > > I am not sure which list is best for this issue, hence the cross > > > > posting. I believe spam and anti-spam measures are security issues= -- > > > > the 'Availability' part of C-I-A. I apologize if I am wrong. A Fre= eBSD > > > > ported package is contributing to an internet service availability > > > > problem that has me stumped. I believe that an unknowable quantity= of > > > > other internet denizens are also affected. > > > >=20 > > > > I'm a long time fan of FreeBSD -- I run it on my small mail server= and > > > > I've recommended it for many applications. I even bought a CD once.= I > > > > write this missive with great reluctance. I've worked with a lot of > > > > strange software over the years, But this is a new first -- Softwar= e > > > > that slanders! Software that publicly called me a spammer!!! And n= ot to > > > > my face, but to business associate. And then took action. > > > >=20 > > > > I recently discovered, and quite by accident, that a FreeBSD porte= d > > > > package -- spambnc (aka Spambouncer or SB) -- was blocking mail fro= m me > > > > to an unknown number of businesses and individuals on the internet.= I'll > > > > probably never have to correspond with most of these people, but I'= m a > > > > freelancer -- this may have already cost me a job. [Dear reader, do= n't > > > > be surprised if you or your clients are also blocked. I strongly su= ggest > > > > that you check it out.] > > > >=20 > > > > Anti-spam products have a valuable place in the security arsenal. = But, > > > > IMHO, this product is dangerous because it includes filters and rul= es > > > > that are overreaching, and inaccurate. Bad firewall rules and bad > > > > anti-spam rules may be OK for an individual site. However, spambnc= 's > > > > bad advice is being mass marketed through the good offices of FreeB= SD, > > > > and it is putting potholes in the net for the rest of us. Until it= is > > > > fixed, and proven harmless, FreeBSD should stop distributing this p= roduct. > > > >=20 > > > > Basically, the default built-in policies for blocking mail aren't = fully > > > > described, and there is no mechanism to universally correct the > > > > inevitable mistakes in a timely manner. Users (people who install t= his > > > > product) are mislead about the probably of filtering the wrong mail= . I > > > > am sure that the software was developed with the very best intentio= ns, > > > > but in its zeal to block lots and lots of spam, SB is hurting good = people. > > > >=20 > > > > The SB rule blocking my mail host has nothing to do with me. Even > > > > though, it can use dynamic anti-spam DNS services, SB hard codes i= ts > > > > rules for filtering bad domains by name and by IP address. My nemis= is is > > > > buried in a 1476 line file, sb-blockdomains.rc, which installs by > > > > default, and is not documented outside the code. Along with others,= it > > > > blocks the entire 66.45.0.0/17 space because spammers might live th= ere. > > > > This is sort of like a corporate mail room throwing away all NJ > > > > postmarked mail because of the bulk mail distribution centers in Se= caucus. > > > >=20 > > > > My mail host address gets a clean bill of health from every anti-s= pam > > > > site that I can find, such as SPEWS. I've checked at least 30 of th= em. > > > >=20 > > > > My tiny x/29 block is sub-allocated from my DSL provider's x/23 bl= ock. > > > > The DSL provider's block is a sub-allocation from Inflow.com's > > > > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they ha= ve a > > > > right to their opinions, they don't have a right to publicly tar me > > > > because of my neighbors. > > > >=20 > > > > If I read sb-blockdomains # comments correctly, it is policy to no= t > > > > only block known spammers, but to ALSO block entire networks based = on > > > > their handling of spam complaints. This is like as a business > > > > receptionist checking callerID and then ignoring incoming calls fro= m > > > > Verizon subscribers because Verizon tolerates (and probably invente= d) > > > > telemarketing. > > > >=20 > > > > I have written to both the Spambouncer contact address > > > > and the FreeBSD maintainer, but without a > > > > response. Possibly they are on holiday, or spambouncer is eating m= y > > > > mail. Perhaps I'm just too impatient. > > > >=20 > > > > I have also contacted my ISP's support. They don't know how to he= lp > > > > me. They vouch for Inflow. They don't recommend it, but for a fee, = my > > > > service could be switched to a different PVC, and I'd get an addres= s > > > > from a different carrier. But of course, the new address could be > > > > black-listed on a whim. > > > >=20 > > > > Regardless, I assume that these are reasonable people, and that th= ey > > > > will oil the squeaky wheel as soon as it is convenient. But how wi= ll I > > > > ever know that EVERY copy of spambouncer has been fixed? What about > > > > other innocent ISP subscribers who are also black-listed? > > > >=20 > > > > Harry Tabak > > > > QUAD TELECOM, INC. > > > >=20 > > > >=20 > > > > =09 > > > >=20 > > > >=20 > > > >=20 > > > >=20 > > > >=20 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > --=20 > > email: pakkit at codepiranha dot org > > web: http://codepiranha.org/~pakkit > > pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A > > having problems reading email from me? http://codepiranha.org/~pakkit/p= gp-trouble.html > >=20 --=20 email: pakkit at codepiranha dot org web: http://codepiranha.org/~pakkit pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A having problems reading email from me? http://codepiranha.org/~pakkit/pgp-t= rouble.html --=-7PaNftaX5OiJydS1tT2y Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA+DhBDzOlsqZj8ZloRAlYLAKCN0TgwXuzBnnGkUB7C5I0ZUBq18wCcDe0y 16pDX2sVOEEkrKozbDzOdLM= =x/gF -----END PGP SIGNATURE----- --=-7PaNftaX5OiJydS1tT2y-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 12:59: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC89E37B401; Sat, 28 Dec 2002 12:58:57 -0800 (PST) Received: from priv-edtnes28.telusplanet.net (outbound04.telus.net [199.185.220.223]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1122043ED1; Sat, 28 Dec 2002 12:58:57 -0800 (PST) (envelope-from abe@uniserve.com) Received: from uniserve.com ([66.183.71.152]) by priv-edtnes28.telusplanet.net (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id <20021228205856.OUUQ13269.priv-edtnes28.telusplanet.net@uniserve.com>; Sat, 28 Dec 2002 13:58:56 -0700 Message-ID: <3E0E106E.8040603@uniserve.com> Date: Sat, 28 Dec 2002 12:58:22 -0800 From: Abe User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130 X-Accept-Language: en-us, en MIME-Version: 1.0 To: htabak@quadtelecom.com Cc: freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Bystander shot by a spam filter. References: <3E0DAAF3.7090103@quadtelecom.com> In-Reply-To: <3E0DAAF3.7090103@quadtelecom.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Are you sure that the 66.45.0.0/17 block is from sb-blockdomains.rc file? My guess is that it is from a listing on Five-Ten-SG blacklist, check out: http://www.five-ten-sg.com/blackhole.php?ip=66.45.0.0 SpamBouncer supports a variety of blacklists including the Five-Ten-SG blacklist, though support for the Five-Ten-SG blacklist is disabled by default in the sb.rc file. (see http://www.spambouncer.org/#BlacklistSupport). Regards, Abe Ro Harry Tabak wrote: > [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam > filter, I've had to send this from another account] > > I am not sure which list is best for this issue, hence the cross > posting. I believe spam and anti-spam measures are security issues -- > the 'Availability' part of C-I-A. I apologize if I am wrong. A FreeBSD > ported package is contributing to an internet service availability > problem that has me stumped. I believe that an unknowable quantity of > other internet denizens are also affected. > > I'm a long time fan of FreeBSD -- I run it on my small mail server and > I've recommended it for many applications. I even bought a CD once. I > write this missive with great reluctance. I've worked with a lot of > strange software over the years, But this is a new first -- Software > that slanders! Software that publicly called me a spammer!!! And not to > my face, but to business associate. And then took action. > > I recently discovered, and quite by accident, that a FreeBSD ported > package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me > to an unknown number of businesses and individuals on the internet. I'll > probably never have to correspond with most of these people, but I'm a > freelancer -- this may have already cost me a job. [Dear reader, don't > be surprised if you or your clients are also blocked. I strongly suggest > that you check it out.] > > Anti-spam products have a valuable place in the security arsenal. But, > IMHO, this product is dangerous because it includes filters and rules > that are overreaching, and inaccurate. Bad firewall rules and bad > anti-spam rules may be OK for an individual site. However, spambnc's > bad advice is being mass marketed through the good offices of FreeBSD, > and it is putting potholes in the net for the rest of us. Until it is > fixed, and proven harmless, FreeBSD should stop distributing this product. > > Basically, the default built-in policies for blocking mail aren't fully > described, and there is no mechanism to universally correct the > inevitable mistakes in a timely manner. Users (people who install this > product) are mislead about the probably of filtering the wrong mail. I > am sure that the software was developed with the very best intentions, > but in its zeal to block lots and lots of spam, SB is hurting good people. > > The SB rule blocking