relays.ordb.org blacklisting all IPs (fwd)

25/03/2008, 22h53

Just a heads up incase you dont already know...

Yet another mob of clueless f'wits running an RBL
why cant these deadshits just drop the DNS entries rather than piss off
the rest of the world, not that I ever used them, but I'm sure plenty of
unfortunate folks do, or at least did because they missed the news they
are no longer an active RBL.

This is another reason I only trust reputable RBL's lke spamcop, sorbs
njabl and spamhaus. I'll never use any other.

Res

---------- Forwarded message ----------
Date: Tue, 25 Mar 2008 13:01:58 -0400
From: Stephen Swaney
To: MailScanner discussion <mailscanner@lists.mailscanner.info>
Subject: relays.ordb.org blacklisting all IPs

Dear all,

You might note that relays.ordb.org, which has been dead for a while, has
just blacklisted the world. If you are blocking at the MTA level using this
site you are probably not receiving any mail as a result of this change.

Best regards,

25/03/2008, 23h17

On 03/25/08 16:53, Res wrote:
> Why cant these deadshits just drop the DNS entries rather than piss
> off the rest of the world?

How else are said "deadshits" suppose to encourage people to remove
their stale DNS RBL configs?

It is perfectly logical that the "deadshits" would want to do something
so that they do not continue to be bombarded with DNS queries from
different deadshits that have not removed ORDB from their RBL config.

Grant. . . .

25/03/2008, 23h32

On Wed, 26 Mar 2008 07:53:52 +1000, Res wrote:

> Just a heads up incase you dont already know...
....

Looks like you got suckered into the hoax email.

25/03/2008, 23h33

On Tue, 25 Mar 2008, Grant Taylor wrote:

>
> On 03/25/08 16:53, Res wrote:
>> Why cant these deadshits just drop the DNS entries rather than piss off the
>> rest of the world?
>
> How else are said "deadshits" suppose to encourage people to remove their
> stale DNS RBL configs?
>
> It is perfectly logical that the "deadshits" would want to do something so
> that they do not continue to be bombarded with DNS queries from different
> deadshits that have not removed ORDB from their RBL config.

I already stated what they could do in my original post which of course
you selectively did not quote, it is afterall what 99% of all other
defunct RBLs have done over the years.

--
Cheers
Res

mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

25/03/2008, 23h43

On Wed, 25 Mar 2008, Greg Russell wrote:

>
> On Wed, 26 Mar 2008 07:53:52 +1000, Res wrote:
>
>> Just a heads up incase you dont already know...
> ...
>
> Looks like you got suckered into the hoax email.

not a hoax from people who had this happen to them, I do know of 2 people
confirmed.
now whether they got ridiculed and removed it like Joe did with osiris
years and years ago, who knows, I certainly have no reason to think the
person who posted that email to hte other list, adn the two people who
verified it to me, are lying, they have nothing to gain by doing so.

--
Cheers
Res

mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

26/03/2008, 00h14

>
> Looks like you got suckered into the hoax email.
X-archive-position: 32
X-ecartis-version: Ecartis v1.0.0
Sender: comp-mail-sendmail-bounce@ausics.net
Errors-to: comp-mail-sendmail-bounce@ausics.net
X-original-sender: res@ausics.net
Precedence: bulk
Reply-to: comp-mail-sendmail@ausics.net
List-: <mailto:ecartis@ausics.net?Subject=>
List-unsubscribe: <mailto:comp-mail-sendmail-request@ecartis.ausics.net?Subject=unsubscribe>
List-software: Ecartis version 1.0.0
List-Id: <comp-mail-sendmail.ecartis.ausics.net>
X-List-ID: <comp-mail-sendmail.ecartis.ausics.net>
List-subscribe: <mailto:comp-mail-sendmail-request@ecartis.ausics.net?Subject=subscribe>
List-owner: <mailto:newsmaster@ausics.net>
List-post: <mailto:comp-mail-sendmail@ecartis.ausics.net>
List-archive: <http://ecartis.ausics.net/hypermail/comp-mail-sendmail/>
X-list: comp-mail-sendmail

Lets throw some useless numbers in there shall we.....

host 203.111.1.1.relays.ordb.org
203.111.1.1.relays.ordb.org has address 127.0.0.2

host 69.69.69.69.relays.ordb.org
69.69.69.69.relays.ordb.org has address 127.0.0.2

host 216.216.216.216.relays.ordb.org
216.216.216.216.relays.ordb.org has address 127.0.0.2

petty...immature...deadshits

--
Cheers
Res

mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

26/03/2008, 02h11

On 3/25/2008 5:33 PM, Res wrote:
> I already stated what they could do in my original post which of course
> you selectively did not quote, it is afterall what 99% of all other
> defunct RBLs have done over the years.

