SMTP Blacklists

By:  Bob Cancilla
Title:  AS/400 Internet Practioner
Date:  12/27/1998 - 05:21 PM (UCT)

THE VIGILANTES

We all hate SPAM or unsolicited junk mail. Those of us operating corporate Internet Mail connections are extremely concerned about unsolicited mail from porno sites reaching our end-users desktops. We all share the common goal of limiting, restricting, or otherwise filtering SPAM.

Two individuals have taken the issue of blocking SPAM into their own hands. These people are: Paul Vixie who runs the MAPS RBL (Mail Abuse Protection System Realtime Blackhole List) and Ron Guilmette, who runs an organization called IMRSS (Internet Mail Relay Services Survey and the ORBS spammer database.

These gentlemen have taken it upon themselves to act as Internet Vigilantes and attempt to fight unsolicited e-mail on their own. They maintain lists of servers that have been known to "RELAY" SPAM. These lists are available to mail software that supports looking up sites in their databases and rejecting the mail.

THE PROBLEM

The problem for AS/400 Internet users is the fact that we currently do not have the ability to limit the usage of our SMTP servers as "RELAY" servers. As you may know SMTP for the AS/400 listens to port 25 on all IP addresses known to your AS/400. It receives mail pointed to it from your public DNS MX record. ANYONE may send mail via your server by pointing their mail client to YOUR mail IP address. Look at Microsoft Outlook, Netscape Messenger, Eudora, or any other popular mail clientÈs configuration. It simply asks for the domain name or IP address of a server that will send your mail.

This would be easy to block if SMTP were to accept inbound messages on one port and route outbound mail on another port. Unfortunately, this is not the case. The dilemma is that SMTP receives and sends mail on port 25. SMTP dates back to a time when the Internet was a more neighborly place. Mail relay was originally handed via dial-up connections. UCLA in Los Angeles would initiate a dial-up connection with UCSD in San Diego and ask San Diego to relay some mail when it connected to ICSA in Chicago, etc. Once mail began travelling via the current on-line leased line based Internet, no significant restrictions were placed in SMTP.

SMTP is based on UNIX SENDMAIL. SENDMAIL is freely distributed UNIX based C Source code maintained by the SENDMAIL Consortium (a volunteer group that like the APACHE server, LINUX, and many other free Internet based software packages maintains the code). IBM ported an early version of this code to the AS/400. SENDMAIL 8.9 which is the most current release of SENDMAIL supported by the SENDMAIL consortium has rules and filters to prevent your server from being used as a relay. It also has code that can check the MAPS RBL described below and block messages from being sent or received from blacklisted sites.

SENDMAIL

SENDMAIL.ORG is the consortium that maintains and supports the freeware version of SNDMAIL. They can be reached at http://www.sendmail.org. I urge everyone to visit this website look at the features currently supported including the controls for mail relay and anti-spam protection built into release 8.9 of SENDMAIL.

I then urge you to ask IBM to upgrade SMTP for the AS/400 to support these features. I understand that some of these feature will be made available shortly via PTF that will go back to at least V4R1 of OS/400.

MAPS RBL

Mr. VixieÈs organization is quite reputable. He maintains a very informative web site at http://www.vix.com that describes his service. I urge you to visit his site and read the wealth of material concerning SPAM and SPAM blocking. My initial reaction to MAPS RBL was negative. I still have reservations about an organization that blacklists servers and therefore restricts free Internet access. I decided to read Mr. VixieÈs lengthy and informative web pages describing SPAMMING operations and how MAPS RBL operates. My conclusion is that I will support Mr. VixieÈs operation. I support MAPS RBL because of the way it operates. First and foremost, the web site is very visible and easily found with any search engine if you search on ANTI-SPAM. His arguments and legal basis for operation is clearly set out in his web pages. A very important feature is the fact that they maintain and publish a telephone number where you can contact them.