my mail host has nothing to do with me. Even > though, it can use dynamic anti-spam DNS services, SB hard codes its > rules for filtering bad domains by name and by IP address. My nemisis is > buried in a 1476 line file, sb-blockdomains.rc, which installs by > default, and is not documented outside the code. Along with others, it > blocks the entire 66.45.0.0/17 space because spammers might live there. > This is sort of like a corporate mail room throwing away all NJ > postmarked mail because of the bulk mail distribution centers in Secaucus. > > My mail host address gets a clean bill of health from every anti-spam > site that I can find, such as SPEWS. I've checked at least 30 of them. > > My tiny x/29 block is sub-allocated from my DSL provider's x/23 block. > The DSL provider's block is a sub-allocation from Inflow.com's > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they have a > right to their opinions, they don't have a right to publicly tar me > because of my neighbors. > > If I read sb-blockdomains # comments correctly, it is policy to not > only block known spammers, but to ALSO block entire networks based on > their handling of spam complaints. This is like as a business > receptionist checking callerID and then ignoring incoming calls from > Verizon subscribers because Verizon tolerates (and probably invented) > telemarketing. > > I have written to both the Spambouncer contact address > and the FreeBSD maintainer, but without a > response. Possibly they are on holiday, or spambouncer is eating my > mail. Perhaps I'm just too impatient. > > I have also contacted my ISP's support. They don't know how to help > me. They vouch for Inflow. They don't recommend it, but for a fee, my > service could be switched to a different PVC, and I'd get an address > from a different carrier. But of course, the new address could be > black-listed on a whim. > > Regardless, I assume that these are reasonable people, and that they > will oil the squeaky wheel as soon as it is convenient. But how will I > ever know that EVERY copy of spambouncer has been fixed? What about > other innocent ISP subscribers who are also black-listed? > > Harry Tabak > QUAD TELECOM, INC. > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 13: 0:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F0E137B401; Sat, 28 Dec 2002 13:00:39 -0800 (PST) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D27C43ED4; Sat, 28 Dec 2002 13:00:38 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id OAA28554; Sat, 28 Dec 2002 14:00:22 -0700 (MST) X-message-flag: Warning! Use of Microsoft Outlook renders your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20021228134454.0283b180@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Sat, 28 Dec 2002 14:00:12 -0700 To: htabak@quadtelecom.com, Chuck Rock , freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG From: Brett Glass Subject: Re: Bystander shot by a spam filter. Cc: Harry Tabak In-Reply-To: <3E0DCE46.30803@quadtelecom.com> References: <3E0DC89D.3010203@quadtelecom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 09:16 AM 12/28/2002, Harry Tabak wrote: >I can't really stop the Spambouncer people from shouting "fire" from their own website -- freedom of speech and all that. But should FreeBSD act as an amplifier. I personally believe that spam is a serious security issue (see my paper at http://www.brettglass.com/spam/). However, be warned that this list's Supreme Moderator may declare your posting to be "off-topic," because it doesn't relate directly to intrusions upon FreeBSD itself. He may also blast you for cross-posting and/or for starting too long or interesting a discussion. :-S That said, I can offer you some assistance here. Catherine Hampton's SpamBouncer relies on Procmail, whose filtering recipes are easily "tunable." It shouldn't be hard to change the recipes, and you can then encourage the port maintainer to add your changes. Unfortunately, if you want to get the master SpamBouncer recipe file changed, you will have to contact Catherine. My wife knows her personally, so if you cannot get through to her by other means I may be able to reach her for you. In the meantime, you may want to use a mail relay (not a fully open one, of course) to get around the block. All you need is one machine on a different subnet that will relay your outbound mail. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 13:17:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 423C437B401; Sat, 28 Dec 2002 13:17:27 -0800 (PST) Received: from priv-edtnes61.telusplanet.net (outbound01.telus.net [199.185.220.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8332E43EC5; Sat, 28 Dec 2002 13:17:26 -0800 (PST) (envelope-from abe@uniserve.com) Received: from uniserve.com ([66.183.71.152]) by priv-edtnes61.telusplanet.net (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id <20021228211725.OPVJ1559.priv-edtnes61.telusplanet.net@uniserve.com>; Sat, 28 Dec 2002 14:17:25 -0700 Message-ID: <3E0E14D9.6000001@uniserve.com> Date: Sat, 28 Dec 2002 13:17:13 -0800 From: Abe User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130 X-Accept-Language: en-us, en MIME-Version: 1.0 To: htabak@quadtelecom.com Cc: freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Bystander shot by a spam filter. References: <3E0DAAF3.7090103@quadtelecom.com> <3E0E106E.8040603@uniserve.com> In-Reply-To: <3E0E106E.8040603@uniserve.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Abe wrote: > Are you sure that the 66.45.0.0/17 block is from sb-blockdomains.rc file? Nevermind. I found the Inflow entry in sb-blockdomains.rc file. :) Regards, Abe Ro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 13:35: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9480D37B401; Sat, 28 Dec 2002 13:34:57 -0800 (PST) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E84043E4A; Sat, 28 Dec 2002 13:34:56 -0800 (PST) (envelope-from campbell@localhost.neotext.ca) Received: from localhost.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.12.6/8.12.5) with ESMTP id gBSLa8iL012284; Sat, 28 Dec 2002 14:36:08 -0700 (MST) (envelope-from campbell@localhost.neotext.ca) Received: (from campbell@localhost) by localhost.neotext.ca (8.12.6/8.12.5/Submit) id gBSLa8FM012283; Sat, 28 Dec 2002 14:36:08 -0700 (MST) Date: Sat, 28 Dec 2002 14:36:08 -0700 From: Duncan Patton a Campbell To: Rick Hamell Cc: pakkit@codepiranha.org, freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Bystander shot by a spam filter. Message-Id: <20021228143608.051ee68e.campbell@neotext.ca> In-Reply-To: References: <20021228134931.373541d9.campbell@neotext.ca> Organization: Index Express Ltd. X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-unknown-freebsd4.7) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="AV+P,7tHyRt=.=kP" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --AV+P,7tHyRt=.=kP Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Sat, 28 Dec 2002 14:11:50 -0800 (PST) Rick Hamell wrote: > > > Seems to me that this is an invitation to government > > regulation -- interfering with the mail is a criminal > > offense for good reason. > > Email is not regulated by the government. > > Rick > > Yup. This is currently the case. But lets say we have some real business to conduct. And lets say I send you some mail, and your SP blocks it 'cause someone used the DIP I'm on to spam some months ago. So then, our business gets fucked up. I think we'd have a real good case for suing the ass offa the SP(s) who contracted with us to supply the mail services. And if such a situation were to ensue, there would be a real good chance of uninvited government regulation. Bet on it. Dhu --AV+P,7tHyRt=.=kP Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE+DhlIXgQtJ7uBra8RAtrDAJ972EARDY9HLZWH5UWA79v5wnjTSQCg6psd +Hq/W2/y3BWq4HdeuieTwPg= =o6zt -----END PGP SIGNATURE----- --AV+P,7tHyRt=.=kP-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 13:43:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7027C37B401; Sat, 28 Dec 2002 13:43:44 -0800 (PST) Received: from manual-override.net (manual-override.net [65.42.236.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id BACD043E4A; Sat, 28 Dec 2002 13:43:43 -0800 (PST) (envelope-from chris@manual-override.net) Received: from manual-override.net (localhost [127.0.0.1]) by manual-override.net (8.12.6/8.7.1) with ESMTP id gBSLfkxQ058491; Sat, 28 Dec 2002 16:41:46 -0500 (EST) Chris-is-the-man: Yes Received: from localhost (chris@localhost) by manual-override.net (8.12.6/8.12.6/Submit) with ESMTP id gBSLfkhB058488; Sat, 28 Dec 2002 16:41:46 -0500 (EST) Date: Sat, 28 Dec 2002 16:41:46 -0500 (EST) From: Chris Orr To: Duncan Patton a Campbell Cc: freebsd-questions@FreeBSD.ORG, Subject: Re: Bystander shot by a spam filter. In-Reply-To: <20021228134931.373541d9.campbell@neotext.ca> Message-ID: <20021228164035.J58458-100000@manual-override.