Open Relays, Free Speech, and Virus Propagation 488
sirsnork writes: "There is a story about John Gilmore running an open relay that is being used by a virus to propagate running over at Newsbytes. His defence? He wants his friends to be able to send email through his server from whereever they are. You'd think he'd know better." Gilmore has been skirmishing with Verio for some time over his open mail relay. Is it a good thing because it promotes the free flow of information? Is it bad for promoting the free flow of spam? Do the ethics change because someone writes a virus that uses the server to propagate? Interesting questions.
secure (Score:2, Interesting)
Re:Jackass (Score:5, Interesting)
But weird how the article said Gilmore, a life member of the Libertarian party, has accused Verio of censorship and said he configured the mail server to accept and forward e-mail from anyone in part so that friends could use it while traveling around the world.
(Emphasis mine).
Seems to imply there are other motives...
ideals and technology (Score:2, Interesting)
On the one hand, I believe he's saying that the ISP should not make the choice for its customers as to what mail it accepts and what mail it doesn't accept. I have to agree with this, it's a slippery slope and easily abused. However I believe a lot of customers are happy to have their ISP try to reduce the amount of spam they receive.
Also, I believe John's attitude is that any spam-prevention mechanisms should not block valid mail from getting through. I have to agree with this.
And, having been (incorrectly) attacked by anti-spammers a few times I have to say that often the anti-spammers are worse than the spammers.
On the other hand, I think John's insistence on running open relays is just plain a bad idea, and that using technological means such as SMTP Authentication could completely remove the need for having open relays.
Re:I see his point though... (Score:1, Interesting)
Have your boss connect to your network remotely through a vpn and there should be no problem.
either that or use a webmail client.
not hard.
AC
Let him be free. (Score:5, Interesting)
That means that he would have to be paying out large amounts of money to anyone who is a victim of spam through his server.
It is interesting to know that a while back, Verio was scraping the register.com database to spam people who had registered with register.com
What about POP-Before-SMTP Auth moron. (Score:1, Interesting)
I found this out from scratch a few years back so surely he could have worked out that it's possible to validate users from the pop daemon then use that to give them relay permission to use the smtp server.
FFS half the smtp servers you get these days have pop-auth built in to them, qmail/vpopmail just needs an extra option to
the best bit was the title: "Verio is censoring John Gilmore's email under pressure from anti-spammers".
Wheres my fucking clue-by-four. *SLAP*
Theres one born every minute.
pkm
it's still open (Score:1, Interesting)
Trying 140.174.2.1...
Connected to toad.com.
Escape character is '^]'.
EHLO hehehe
220 toad.com ESMTP Sendmail 8.7.5/8.7.3; Thu, 7 Mar 2002 09:18:22 -0800 (PST)
250-toad.com Hello blah.blah.foo [1.2.3.4], pleased to meet you
250-EXPN
250-8BITMIME
250-SIZE
250-DSN
2
250-ONEX
250 HELP
MAIL FROM: blah@blah.foo
RC250 blah@blah.foo... Sender ok
RCPT TO: blah@blah.foo
250 Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
hahahaha..
.
250 JAA03950 Message accepted for delivery
Maybe I'm missing something... (Score:5, Interesting)
Is that too much of him to ask of his users? Or is he just unaware of how and what to do?
Clue me in, folks.
--SC
not about censorship (Score:2, Interesting)
This problem is about messed-up technology (as others have pointed out) and the difficulty of dealing with anti-social behavior (from spammers, not Gilmore). Since it appears that John can close his relay without interrupting his traveling friends, I hope he will do so. This is about cooperating with the relatively harmless means that the community has evolved (without recourse to legal repression) to help curb spam.
Re:Bad Administration Policy vs. Idealism (Score:4, Interesting)
Would freedom of speech not also mean freedom to control your own speech? These people aren't given the choice to communicate the worm to their friends/contacts, it's done for them.
Finally, aside from whatever nit-picky type bs we can slash out here, it's obviously just really lame and ridiculous.