Their approach towards blacklisting a site is based on solid Internet etiquette. They first instruct users wishing to add a site to the blacklist to contact the owner of the offending server and ask that the offender take corrective action. A server will only be blacklisted if the operator of the server refuses to cooperate. Even if the operator refuses to cooperate, MAPS RBL will notify the server operator by sending a message to or . You may contact them by email or telephone and they will help you take steps to block SPAMMERS. All of this before they add you to the list.

The bottom line is that MAPS RBL operates a blacklist. They operate professionally and responsibly. I look forward to upgraded SMTP software for my AS/400 that will interrogate the MAPS RBL blacklist. I urge you to visit their website and read their materials describing SPAM, SPAM Blocking, and RELAY site usage.

IMRSS - ORBS

This organization is quite the antithesis of MAPS RBL. Mr. Guilmette apparently feels that Vixie was not aggressive enough in his fight against SPAM. Mr. Guilmette is running an aggressive port scanning program looking for any server where port 25 is open and will send mail from an unknown source. Presently this is every AS/400 on the planet along with most Windows/NT and UNIX servers. You are sent an e-mail message stating that you have been added to the ORBS database as a "SPAM RELAY site".

IMRSS AKA ORBS is an especially dangerous and out of control organization. They donÈt care if SPAM originates from your site or not. They only care if you have the potential to be used by SPAMMERS.

He refers to website http://www.dorkslayer.com. He tells you to contact them for information about getting off his list. When you visit the site you get a notice that the site is no longer in operation and to watch for announcements in "various sources" for more information about the database and the list. I found the following information by running a WHOIS on dorkslayer.com:

Aaron Coombs (DORKSLAYER-DOM) 203, 4806 51 Ave Red Deer, AB T4N-4H3 CANADA Domain Name: DORKSLAYER.COM Administrative Contact, Technical Contact, Zone Contact: Administrator, Systems (AC572) admin@TRUESPEED.COM (403)309-2601 (FAX) (403)309-4022 Billing Contact: Administrator, Systems (AC572) admin@TRUESPEED.COM (403)309-2601 (FAX) (403)309-4022 This web site has no contact information or any other means of contacting.

I am trying to trace down the e-mail message that was sent to Ignite400.org informing us that we were added to the ORBS database. Since IMRSS uses IP port scanning as a means of detecting "RELAY" servers, I am attempting to enlist the help of CERT to seek and destroy this menace to free commerce on the Internet. I am also sending letters to as many U.S. government regulatory bodies as I can to stop this organization and urge all ISPÈs to boycott this organization.

The message that is sent when they locate your server is rather frightening informing you that you have been added to their database and blacklisted. That is fortunately scare tactic. I urge everyone to boycott this nefarious organization and contact your local and federal representatives urging criminal prosecution of the operators of IMRSS!

THE BOTTOM LINE

Reputable organizations like MAPS RBL with human contact and a reasonable approach to blocking SPAM are beneficial. Organizations like IMRSS and the ORBS database are (IMHO) criminal and deserve to be eradicated from the Internet.

We AS/400 users presently need better tools and software. IBM has promised PTFÈs to SMTP which hopefully will meet our needs. We shall see (the folks who brought you SMTP havenÈt upgraded it since V3R1). I am hopeful that IBM will rise to the occasion. IGNITe/400 is working with one other vendor or cross platform software who is willing to port their software (which supports MAPS RBL btw) and relay blocking in a very sophisticated manner.

If you run into a problem, I suggest you consider putting a Windows/NT, UNIX, LINUX, or even MAC/OS mail server in front of your AS/400 to handle Mail Relay.

We will keep you informed of progress on this critical issue as developments occur. We will also let you know if we track down the vermin that operate the nefarious and villainous NRSS ORBS database.

Bob C.

For interviews with Paul Vixie and Ron Guilmette see:

HTTP://www.thestandard.net/articles/display/0,1449,2889,00.html

 
Return to the Home Page
 


© Copyright 1998, 1999 by IGNITe/400sm
This page last updated on: Sun Jun 27 20:55:29 1999