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org So theoretically scanning email attatchments for viruses is illeagal too? and the same goes for filtering out porn? -chris On Sat, 28 Dec 2002, Duncan Patton a Campbell wrote: > Seems to me that this is an invitation to government > regulation -- interfering with the mail is a criminal > offense for good reason. > > Dhu > > On 28 Dec 2002 15:46:10 -0500 > Shawn Duffy wrote: > > > The lists are usually kept on the websites of whatever particular > > organizations are doing it... they are quite a few... > > As far as suing them, I would venture to say no... If you dont want > > someone to be able to connect to your mail server that is certainly > > within your right to do... and if other people want to agree with you, > > well then, what can you do... although I am sure someone somewhere will > > probably sue over it and win... > > > > shawn > > > > > > On Sat, 2002-12-28 at 15:32, Duncan Patton a Campbell wrote: > > > How do you find if you are on the list? And who has the list? > > > > > > Can they be sued? > > > > > > Thanks, > > > > > > Duncan (Dhu) Campbell > > > > > > On Sat, 28 Dec 2002 08:45:23 -0500 > > > Harry Tabak wrote: > > > > > > > [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam > > > > filter, I've had to send this from another account] > > > > > > > > I am not sure which list is best for this issue, hence the cross > > > > posting. I believe spam and anti-spam measures are security issues -- > > > > the 'Availability' part of C-I-A. I apologize if I am wrong. A FreeBSD > > > > ported package is contributing to an internet service availability > > > > problem that has me stumped. I believe that an unknowable quantity of > > > > other internet denizens are also affected. > > > > > > > > I'm a long time fan of FreeBSD -- I run it on my small mail server and > > > > I've recommended it for many applications. I even bought a CD once. I > > > > write this missive with great reluctance. I've worked with a lot of > > > > strange software over the years, But this is a new first -- Software > > > > that slanders! Software that publicly called me a spammer!!! And not to > > > > my face, but to business associate. And then took action. > > > > > > > > I recently discovered, and quite by accident, that a FreeBSD ported > > > > package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me > > > > to an unknown number of businesses and individuals on the internet. I'll > > > > probably never have to correspond with most of these people, but I'm a > > > > freelancer -- this may have already cost me a job. [Dear reader, don't > > > > be surprised if you or your clients are also blocked. I strongly suggest > > > > that you check it out.] > > > > > > > > Anti-spam products have a valuable place in the security arsenal. But, > > > > IMHO, this product is dangerous because it includes filters and rules > > > > that are overreaching, and inaccurate. Bad firewall rules and bad > > > > anti-spam rules may be OK for an individual site. However, spambnc's > > > > bad advice is being mass marketed through the good offices of FreeBSD, > > > > and it is putting potholes in the net for the rest of us. Until it is > > > > fixed, and proven harmless, FreeBSD should stop distributing this product. > > > > > > > > Basically, the default built-in policies for blocking mail aren't fully > > > > described, and there is no mechanism to universally correct the > > > > inevitable mistakes in a timely manner. Users (people who install this > > > > product) are mislead about the probably of filtering the wrong mail. I > > > > am sure that the software was developed with the very best intentions, > > > > but in its zeal to block lots and lots of spam, SB is hurting good people. > > > > > > > > The SB rule blocking my mail host has nothing to do with me. Even > > > > though, it can use dynamic anti-spam DNS services, SB hard codes its > > > > rules for filtering bad domains by name and by IP address. My nemisis is > > > > buried in a 1476 line file, sb-blockdomains.rc, which installs by > > > > default, and is not documented outside the code. Along with others, it > > > > blocks the entire 66.45.0.0/17 space because spammers might live there. > > > > This is sort of like a corporate mail room throwing away all NJ > > > > postmarked mail because of the bulk mail distribution centers in Secaucus. > > > > > > > > My mail host address gets a clean bill of health from every anti-spam > > > > site that I can find, such as SPEWS. I've checked at least 30 of them. > > > > > > > > My tiny x/29 block is sub-allocated from my DSL provider's x/23 block. > > > > The DSL provider's block is a sub-allocation from Inflow.com's > > > > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they have a > > > > right to their opinions, they don't have a right to publicly tar me > > > > because of my neighbors. > > > > > > > > If I read sb-blockdomains # comments correctly, it is policy to not > > > > only block known spammers, but to ALSO block entire networks based on > > > > their handling of spam complaints. This is like as a business > > > > receptionist checking callerID and then ignoring incoming calls from > > > > Verizon subscribers because Verizon tolerates (and probably invented) > > > > telemarketing. > > > > > > > > I have written to both the Spambouncer contact address > > > > and the FreeBSD maintainer, but without a > > > > response. Possibly they are on holiday, or spambouncer is eating my > > > > mail. Perhaps I'm just too impatient. > > > > > > > > I have also contacted my ISP's support. They don't know how to help > > > > me. They vouch for Inflow. They don't recommend it, but for a fee, my > > > > service could be switched to a different PVC, and I'd get an address > > > > from a different carrier. But of course, the new address could be > > > > black-listed on a whim. > > > > > > > > Regardless, I assume that these are reasonable people, and that they > > > > will oil the squeaky wheel as soon as it is convenient. But how will I > > > > ever know that EVERY copy of spambouncer has been fixed? What about > > > > other innocent ISP subscribers who are also black-listed? > > > > > > > > Harry Tabak > > > > QUAD TELECOM, INC. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > -- > > email: pakkit at codepiranha dot org > > web: http://codepiranha.org/~pakkit > > pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A > > having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 13:49:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D128337B401; Sat, 28 Dec 2002 13:49:49 -0800 (PST) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9EBE143E4A; Sat, 28 Dec 2002 13:49:48 -0800 (PST) (envelope-from campbell@localhost.neotext.ca) Received: from localhost.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.12.6/8.12.5) with ESMTP id gBSLp2iL012357; Sat, 28 Dec 2002 14:51:02 -0700 (MST) (envelope-from campbell@localhost.neotext.ca) Received: (from campbell@localhost) by localhost.neotext.ca (8.12.6/8.12.5/Submit) id gBSLp2co012356; Sat, 28 Dec 2002 14:51:02 -0700 (MST) Date: Sat, 28 Dec 2002 14:51:01 -0700 From: Duncan Patton a Campbell To: Chris Orr Cc: freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Bystander shot by a spam filter. Message-Id: <20021228145101.19f61ce1.campbell@neotext.ca> In-Reply-To: <20021228164035.J58458-100000@manual-override.net> References: <20021228134931.373541d9.campbell@neotext.ca> <20021228164035.J58458-100000@manual-override.net> Organization: Index Express Ltd. X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-unknown-freebsd4.7) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="=.NO(NTiQ/oye?By" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=.NO(NTiQ/oye?By Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit The law would have to consider intention of the sender: Virii are (generally) not intended by the sender, except for the original author. If I didn't intend to send the virus, there is no constraint on you scanning and chopping it. As for porn, if you are a minor, then by sending it to you I have probably committed a criminal offense, regardless of the vehicle employed. Dhu On Sat, 28 Dec 2002 16:41:46 -0500 (EST) Chris Orr wrote: > So theoretically scanning email attatchments for viruses is illeagal too? > and the same goes for filtering out porn? > -chris > > On Sat, 28 Dec 2002, Duncan Patton a Campbell wrote: > > > Seems to me that this is an invitation to government > > regulation -- interfering with the mail is a criminal > > offense for good reason. > > > > Dhu > > > > On 28 Dec 2002 15:46:10 -0500 > > Shawn Duffy wrote: > > > > > The lists are usually kept on the websites of whatever particular > > > organizations are doing it... they are quite a few... > > > As far as suing them, I would venture to say no... If you dont want > > > someone to be able to connect to your mail server that is certainly > > > within your right to do... and if other people want to agree with you, > > > well then, what can you do... although I am sure someone somewhere will > > > probably sue over it and win... > > > > > > shawn > > > > > > > > > On Sat, 2002-12-28 at 15:32, Duncan Patton a Campbell wrote: > > > > How do you find if you are on the list? And who has the list? > > > > > > > > Can they be sued? > > > > > > > > Thanks, > > > > > > > > Duncan (Dhu) Campbell > > > > > > > > On Sat, 28 Dec 2002 08:45:23 -0500 > > > > Harry Tabak wrote: > > > > > > > > > [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam > > > > > filter, I've had to send this from another account] > > > > > > > > > > I am not sure which list is best for this issue, hence the cross > > > > > posting. I believe spam and anti-spam measures are security issues -- > > > > > the 'Availability' part of C-I-A. I apologize if I am wrong. A FreeBSD > > > > > ported package is contributing to an internet service availability > > > > > problem that has me stumped. I believe that an unknowable quantity of > > > > > other internet denizens are also affected. > > > > > > > > > > I'm a long time fan of FreeBSD -- I run it on my small mail server and > > > > > I've recommended it for many applications. I even bought a CD once. I > > > > > write this missive with great reluctance. I've worked with a lot of > > > > > strange software over the years, But this is a new first -- Software > > > > > that slanders! Software that publicly called me a spammer!!! And not to > > > > > my face, but to business associate. And then took action. > > > > > > > > > > I recently discovered, and quite by accident, that a FreeBSD ported > > > > > package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me > > > > > to an unknown number of businesses and individuals on the internet. I'll > > > > > probably never have to correspond with most of these people, but I'm a > > > > > freelancer -- this may have already cost me a job. [Dear reader, don't > > > > > be surprised if you or your clients are also blocked. I strongly suggest > > > > > that you check it out.] > > > > > > > > > > Anti-spam products have a valuable place in the security arsenal. But, > > > > > IMHO, this product is dangerous because it includes filters and rules > > > > > that are overreaching, and inaccurate. Bad firewall rules and bad > > > > > anti-spam rules may be OK for an individual site. However, spambnc's > > > > > bad advice is being mass marketed through the good offices of FreeBSD, > > > > > and it is putting potholes in the net for the rest of us. Until it is > > > > > fixed, and proven harmless, FreeBSD should stop distributing this product. > > > > > > > > > > Basically, the default built-in policies for blocking mail aren't fully > > > > > described, and there is no mechanism to universally correct the > > > > > inevitable mistakes in a timely manner. Users (people who install this > > > > > product) are mislead about the probably of filtering the wrong mail. I > > > > > am sure that the software was developed with the very best intentions, > > > > > but in its zeal to block lots and lots of spam, SB is hurting good people. > > > > > > > > > > The SB rule blocking my mail host has nothing to do with me. Even > > > > > though, it can use dynamic anti-spam DNS services, SB hard codes its > > > > > rules for filtering bad domains by name and by IP address. My nemisis is > > > > > buried in a 1476 line file, sb-blockdomains.rc, which installs by > > > > > default, and is not documented outside the code. Along with others, it > > > > > blocks the entire 66.45.0.0/17 space because spammers might live there. > > > > > This is sort of like a corporate mail room throwing away all NJ > > > > > postmarked mail because of the bulk mail distribution centers in Secaucus. > > > > > > > > > > My mail host address gets a clean bill of health from every anti-spam > > > > > site that I can find, such as SPEWS. I've checked at least 30 of them. > > > > > > > > > > My tiny x/29 block is sub-allocated from my DSL provider's x/23 block. > > > > > The DSL provider's block is a sub-allocation from Inflow.com's > > > > > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they have a > > > > > right to their opinions, they don't have a right to publicly tar me > > > > > because of my neighbors. > > > > > > > > > > If I read sb-blockdomains # comments correctly, it is policy to not > > > > > only block known spammers, but to ALSO block entire networks based on > > > > > their handling of spam complaints. This is like as a business > > > > > receptionist checking callerID and then ignoring incoming calls from > > > > > Verizon subscribers because Verizon tolerates (and probably invented) > > > > > telemarketing. > > > > > > > > > > I have written to both the Spambouncer contact address > > > > > and the FreeBSD maintainer, but without a > > > > > response. Possibly they are on holiday, or spambouncer is eating my > > > > > mail. Perhaps I'm just too impatient. > > > > > > > > > > I have also contacted my ISP's support. They don't know how to help > > > > > me. They vouch for Inflow. They don't recommend it, but for a fee, my > > > > > service could be switched to a different PVC, and I'd get an address > > > > > from a different carrier. But of course, the new address could be > > > > > black-listed on a whim. > > > > > > > > > > Regardless, I assume that these are reasonable people, and that they > > > > > will oil the squeaky wheel as soon as it is convenient. But how will I > > > > > ever know that EVERY copy of spambouncer has been fixed? What about > > > > > other innocent ISP subscribers who are also black-listed? > > > > > > > > > > Harry Tabak > > > > > QUAD TELECOM, INC. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-security" in the body of the message > > > -- > > > email: pakkit at codepiranha dot org > > > web: http://codepiranha.org/~pakkit > > > pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A > > > having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html > > > > > > --=.NO(NTiQ/oye?By Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE+DhzFXgQtJ7uBra8RAoCiAJ9sJ/M8LY8KwyOvGQTj1ff6AVM5XQCgm4pZ QsHJd6L52pLgCSW2g3U6h84= =XqeF -----END PGP SIGNATURE----- --=.NO(NTiQ/oye?By-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 13:54:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3349937B401; Sat, 28 Dec 2002 13:54:39 -0800 (PST) Received: from pitbull.homeunix.org (pcp02515519pcs.arlngt01.va.comcast.net [68.84.139.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C9AB43ED1; Sat, 28 Dec 2002 13:54:38 -0800 (PST) (envelope-from pakkit@codepiranha.org) Received: by pitbull.homeunix.org (Postfix, from userid 504) id A50B58CE91; Sat, 28 Dec 2002 17:00:54 -0500 (EST) Subject: Re: Bystander shot by a spam filter. From: Shawn Duffy To: Duncan Patton a Campbell Cc: Chris Orr , freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG In-Reply-To: <20021228145101.19f61ce1.campbell@neotext.ca> References: <20021228134931.373541d9.campbell@neotext.ca> <20021228164035.J58458-100000@manual-override.net> <20021228145101.19f61ce1.campbell@neotext.ca> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-odv/WE5JVLX8qqUs8D6/" Organization: Message-Id: <1041112853.3577.56.camel@pitbull> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.1.99 Date: 28 Dec 2002 17:00:54 -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=-odv/WE5JVLX8qqUs8D6/ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable So we should let the govt open all unopened mail to make sure nothing is illegal in it? and then leave it up to them to determine if it was intentional? =20 please... On Sat, 2002-12-28 at 16:51, Duncan Patton a Campbell wrote: > The law would have to consider intention of the sender: >=20 > Virii are (generally) not intended by the sender, except > for the original author. If I didn't intend to send the > virus, there is no constraint on you scanning and chopping > it. As for porn, if you are a minor, then by sending it > to you I have probably committed a criminal offense, regardless > of the vehicle employed. >=20 > Dhu >=20 >=20 > On Sat, 28 Dec 2002 16:41:46 -0500 (EST) > Chris Orr wrote: >=20 > > So theoretically scanning email attatchments for viruses is illeagal to= o? > > and the same goes for filtering out porn? > > -chris > >=20 > > On Sat, 28 Dec 2002, Duncan Patton a Campbell wrote: > >=20 > > > Seems to me that this is an invitation to government > > > regulation -- interfering with the mail is a criminal > > > offense for good reason. > > > > > > Dhu > > > > > > On 28 Dec 2002 15:46:10 -0500 > > > Shawn Duffy wrote: > > > > > > > The lists are usually kept on the websites of whatever particular > > > > organizations are doing it... they are quite a few... > > > > As far as suing them, I would venture to say no... If you dont want > > > > someone to be able to connect to your mail server that is certainly > > > > within your right to do... and if other people want to agree with y= ou, > > > > well then, what can you do... although I am sure someone somewhere = will > > > > probably sue over it and win... > > > > > > > > shawn > > > > > > > > > > > > On Sat, 2002-12-28 at 15:32, Duncan Patton a Campbell wrote: > > > > > How do you find if you are on the list? And who has the list? > > > > > > > > > > Can they be sued? > > > > > > > > > > Thanks, > > > > > > > > > > Duncan (Dhu) Campbell > > > > > > > > > > On Sat, 28 Dec 2002 08:45:23 -0500 > > > > > Harry Tabak wrote: > > > > > > > > > > > [This is a resend. Ironically, the orignal was blocked by FreeB= SD's spam > > > > > > filter, I've had to send this from another account] > > > > > > > > > > > > I am not sure which list is best for this issue, hence the cro= ss > > > > > > posting. I believe spam and anti-spam measures are security is= sues -- > > > > > > the 'Availability' part of C-I-A. I apologize if I am wrong. A= FreeBSD > > > > > > ported package is contributing to an internet service availabil= ity > > > > > > problem that has me stumped. I believe that an unknowable quan= tity of > > > > > > other internet denizens are also affected. > > > > > > > > > > > > I'm a long time fan of FreeBSD -- I run it on my small mail se= rver and > > > > > > I've recommended it for many applications. I even bought a CD o= nce. I > > > > > > write this missive with great reluctance. I've worked with a lo= t of > > > > > > strange software over the years, But this is a new first -- Sof= tware > > > > > > that slanders! Software that publicly called me a spammer!!! A= nd not to > > > > > > my face, but to business associate. And then took action. > > > > > > > > > > > > I recently discovered, and quite by accident, that a FreeBSD p= orted > > > > > > package -- spambnc (aka Spambouncer or SB) -- was blocking mail= from me > > > > > > to an unknown number of businesses and individuals on the inter= net. I'll > > > > > > probably never have to correspond with most of these people, bu= t I'm a > > > > > > freelancer -- this may have already cost me a job. [Dear reader= , don't > > > > > > be surprised if you or your clients are also blocked. I strongl= y suggest > > > > > > that you check it out.] > > > > > > > > > > > > Anti-spam products have a valuable place in the security arsen= al. But, > > > > > > IMHO, this product is dangerous because it includes filters and= rules > > > > > > that are overreaching, and