Re: Best practices for sending network maintenance notifications
> I think there was a BCP being worked on. I seem to recall it was being > discussed as a Facebook group. But there's no RFC, at least that I know > of. And additionally, putting the recipients in the To: line sounds like a really bad idea. Sharing PII without permission and stuff like that. Make absolutely certain that all the SPF, DKIM and DMARC stuff is perfect. Make sure that any links are to the corporate domain... always. You want a neutral, paranoid 3rd party who is receiving the notice to be absolutely convinced of its Bona Fides. Do not suppose that your abundance of Sincerity excuses sloppiness. It won't. :( > > Regards, > > Hal Ponton > > Senior Network Engineer > > Buzcom / FibreWiFi > > Tel: 07429 979 217 > Email: h...@buzcom.net > >> On 6 Apr 2016, at 19:56, Dan Mahoney, System Admin >>wrote: >> >> All, >> >> We recently, at $dayjob, had one of our peers (at Symantec) send out a >> network maint notification, putting 70 addresses in the "To:" field, >> rather than using BCC or the exchange's mailing list. >> >> Naturally, when you mail 30 addresses, of the forms peering@ and noc@ >> various organizations, you're likely to hit at least a few >> autoresponders and ticket systems... >> >> And at least one or two of those autoresponders are of course brainded >> and configured to reply-all. (In this case, Verizon's ServiceNow setup >> was such a stupid responder). And that made things fun in our own >> ticket system, as our RT setup happily created a bunch of tickets. >> >> My question for the group -- does anyone know if there's a "best >> practices" for sending maint notifications like this? An RFC sort of >> thing? >> >> While it would define a social protocol, rather than a truly technical >> one, if there's not such a document, it seems like it could useful. And >> once such a thing exists, exchanges could of course helpfully point >> their members AT it (for both their humans, and ticket systems, to >> follow). >> >> -Dan >> >> -- >> > > Aloha mai Nai`a. -- " So this is how Liberty dies ... http://kapu.net/~mjwise/ " To Thunderous Applause.
Re: Craiglist blocked
> I know someone (not ops but ha can forward internally); forwarding to > him. If George's contact doesn't pan out, I have a name that I can forward your concern to. Ping me at work (address in the Cc:) with details if there's no response? > George William Herbert > Sent from my iPhone > >> On Mar 16, 2016, at 2:18 PM, Christopher Tyler >>wrote: >> >> Does anyone have a contact at Craigslist? >> Some of our IP addresses got blocked and we are getting no response from >> the email address listed when attempting to visit their site. Our >> customers are threatening mutiny. >> >> -- >> Christopher Tyler >> MTCRE/MTCNA/MTCTCE/MTCWE >> Total Highspeed Internet Services >> 417.851.1107 >> > Aloha mai Nai`a. -- " So this is how Liberty dies ... http://kapu.net/~mjwise/ " To Thunderous Applause.
Re: Craiglist blocked
> >> I know someone (not ops but ha can forward internally); forwarding to >> him. > > If George's contact doesn't pan out, I have a name that I can forward your > concern to. > Ping me at work (address in the Cc:) with details if there's no response? /facepalm Let's try that again, once more with feeling. >> George William Herbert >> Sent from my iPhone >> >>> On Mar 16, 2016, at 2:18 PM, Christopher Tyler >>>wrote: >>> >>> Does anyone have a contact at Craigslist? >>> Some of our IP addresses got blocked and we are getting no response >>> from >>> the email address listed when attempting to visit their site. Our >>> customers are threatening mutiny. >>> >>> -- >>> Christopher Tyler >>> MTCRE/MTCNA/MTCTCE/MTCWE >>> Total Highspeed Internet Services >>> 417.851.1107 >>> >> > > > Aloha mai Nai`a. > -- > " So this is how Liberty dies ... http://kapu.net/~mjwise/ > " To Thunderous Applause. > > > Aloha mai Nai`a. -- " So this is how Liberty dies ... http://kapu.net/~mjwise/ " To Thunderous Applause.
Re: Microsoft / Outlook.com contact???
