From owner-freebsd-chat@FreeBSD.ORG Fri Oct 17 03:04:48 2003 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C42F16A4B3 for ; Fri, 17 Oct 2003 03:04:48 -0700 (PDT) Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net [207.217.120.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C53143F3F for ; Fri, 17 Oct 2003 03:04:47 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from user-2ivfl37.dialup.mindspring.com ([165.247.212.103] helo=mindspring.com) by heron.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 1AARSW-0001u1-00; Fri, 17 Oct 2003 03:03:49 -0700 Message-ID: <3F8FBE1F.578E0B1F@mindspring.com> Date: Fri, 17 Oct 2003 03:02:07 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Peter Jeremy References: <20031015112920.GA36404@nagual.pp.ru> <20031015132551.GA94612@freebie.xs4all.nl> <20031016124938.354fe903.steve@sohara.org> <3F8EE390.47F355D3@mindspring.com> <20031017072459.GB1668@cirb503493.alcatel.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a423f50fc4284b805bf352853bdda9e587350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c cc: chat@freebsd.org Subject: Re: hiding e-mail adresses needed badly X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2003 10:04:48 -0000 Moved to -chat... Peter Jeremy wrote: > On 2003-Oct-16 11:29:36 -0700, Terry Lambert wrote: > >Earthlink often sucks in terms of customer service. If they would > >just designate a couple of common markers as "known SPAM", the > >problem would have gone away > > There's a fine line between 'blocking a couple of common markers' > and arbitrarily blocking domains, IP addresses and all mails containing > specific words - which some large ISPs do. What's needed is a filter > system that allows users to control what they receive - not one where > the ISP gets to decide what is/isn't delivered. The problem with a "filter system" is the CPU overhead, and the fact that it doesn't scale nearly as well as a non-filtered system. You are talking about more CPU's which means more initial cost, and more overhead for rack space, power, etc.. There are several services which do this for people, but they are not very easy to use, and they tend to work only if your email address is reachable by a domain name, and then the mail is only forwarded to a single address -- and that address refuses all mail. What I was talking about was adding 4 lines to the EXIM config on Earthlink's inbound email servers to filter based on the body of a message without MIME decoding, which they already do, for a specific pattern of "Content-Type:" with ".exe" or ".scr" in it, anchored at the start of a line. This is a tradeoff for them between the processing for the delivery of these messages to 20 of their subscribers at a time vs. spending that time instead runing a precompiled regular expresion over a line that they are examining for the purposes of SPAM filtering anyway. > When W32.Swen first hit, I was getting "mailbox near quota" messages > if I didn't empty my home mailbox for about 8 hours. Oh yeah, that's also just so incredibly brilliant: "your mailbox has too many messages in it, so we're going to send you a message complaining about people sending you messages, so that you use up more of what you close to running out of in the first place". > I asked my ISP > when they would be implementing something to let me control what was > delivered into my mailbox and eventually managed to get a "we're > looking into the problem" response. I started running fetchmail as a > work-around (which stops the quota DOS but does nothing to help my > download bandwidth). AFAIK, they still haven't done anything. My download bandwidth is no longer a problem: I wrote a program that could identify the messages without fully downloading them, and delete them (as I said before: using an octet count from the "list" command, followed by a "head" command on the messages that met the size range criteria for the offending content). You should probably consider doing something like that, instead of using "fetchmail". > And Australia's biggest ISP (Telstra BigPond) is currently getting > unfavourable mentions in Parliament and the media because it's e-mail > system can't cope - users are claiming e-mails are being delayed a > week or more, or just aren't arriving. Of course they are. Boradband providers are notorious for stopping developement when they get to "it barely works", and ignoring scalability issues until they absolutely have to deal with them by rewriting the code. It's one of the reasons we modified the sendmail sources before we deployed the IBM Web Connections NOC in Rochester, NY: we cared about scalability. > >people forced to use Earthlink ("forced", because no matter where > >I go, Earthlink buys up my damn ISP -- no one talks about *that* > >monocoluture being a threat). > > Mumble years ago, I heard a talk on this phenomenom. They problem > boils down to ISP interconnect agreements - they generally wind up > meaning the small ISP has to pay the big ISP (or Internet wholesaler) > whatever the big ISP asks because their customers need to exchange > packets with IP addresses "owned" by the big ISP and the big ISP > doesn't have as much incentive to route packets to the smaller ISP. > This is a positive feedback loop with the bigger ISP absorbing all the > smaller ones. Yeah, the peering requirements were/are almost as stupid as the ATM access fees that banks charge each other, pass onto the customers, and, based on statistical averages, cost them equal to what they cost other people, and then pass the fees onto the customers and pocket them. I fought against charging for the peering, back when it first happened (because of UUNET thinking they could drive all their competition out of business with the fees). ATM fees still piss me off, since I know for a fact that bank ATM's save them money on tellers, and that there's a strong statistical correlation (within a fraction of an order of magnitude) between number of customers vs. number of ATMs a bank has, so, on average, there's no overall differential cost to them, and they are making money off both the fees and their ability to hire fewer human beings. > Optus Internet (my home ISP) state that they block incoming traffic > to TCP/25 to prevent them being being black-listed for allowing > people to run promiscuous SMTP relays. This is probably at least > partly true. That's BS. The issue is their delegation. If they delegate the