inaccurate. Bad firewall rules and b= ad > > > > > > anti-spam rules may be OK for an individual site. However, spa= mbnc's > > > > > > bad advice is being mass marketed through the good offices of F= reeBSD, > > > > > > and it is putting potholes in the net for the rest of us. Unti= l it is > > > > > > fixed, and proven harmless, FreeBSD should stop distributing th= is product. > > > > > > > > > > > > Basically, the default built-in policies for blocking mail are= n't fully > > > > > > described, and there is no mechanism to universally correct the > > > > > > inevitable mistakes in a timely manner. Users (people who insta= ll this > > > > > > product) are mislead about the probably of filtering the wrong = mail. I > > > > > > am sure that the software was developed with the very best inte= ntions, > > > > > > but in its zeal to block lots and lots of spam, SB is hurting g= ood people. > > > > > > > > > > > > The SB rule blocking my mail host has nothing to do with me. E= ven > > > > > > though, it can use dynamic anti-spam DNS services, SB hard code= s its > > > > > > rules for filtering bad domains by name and by IP address. My n= emisis is > > > > > > buried in a 1476 line file, sb-blockdomains.rc, which installs = by > > > > > > default, and is not documented outside the code. Along with oth= ers, it > > > > > > blocks the entire 66.45.0.0/17 space because spammers might liv= e there. > > > > > > This is sort of like a corporate mail room throwing away all NJ > > > > > > postmarked mail because of the bulk mail distribution centers i= n Secaucus. > > > > > > > > > > > > My mail host address gets a clean bill of health from every an= ti-spam > > > > > > site that I can find, such as SPEWS. I've checked at least 30 o= f them. > > > > > > > > > > > > My tiny x/29 block is sub-allocated from my DSL provider's x/2= 3 block. > > > > > > The DSL provider's block is a sub-allocation from Inflow.co= m's > > > > > > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While the= y have a > > > > > > right to their opinions, they don't have a right to publicly ta= r me > > > > > > because of my neighbors. > > > > > > > > > > > > If I read sb-blockdomains # comments correctly, it is policy t= o not > > > > > > only block known spammers, but to ALSO block entire networks ba= sed on > > > > > > their handling of spam complaints. This is like as a business > > > > > > receptionist checking callerID and then ignoring incoming calls= from > > > > > > Verizon subscribers because Verizon tolerates (and probably inv= ented) > > > > > > telemarketing. > > > > > > > > > > > > I have written to both the Spambouncer contact address > > > > > > and the FreeBSD maintainer, but without= a > > > > > > response. Possibly they are on holiday, or spambouncer is eati= ng my > > > > > > mail. Perhaps I'm just too impatient. > > > > > > > > > > > > I have also contacted my ISP's support. They don't know how t= o help > > > > > > me. They vouch for Inflow. They don't recommend it, but for a f= ee, my > > > > > > service could be switched to a different PVC, and I'd get an ad= dress > > > > > > from a different carrier. But of course, the new address could = be > > > > > > black-listed on a whim. > > > > > > > > > > > > Regardless, I assume that these are reasonable people, and tha= t they > > > > > > will oil the squeaky wheel as soon as it is convenient. But ho= w will I > > > > > > ever know that EVERY copy of spambouncer has been fixed? What a= bout > > > > > > other innocent ISP subscribers who are also black-listed? > > > > > > > > > > > > Harry Tabak > > > > > > QUAD TELECOM, INC. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > -- > > > > email: pakkit at codepiranha dot org > > > > web: http://codepiranha.org/~pakkit > > > > pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A > > > > having problems reading email from me? http://codepiranha.org/~pakk= it/pgp-trouble.html > > > > > > > > >=20 --=20 email: pakkit at codepiranha dot org web: http://codepiranha.org/~pakkit pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A having problems reading email from me? http://codepiranha.org/~pakkit/pgp-t= rouble.html --=-odv/WE5JVLX8qqUs8D6/ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA+Dh8VzOlsqZj8ZloRAgBhAJ0S5aZVNgtyid7Y+gmWYDVK2kHTpwCfUgVw XcUZo9Evltyye0TwPv0BkgU= =NHC3 -----END PGP SIGNATURE----- --=-odv/WE5JVLX8qqUs8D6/-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 14: 0:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 190AC37B401; Sat, 28 Dec 2002 14:00:53 -0800 (PST) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D1E143EA9; Sat, 28 Dec 2002 14:00:52 -0800 (PST) (envelope-from campbell@localhost.neotext.ca) Received: from localhost.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.12.6/8.12.5) with ESMTP id gBSM23iL012441; Sat, 28 Dec 2002 15:02:04 -0700 (MST) (envelope-from campbell@localhost.neotext.ca) Received: (from campbell@localhost) by localhost.neotext.ca (8.12.6/8.12.5/Submit) id gBSM23qL012440; Sat, 28 Dec 2002 15:02:03 -0700 (MST) Date: Sat, 28 Dec 2002 15:02:03 -0700 From: Duncan Patton a Campbell To: Shawn Duffy Cc: chris@manual-override.net, freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Bystander shot by a spam filter. Message-Id: <20021228150203.3c3da308.campbell@neotext.ca> In-Reply-To: <1041112853.3577.56.camel@pitbull> References: <20021228134931.373541d9.campbell@neotext.ca> <20021228164035.J58458-100000@manual-override.net> <20021228145101.19f61ce1.campbell@neotext.ca> <1041112853.3577.56.camel@pitbull> Organization: Index Express Ltd. X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-unknown-freebsd4.7) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="=.w0qzal3rVsGajX" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=.w0qzal3rVsGajX Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit No. The automated systems to filtre spam and virii better be *really* careful about what they block. If you block or subvert discrete communications between humans then you are asking for real trouble. That's all. Dhu On 28 Dec 2002 17:00:54 -0500 Shawn Duffy wrote: > So we should let the govt open all unopened mail to make sure nothing is > illegal in it? and then leave it up to them to determine if it was > intentional? > > please... > > On Sat, 2002-12-28 at 16:51, Duncan Patton a Campbell wrote: > > The law would have to consider intention of the sender: > > > > Virii are (generally) not intended by the sender, except > > for the original author. If I didn't intend to send the > > virus, there is no constraint on you scanning and chopping > > it. As for porn, if you are a minor, then by sending it > > to you I have probably committed a criminal offense, regardless > > of the vehicle employed. > > > > Dhu > > > > > > On Sat, 28 Dec 2002 16:41:46 -0500 (EST) > > Chris Orr wrote: > > > > > So theoretically scanning email attatchments for viruses is illeagal too? > > > and the same goes for filtering out porn? > > > -chris > > > > > > On Sat, 28 Dec 2002, Duncan Patton a Campbell wrote: > > > > > > > Seems to me that this is an invitation to government > > > > regulation -- interfering with the mail is a criminal > > > > offense for good reason. > > > > > > > > Dhu > > > > > > > > On 28 Dec 2002 15:46:10 -0500 > > > > Shawn Duffy wrote: > > > > > > > > > The lists are usually kept on the websites of whatever particular > > > > > organizations are doing it... they are quite a few... > > > > > As far as suing them, I would venture to say no... If you dont want > > > > > someone to be able to connect to your mail server that is certainly > > > > > within your right to do... and if other people want to agree with you, > > > > > well then, what can you do... although I am sure someone somewhere will > > > > > probably sue over it and win... > > > > > > > > > > shawn > > > > > > > > > > > > > > > On Sat, 2002-12-28 at 15:32, Duncan Patton a Campbell wrote: > > > > > > How do you find if you are on the list? And who has the list? > > > > > > > > > > > > Can they be sued? > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Duncan (Dhu) Campbell > > > > > > > > > > > > On Sat, 28 Dec 2002 08:45:23 -0500 > > > > > > Harry Tabak wrote: > > > > > > > > > > > > > [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam > > > > > > > filter, I've had to send this from another account] > > > > > > > > > > > > > > I am not sure which list is best for this issue, hence the cross > > > > > > > posting. I believe spam and anti-spam measures are security issues -- > > > > > > > the 'Availability' part of C-I-A. I apologize if I am wrong. A FreeBSD > > > > > > > ported package is contributing to an internet service availability > > > > > > > problem that has me stumped. I believe that an unknowable quantity of > > > > > > > other internet denizens are also affected. > > > > > > > > > > > > > > I'm a long time fan of FreeBSD -- I run it on my small mail server and > > > > > > > I've recommended it for many applications. I even bought a CD once. I > > > > > > > write this missive with great reluctance. I've worked with a lot of > > > > > > > strange software over the years, But this is a new first -- Software > > > > > > > that slanders! Software that publicly called me a spammer!!! And not to > > > > > > > my face, but to business associate. And then took action. > > > > > > > > > > > > > > I recently discovered, and quite by accident, that a FreeBSD ported > > > > > > > package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me > > > > > > > to an unknown number of businesses and individuals on the internet. I'll > > > > > > > probably never have to correspond with most of these people, but I'm a > > > > > > > freelancer -- this may have already cost me a job. [Dear reader, don't > > > > > > > be surprised if you or your clients are also blocked. I strongly suggest > > > > > > > that you check it out.] > > > > > > > > > > > > > > Anti-spam products have a valuable place in the security arsenal. But, > > > > > > > IMHO, this product is dangerous because it includes filters and rules > > > > > > > that are overreaching, and inaccurate. Bad firewall rules and bad > > > > > > > anti-spam rules may be OK for an individual site. However, spambnc's > > > > > > > bad advice is being mass marketed through the good offices of FreeBSD, > > > > > > > and it is putting potholes in the net for the rest of us. Until it is > > > > > > > fixed, and proven harmless, FreeBSD should stop distributing this product. > > > > > > > > > > > > > > Basically, the default built-in policies for blocking mail aren't fully > > > > > > > described, and there is no mechanism to universally correct the > > > > > > > inevitable mistakes in a timely manner. Users (people who install this > > > > > > > product) are mislead about the probably of filtering the wrong mail. I > > > > > > > am sure that the software was developed with the very best intentions, > > > > > > > but in its zeal to block lots and lots of spam, SB is hurting good people. > > > > > > > > > > > > > > The SB rule blocking my mail host has nothing to do with me. Even > > > > > > > though, it can use dynamic anti-spam DNS services, SB hard codes its > > > > > > > rules for filtering bad domains by name and by IP address. My nemisis is > > > > > > > buried in a 1476 line file, sb-blockdomains.rc, which installs by > > > > > > > default, and is not documented outside the code. Along with others, it > > > > > > > blocks the entire 66.45.0.0/17 space because spammers might live there. > > > > > > > This is sort of like a corporate mail room throwing away all NJ > > > > > > > postmarked mail because of the bulk mail distribution centers in Secaucus. > > > > > > > > > > > > > > My mail host address gets a clean bill of health from every anti-spam > > > > > > > site that I can find, such as SPEWS. I've checked at least 30 of them. > > > > > > > > > > > > > > My tiny x/29 block is sub-allocated from my DSL provider's x/23 block. > > > > > > > The DSL provider's block is a sub-allocation from Inflow.com's > > > > > > > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they have a > > > > > > > right to their opinions, they don't have a right to publicly tar me > > > > > > > because of my neighbors. > > > > > > > > > > > > > > If I read sb-blockdomains # comments correctly, it is policy to not > > > > > > > only block known spammers, but to ALSO block entire networks based on > > > > > > > their handling of spam complaints. This is like as a business > > > > > > > receptionist checking callerID and then ignoring incoming calls from > > > > > > > Verizon subscribers because Verizon tolerates (and probably invented) > > > > > > > telemarketing. > > > > > > > > > > > > > > I have written to both the Spambouncer contact address > > > > > > > and the FreeBSD maintainer, but without a > > > > > > > response. Possibly they are on holiday, or spambouncer is eating my > > > > > > > mail. Perhaps I'm just too impatient. > > > > > > > > > > > > > > I have also contacted my ISP's support. They don't know how to help > > > > > > > me. They vouch for Inflow. They don't recommend it, but for a fee, my > > > > > > > service could be switched to a different PVC, and I'd get an address > > > > > > > from a different carrier. But of course, the new address could be > > > > > > > black-listed on a whim. > > > > > > > > > > > > > > Regardless, I assume that these are reasonable people, and that they > > > > > > > will oil the squeaky wheel as soon as it is convenient. But how will I > > > > > > > ever know that EVERY copy of spambouncer has been fixed? What about > > > > > > > other innocent ISP subscribers who are also black-listed? > > > > > > > > > > > > > > Harry Tabak > > > > > > > QUAD TELECOM, INC. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > -- > > > > > email: pakkit at codepiranha dot org > > > > > web: http://codepiranha.org/~pakkit > > > > > pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A > > > > > having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html > > > > > > > > > > > > > -- > email: pakkit at codepiranha dot org > web: http://codepiranha.org/~pakkit > pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A > having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html > --=.w0qzal3rVsGajX Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE+Dh9bXgQtJ7uBra8RAmNvAKCBCTdrzVVEwS22nrtpLxGIGaLDCgCeJQaM 0TomniQHO9SHFRNCqcpBbYM= =/1CX -----END PGP SIGNATURE----- --=.w0qzal3rVsGajX-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 14: 8: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C82CE37B401; Sat, 28 Dec 2002 14:08:01 -0800 (PST) Received: from manual-override.net (manual-override.net [65.42.236.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1727243ED1; Sat, 28 Dec 2002 14:08:01 -0800 (PST) (envelope-from chris@manual-override.net) Received: from manual-override.net (localhost [127.0.0.1]) by manual-override.net (8.12.6/8.7.1) with ESMTP id gBSM63xQ058675; Sat, 28 Dec 2002 17:06:03 -0500 (EST) Chris-is-the-man: Yes Received: from localhost (chris@localhost) by manual-override.net (8.12.6/8.12.6/Submit) with ESMTP id gBSM63Y0058672; Sat, 28 Dec 2002 17:06:03 -0500 (EST) Date: Sat, 28 Dec 2002 17:06:03 -0500 (EST) From: Chris Orr To: Duncan Patton a Campbell Cc: Shawn Duffy , , Subject: Re: Bystander shot by a spam filter. In-Reply-To: <20021228150203.3c3da308.campbell@neotext.ca> Message-ID: <20021228170353.C58606-100000@manual-override.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org *doesnt want to get laws very involved with the internet* On Sat, 28 Dec 2002, Duncan Patton a Campbell wrote: > No. The automated systems to filtre spam and virii better > be *really* careful about what they block. > > If you block or subvert discrete communications between humans then > you are asking for real trouble. That's all. > > Dhu > > On 28 Dec 2002 17:00:54 -0500 > Shawn Duffy wrote: > > > So we should let the govt open all unopened mail to make sure nothing is > > illegal in it? and then leave it up to them to determine if it was > > intentional? > > > > please... > > > > On Sat, 2002-12-28 at 16:51, Duncan Patton a Campbell wrote: > > > The law would have to consider intention of the sender: > > > > > > Virii are (generally) not intended by the sender, except > > > for the original author. If I didn't intend to send the > > > virus, there is no constraint on you scanning and chopping > > > it. As for porn, if you are a minor, then by sending it > > > to you I have probably committed a criminal offense, regardless > > > of the vehicle employed. > > > > > > Dhu > > > > > > > > > On Sat, 28 Dec 2002 16:41:46 -0500 (EST) > > > Chris Orr wrote: > > > > > > > So theoretically scanning email attatchments for viruses is illeagal too? > > > > and the same goes for filtering out porn? > > > > -chris > > > > > > > > On Sat, 28 Dec 2002, Duncan Patton a Campbell wrote: > > > > > > > > > Seems to me that this is an invitation to government > > > > > regulation -- interfering with the mail is a criminal > > > > > offense for good reason. > > > > > > > > > > Dhu > > > > > > > > > > On 28 Dec 2002 15:46:10 -0500 > > > > > Shawn Duffy wrote: > > > > > > > > > > > The lists are usually kept on the websites of whatever particular > > > > > > organizations are doing it... they are quite a few... > > > > > > As far as suing them, I would venture to say no... If you dont want > > > > > > someone to be able to connect to your mail server that is certainly > > > > > > within your right to do... and if other people want to agree with you, > > > > > > well then, what can you do... although I am sure someone somewhere will > > > > > > probably sue over it and win... > > > > > > > > > > > > shawn > > > > > > > > > > > > > > > > > > On Sat, 2002-12-28 at 15:32, Duncan Patton a Campbell wrote: > > > > > > > How do you find if you are on the list? And who has the list? > > > > > > > > > > > > > > Can they be sued? > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > Duncan (Dhu) Campbell > > > > > > > > > > > > > > On Sat, 28 Dec 2002 08:45:23 -0500 > > > > > > > Harry Tabak wrote: > > > > > > > > > > > > > > > [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam > > > > > > > > filter, I've had to send this from another account] > > > > > > > > > > > > > > > > I am not sure which list is best for this issue, hence the cross > > > > > > > > posting. I believe spam and anti-spam measures are security issues -- > > > > > > > > the 'Availability' part of C-I-A. I apologize if I am wrong. A FreeBSD > > > > > > > > ported package is contributing to an internet service availability > > > > > > > > problem that has me stumped. I believe that an unknowable quantity of > > > > > > > > other internet denizens are also affected. > > > > > > > > > > > > > > > > I'm a long time fan of FreeBSD -- I run it on my small mail server and > > > > > > > > I've recommended it for many applications. I even bought a CD once. I > > > > > > > > write this missive with great reluctance. I've worked with a lot of > > > > > > > > strange software over the years, But this is a new first -- Software > > > > > > > > that slanders! Software that publicly called me a spammer!!! And not to > > > > > > > > my face, but to business associate. And then took action. > > > > > > > > > > > > > > > > I recently discovered, and quite by accident, that a FreeBSD ported > > > > > > > > package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me > > > > > > > > to an unknown number of