On 3/25/2008 4:53 PM, Res wrote:
>> why cant these deadshits just drop the DNS entries

Ok, let's make sure that we understand each other. You are wanting the
deadshits to drop the DNS query traffic for their now defunct RBL, correct?

(Presuming yes.)

A simple TCPDump (tcpdump -xXnNi eth0 -s 0 host 87.51.32.6) while
querying (nslookup 127.0.0.2.relays.ordb.org 87.51.32.6) will shed some
light on the subject.

# tcpdump -xXnNi eth0 -s 0 host 87.51.32.6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
20:01:18.959078 IP aaa.bbb.ccc.ddd.45560 > 87.51.32.6.53: 11470+ A?
127.0.0.2.relays.ordb.org. (43)
0x0000: 0030 7be8 cc1c 00e0 4c3a 9dee 0800 4500 .0{.....L:....E.
0x0010: 0047 0000 4000 4011 8290 ce98 7244 5733 .G..@.@.....rDW3
0x0020: 2006 b1f8 0035 0033 b85a 2cce 0100 0001 .....5.3.Z,.....
0x0030: 0000 0000 0000 0331 3237 0130 0130 0132 .......127.0.0.2
0x0040: 0672 656c 6179 7304 6f72 6462 036f 7267 .relays.ordb.org
0x0050: 0000 0100 01 .....
20:01:19.090749 IP 87.51.32.6.53 > aaa.bbb.ccc.ddd.45560: 11470*- 1/2/2
A 127.0.0.2 (160)
0x0000: 00e0 4c3a 9dee 0030 7be8 cc1c 0800 4500 ..L:...0{.....E.
0x0010: 00bc 7275 0000 3211 5da6 5733 2006 ce98 ..ru..2.].W3....
0x0020: 7244 0035 b1f8 00a8 2cdb 2cce 8500 0001 rD.5....,.,.....
0x0030: 0001 0002 0002 0331 3237 0130 0130 0132 .......127.0.0.2
0x0040: 0672 656c 6179 7304 6f72 6462 036f 7267 .relays.ordb.org
0x0050: 0000 0100 01c0 0c00 0100 0100 24ea 0000 ............$...
0x0060: 047f 0000 02c0 1d00 0200 0100 24ea 0000 ............$...
0x0070: 1005 6b6f 616c 6105 6472 6f73 6f02 646b ..koala.droso.dk
0x0080: 00c0 1d00 0200 0100 24ea 0000 1106 6175 ........$.....au
0x0090: 7468 3032 026e 7304 7465 6c65 c053 c047 th02.ns.tele.S.G
0x00a0: 0001 0001 0000 5460 0004 5733 2006 c047 ......T`..W3...G
0x00b0: 001c 0001 0000 5460 0010 2001 06c8 0006 ......T`........
0x00c0: 000c 020d 56ff fe6f f935 ....V..o.5

So based on this I'm going to say that the DNS query is 85 bytes. I'm
also going to say that the DNS reply is 202 bytes. (I'm not taking in
to account that we will be sending things in 64 byte segments on
Ethernet so these numbers will possibly even be low.)

26/03/2008, 02h31

"Res" <res@ausics.net> wrote in message
news:Pine.LNX.4.64.0803260748040.30790@ebfjryy.nhf vpf.arg...
> Just a heads up incase you dont already know...
>
> Yet another mob of clueless f'wits running an RBL
> why cant these deadshits just drop the DNS entries rather than piss off
....