Running an open relay is risky, doing it and telling the world about it is irresponsible.
Re:It's bad. (Score:2, Interesting)
I don't see why they don't just cut him off entirely. Surely their ToS allow them to disconnect any customer who has an open relay.
Since they have that option, I can't see that they'd have grounds for action. But it's insane that Verio is letting this loudmouth intimidate them into continuing his service.
I do wonder if it'd be possible for another ISP or the recipients of spam sent through his relay to sue him for negligence. Wish I had the money to do so.
Re:What's his IP address? (Score:2, Interesting)
(Now, in the same place, you wouldn't dare leave your door unlocked. Some drugged-up git from Dublin would drive down for the evening and trash you house, perhaps stopping to hold up the local post office.)
It's sad.
RMS and system security, once upon a time? (Score:3, Interesting)
It's not that he didn't understand the security implications; it's that he thought they were less important than what he considered the moral implications.
Can anyone back this up?
Re:It's bad. (Score:3, Interesting)
Ah! This Explains a Politechbot Post (Score:3, Interesting)
Now we see that it was because he runs an open relay.
Re:Bandwidth conservation (Score:3, Interesting)
Please mod the parent up. You have to read some of Gilmore's own words to believe how aggressively and unreasonably stubborn he is on this issue. Gilmore has done some wonderful things, but he flat out refuses to ignore the changing realities of living on the 'net, calling anti-spammers "extortionists", "thugs", "blackmailers", and asserting that this is an "antitrust" issue. Regarding spam itself, Gilmore says: "I don't even want a "tyranny of the majority", if the majority happens to prefer to smash spammers (and suspected spam-sympathizers). I don't want a rerun of Joe McCarthy's witch- hunt, with spammers in place of Communists. I want to have everyone's right to communicate with each other protected, whether or not they disagree with the majority."
Which is all well and good. Gilmore argues that any censorship is reprehensible. OK, then why did Gilmore voluntarily censor mail passing through his gateway in a token attempt to appease Verio? He argues on a point of principle, then breaks that principle quite cynically so as to create an appearance of having offered a reasonable compromise (when the real solution is much simpler: authorisation). He is a very jolly, persuasive and genial old hypocrite. Harsh comment, but judge him by his actions, not his protestations.
Gilmore is an extremely confused man, well intentioned, but in severe denial that the world has changed around him. He has found a cause to fight (using EFF lawyers) and is enjoying playing hardball on an issue of principle (while breaking that principle himself) when there's good grounds for believing that the real issue is that he's just pissed at Verio for buying up the ISP he founded and imposing terms of usage on him. Any terms. Gilmore is pro-free speech in the shouting-fire-in-a-crowded-theatre-is-OK way. Information doesn't just want to be free, it wants to be thrown out of the door and helped along with a cattle prod. While he's done a lot of good in his life, I believe that this extremist stance actually damages the EFF and the free-speech lobby.
Before you judge him, go and read his specific thoughts [toad.com] on this issue, and decide for yourself whether he deserves contempt or pity. I'm rather leaning towards the latter.
The worst victims of open relays are its operators (Score:3, Interesting)
A bit more than a year ago I worked at a company which was running an open relay to allow their customers sending mails through it. It has been blacklisted everywhere, no one has ever read Postmaster, they just reinstalled the mail server (out-of-the-box system, which they are developing) or removed the entire mail spool if it got too bad.
Yet they had of course plenty of problems with sending their own mail - so had their customers who used the relay, too. Being blacklisted on RSS, ORBS and dozens of other DNS-based lists causes quite some mails to be rejected - the percentage is certainly too high to ignore.
To make it short, it took several weeks to persuade each customer to change his mail server's configuration into using the ISP's mail relay instead of ours. Meanwhile the company moved its former 64k Internet connection to a 2Mbit/s line, which made relayed spam spread as fire.
Within the few weeks between the new line went up and we were finally able to replace the old mail server with a new system running Postfix, the mail relay was almost unusable for us - it took about a minute to even have a TCP connection of any type accepted, the system load was always between 10 and 20, and the ISP bill was _really_ high.
