IT NEWS           RSS Mastering The Complex Sale
Technology news and Jobs arrow Information Technology News arrow Spam blocker rises from the dead to bite lax email administrators
Spam blocker rises from the dead to bite lax email administrators PDF E-mail
User Rating: / 45
PoorBest 
by Stuart Corner   
Wednesday, 26 March 2008
A database of open relay email servers, provided until late 2006 as a voluntary service to help email administrators block spam, has suddenly re-activated but is returning every address queried as being on its blacklist.

Administrators of email systems should have stopped querying the database (relays.ordb.org) in December 2006 when it shut down, but some failed to do so. That was no problem until today, queries were simply rejected, but now the address of any email server presented is being returned as an open relay. This results in the querying system rejecting all incoming mails from that server.

In an email to customers, Melbourne based email and web filtering service, Mailguard, said: "It has come to our attention that several customers have been continuing to query the ORDB blacklist for their incoming mail, and this morning have begun rejecting this incoming mail believing that MailGuard's servers were blacklisted."

The email warned customers that: "it is likely that some of your outgoing email will be rejected by mail servers on the greater Internet which still refer to the ORDB blacklist. If this happens, you will receive an non-delivery report (possibly from MailGuard's servers) which states something along the lines of the following: 'This server does not accept messages from known blacklisted site. Your host was found in the DNS Blacklist at relays.ordb.org' or 'Service unavailable; Client host blocked using relays.ordb.org'."

ORDB was maintained by a group of volunteers in Denmark and operated for over five years. According to a report on The Register at the time of its  closure "a notice was posted on the site saying: 'It's been a case of a long goodbye as very little work has gone into maintaining ORDB for a while. Our volunteer staff has been pre-occupied with other aspects of their lives. In addition, the general consensus within the team is that open relay RBLs are no longer the most effective way of preventing spam from entering your network as spammers have changed tactics in recent years, as have the anti-spam community."

The ORB website's URLs (http://www.ordb.org and http://ordb.org) are no longer active (ORDB said they would shut down on 18 December 2006) so there is no indication of who is responsible for the re-activation of the 'service'. However one post on Slashdot stated, without any confirmation it had been done "as a way to get sleeping users to remove the ORDB query from their spam filters."


Get stories like this delivered daily - FREE - subscribe now
When you subscribe get a 12 months license for LiveProject Valued at $99 USD
Comments (16)Add Comment
...
written by Peg, March 27, 2008
Anyone else getting these blacklisted blocks and don't even HAVE ORDB.org in their blacklist servers queue? Anyone know which of the other blacklists are using ORDB so we can remove their server from our list??
...
written by mrP, March 27, 2008
There must have been a better way to inform us.
I have spend all morning running around removing ORDB from Exchange Servers because most email where getting bounced, effecting peoples businesses. The thing is we have not added it to the list in the first place. So does Microsoft add this to exchange?

Anyhow problem sorted.
No thanks to ?


...
written by JKnox, March 27, 2008
The problem is still ongoing for a lot of people world wide, it appears some solutions such as symantec firewalls use this service as standard, so it is worth checking everything from your gateway, firewall to your internal mail server to see it anything's running it.
...
written by Zeus, March 27, 2008
How can we go about finding out what is using ordb? Would it be our ISP (Roadrunner) or would it be our Email Provider (MailMac by Smartmax)? Our would it have to do with our computers? Mac & PC. Please help, not sure where to start to get this resolved, 20 email accounts are down here. We are able to send and when logging in online via webmail we are able to receive messages, but nothing coming in via Outlook/ Mac Mail.
...
written by Peter5, March 27, 2008
I use Exchange 2003 and GFI, checked that ordb was removed then stopped all GFI services but the problem percist, I.m cunfused like ewerybody else here.
...
written by Ivor Durham, March 27, 2008
After some hours of head scratching because the Exchange server did not have any reference to relays.ordb.org I found it in the Symantec Mail Security for Microsoft Exchange configuration in the list of Anti-spam blacklist servers. Clearing it from the list and deploying the changes fixed the problem.