Considering that the DNSBL closed in December 2006 and that someone is still
using them, exactly what else do you expect them to do? The only people
they're "pissing off" are those who after 15 months didn't have the sense to
remove the checks against that DNSBL. Seems to me as if you're among the
clueless ones.

26/03/2008, 03h03

(I prematurely fat fingered the send hot key.)

On 3/25/2008 8:11 PM, Taylor, Grant wrote:
> So based on this I'm going to say that the DNS query is 85 bytes.
> I'm also going to say that the DNS reply is 202 bytes. (I'm not
> taking in to account that we will be sending things in 64 byte
> segments on Ethernet so these numbers will possibly even be low.)

According to ISO, there are 246 country codes.

For the sake of this discussion, let's say that each country code will
send one query per second. That means that there will be 167+ kbps of
inbound DNS (query) traffic until everyone decides to update their RBL
list. That translates to 1.8+ GB of traffic a day or 54.1+ GB of
traffic a month of inbound DNS queries per day for a service that is now
defunct. It is very likely that this traffic will very slowly taper off
over a very long time.

Let's consider the reply traffic. The reply traffic will be 397+ kbps
of outbound DNS (reply) traffic. This translates to 4.2+ GB of traffic
a day or 128.8+ GB of traffic a month of outbound DNS replies per day
for a service that is now defunct.

So if we combine the inbound queries and outbound replies, ORDB will
have 564+ kbps of DNS traffic. This translates to 6.1+ GB of traffic a
day or 183+ GB of traffic a month of DNS traffic for a service that is
now defunct.

So, would you rather drop 54.1 GB of traffic a month for the next how
ever many months (open ended until everyone removes relays.ordb.org from
their config) or would you rather have 183 GB of traffic for one month.
I will even go so far as to say that you will not even have a full 183
GB of traffic because you have done something to ensure that people will
react to what you did with in a matter of days.

You play with the numbers and and see what you would want to do long
term if you were facing this amount of traffic. Just imagine what it
would be like if the rate of queries was higher than one per country
code per second...

Grant. . . .

26/03/2008, 07h19

In article <Pine.LNX.4.64.0803260830590.30984@ebfjryy.nhfvpf. arg>,
Res <res@ausics.net> wrote:

> On Tue, 25 Mar 2008, Grant Taylor wrote:
>
> >
> > On 03/25/08 16:53, Res wrote:
> >> Why cant these deadshits just drop the DNS entries rather than piss off
> >> the
> >> rest of the world?
> >
> > How else are said "deadshits" suppose to encourage people to remove their
> > stale DNS RBL configs?
> >
> > It is perfectly logical that the "deadshits" would want to do something so
> > that they do not continue to be bombarded with DNS queries from different
> > deadshits that have not removed ORDB from their RBL config.
>
> I already stated what they could do in my original post which of course
> you selectively did not quote, it is afterall what 99% of all other
> defunct RBLs have done over the years.

And both your recommendation and your claim about 99% of other defunct
"RBL's" (RBL is not a generic term used by anyone with half a clue)
demonstrate that you don't know what you're talking about. To not be
simply a liar, you'd have to identify at least 400 defunct DNSBL's...

There's a big problem with shutting down a high-volume DNS zone, in that
the queries keep coming. Imbeciles (like anyone still querying ORDB)
keep pounding away and if the zone wasn't planned out for termination
from the start, there's a good chance that there are no good options for
harmless shutdown.
http://www.ietf.org/internet-drafts/...cklists-01.txt
discusses this, as did the prior version. The issues have been
discussed at length on the ASRG list and in other spam-focused fora and
people who have tried to do the right things (which DO NOT include
pushing the problem upstream to the gTLD roots) have not reported
promising results from doing so.

ORDB was very public about their shutdown. Anyone running a mail server
still using them now deserves a long closed-door meeting with The Boss
and HR and a big guy from Security with a large cardboard box. Letting a
mail server sit that way for 15 months doing pointless DNS queries on
every message is a demonstration of incompetence.

(and no, I do not have much sympathy for anyone who set up a mail
filtering system thinking it didn't need regular adjustment. Some
flavors of ignorance require concrete lessons to overcome. )

--
Now where did I hide that website...

