Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 28 Dec 2002 11:51:43 -0500
From:      "Allan Jude" <>
To:        <>
Cc:        <freebsd-questions@FreeBSD.ORG>, <security@FreeBSD.ORG>
Subject:   RE: Bystander shot by a spam filter.
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is not all that surprising
The behavior you are talking about, blocking entire isp's and blocks of
ips, is the same as the other service you mentioned earlier, SPEWS.

SPEWS has blocked 2 entire c-classes at my isp, preventing my company
from sending mail to many large email sites, like and others. 

When I enquired about having the block removed, or made more specific to
block the spammers, but not block my /28, I was told to go to hell.

I think you are in the same situation.

-----Original Message-----
From: owner-freebsd-security@FreeBSD.ORG
[mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Harry Tabak
Sent: Saturday, December 28, 2002 8:45 AM
To: freebsd-questions@FreeBSD.ORG; security@FreeBSD.ORG
Cc: Harry Tabak
Subject: Bystander shot by a spam filter.

[This is a resend. Ironically, the orignal was blocked by FreeBSD's spam

filter, I've had to send this from another account]

	I am not sure which list is best for this issue, hence the cross
posting.  I believe spam and anti-spam measures are security issues --
the 'Availability' part of C-I-A. I apologize if I am wrong.  A FreeBSD
ported package is contributing to an internet service availability
problem that has me stumped.  I believe that an unknowable quantity of
other internet denizens are also affected.

	I'm a long time fan of FreeBSD -- I run it on my small mail
server and
I've recommended it for many applications. I even bought a CD once. I
write this missive with great reluctance. I've worked with a lot of
strange software over the years, But this is a new first -- Software
that slanders! Software that publicly called me a spammer!!!  And not to
my face, but to business associate. And then took action.

	I recently discovered, and quite by accident, that a FreeBSD
package -- spambnc (aka Spambouncer or SB) -- was blocking mail from me
to an unknown number of businesses and individuals on the internet. I'll
probably never have to correspond with most of these people, but I'm a
freelancer -- this may have already cost me a job. [Dear reader, don't
be surprised if you or your clients are also blocked. I strongly suggest
that you check it out.]

	Anti-spam products have a valuable place in the security
arsenal.  But,
IMHO, this product is dangerous because it includes filters and rules
that are overreaching, and inaccurate. Bad firewall rules and bad
anti-spam rules may be OK for an individual site.  However, spambnc's
bad advice is being mass marketed through the good offices of FreeBSD,
and it is putting potholes in the net for the rest of us.  Until it is
fixed, and proven harmless, FreeBSD should stop distributing this

	Basically, the default built-in policies for blocking mail
aren't fully
described, and there is no mechanism to universally correct the
inevitable mistakes in a timely manner. Users (people who install this
product) are mislead about the probably of filtering the wrong mail. I
am sure that the software was developed with the very best intentions,
but in its zeal to block lots and lots of spam, SB is hurting good

	The SB rule blocking my mail host has nothing to do with me.
though, it can use dynamic anti-spam DNS services, SB hard codes  its
rules for filtering bad domains by name and by IP address. My nemisis is
buried in a 1476 line file, sb-blockdomains.rc, which installs by
default, and is not documented outside the code. Along with others, it
blocks the entire space because spammers might live there.
This is sort of like a corporate mail room throwing away all NJ
postmarked mail because of the bulk mail distribution centers in

	My mail host address gets a clean bill of health from every
site that I can find, such as SPEWS. I've checked at least 30 of them.

	My tiny x/29 block is sub-allocated from my DSL provider's x/23
    The DSL provider's block is a sub-allocation from's block. Spambouncer doesn't like Inflow.  While they have a
right to their opinions, they don't have a right to publicly tar me
because of my neighbors.

	If I read sb-blockdomains # comments correctly, it is policy to
only block known spammers, but to ALSO block entire networks based on
their handling of spam complaints. This is like as a business
receptionist checking callerID and then ignoring incoming calls from
Verizon subscribers because Verizon tolerates (and probably invented)

	I have written to both the Spambouncer contact address
<> and the FreeBSD maintainer, but without a
response.  Possibly they are on holiday, or spambouncer is eating my
mail. Perhaps I'm just too impatient.

	I have also contacted my ISP's support.  They don't know how to
me. They vouch for Inflow. They don't recommend it, but for a fee, my
service could be switched to a different PVC, and I'd get an address
from a different carrier. But of course, the new address could be
black-listed on a whim.

	Regardless, I assume that these are reasonable people, and that
will oil the squeaky wheel as soon as it is convenient.  But how will I
ever know that EVERY copy of spambouncer has been fixed? What about
other innocent ISP subscribers who are also black-listed?

Harry Tabak


To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to
with "unsubscribe freebsd-questions" in the body of the message