After putting Postfix into work, it was my job to keep the mail system running. As it ran on the same IP address as the old server, the spammers didn't stop trying to relay their trash through it. AFAICT almost no spam flood mailer checks SMTP return codes, and if it does, it tries to connect to the secondary MX. As a consequence the syslog has been filled with thousands of "Relaying denied" messages, SMTP sessions have been kept up for hours, and as they discovered after some time that this relay has been closed, they scanned our networks for some more open SMTP servers - not only - they scanned almost everything, so as if they can't relay spam through us, they at least want to look for an open FTP or HTTP server to share pr0n and w4r3z. It didn't take them too long to find an open proxy, and they caused 80 GB (the ISP bill was 6000 € that month) of bandwidth until we discovered it. They found an open FTP server, too, and uploaded about 5 GB of m0v13z until the partition went full what made us notice it.
What is more, the mail server has been fixed, but the IP address has still been blacklisted. After two weeks of notifying blacklist operators and having our mail server tested as secure, it has been unlisted from most services. Spam continued, of course, Postmaster notifications due to recipients who blacklisted our mail server manually continued to occur, and some customers who forgot to change their mail relay or were unable to do so (it's an easily-installable out-of-the-box system which they bought from us, so they just lacked basic knowledge to run a mail server). It has been a mess even months after we closed the mail relay.
So my advice for John Gilmore and anyone else who operates an open relay, intentionally or not: Close it! You are having the worst problems of all involved parties! If possible, move to a different IP network or you won't get any rest in the near future.
Gilmore is right, MAPS, SBL, and Spews are wrong. (Score:3, Interesting)
a) Get rid of all open relays (impossible!)
b) Get rid of all socksproxys (Do we want to get rid of this great way of staying anonymous?)
c) Get rid of all open squid-servers (Do we want to get rid of this great way of staying semi-anonymous?)
d) Get rid of all other ways you can use/abuse all sorts of relays.
The problem is that the fight against spam hurts not only email administrators anymore, but hostmasters, webmasters, people that want to run anonymous proxies of any sort, and so forth. If one wins the fight against anonymous relaying, one removes the option of staying completely (or semi-completely) anonymous in many cases.
Do you think the "antispammers" like anonymous remailers? Nope, not unless you're the customer of one, or that there are ways they may limit/stop the spamflow.
I hate the spam as much as anyone, but I really don't think the solution is to block every possibility of staying anonymous. The solution is to rewrite the fucking mail protocol, not to let _everything_ suffer because of spam beeing intolerable.
end of rant.
This reminds me of the same shit in HAM Radio... (Score:2, Interesting)
Understand that amateur radio in the US and in most countries, consists of free (as in beer) but regulated swaths of the electromagnetic spectrum. This spectrum is shared by all amateur radio operators to communicate on using voice, morse code, video, data or some combination. Not unlike the Internet collective of networks, it is a shared resource of interconnected points.
The network in question used a specific frequency to communicate inbetween BBS nodes, and another frequency to communicate between BBSes and end-users. A loosely organized group provided a set of working rules to ensure the network could function efficiently. If BBS to BBS traffic and end-user traffic were shared on the same frequency, the network would bog down in short order (packet switched radio is slow at 1200-9600 bps plus overhead). Splitting the types of traffic up helped to ensure things kept moving.
For whatever reason, a few nodes decided to pass BBS to BBS traffic on the end-user frequency. The constant chatter between these unruly BBSes made it very difficult for end-users to operate making the network nearly unusable. No one was really in the wrong from a legal or regulatory stance, but they were obviously disrupting the function of a "system" and causing headaches for other users of the shared medium.