26/03/2008, 07h49

On Tue, 25 Mar 2008, Grant Taylor wrote:

>
> On 3/25/2008 5:33 PM, Res wrote:
>> I already stated what they could do in my original post which of course you
>> selectively did not quote, it is afterall what 99% of all other defunct
>> RBLs have done over the years.
>
> On 3/25/2008 4:53 PM, Res wrote:
>>> why cant these deadshits just drop the DNS entries
>
> Ok, let's make sure that we understand each other. You are wanting the
> deadshits to drop the DNS query traffic for their now defunct RBL, correct?
>
> (Presuming yes.)

Correct and there are still better ways to do it then what they have.

It is despite the thoughts of the few usual suspects in here, totally
irresposible, they had to realise the traffic (50GB p/mth is nothing for
DNS) risks when they kick off an RBL (and yes cole maybe people in YOUR
part of the world dont, but most in this region and europe that I know *do*
use the term generically, live with it, not that I care one way or
another).

Grant it is irresponsible of the postmasters in private companies for not
reviewing every RBL's web site or following the trolling tripe in
usenet groups to ensure they are still working, it is their own fault they
are not nerdy geeks who live for RFC's and whatever else isnt it, its also
their fault for not having access to knowing or understanding what might
have been setup by an IT contractor 5 years ago, that has enver given them
any issues so have had no need to bring them "back in". It's not all as
black and white as you think, maybe it is not so horrendous what has
happened here but in the case of osirus or whatever it was called, that
was, completely, as Joe did that without warning to anyone, thats just
plain childish, and there was some other group of wannabes who did the
same several years ago as well.

I wont respond to cole (any further) or stussy for as per usual they
result to personal insults at which time I stopped reading their posts,
as that says all it needs to say about them.

--
Cheers
Res

mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

25/03/2008, 22h53	#1
Res Messages: n/a Hébergeur:	relays.ordb.org blacklisting all IPs (fwd) Just a heads up incase you dont already know... Yet another mob of clueless f'wits running an RBL why cant these deadshits just drop the DNS entries rather than piss off the rest of the world, not that I ever used them, but I'm sure plenty of unfortunate folks do, or at least did because they missed the news they are no longer an active RBL. This is another reason I only trust reputable RBL's lke spamcop, sorbs njabl and spamhaus. I'll never use any other. Res ---------- Forwarded message ---------- Date: Tue, 25 Mar 2008 13:01:58 -0400 From: Stephen Swaney To: MailScanner discussion <mailscanner@lists.mailscanner.info> Subject: relays.ordb.org blacklisting all IPs Dear all, You might note that relays.ordb.org, which has been dead for a while, has just blacklisted the world. If you are blocking at the MTA level using this site you are probably not receiving any mail as a result of this change. Best regards,

25/03/2008, 23h17	#2
Grant Taylor Messages: n/a Hébergeur:	Re: relays.ordb.org blacklisting all IPs (fwd) On 03/25/08 16:53, Res wrote: > Why cant these deadshits just drop the DNS entries rather than piss > off the rest of the world? How else are said "deadshits" suppose to encourage people to remove their stale DNS RBL configs? It is perfectly logical that the "deadshits" would want to do something so that they do not continue to be bombarded with DNS queries from different deadshits that have not removed ORDB from their RBL config. Grant. . . .

25/03/2008, 23h32	#3
Greg Russell Messages: n/a Hébergeur:	Re: relays.ordb.org blacklisting all IPs (fwd) On Wed, 26 Mar 2008 07:53:52 +1000, Res wrote: > Just a heads up incase you dont already know... .... Looks like you got suckered into the hoax email.

25/03/2008, 23h33	#4
Res Messages: n/a Hébergeur:	Re: relays.ordb.org blacklisting all IPs (fwd) On Tue, 25 Mar 2008, Grant Taylor wrote: > > On 03/25/08 16:53, Res wrote: >> Why cant these deadshits just drop the DNS entries rather than piss off the >> rest of the world? > > How else are said "deadshits" suppose to encourage people to remove their > stale DNS RBL configs? > > It is perfectly logical that the "deadshits" would want to do something so > that they do not continue to be bombarded with DNS queries from different > deadshits that have not removed ORDB from their RBL config. I already stated what they could do in my original post which of course you selectively did not quote, it is afterall what 99% of all other defunct RBLs have done over the years. -- Cheers Res mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