I remain puzzled because the DNS entry for relays.ordb.org has gone away so I'm not sure how Symantec was finding the service in the first place.
...
written by Who is Irresponsible?, March 27, 2008
So...if the DNS entry was gone (which it was), what harm, exactly was being done by the systems that were attempting to continue to query it? They certainly weren't 'pounding on their servers,' because, well, THE FREAKING DNS ENTRY WAS GONE! How does that justify unilaterally deciding to break every email server on the planet that happened to still be pointed at their database?
...
written by Jeff45, March 27, 2008
We removed relays.ordb.org immediately after reading this article but still could not receive mail from the outside. After messing around with it for a little while we gave up and removed all blocklists from the config. This resolved the issue but I don't know which list was referencing this one.

On a related note, our outgoing mail is scanned with SpamAssassin which was also apparently referencing relays.ordb.org and so all our outgoing mail was quarantined and had to be released manually.

To avoid future denials of service that public blocklists can apparently cause, we will no longer use them as part of our anti-spam regime.

I appreciate this article, because it pointed us in the right direction. However I strongly object to the use of the word "lax" in the title. As the chain of comments shows, being lax or negligent had nothing to do with this. Even systems that did not reference relays.ordb.org directly but used reputable products like Symantec Mail Security were affected.

I would urge ITWire editors to remove the word lax from the title of this message. We are catching enough grief from our businesses already without them reading online that we were lax in our system administration practices.
...
written by Pete, March 27, 2008
I Use Ex 2003. GFI, checked that realys.ordb.org was not in the GFI config.
Stopped all GFI services, Uninstalled GFI, checked all registry for realys.ordb.org. Nothing works. Desperate too
...
written by Pete, March 27, 2008
Problem solved, in Exchange. Global settings and properties on Message delivery there are several filterings, take away all relay.ordb.org and others. Defauslt is empty so we can not blame Ms.

...
written by nicks, March 27, 2008
Hi all,

Both GFI MailEssentials and Microsoft Exchange 2003 provide the functionality to perform queries to DNS Blacklists when filtering emails for spam.

For GFI MailEssentials, you can check the DNS Blacklists which are enabled from the GFI MailEssentials configuration -> Anti-Spam -> DNS Blacklists.

You may have configured Exchange 2003 to check emails with DNS Blacklists. This can be configured from Exchange System Manager -> Global Settings -> Message Delivery properties -> Connection Filtering tab. More information can be found at http://www.msexchange.org/tuto..._2003.html

Hope this helps.

Nicholas Sciberras
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
...
written by leole, March 27, 2008
Well look like a lot of internet providers in europe are in trouble with this problem .We are getting complaints from people using the belgacom Skynet relay in belgium to send mails out and and in france orange reject mail send to some ips we handle :(

They dont find the problem and they will most probably never do anything to have this issue resolved :(

Oliver
http://www.mycyberhosting.com


...
written by Noah, March 28, 2008
Anyone have exchange 5.5 and got this problem fixed i am baffled on how to do it i am not familiar with exchange servers but got suckered into fixing this problem can anyone help me out if so emai me at This e-mail address is being protected from spam bots, you need JavaScript enabled to view it that would help greatly thanks!
...
written by Tom43, March 29, 2008
Using squirrel mail on linux server, can see spamassain folder, is this the only fix? Removing the code relays.ordb.org
...
written by gustavo, March 29, 2008
aff total subiram este servidor e meu ip se ecnontra listado como faço para remoção ?
...
written by dddd, April 16, 2008
wow power leveling
wow power leveling
wow power leveling
wow power leveling
wow power leveling
wow power leveling
wow powerleveling
wow powerleveling
wow powerleveling
wow powerleveling
wow gold
wow gold
world of warcraft power leveling
world of warcraft power leveling
wow power level
wow power level
power leveling wow
power leveling wow
power leveling wow
powerleveling wow
powerleveling wow
cheap wow power leveling
Maple Story mesos
MapleStory mesos
ms mesos
mesos
SilkRoad Gold
SRO Gold
SilkRoad Online Gold
eq2 plat
eq2 gold
eq2 Platinum
EverQuest 2 Platinum
EverQuest 2 gold
EverQuest 2 plat
lotro gold
lotr gold
Lord of the Rings online Gold
Rolex Replica
Replica Rolex

