From owner-freebsd-security Sat Dec 28 12:59: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC89E37B401; Sat, 28 Dec 2002 12:58:57 -0800 (PST) Received: from priv-edtnes28.telusplanet.net (outbound04.telus.net [199.185.220.223]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1122043ED1; Sat, 28 Dec 2002 12:58:57 -0800 (PST) (envelope-from abe@uniserve.com) Received: from uniserve.com ([66.183.71.152]) by priv-edtnes28.telusplanet.net (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id <20021228205856.OUUQ13269.priv-edtnes28.telusplanet.net@uniserve.com>; Sat, 28 Dec 2002 13:58:56 -0700 Message-ID: <3E0E106E.8040603@uniserve.com> Date: Sat, 28 Dec 2002 12:58:22 -0800 From: Abe User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130 X-Accept-Language: en-us, en MIME-Version: 1.0 To: htabak@quadtelecom.com Cc: freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Bystander shot by a spam filter. References: <3E0DAAF3.7090103@quadtelecom.com> In-Reply-To: <3E0DAAF3.7090103@quadtelecom.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Are you sure that the 66.45.0.0/17 block is from sb-blockdomains.rc file? My guess is that it is from a listing on Five-Ten-SG blacklist, check out: http://www.five-ten-sg.com/blackhole.php?ip=66.45.0.0 SpamBouncer supports a variety of blacklists including the Five-Ten-SG blacklist, though support for the Five-Ten-SG blacklist is disabled by default in the sb.rc file. (see http://www.spambouncer.org/#BlacklistSupport). Regards, Abe Ro Harry Tabak wrote: > [This is a resend. Ironically, the orignal was blocked by FreeBSD's spam > filter, I've had to send this from another account] > > I am not sure which list is best for this issue, hence the cross > posting. I believe spam and anti-spam measures are security issues -- > the 'Availability' part of C-I-A. I apologize if I am wrong. A FreeBSD > ported package is contributing to an internet service availability > problem that has me stumped. I believe that an unknowable quantity of > other internet denizens are also affected. > > I'm a long time fan of FreeBSD -- I run it on my small mail server and > I've recommended it for many applications. I even bought a CD once. I > write this missive with great reluctance. I've worked with a lot of > strange software over the years, But this is a new first -- Software > that slanders! Software that publicly called me a spammer!!! And not to > my face, but to business associate. And then took action. > > I recently discovered, and quite by accident, that a FreeBSD ported > package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me > to an unknown number of businesses and individuals on the internet. I'll > probably never have to correspond with most of these people, but I'm a > freelancer -- this may have already cost me a job. [Dear reader, don't > be surprised if you or your clients are also blocked. I strongly suggest > that you check it out.] > > Anti-spam products have a valuable place in the security arsenal. But, > IMHO, this product is dangerous because it includes filters and rules > that are overreaching, and inaccurate. Bad firewall rules and bad > anti-spam rules may be OK for an individual site. However, spambnc's > bad advice is being mass marketed through the good offices of FreeBSD, > and it is putting potholes in the net for the rest of us. Until it is > fixed, and proven harmless, FreeBSD should stop distributing this product. > > Basically, the default built-in policies for blocking mail aren't fully > described, and there is no mechanism to universally correct the > inevitable mistakes in a timely manner. Users (people who install this > product) are mislead about the probably of filtering the wrong mail. I > am sure that the software was developed with the very best intentions, > but in its zeal to block lots and lots of spam, SB is hurting good people. > > The SB rule blocking my mail host has nothing to do with me. Even > though, it can use dynamic anti-spam DNS services, SB hard codes its > rules for filtering bad domains by name and by IP address. My nemisis is > buried in a 1476 line file, sb-blockdomains.rc, which installs by > default, and is not documented outside the code. Along with others, it > blocks the entire 66.45.0.0/17 space because spammers might live there. > This is sort of like a corporate mail room throwing away all NJ > postmarked mail because of the bulk mail distribution centers in Secaucus. > > My mail host address gets a clean bill of health from every anti-spam > site that I can find, such as SPEWS. I've checked at least 30 of them. > > My tiny x/29 block is sub-allocated from my DSL provider's x/23 block. > The DSL provider's block is a sub-allocation from Inflow.com's > 66.45.0.0/17 block. Spambouncer doesn't like Inflow. While they have a > right to their opinions, they don't have a right to publicly tar me > because of my neighbors. > > If I read sb-blockdomains # comments correctly, it is policy to not > only block known spammers, but to ALSO block entire networks based on > their handling of spam complaints. This is like as a business > receptionist checking callerID and then ignoring incoming calls from > Verizon subscribers because Verizon tolerates (and probably invented) > telemarketing. > > I have written to both the Spambouncer contact address > and the FreeBSD maintainer, but without a > response. Possibly they are on holiday, or spambouncer is eating my > mail. Perhaps I'm just too impatient. > > I have also contacted my ISP's support. They don't know how to help > me. They vouch for Inflow. They don't recommend it, but for a fee, my > service could be switched to a different PVC, and I'd get an address > from a different carrier. But of course, the new address could be > black-listed on a whim. > > Regardless, I assume that these are reasonable people, and that they > will oil the squeaky wheel as soon as it is convenient. But how will I > ever know that EVERY copy of spambouncer has been fixed? What about > other innocent ISP subscribers who are also black-listed? > > Harry Tabak > QUAD TELECOM, INC. > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message