25/03/2008, 23h43	#5
Res Messages: n/a Hébergeur:	Re: relays.ordb.org blacklisting all IPs (fwd) On Wed, 25 Mar 2008, Greg Russell wrote: > > On Wed, 26 Mar 2008 07:53:52 +1000, Res wrote: > >> Just a heads up incase you dont already know... > ... > > Looks like you got suckered into the hoax email. not a hoax from people who had this happen to them, I do know of 2 people confirmed. now whether they got ridiculed and removed it like Joe did with osiris years and years ago, who knows, I certainly have no reason to think the person who posted that email to hte other list, adn the two people who verified it to me, are lying, they have nothing to gain by doing so. -- Cheers Res mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

26/03/2008, 00h14	#6
Res Messages: n/a Hébergeur:	Re: relays.ordb.org blacklisting all IPs (fwd) > > Looks like you got suckered into the hoax email. X-archive-position: 32 X-ecartis-version: Ecartis v1.0.0 Sender: comp-mail-sendmail-bounce@ausics.net Errors-to: comp-mail-sendmail-bounce@ausics.net X-original-sender: res@ausics.net Precedence: bulk Reply-to: comp-mail-sendmail@ausics.net List-: <mailto:ecartis@ausics.net?Subject=> List-unsubscribe: <mailto:comp-mail-sendmail-request@ecartis.ausics.net?Subject=unsubscribe> List-software: Ecartis version 1.0.0 List-Id: <comp-mail-sendmail.ecartis.ausics.net> X-List-ID: <comp-mail-sendmail.ecartis.ausics.net> List-subscribe: <mailto:comp-mail-sendmail-request@ecartis.ausics.net?Subject=subscribe> List-owner: <mailto:newsmaster@ausics.net> List-post: <mailto:comp-mail-sendmail@ecartis.ausics.net> List-archive: <http://ecartis.ausics.net/hypermail/comp-mail-sendmail/> X-list: comp-mail-sendmail Lets throw some useless numbers in there shall we..... host 203.111.1.1.relays.ordb.org 203.111.1.1.relays.ordb.org has address 127.0.0.2 host 69.69.69.69.relays.ordb.org 69.69.69.69.relays.ordb.org has address 127.0.0.2 host 216.216.216.216.relays.ordb.org 216.216.216.216.relays.ordb.org has address 127.0.0.2 petty...immature...deadshits -- Cheers Res mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

