Date: 28 Dec 2002 15:57:40 -0500 From: Shawn Duffy <pakkit@codepiranha.org> To: Duncan Patton a Campbell <campbell@neotext.ca> Cc: freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Bystander shot by a spam filter. Message-ID: <1041109059.3507.50.camel@pitbull> In-Reply-To: <20021228134931.373541d9.campbell@neotext.ca> References: <3E0DAAF3.7090103@quadtelecom.com> <20021228133224.4f3a774f.campbell@neotext.ca> <1041108369.3504.47.camel@pitbull> <20021228134931.373541d9.campbell@neotext.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-7PaNftaX5OiJydS1tT2y Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Why is it? If you send me a letter, I have every right to refuse it, do I not? If a company blocks too much, they will lose customers, and eventually either will have to lighten up or go out of business... shawn On Sat, 2002-12-28 at 15:49, Duncan Patton a Campbell wrote: > Seems to me that this is an invitation to government=20 > regulation -- interfering with the mail is a criminal > offense for good reason. >=20 > Dhu >=20 > On 28 Dec 2002 15:46:10 -0500 > Shawn Duffy <pakkit@codepiranha.org> wrote: >=20 > > The lists are usually kept on the websites of whatever particular > > organizations are doing it... they are quite a few... > > As far as suing them, I would venture to say no... If you dont want > > someone to be able to connect to your mail server that is certainly > > within your right to do... and if other people want to agree with you, > > well then, what can you do... although I am sure someone somewhere will > > probably sue over it and win...=20 > >=20 > > shawn > >=20 > >=20 > > On Sat, 2002-12-28 at 15:32, Duncan Patton a Campbell wrote: > > > How do you find if you are on the list? And who has the list? > > >=20 > > > Can they be sued? > > >=20 > > > Thanks,=20 > > >=20 > > > Duncan (Dhu) Campbell > > >=20 > > > On Sat, 28 Dec 2002 08:45:23 -0500 > > > Harry Tabak <htabak@quadtelecom.com> wrote: > > >=20 > > > > [This is a resend. Ironically, the orignal was blocked by FreeBSD's= spam=20 > > > > filter, I've had to send this from another account] > > > >=20 > > > > I am not sure which list is best for this issue, hence the cross > > > > posting. I believe spam and anti-spam measures are security issues= -- > > > > the 'Availability' part of C-I-A. I apologize if I am wrong. A Fre= eBSD > > > > ported package is contributing to an internet service availability > > > > problem that has me stumped. I believe that an unknowable quantity= of > > > > other internet denizens are also affected. > > > >=20 > > > > I'm a long time fan of FreeBSD -- I run it on my small mail server= and > > > > I've recommended it for many applications. I even bought a CD once.= I > > > > write this missive with great reluctance. I've worked with a lot of > > > > strange software over the years, But this is a new first -- Softwar= e > > > > that slanders! Software that publicly called me a spammer!!! And n= ot to > > > > my face, but to business associate. And then took action. > > > >=20 > > > > I recently discovered, and quite by accident, that a FreeBSD porte= d > > > > package -- spambnc (aka Spambouncer or SB) -- was blocking mail fro= m me > > > > to an unknown number of businesses and individuals on the internet.= I'll > > > > probably never have to correspond with most of these people, but I'= m a > > > > freelancer -- this may have already cost me a job. [Dear reader, do= n't > > > > be surprised if you or your clients are also blocked. I strongly su= ggest > > > > that you check it out.] > > > >=20 > > > > Anti-spam products have a valuable place in the security arsenal. = But, > > > > IMHO, this product is dangerous because it includes filters and rul= es > > > > that are overreaching, and inaccurate. Bad firewall rules and bad > > > > anti-spam rules may be OK for an individual site. However, spambnc= 's > > > > bad advice is being mass marketed through the good offices of FreeB= SD, > > > > and it is putting potholes in the net for the rest of us. Until it= is > > > > fixed, and proven harmless, FreeBSD should stop distributing this p= roduct. > > > >=20 > > > > Basically, the default built-in policies for blocking mail aren't = fully > > > > described, and there is no mechanism to universally correct the > > > > inevitable mistakes in a timely manner. Users (people who install t= his > > > > product) are mislead about the probably of filtering the wrong mail= . I > > > > am sure that the software was developed with the very best intentio= ns, > > > > but in its zeal to block lots and lots of spam, SB is hurting good = people. > > > >=20 > > > > The SB rule blocking my mail host has nothing to do with me. Even > > > > though, it can use dynamic anti-spam DNS services, SB hard codes i= ts > > > > rules for filtering bad domains by name and by IP address. My nemis= is is > > > > buried in a 1476 line file, sb-blockdomains.rc, which installs by > > > > default, and is not documented outside the code. Along with others,= it > > > > blocks the entire 66.45.0.0/17 space because spammers might live th= ere. > > > > This is sort of like a corporate mail room throwing away all NJ > > > > postmarked mail because of the bulk mail distribution centers in Se= caucus. > > > >=20 > > > > My mail host address gets a clean bill of health from every anti-s= pam > > > > site that I can find, such as SPEWS. I've checked at least 30 of th= em. > > > >=20 > > > > My tiny x/29 block is sub-allocated from my DSL provider's x/23 bl= ock. > > > > The DSL provider's block is a sub-allocation from Inflow.com's > > > > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they ha= ve a > > > > right to their opinions, they don't have a right to publicly tar me > > > > because of my neighbors. > > > >=20 > > > > If I read sb-blockdomains # comments correctly, it is policy to no= t > > > > only block known spammers, but to ALSO block entire networks based = on > > > > their handling of spam complaints. This is like as a business > > > > receptionist checking callerID and then ignoring incoming calls fro= m > > > > Verizon subscribers because Verizon tolerates (and probably invente= d) > > > > telemarketing. > > > >=20 > > > > I have written to both the Spambouncer contact address > > > > <ariel@spambouncer.org> and the FreeBSD maintainer, but without a > > > > response. Possibly they are on holiday, or spambouncer is eating m= y > > > > mail. Perhaps I'm just too impatient. > > > >=20 > > > > I have also contacted my ISP's support. They don't know how to he= lp > > > > me. They vouch for Inflow. They don't recommend it, but for a fee, = my > > > > service could be switched to a different PVC, and I'd get an addres= s > > > > from a different carrier. But of course, the new address could be > > > > black-listed on a whim. > > > >=20 > > > > Regardless, I assume that these are reasonable people, and that th= ey > > > > will oil the squeaky wheel as soon as it is convenient. But how wi= ll I > > > > ever know that EVERY copy of spambouncer has been fixed? What about > > > > other innocent ISP subscribers who are also black-listed? > > > >=20 > > > > Harry Tabak > > > > QUAD TELECOM, INC. > > > >=20 > > > >=20 > > > > =09 > > > >=20 > > > >=20 > > > >=20 > > > >=20 > > > >=20 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > --=20 > > email: pakkit at codepiranha dot org > > web: http://codepiranha.org/~pakkit > > pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A > > having problems reading email from me? http://codepiranha.org/~pakkit/p= gp-trouble.html > >=20 --=20 email: pakkit at codepiranha dot org web: http://codepiranha.org/~pakkit pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A having problems reading email from me? http://codepiranha.org/~pakkit/pgp-t= rouble.html --=-7PaNftaX5OiJydS1tT2y Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA+DhBDzOlsqZj8ZloRAlYLAKCN0TgwXuzBnnGkUB7C5I0ZUBq18wCcDe0y 16pDX2sVOEEkrKozbDzOdLM= =x/gF -----END PGP SIGNATURE----- --=-7PaNftaX5OiJydS1tT2y-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1041109059.3507.50.camel>