In US HAM radio, the FCC leaves problems in the hands of the amateurs to sort out. First come, first serve on the frequency. It is illegal to wilfully interfere with stations who are carrying on an active conversation. Written early under the assumption that two people could not possibly talk all day and all night long, the regulation did not account for repeaters. Repeaters are always-on radios mounted in geographically advantageous places to amplify weak radio signals extending their range. Who "owns" the frequency occupied by a repeater? No one. The FCC left it to Hams to coordinate the frequency assignments for a repeater. There is language in the regulations affording precedence when interference occurs with a repeater involving the Ham-run coordination. The problem was handled in the community and repeaters thrive today.
But back to the packet network - while HAMs have shown to be very cooperative folks (albeit ornery) with repeaters, this cooperation did not extend to the packet network. I'm told some terrific arguments used to break out at the meetings of the network group. Compromise, it seemed, was not an option.
Finally, rather than improve the software and hardware to deal with interference, things died down. The network still exists as only a shadow of its former glory - and without advancement.
The Internet infrastructure consists of privately owned equipment, and each owner can choose whether or not they'll cope with something they don't like. But the collective "Internet" that exists only when these networks work together is much like that shared spectrum HAMs use. It only works when the people who own the infrastructure agree to equal access for all traffic and issues should be settled in accordance with the understanding that the Internet is a commons. Anything less is not the "Internet."
Moral Beating:
If you don't like SPAM, then adjust your receiver to ignore it. The end-2-end principle should apply. Only the edge device should carry the ability to decide if information is of value or not. IF the SMTP protocol is too open for your tastes, then revise it to become more intelligent.
There is nothing wrong with subscribing to blacklists for your own mailbox, but to do so in a manner that blocks mail for those who have no choice in the matter violates the spirit of the end-2-end concept and the spirit of freedom that many in the earlier days of the Internet thought could change society for the better.
Quit bitching, apply your filters and focus on things that really matter.
-b-
My letter to Verio and Mr. Gilmore (Score:3, Interesting)
To: drg@verio.net
Cc: gnu@toad.com
Date: Thu, 7 Mar 2002 12:47:17 -0600
Mr. Darren Grabowski
Verio Security
Mr. Grabowski,
I write to you in response to the web page located at
http://www.toad.com/gnu/verio-censorship.html
I encourage you to continue your actions against Mr. Gilmore in response to
his refusal to comply with the terms of your company's AUP.
Let me state that I firmly uphold Mr. Gilmore's RIGHTS to run an open mail
relay as "free speech". Yet, I also firmly uphold your company's ("Verio")
RIGHTS to deny him service if he does not adhere to the terms of the service
contract which you offer him. Mr. Gilmore's continual payment of the service
charge for his T1 connection is acceptance of the terms of Verio's service
contract.
Furthermore, I firmly support the RIGHTS of Internet users, system and
network administrators, and blacklists to REFUSE to accept mail from Mr.
Gilmore's server/connection/domain.
I am exercising my RIGHTS to freedom of speech and expression in this
message, as any American citizen is permitted. I also respect the fact that
you have a RIGHT to disregard, ignore, or otherwise disagree with my views,
beliefs, and practices.
If Mr. Gilmore is truly concerned about everyone having the freedom to
exercise their RIGHTS, he will accept the fact that Verio has the RIGHT to
deny him a connection, and he has the RIGHT to seek a connection to the
Internet elsewhere. I do not find a law or governing statute anywhere that
declares every free man has a RIGHT to access the Internet.
Thank you for your time and consideration of this matter,
--
Michael Merritt
SPAM filtering by SubLimeMail -- http://www.sublimemail.com/
(remainder of signature snipped for
John Gilmore is lying (Score:5, Interesting)
He is lying.
If he really wanted to run a mail relay for his friends you could authenicate them on a properly administered CLOSED mail relay. Here are a few ways to do this:
POP before SMTP authentication
SMTP authentication
SSH accounts for his friends
Webmail accounts
And John Gilmore certainly knows these and other methods of properly administering his mail server.
I doubt he is running a spam relay for profit, I think he is just trying to stubbornly make some minor point of personal philosophy, and hiding it with his words.