26/03/2008, 02h11	#7
Grant Taylor Messages: n/a Hébergeur:	Re: relays.ordb.org blacklisting all IPs (fwd) On 3/25/2008 5:33 PM, Res wrote: > I already stated what they could do in my original post which of course > you selectively did not quote, it is afterall what 99% of all other > defunct RBLs have done over the years. On 3/25/2008 4:53 PM, Res wrote: >> why cant these deadshits just drop the DNS entries Ok, let's make sure that we understand each other. You are wanting the deadshits to drop the DNS query traffic for their now defunct RBL, correct? (Presuming yes.) A simple TCPDump (tcpdump -xXnNi eth0 -s 0 host 87.51.32.6) while querying (nslookup 127.0.0.2.relays.ordb.org 87.51.32.6) will shed some light on the subject. # tcpdump -xXnNi eth0 -s 0 host 87.51.32.6 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 20:01:18.959078 IP aaa.bbb.ccc.ddd.45560 > 87.51.32.6.53: 11470+ A? 127.0.0.2.relays.ordb.org. (43) 0x0000: 0030 7be8 cc1c 00e0 4c3a 9dee 0800 4500 .0{.....L:....E. 0x0010: 0047 0000 4000 4011 8290 ce98 7244 5733 .G..@.@.....rDW3 0x0020: 2006 b1f8 0035 0033 b85a 2cce 0100 0001 .....5.3.Z,..... 0x0030: 0000 0000 0000 0331 3237 0130 0130 0132 .......127.0.0.2 0x0040: 0672 656c 6179 7304 6f72 6462 036f 7267 .relays.ordb.org 0x0050: 0000 0100 01 ..... 20:01:19.090749 IP 87.51.32.6.53 > aaa.bbb.ccc.ddd.45560: 11470*- 1/2/2 A 127.0.0.2 (160) 0x0000: 00e0 4c3a 9dee 0030 7be8 cc1c 0800 4500 ..L:...0{.....E. 0x0010: 00bc 7275 0000 3211 5da6 5733 2006 ce98 ..ru..2.].W3.... 0x0020: 7244 0035 b1f8 00a8 2cdb 2cce 8500 0001 rD.5....,.,..... 0x0030: 0001 0002 0002 0331 3237 0130 0130 0132 .......127.0.0.2 0x0040: 0672 656c 6179 7304 6f72 6462 036f 7267 .relays.ordb.org 0x0050: 0000 0100 01c0 0c00 0100 0100 24ea 0000 ............$... 0x0060: 047f 0000 02c0 1d00 0200 0100 24ea 0000 ............$... 0x0070: 1005 6b6f 616c 6105 6472 6f73 6f02 646b ..koala.droso.dk 0x0080: 00c0 1d00 0200 0100 24ea 0000 1106 6175 ........$.....au 0x0090: 7468 3032 026e 7304 7465 6c65 c053 c047 th02.ns.tele.S.G 0x00a0: 0001 0001 0000 5460 0004 5733 2006 c047 ......T`..W3...G 0x00b0: 001c 0001 0000 5460 0010 2001 06c8 0006 ......T`........ 0x00c0: 000c 020d 56ff fe6f f935 ....V..o.5 So based on this I'm going to say that the DNS query is 85 bytes. I'm also going to say that the DNS reply is 202 bytes. (I'm not taking in to account that we will be sending things in 64 byte segments on Ethernet so these numbers will possibly even be low.)

26/03/2008, 02h31	#8
D. Stussy Messages: n/a Hébergeur:	Re: relays.ordb.org blacklisting all IPs (fwd) "Res" <res@ausics.net> wrote in message news:Pine.LNX.4.64.0803260748040.30790@ebfjryy.nhf vpf.arg... > Just a heads up incase you dont already know... > > Yet another mob of clueless f'wits running an RBL > why cant these deadshits just drop the DNS entries rather than piss off .... Considering that the DNSBL closed in December 2006 and that someone is still using them, exactly what else do you expect them to do? The only people they're "pissing off" are those who after 15 months didn't have the sense to remove the checks against that DNSBL. Seems to me as if you're among the clueless ones.

26/03/2008, 03h03	#9
Grant Taylor Messages: n/a Hébergeur:	Re: relays.ordb.org blacklisting all IPs (fwd) (I prematurely fat fingered the send hot key.) On 3/25/2008 8:11 PM, Taylor, Grant wrote: > So based on this I'm going to say that the DNS query is 85 bytes. > I'm also going to say that the DNS reply is 202 bytes. (I'm not > taking in to account that we will be sending things in 64 byte > segments on Ethernet so these numbers will possibly even be low.) According to ISO, there are 246 country codes. For the sake of this discussion, let's say that each country code will send one query per second. That means that there will be 167+ kbps of inbound DNS (query) traffic until everyone decides to update their RBL list. That translates to 1.8+ GB of traffic a day or 54.1+ GB of traffic a month of inbound DNS queries per day for a service that is now defunct. It is very likely that this traffic will very slowly taper off over a very long time. Let's consider the reply traffic. The reply traffic will be 397+ kbps of outbound DNS (reply) traffic. This translates to 4.2+ GB of traffic a day or 128.8+ GB of traffic a month of outbound DNS replies per day for a service that is now defunct. So if we combine the inbound queries and outbound replies, ORDB will have 564+ kbps of DNS traffic. This translates to 6.1+ GB of traffic a day or 183+ GB of traffic a month of DNS traffic for a service that is now defunct. So, would you rather drop 54.1 GB of traffic a month for the next how ever many months (open ended until everyone removes relays.ordb.org from their config) or would you rather have 183 GB of traffic for one month. I will even go so far as to say that you will not even have a full 183 GB of traffic because you have done something to ensure that people will react to what you did with in a matter of days. You play with the numbers and and see what you would want to do long term if you were facing this amount of traffic. Just imagine what it would be like if the rate of queries was higher than one per country code per second... Grant. . . .