Tell us what you think! better to paste your comment - this page will refresh every 15 minutes
smaller | bigger

busy
 
< Next story in category   Previous story in the category >
Subscribe to iTWire's Free daily e-newsletter Delivered daily - FREE
Subscribe to our Technology newsletter, get the latest and stay ahead ...example
* First name:
* Last name:
* Your email address:
* Country:
* Enter the security code shown:

* mandatory
Google
 
You don't need to login to post a comment





Lost Password?
No account yet? Register
Subscribe to our free daily newsletter.
9th Annual Business Intelligence
May 8 (8:00 am) - July 16 (11:59 pm), 2008
The drastic change of vendor landscape in 2007, which resulted by the big-time acquisition of the...

ACS VIC Branch Conference
May 9 (8:30 am) - May 10 (11:59 pm), 2008
Australian Computer Society Victorian Branch conference at Marysville Victoria. The theme is &quo...

TECHbash 2008 - NEPA's Premiere Technology Conference
May 10 (7:30 am) - May 11 (4:30 pm), 2008
To register for this free event, visit http://techbash.com/registration. Since its inception i...

IT Automation and Managed Services - N-able Seminar Series
May 12 (4:00 pm) - May 16 (11:59 pm), 2008
N-able Technologies are hosting a four-city “Profit through IT Automation and Managed Services” r...

McAfee Security Symposium. Auckland Stamford Plaza.
May 14, 2008 (8:30 am - 12:00 pm)
A free McAfee Security Seminar in your city, learn how to avoid seeing your face in the news as t...

Sybase ASE Cluster Edition – Melbourne Seminar
May 14, 2008 (8:30 am - 12:00 pm)
Extreme Demands Require Innovative Solutions You've depended on Sybase Adaptiver Server Enter...

Innovative Telecom Pricing Masterclass
May 15 (8:00 am) - May 16 (11:59 pm), 2008
This intensive two-day masterclass will offer an unrivalled opportunity to gain solid understandi...

McAfee Security Symposium. Wellington Intercontinental.
May 15, 2008 (8:30 am - 12:00 pm)
A free McAfee Security Seminar in your city, learn how to avoid seeing your face in the news as t...

Free Webinar: Leverage Open Source ETL for your BI Project
May 15, 2008 (9:00 am - 11:59 pm)
Reserve your Webinar seat now at: https://www1.gotomeeting.com/register/779854626 This one-...

SolidWorks Innovation Day (Sydney)
May 16, 2008 (All Day)
Hosted by Intercad, SolidWorks’ Innovation Days will give designers, engineers and manufacturers ...
New event listings
SolidWorks Innovation Day (Brisbane and Perth)
October 15, 2008 (All Day)
Hosted by Intercad, SolidWorks’ Innovation Days will give designers, engineers and manufacturers ...

LIXI Industry Forum 2008
September 10, 2008 (All Day)
Wednesday, 10 September 2008 The Westin Sydney The second annual major industry event for the...

Energy Logic Symposium- Melbourne
July 8, 2008 (All Day)
Emerson Network Power, Dell, IBM and Cisco show you how to slash data centre energy use without c...

Energy Logic Symposium - Sydney
July 3, 2008 (All Day)
Emerson Network Power, Dell, IBM and Cisco show you how to slash data centre energy use without c...

Energy Logic Symposium
July 1, 2008 (All Day)
Emerson Network Power, Dell, IBM and Cisco show you how to slash data centre energy use without c...

Commercialising Video
June 24, 2008 (All Day)
Video usage has exploded across all interactive platforms including online, mobile, IPTV, VOD, an...

View Full Calendar
Add New Event
Contact , Register , Advertise with iTWire , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page
Industry Releases , Submit your release now