Open Relays don't cause spam ... (Score:2, Interesting)
Sounds like a statement I very much believe in about guns. Yet for some reason I feel it isn't quite as simple. I liken the scenario (closing a relay) to putting a lock on a gun to prevent a child from getting their little hands on it and shooting someone/themselves. So too is closing a relay.
But then again the difference is that an open relay does have legitimate non-spamming uses. Again sorta sounds like an argument often made for mp3, napster etc. Things which I also feel should not be shut down.
I don't think there is a 100% correct answer but I will defend my position that open relays should be closed by saying: closing open relays has the potential to signifigantly prevent bad things from happening (spam and virii) while ultimatly not preventing much of anything legitamate from being done. Much like a lock on the aforementioned gun doesn't prevent you from hunting or self-defense. so IMO relays should be closed. Of course we all know what my opinion is worth
Re:It's bad. (Score:2, Interesting)
That's his problem. Yes, there are plenty of potential problems with the lack of major providers and the consolidation of ISPs. But it's his fault he's been threatened with having his service terminated. He does not have to provide an open relay to run his business. If he cannot find an ISP that will tolerate an open relay, that should say something about how repugnant it is to run an open relay. It's not as if Verio is abusing their position as an upstream provider in this particular case.
I realize it's not popular to say so, but choice is essential for freedom.
I wasn't aware this was unpopular. The argument you seem to be making is that since there aren't very many major providers, they should have to tolerate customers who ultimately harm their other customers, refuse to follow their Terms of Service and cost the company untold amounts of money by wasting bandwidth and spreading virii. Remember, his open relay is probably spewing spam into hundreds or thousands of inboxes owned by other Verio customers -- chewing up bandwidth and other Verio resources and annoying their other customers -- not to mention giving Verio a reputation as a provider that tolerates open relays. (Someone else mentioned that Verio hosts other spammers. That doesn't mean that they shouldn't kick Gilmore, but they should also be getting rid of the other spammers as well.)
Whether there are four major ISPs or four hundred, none of them should have to tolerate a customer like Gilmore. Endorsing their ability to kick a customer who runs an open relay is not an endorsement of any of their other business practices.
If a smaller ISP hosted Gilmore, would it be okay for them to kick him? Should a mom and pop ISP have to host someone like Gilmore? If not, Verio should not be required to either.
My email to Darren Grabowski of Verio (Score:4, Interesting)
Cc: gnu@NOSPAMtoad.com, gnu@NOSPAMeff.org, nospam@NOSPAMeff.org
Darren:
Further to my phone call of a few minutes ago, here's a followup email of which I'm also sending copies to John Gilmore and the EFF.
Having just learned of this whole saga (http://slashdot.org/article.pl?sid=02/03/07/1623
I find Mr. Gilmore's behaviour and attitude absolutely abhorrent. He apparently thinks that he has the moral right to run an open relay, and that noone should stop him.
Has he never heard of SMTP authentication (http://www.imc.org/rfc2554)? This would allow his mail server to accept socket connections from anyone, yet only allow his authorized users to send mail through his relay. Most modern MUAs support this.
Now, supposedly, a virus is (or has been) using his relay to propagate. (http://securityresponse.symantec.com/avcenter/ve
If this were 1992, one could see how beneficial an open relay might be on the Internet. Unfortunately, this is no longer the case under any circumstances.
Being a paying member of the EFF ([My EFF-registered email address went here]), I am sincerely disappointed that the EFF is taking such an anti-Internet stance as to support the maintenance of an open relay which has, without any doubt, been abused in the past (and will no doubt continue to be). This makes me sincerely rethink my desire to continue to be a paying member, as well as my advice to friends and relatives to make donations to the EFF in lieu of giving me gifts at the holidays.
I find it amusing that Mr. Gilmore himself asks (http://www.toad.com/gnu/verio-censorship.html) for a copy of any correspondence regarding this matter be sent to nospam@eff.org -- how ironic.
Thanks in advance for helping to keep the Internet free from spam and virii, Darren. Knowledgeable Internet users everywhere thank you.
[My sig went here.]