address to a customer, then it's the customer who gets blocked by the blacklists, not them. If they are handing out IP delegations, then they aren't an ISP any more, they're an NSP. That's like saying Sprint or ARIN block port 25 to avoid being blacklisted. Blacklisting occurs at the delegation level. To take this to the logical conclusion: I don't know of a single blacklist that's blacklisted the entire IP address space because the U.S. top level authority refused to blacklist Sprint because Srint refused to blacklist some NSP because they refused to blacklist some other NSP because they refused to blacklist some ISP because they refused to blacklist some individual schmuck. You blacklist an ISP when they *don't* delegate, such that there is no way to know which of the ISP's IP addresses the schmuck will use next. Blacklisting works because it works against either the schmuck, or the organization immediately above the schmuck -- by way of either diking the schmuck himself out of the Internet, or diking the next guy up from the schmuck out of the Internet, so that the schmuck's peers who are hurt by it can bring pressure to bear on the ISP. If you can directly dike out the schmuck, then there's no need to escalate to the next level up. > > A non-quotaed maildrop would fix it. > > How do you stop the weenies never deleting e-mail so their mailboxes > grow indefinitely? You push mail down onto their machines, instead of waiting around for them to come pick it up. When you've queued up all you can accept, you return a *400* erro, not a *500* error (which is what Earthlink returns: "permanent failure: don't try again"), and the blockage propagates up the queue chain until the original sender gets an immediate error on an attempt to send: "The message cannot be queued for address XYZ, try sending your message again later". > A better solution would be a soft-quota'd maildrop. As long as > you get to it every few days you don't get DOS'd but if you never > delete your mail you get bitten. Of course, from an ISP > perspective, there's the problem of several thousand mailboxes > each receiving several hundred 200KB mails each day - that's an awful > lot of maildrop disk space to have to find in a hurry. Yes. It's all about queue size and pool retention time. No matter how big/small you make the queue quota (it doesn't matter if the mail is sitting in the queue undelivered because of the quota, or sitting in their maildrop: it's still taking you disk space, as an ISP, isn't it?), you have this problem. > >Can you imagine if someone wrote one of these things to *actively* > >target an ISP with a stupid network topology like Earthlink? > > Do you know of any ISPs that do a better job of upstream filtering? Yes, several. I had one that did. It got bought by a company that left it alone that got bought by Global Crossing, that left it mostly alone, that sold their dialup customers up for a round of funding to support the stupid idea of building out a high bandwidth network, even though it was after the collapse, to Mindspring, who mostly broke things by getting rid of shell accounts who sold it to Earthlink, who can't even stop worms transitting their mail servers into user's maildrops, and whose customer service is mostly off shore, technically inept, and unable to effect changes to servers, even if they weren't separated from the servers by an ocean and their own skill set. AOL has a reputation of blocking most SPAM these days. Everyone's moving from store-and-forward to store-and-wait-for-pickup these days because it's cheaper to run a simpler infrastructure, but the long term cost is their succeptability to denial of service attacks, which is going to cost them customers in the long run. I have to wonder if the $9.95/month AOL dialup is going to have the same Anti-SPAM features as regular AOL; if so, I'll probably become a "me too! me too!", as much self loathing as that may cause. > >You could drive the company out of business by chasing all their > >subscribers away by denying them the ability to receive communications > >from almost anyone else on the Internet. I'm really surprised these > >idiots are unwilling to do anything about saving their business model > >from extinction. > > The problem is that it doesn't really hurt the ISP - they (typically) > charge for downlink usage, so they're making more money by not blocking > SPAM. The customers have to put up with it because they know the > competing ISPs aren't any better. In the US, there are not metered telephone rates, unless you are a business, or explicitly request a metered tarrif: they are all flat rate local calls, and usage isn't metered. Packets aren't like water: unused packets don't build up a surplus of packets that can be sold later, and it doesn't cost to dig a well to get the packets in the first place, or a purification plant to purify them. The cost is come the same whether the wires are used or not, and a router's chips slowly cook and motherboards become dusty and short out not matter what. So in the US, yes, in fact, SPAM does cost them money, and they can not pass the cost onto their customers except as "fixed overhead" amortized among all of them. So they have an incentive to keep customers, which means keeping them happy, and providing the service they are being paid to provide. You very easily could target any major US ISP with a worm that DDOS'ed their user's POP3 maildrops, and caused those users to go elsewhere for their service. The amusing thing is that broadband doesn't help alleviate the problem for the ISP at all: if your computer isn't on, except when you are using it, then your maildrop has time to fill up and you lose. If it's on all the time, then you're a juicy target, and you lose. Either way, unless you can deal with the issue of pool retention time and pool size, you lose. SWEN.A and similar worms delete their own messages from an infected user's mailbox, so they don't see them, and remain an effective "carrier" for proagating them. But... I guess now I'm just waiting for someone to target an ISP and put it out of business with a worm that sends a large message to a user infected with the worm, and then pretends not to see it (and doesn't delete it, either) when the user goes to download mail. If that happens once or twice, maybe we'll see ISP's start to fix things. > "Death of USENET predicted ... Film at 11" can probably be updated. Probably. -- Terry