businesses and individuals on the internet. I'll > > > > > > > > probably never have to correspond with most of these people, but I'm a > > > > > > > > freelancer -- this may have already cost me a job. [Dear reader, don't > > > > > > > > be surprised if you or your clients are also blocked. I strongly suggest > > > > > > > > that you check it out.] > > > > > > > > > > > > > > > > Anti-spam products have a valuable place in the security arsenal. But, > > > > > > > > IMHO, this product is dangerous because it includes filters and rules > > > > > > > > that are overreaching, and inaccurate. Bad firewall rules and bad > > > > > > > > anti-spam rules may be OK for an individual site. However, spambnc's > > > > > > > > bad advice is being mass marketed through the good offices of FreeBSD, > > > > > > > > and it is putting potholes in the net for the rest of us. Until it is > > > > > > > > fixed, and proven harmless, FreeBSD should stop distributing this product. > > > > > > > > > > > > > > > > Basically, the default built-in policies for blocking mail aren't fully > > > > > > > > described, and there is no mechanism to universally correct the > > > > > > > > inevitable mistakes in a timely manner. Users (people who install this > > > > > > > > product) are mislead about the probably of filtering the wrong mail. I > > > > > > > > am sure that the software was developed with the very best intentions, > > > > > > > > but in its zeal to block lots and lots of spam, SB is hurting good people. > > > > > > > > > > > > > > > > The SB rule blocking my mail host has nothing to do with me. Even > > > > > > > > though, it can use dynamic anti-spam DNS services, SB hard codes its > > > > > > > > rules for filtering bad domains by name and by IP address. My nemisis is > > > > > > > > buried in a 1476 line file, sb-blockdomains.rc, which installs by > > > > > > > > default, and is not documented outside the code. Along with others, it > > > > > > > > blocks the entire 66.45.0.0/17 space because spammers might live there. > > > > > > > > This is sort of like a corporate mail room throwing away all NJ > > > > > > > > postmarked mail because of the bulk mail distribution centers in Secaucus. > > > > > > > > > > > > > > > > My mail host address gets a clean bill of health from every anti-spam > > > > > > > > site that I can find, such as SPEWS. I've checked at least 30 of them. > > > > > > > > > > > > > > > > My tiny x/29 block is sub-allocated from my DSL provider's x/23 block. > > > > > > > > The DSL provider's block is a sub-allocation from Inflow.com's > > > > > > > > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they have a > > > > > > > > right to their opinions, they don't have a right to publicly tar me > > > > > > > > because of my neighbors. > > > > > > > > > > > > > > > > If I read sb-blockdomains # comments correctly, it is policy to not > > > > > > > > only block known spammers, but to ALSO block entire networks based on > > > > > > > > their handling of spam complaints. This is like as a business > > > > > > > > receptionist checking callerID and then ignoring incoming calls from > > > > > > > > Verizon subscribers because Verizon tolerates (and probably invented) > > > > > > > > telemarketing. > > > > > > > > > > > > > > > > I have written to both the Spambouncer contact address > > > > > > > > and the FreeBSD maintainer, but without a > > > > > > > > response. Possibly they are on holiday, or spambouncer is eating my > > > > > > > > mail. Perhaps I'm just too impatient. > > > > > > > > > > > > > > > > I have also contacted my ISP's support. They don't know how to help > > > > > > > > me. They vouch for Inflow. They don't recommend it, but for a fee, my > > > > > > > > service could be switched to a different PVC, and I'd get an address > > > > > > > > from a different carrier. But of course, the new address could be > > > > > > > > black-listed on a whim. > > > > > > > > > > > > > > > > Regardless, I assume that these are reasonable people, and that they > > > > > > > > will oil the squeaky wheel as soon as it is convenient. But how will I > > > > > > > > ever know that EVERY copy of spambouncer has been fixed? What about > > > > > > > > other innocent ISP subscribers who are also black-listed? > > > > > > > > > > > > > > > > Harry Tabak > > > > > > > > QUAD TELECOM, INC. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > -- > > > > > > email: pakkit at codepiranha dot org > > > > > > web: http://codepiranha.org/~pakkit > > > > > > pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A > > > > > > having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html > > > > > > > > > > > > > > > > > -- > > email: pakkit at codepiranha dot org > > web: http://codepiranha.org/~pakkit > > pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A > > having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 14:14:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89C1137B401; Sat, 28 Dec 2002 14:14:15 -0800 (PST) Received: from pitbull.homeunix.org (pcp02515519pcs.arlngt01.va.comcast.net [68.84.139.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id A535243EC2; Sat, 28 Dec 2002 14:14:13 -0800 (PST) (envelope-from pakkit@codepiranha.org) Received: by pitbull.homeunix.org (Postfix, from userid 504) id 164998CE91; Sat, 28 Dec 2002 17:20:30 -0500 (EST) Subject: Re: Bystander shot by a spam filter. From: Shawn Duffy To: Duncan Patton a Campbell Cc: chris@manual-override.net, freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG In-Reply-To: <20021228150203.3c3da308.campbell@neotext.ca> References: <20021228134931.373541d9.campbell@neotext.ca> <20021228164035.J58458-100000@manual-override.net> <20021228145101.19f61ce1.campbell@neotext.ca> <1041112853.3577.56.camel@pitbull> <20021228150203.3c3da308.campbell@neotext.ca> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-hYgamAC/8Ubo1V9A/Ysq" Organization: Message-Id: <1041114029.3577.60.camel@pitbull> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.1.99 Date: 28 Dec 2002 17:20:30 -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=-hYgamAC/8Ubo1V9A/Ysq Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Here is the difference...=20 The US Postal Service is a government agency "owned by the people", hence, "interfering" with regular mail is bad..=20 email runs over corporate networks and uses private resources, none "owned" by the "people"... hence a corporation, ISP, can certainly decide what it allows into its network to use its resources... if you, as a customer, have a problem with that, exert pressure on them.. if enough customers bitch, they will change policy...=20 as far as suing, I am sure someone will figure out a way to do it and win... doesnt mean they should...=20 shawn On Sat, 2002-12-28 at 17:02, Duncan Patton a Campbell wrote: > No. The automated systems to filtre spam and virii better=20 > be *really* careful about what they block. =20 >=20 > If you block or subvert discrete communications between humans then=20 > you are asking for real trouble. That's all. >=20 > Dhu >=20 > On 28 Dec 2002 17:00:54 -0500 > Shawn Duffy wrote: >=20 > > So we should let the govt open all unopened mail to make sure nothing i= s > > illegal in it? and then leave it up to them to determine if it was > > intentional? > > =20 > > please... > >=20 > > On Sat, 2002-12-28 at 16:51, Duncan Patton a Campbell wrote: > > > The law would have to consider intention of the sender: > > >=20 > > > Virii are (generally) not intended by the sender, except > > > for the original author. If I didn't intend to send the > > > virus, there is no constraint on you scanning and chopping > > > it. As for porn, if you are a minor, then by sending it > > > to you I have probably committed a criminal offense, regardless > > > of the vehicle employed. > > >=20 > > > Dhu > > >=20 > > >=20 > > > On Sat, 28 Dec 2002 16:41:46 -0500 (EST) > > > Chris Orr wrote: > > >=20 > > > > So theoretically scanning email attatchments for viruses is illeaga= l too? > > > > and the same goes for filtering out porn? > > > > -chris > > > >=20 > > > > On Sat, 28 Dec 2002, Duncan Patton a Campbell wrote: > > > >=20 > > > > > Seems to me that this is an invitation to government > > > > > regulation -- interfering with the mail is a criminal > > > > > offense for good reason. > > > > > > > > > > Dhu > > > > > > > > > > On 28 Dec 2002 15:46:10 -0500 > > > > > Shawn Duffy wrote: > > > > > > > > > > > The lists are usually kept on the websites of whatever particul= ar > > > > > > organizations are doing it... they are quite a few... > > > > > > As far as suing them, I would venture to say no... If you dont = want > > > > > > someone to be able to connect to your mail server that is certa= inly > > > > > > within your right to do... and if other people want to agree wi= th you, > > > > > > well then, what can you do... although I am sure someone somewh= ere will > > > > > > probably sue over it and win... > > > > > > > > > > > > shawn > > > > > > > > > > > > > > > > > > On Sat, 2002-12-28 at 15:32, Duncan Patton a Campbell wrote: > > > > > > > How do you find if you are on the list? And who has the list= ? > > > > > > > > > > > > > > Can they be sued? > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > Duncan (Dhu) Campbell > > > > > > > > > > > > > > On Sat, 28 Dec 2002 08:45:23 -0500 > > > > > > > Harry Tabak wrote: > > > > > > > > > > > > > > > [This is a resend. Ironically, the orignal was blocked by F= reeBSD's spam > > > > > > > > filter, I've had to send this from another account] > > > > > > > > > > > > > > > > I am not sure which list is best for this issue, hence the= cross > > > > > > > > posting. I believe spam and anti-spam measures are securit= y issues -- > > > > > > > > the 'Availability' part of C-I-A. I apologize if I am wrong= . A FreeBSD > > > > > > > > ported package is contributing to an internet service avail= ability > > > > > > > > problem that has me stumped. I believe that an unknowable = quantity of > > > > > > > > other internet denizens are also affected. > > > > > > > > > > > > > > > > I'm a long time fan of FreeBSD -- I run it on my small mai= l server and > > > > > > > > I've recommended it for many applications. I even bought a = CD once. I > > > > > > > > write this missive with great reluctance. I've worked with = a lot of > > > > > > > > strange software over the years, But this is a new first --= Software > > > > > > > > that slanders! Software that publicly called me a spammer!!