Re: ORBZ shut down

From: jlewis@lewis.org
Date: 03/20/02


Date: Wed, 20 Mar 2002 12:19:04 -0500 (EST)
From: <jlewis@lewis.org>
To: <incidents@securityfocus.com>

On Wed, 20 Mar 2002, David Ulevitch wrote:

> I'm sending this forward to incidents for two reasons.
>
> 1) The reason ORBZ appears to have been shut down is because of the
> problem with Lotus Domino servers crashing/hanging when receiving
> bounces with null envelope senders.(check archives for exact issue)
>

Does anyone have a complete list of any other from addresses/formats that
will cause load issues on Domino. I know from Ian's bugtraq post that
anything@[127.0.0.1] will do it. What about anything@localhost,
anything@[servers-IP], etc.? Has Lotus fixed this in any Domino release,
or are they all brain damaged.

> 2) A lot of mail servers will HANG or be EXTREMELY slow if they are
> setup to check against ORBZ name service for spamboxes.

Just like when MAPS surprised everyone with no more free service.

> A good solution is to switch to using something like ORDB
> (www.ordb.org)

Or any number of other dnsbl's.

-- 
----------------------------------------------------------------------
 Jon Lewis *jlewis@lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com