26/03/2008, 07h19	#10
Bill Cole Messages: n/a Hébergeur:	Re: relays.ordb.org blacklisting all IPs (fwd) In article <Pine.LNX.4.64.0803260830590.30984@ebfjryy.nhfvpf. arg>, Res <res@ausics.net> wrote: > On Tue, 25 Mar 2008, Grant Taylor wrote: > > > > > On 03/25/08 16:53, Res wrote: > >> Why cant these deadshits just drop the DNS entries rather than piss off > >> the > >> rest of the world? > > > > How else are said "deadshits" suppose to encourage people to remove their > > stale DNS RBL configs? > > > > It is perfectly logical that the "deadshits" would want to do something so > > that they do not continue to be bombarded with DNS queries from different > > deadshits that have not removed ORDB from their RBL config. > > I already stated what they could do in my original post which of course > you selectively did not quote, it is afterall what 99% of all other > defunct RBLs have done over the years. And both your recommendation and your claim about 99% of other defunct "RBL's" (RBL is not a generic term used by anyone with half a clue) demonstrate that you don't know what you're talking about. To not be simply a liar, you'd have to identify at least 400 defunct DNSBL's... There's a big problem with shutting down a high-volume DNS zone, in that the queries keep coming. Imbeciles (like anyone still querying ORDB) keep pounding away and if the zone wasn't planned out for termination from the start, there's a good chance that there are no good options for harmless shutdown. http://www.ietf.org/internet-drafts/...cklists-01.txt discusses this, as did the prior version. The issues have been discussed at length on the ASRG list and in other spam-focused fora and people who have tried to do the right things (which DO NOT include pushing the problem upstream to the gTLD roots) have not reported promising results from doing so. ORDB was very public about their shutdown. Anyone running a mail server still using them now deserves a long closed-door meeting with The Boss and HR and a big guy from Security with a large cardboard box. Letting a mail server sit that way for 15 months doing pointless DNS queries on every message is a demonstration of incompetence. (and no, I do not have much sympathy for anyone who set up a mail filtering system thinking it didn't need regular adjustment. Some flavors of ignorance require concrete lessons to overcome. ) -- Now where did I hide that website...

26/03/2008, 07h49	#11
Res Messages: n/a Hébergeur:	Re: relays.ordb.org blacklisting all IPs (fwd) On Tue, 25 Mar 2008, Grant Taylor wrote: > > On 3/25/2008 5:33 PM, Res wrote: >> I already stated what they could do in my original post which of course you >> selectively did not quote, it is afterall what 99% of all other defunct >> RBLs have done over the years. > > On 3/25/2008 4:53 PM, Res wrote: >>> why cant these deadshits just drop the DNS entries > > Ok, let's make sure that we understand each other. You are wanting the > deadshits to drop the DNS query traffic for their now defunct RBL, correct? > > (Presuming yes.) Correct and there are still better ways to do it then what they have. It is despite the thoughts of the few usual suspects in here, totally irresposible, they had to realise the traffic (50GB p/mth is nothing for DNS) risks when they kick off an RBL (and yes cole maybe people in YOUR part of the world dont, but most in this region and europe that I know do use the term generically, live with it, not that I care one way or another). Grant it is irresponsible of the postmasters in private companies for not reviewing every RBL's web site or following the trolling tripe in usenet groups to ensure they are still working, it is their own fault they are not nerdy geeks who live for RFC's and whatever else isnt it, its also their fault for not having access to knowing or understanding what might have been setup by an IT contractor 5 years ago, that has enver given them any issues so have had no need to bring them "back in". It's not all as black and white as you think, maybe it is not so horrendous what has happened here but in the case of osirus or whatever it was called, that was, completely, as Joe did that without warning to anyone, thats just plain childish, and there was some other group of wannabes who did the same several years ago as well. I wont respond to cole (any further) or stussy for as per usual they result to personal insults at which time I stopped reading their posts, as that says all it needs to say about them. -- Cheers Res mysql> update auth set Framed-IP-Address='127.0.0.127' where user= 'troll';

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email