= ! And not to > > > > > > > > my face, but to business associate. And then took action. > > > > > > > > > > > > > > > > I recently discovered, and quite by accident, that a FreeB= SD ported > > > > > > > > package -- spambnc (aka Spambouncer or SB) -- was blocking = mail from me > > > > > > > > to an unknown number of businesses and individuals on the i= nternet. I'll > > > > > > > > probably never have to correspond with most of these people= , but I'm a > > > > > > > > freelancer -- this may have already cost me a job. [Dear re= ader, don't > > > > > > > > be surprised if you or your clients are also blocked. I str= ongly suggest > > > > > > > > that you check it out.] > > > > > > > > > > > > > > > > Anti-spam products have a valuable place in the security a= rsenal. But, > > > > > > > > IMHO, this product is dangerous because it includes filters= and rules > > > > > > > > that are overreaching, and inaccurate. Bad firewall rules a= nd bad > > > > > > > > anti-spam rules may be OK for an individual site. However,= spambnc's > > > > > > > > bad advice is being mass marketed through the good offices = of FreeBSD, > > > > > > > > and it is putting potholes in the net for the rest of us. = Until it is > > > > > > > > fixed, and proven harmless, FreeBSD should stop distributin= g this product. > > > > > > > > > > > > > > > > Basically, the default built-in policies for blocking mail= aren't fully > > > > > > > > described, and there is no mechanism to universally correct= the > > > > > > > > inevitable mistakes in a timely manner. Users (people who i= nstall this > > > > > > > > product) are mislead about the probably of filtering the wr= ong mail. I > > > > > > > > am sure that the software was developed with the very best = intentions, > > > > > > > > but in its zeal to block lots and lots of spam, SB is hurti= ng good people. > > > > > > > > > > > > > > > > The SB rule blocking my mail host has nothing to do with m= e. Even > > > > > > > > though, it can use dynamic anti-spam DNS services, SB hard = codes its > > > > > > > > rules for filtering bad domains by name and by IP address. = My nemisis is > > > > > > > > buried in a 1476 line file, sb-blockdomains.rc, which insta= lls by > > > > > > > > default, and is not documented outside the code. Along with= others, it > > > > > > > > blocks the entire 66.45.0.0/17 space because spammers might= live there. > > > > > > > > This is sort of like a corporate mail room throwing away al= l NJ > > > > > > > > postmarked mail because of the bulk mail distribution cente= rs in Secaucus. > > > > > > > > > > > > > > > > My mail host address gets a clean bill of health from ever= y anti-spam > > > > > > > > site that I can find, such as SPEWS. I've checked at least = 30 of them. > > > > > > > > > > > > > > > > My tiny x/29 block is sub-allocated from my DSL provider's= x/23 block. > > > > > > > > The DSL provider's block is a sub-allocation from Inflo= w.com's > > > > > > > > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While= they have a > > > > > > > > right to their opinions, they don't have a right to publicl= y tar me > > > > > > > > because of my neighbors. > > > > > > > > > > > > > > > > If I read sb-blockdomains # comments correctly, it is poli= cy to not > > > > > > > > only block known spammers, but to ALSO block entire network= s based on > > > > > > > > their handling of spam complaints. This is like as a busine= ss > > > > > > > > receptionist checking callerID and then ignoring incoming c= alls from > > > > > > > > Verizon subscribers because Verizon tolerates (and probably= invented) > > > > > > > > telemarketing. > > > > > > > > > > > > > > > > I have written to both the Spambouncer contact address > > > > > > > > and the FreeBSD maintainer, but wit= hout a > > > > > > > > response. Possibly they are on holiday, or spambouncer is = eating my > > > > > > > > mail. Perhaps I'm just too impatient. > > > > > > > > > > > > > > > > I have also contacted my ISP's support. They don't know h= ow to help > > > > > > > > me. They vouch for Inflow. They don't recommend it, but for= a fee, my > > > > > > > > service could be switched to a different PVC, and I'd get a= n address > > > > > > > > from a different carrier. But of course, the new address co= uld be > > > > > > > > black-listed on a whim. > > > > > > > > > > > > > > > > Regardless, I assume that these are reasonable people, and= that they > > > > > > > > will oil the squeaky wheel as soon as it is convenient. Bu= t how will I > > > > > > > > ever know that EVERY copy of spambouncer has been fixed? Wh= at about > > > > > > > > other innocent ISP subscribers who are also black-listed? > > > > > > > > > > > > > > > > Harry Tabak > > > > > > > > QUAD TELECOM, INC. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > > > > with "unsubscribe freebsd-security" in the body of the mess= age > > > > > > -- > > > > > > email: pakkit at codepiranha dot org > > > > > > web: http://codepiranha.org/~pakkit > > > > > > pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A > > > > > > having problems reading email from me? http://codepiranha.org/~= pakkit/pgp-trouble.html > > > > > > > > > > > > > > >=20 > > --=20 > > email: pakkit at codepiranha dot org > > web: http://codepiranha.org/~pakkit > > pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A > > having problems reading email from me? http://codepiranha.org/~pakkit/p= gp-trouble.html > >=20 --=20 email: pakkit at codepiranha dot org web: http://codepiranha.org/~pakkit pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A having problems reading email from me? http://codepiranha.org/~pakkit/pgp-t= rouble.html --=-hYgamAC/8Ubo1V9A/Ysq Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA+DiOtzOlsqZj8ZloRAhwcAJ9Ku8zNNxBOSE4MCwHctHvmNoocWACgihI1 MVx4+C+oyrg8yKf6yrZJIE8= =yrnF -----END PGP SIGNATURE----- --=-hYgamAC/8Ubo1V9A/Ysq-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 28 18:18:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83A4037B401; Sat, 28 Dec 2002 18:18:51 -0800 (PST) Received: from mtiwmhc13.worldnet.att.net (mtiwmhc13.worldnet.att.net [204.127.131.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id A0C5A43EA9; Sat, 28 Dec 2002 18:18:50 -0800 (PST) (envelope-from htabak@quadtelecom.com) Received: from quadtelecom.com ([12.91.170.229]) by mtiwmhc13.worldnet.att.net (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with ESMTP id <20021229021849.LWXV20003.mtiwmhc13.worldnet.att.net@quadtelecom.com>; Sun, 29 Dec 2002 02:18:49 +0000 Message-ID: <3E0E4C39.2080603@quadtelecom.com> Date: Sat, 28 Dec 2002 20:13:29 -0500 From: Harry Tabak Organization: Quad Telecom, Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brett Glass Cc: freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Bystander shot by a spam filter. References: <3E0DC89D.3010203@quadtelecom.com> <4.3.2.7.2.20021228134454.0283b180@localhost> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Brett Glass wrote: > At 09:16 AM 12/28/2002, Harry Tabak wrote: > > >>I can't really stop the Spambouncer people from shouting "fire" from their own website -- freedom of speech and all that. But should FreeBSD act as an amplifier. > > > I personally believe that spam is a serious security issue (see > my paper at http://www.brettglass.com/spam/). However, be warned > that this list's Supreme Moderator may declare your posting to > be "off-topic," because it doesn't relate directly to intrusions > upon FreeBSD itself. He may also blast you for cross-posting > and/or for starting too long or interesting a discussion. :-S > Actually I have been privately chided. > That said, I can offer you some assistance here. Catherine Hampton's > SpamBouncer relies on Procmail, whose filtering recipes are easily > "tunable." It shouldn't be hard to change the recipes, and you can > then encourage the port maintainer to add your changes. Unfortunately, > if you want to get the master SpamBouncer recipe file changed, you will > have to contact Catherine. My wife knows her personally, so if you > cannot get through to her by other means I may be able to reach her > for you. > I've been in contact with the port maintainer. His position: 1) This problem is out of scope for him, 2) He is away on holiday and can't easily access the FreeBSD cluster, 3) Other pressures will keep him from this problem for several weeks. He advised me to contact me Miss Hampton. I can't fault him. Unfortunately, I have not gotten a response from Miss Hampton via the contact address on her web site . I'd apprecite it if you could contact her. I've had so much bad luck getting my mail out -- my mail may be pidgeon holed in her spam basket. > In the meantime, you may want to use a mail relay (not a fully open one, > of course) to get around the block. All you need is one machine on a > different subnet that will relay your outbound mail. Actually, that wouldn't work for my fixed address DSL server. I'd have to dial out from my laptop. > > --Brett Glass > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message