getting all mails blacklisted by relays.ordb.org

Mon Mar 31 02:00:31 IST 2008

on 3-29-2008 3:49 PM Edward Dekkers spake the following:
>> On Sat, Mar 29, 2008 at 6:24 PM, Benedict simon <simon at kmun.gov.kw>
>> wrote:
>>>  but i would like to know why it was workin earlier for almost a year
>>>  and suddenly relays.ordb.org start to give problem
>> Because ORDB has not been working for 15 months and to stop people
>> like you from using it forever they finally delivered hits on every
>> query. Woke you up, didn't it? :-)
>>
>> http://it.slashdot.org/article.pl?sid=08/03/25/2124224
>>
>> --
>> /peter
> 
> Hey guys, I'm really honestly am not digging up old trash, but can you guys
> help me to become a better admin?
> 
> In relation to the various posts here regarding ordb (and myself getting
> caught out), I've seen various posts on this list (which is usually rather
> friendly) which are bordering on nasty saying "you should've known this was
> going to happen".
> 
> Most of you guys mention that if we had have been monitoring our logs
> properly we could have prevented this.
> 
> Now, I must first mention I agree - if something is preventable and I screw
> up I'm the first to admit it.
> 
> But I have just flogged the hell out of ALL my mail logs (/etc/mail.*) and
> all the archived/rotated ones but I cannot find the warning about the black
> list going down.
> 
> Now, I normally use Logwatch to monitor my logs, that certainly made no
> mention, and I cannot seems to find any reference to the ORDB in my other
> mail logs.
> 
> Again, I'm not making excuses, let me make that really clear! I really do
> want to learn. I feel like a fool when I miss something and want to stop it
> from happening. Really.
> 
> But I cannot seem to find this warning you guys mention.
> 
> What do I need to change in my log setup to catch this kind of stuff? Where
> is it?
> 
> Regards,
> Ed.
> 
> 
> 
I think one of the biggest problems for new sysadmin's is looking at the 
howto's floating around on the internet and using them without doing some 
research. I just did a quick google of "ordb + howto" and there are a lot of 
them that give high praises of ordb. But they are all older docs, and a good 
sysadmin will look up all relevant info of such docs, even if it is to just 
check on their validity.

I am not pointing fingers at anybody, and I was there several years ago. But 
now I am one of the "elders" of the tribe, and I just want to help pass on the 
skills that I had to learn the hard way. In 20 years when I can finally 
retire, I want there to be capable and well trained people looking out for my 
e-mails to and from my great-grandchilden.

So here is the best advice I can give;

Read. Read as much as you can, turn off the TV and spend some time reading any 
relevant docs you can. Especially some of the O' Reilly books. They are worth 
the cost.

Keep up with a few mailing lists. One for your chosen OS, one for your MTA, 
and a few that look relevant to your systems. You can browse their list 
archives first to see how relevant the info is for you. Also, as said before, 
if you use other critical services or utilities, get on their announce lists, 
and make sure it is whitelisted if you have spam filters. Then events like the 
ORDB shutdown wouldn't affect you, because you would have got a notice in 2006 
of their shutdown. If you tried to join later, you would probably get notice 
then, or at least saw something on their web pages.

And last, monitor your systems. Upgrade any software that needs it, especially 
for security fixes. Monitor for suspicious activity. And if you find something 
strange that you didn't monitor for, start.

Unfortunately, IT just isn't an 8 to 5 job anymore. Even if it only gets 8 to 
5 pay. And if you don't do it properly, your bosses will find someone else to 
do it.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080330/efc51b81/signature.bin