[Techtalk] sendmail/RBL question (linuxchix)

Paul Vixie paul at vix.com
Thu Mar 28 16:31:23 EST 2002 

> Since my response to this email concerns Paul Vixie, I have CC'd him 
> on this email.  It's only fair.  I hope he actually joins this list 
> and responds himself.  He is, after all, an advocate and sponsor of 
> Open Source software.

thanks for inviting me to this thread.

> > I'm on a couple of email discussion lists, and on one, spam
> > occasionally gets through the owner's filters and blocks. Someone on
> > the list has taken it upon himself to complain to the "spam police",
> > which has created lots of problems for the list owner. In short, now
> > many legitimate messages get bounced because of what he's done to try
> > to eliminate spam, and getting RBL'ed (Real Time Blacklisted, in case
> > anyone doesn't know).
> 
> It seems like the list owner has more problems than just being unable 
> to stop spammers to the list.  He may be running an open relay.  As I 
> recall, only open relays end up RBL's, and the MAPS people actually 
> test to see if the mail relay is actually open.

i'm not directly associated with MAPS any more, but i helped found it
and i am a strong proponent of what they are doing.  they do in fact
list hosts for reasons other than being open relays.  see

	http://mail-abuse.org/rbl/candidacy.html
and
	http://mail-abuse.org/standard.html

so the question above concerns collateral damage.  the fact is, there is
some.  but it's always "indirectly passive" in the sense that the mail
that won't get through was (by definition) destined for some network or
host whose owner _decided_ to subscribe to the RBL.  in a very real sense,
the damage is caused by that decision to subscribe, and your beef, if any,
is with that subscriber.  all MAPS does is make statements of fact -- you
can challenge the factualness of those statements and there is a process
for that.  but maps isn't blocking e-mail, it's just publishing a list.
the people who do the blocking know that they will be rejecting some good
mail with the bad.  if they choose to subscribe anyway, then frankly that's
their right and their decision because it'll be their hosts or networks
whose configurations are affected.

> > I've been doing some researching on this, and found one site that makes
> > a claim that the sendmail program has RBL stuff built in. Here's the
> > text from the page, http://www.ifn.net/rblstory.htm:
> 
> "Story" is right...  This is the most inflammatory piece of propaganda 
> I've read in a long time.  Even Hollings and Disney don't lay it on 
> quite as thick.  The only thing missing is a reference to Hitler.  As it 
> is, they reference McVeigh, and "Sherman's march to the sea".

you think that's something?  try www.dotcomeon.com for some real flavour.

> The sendmail.org's web site has this line: "The past support of Paul 
> Vixie and the Internet Software Consortium is gratefully appreciated."
> Believe me, if I had a site hosted in Vixie's area for cheap or free 
> (I'm not sure how much he charges), I would be damn grateful too.  One 
> of the biggest expenses for open source can be server space and 
> bandwidth.  Also, I believe Paul maintains one of the major 
> authoritative name servers on the west coast of the US - out of ISC's 
> pocket, which is mostly his own.

as it happens, ISC is a not-for-profit, and while it charges some membership
fees it cannot (by charter) charge for things like hosting.  sendmail.org
got a free ride for as long as they needed/wanted it, and would be welcome
back today.  we also host xfree86.org, an opencvs mirror, and the ftp and
www servers of netbsd.org.  and lynx.org.  and crypto-publish.org.  any open
software project is welcome here, free of charge, for as long as we exist.
it can be a provided host that we make space and power and bandwidth for,
or it can ride on one of our hosts where we'll make "developer accounts."

> ...Finally, don't believe everything you read on the web, especially when 
> it is couched in inflammatory rhetoric.

i agree with this.  read everything that's available and make up your
own mind, realizing that more than half of what you read will be opinion
couched as fact and that making up your mind is an exercise of critical
judgement.

> > Assuming those answers are yes... Is there any way to avoid using
> > sendmail? Or can one disable the RBL capability of sendmail?
> 
> To the best of my knowledge, sendmail does *not* have RBL enabled by 
> default.  The article was FUD from people who are probably paid by, 
> or profit from, spammers.  To install RBL in any mailer I know of, 
> you have to deliberately put it there.

that's my understanding also, though some of sendmail's redistributors
(notably some versions of freebsd) included configs that had the MAPS RBL
subscribed-to by default.  this is no longer possible, since MAPS's RBL is
only available by subscription (for a fee, which is small, and can be waived
for open source project servers and other not-for-profit uses.)

> ...See also the Vixie Enterprises page, http://www.vix.com/

thank you for your kind words.  i'm happy to talk further with anyone
who'd like answers about anything else i'm accused of having done.

More information about the Techtalk mailing list