> On Tue, 13 Oct 2015 17:47:28 -0700 Robert wrote: > RG> On 10/13/2015 5:44 PM, Robert Story wrote: > RG> > On Tue, 13 Oct 2015 12:25:27 -0700 Robert wrote: > RG> > RG> We are having a problem with email from a certain IP being > RG> > RG> rejected with code FBLW15. We have gone through the normal > RG> > RG> channels but have received no communication/acknowledgement from > RG> > RG> Microsoft at all. Emails to any domain with *outlook.com MX > RG> > RG> records are rejected with the following: > RG> > RG> [] > RG> > RG> We have emailed del...@messaging.microsoft.com, with no > response. > RG> > > RG> > This has happened to me twice this year. Both times I got an > RG> > auto-response fairly quickly, and a followup message within a week, > RG> > and was delisted. Never could get any info on why I was listed in > the > RG> > first place, though. > RG> > > RG> > > RG> > Robert > RG> > > RG> An MS engineer reached out earlier, gave me this: > RG> > RG> https://postmaster.live.com/snds/addnetwork.aspx > RG> > RG> Signing for and using that tool, I was able to pin-point the cause. > You > RG> can also sign-up for their junk-mail feedback loop. > RG> > RG> Hope this helps you next time! > > Excellent, thanks! Unfortunately, that's not going to work if the refusal reason was FBLW15 (or TBLW15). You're not dealing with an issue on the Outlook/Hotmail side of the house. If you had provided the last two octets, I might have been able to give some advice earlier, but alas, everyone seems loathe to actually say which IP is having issues. Aloha mai Nai`a. -- " So this is how Liberty dies ... http://kapu.net/~mjwise/ " To Thunderous Applause.
Re: Microsoft / Outlook.com contact???
> Anyone from Microsoft / Outlook.com / Office365 around? > We are having a problem with email from a certain IP being rejected with > code FBLW15. We have gone through the normal channels but have received > no communication/acknowledgement from Microsoft at all. When did you send the request in to del...@messaging.microsoft.com? > Emails to any > domain with *outlook.com MX records are rejected with the following: > > --- > host > klatencor-com0i.mail.eo.outlook.com[207.46.163.138] said: 550 5.7.1 > Service > unavailable; Client host [65.111..] blocked using > FBLW15; To request > removal from this list please forward this message to > del...@messaging.microsoft.com (in reply to RCPT TO command) > --- > > We have emailed del...@messaging.microsoft.com, with no response. > > The IP in question is not showing up on any blacklists that we have > searched (mxtoolbox, multi-rbl-check, etc etc) > > Thanks > -Robert > Aloha mai Nai`a. -- " So this is how Liberty dies ... http://kapu.net/~mjwise/ " To Thunderous Applause.
Re: outlook.com outgoing blacklists?
> Turns out that there is in fact a list of sorts. > There were some days that the server was unavailable, and the domain was > added to this list. > The point of the list is unclear, but there is a list. I am not partial to the exact details, but it does appear that some action was taken and the issue was resolved. Past that, I don't have any further details that I can share. Main take-away: Don't have all of a domain's MXen be unavailable for more than a day...? > -Original Message- > From: Marcin Cieslak > Sent: Thursday, September 10, 2015 3:11 PM > To: Todd K Grand > Cc: nanog list > Subject: Re: outlook.com outgoing blacklists? > > On Thu, 10 Sep 2015, Todd K Grand wrote: > >> The problem has been resolved. >> Thanks to everybody that contributed. > > And the issue was...? > > ~Marcin > > Aloha mai Nai`a. -- " So this is how Liberty dies ... http://kapu.net/~mjwise/ " To Thunderous Applause.
Re: outlook.com outgoing blacklists?
>> Anybody have some recommendations on how I resolve this > > The most likely explanation is a configuration error at your end, so the > first step is to share what the domain is. That's the 0th Step, actually. If people are going to ask for help, *PLEASE* provide us enough details to be able to guess without consulting Carnak the Magnificent to figure out what the actual details might be. :( Aloha mai Nai`a. -- " So this is how Liberty dies ... http://kapu.net/~mjwise/ " To Thunderous Applause.
Re: protection.outlook.com SMTP support contact needed
I'm running into TLS interoperability problems with some of the SMTP servers under the inbound.protection.outlook.com domain. Are there any Outlook postmasters lurking here that could contact me off list to help debug this? Maybe... But I'd check to see if you might be on a DNSBL first, just to be sure, as the Exchange Online Protection system doesn't advertise STARTTLS if your IP is blocked. What is the IP address that you are sending from? Otherwise, I would suggest having your recipient open a ticket with Customer Support for fastest resolution and traceability. Aloha mai Nai`a. -- So this is how Liberty dies ... http://kapu.net/~mjwise/ To Thunderous Applause.
Re: APEWS spam blacklist?
On Aug 8, 2012, at 6:41 AM, Tim Burke wrote: Anyone have a contact involved with the APEWS blacklist? They have had a /19 of ours blacklisted for almost two years and there seems to be no way to contact them to get this resolved. In a word, no. Much sage advice here: http://www.dnsbl.com/2007/08/what-to-do-if-you-are-listed-on-apews.html Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: Is Hotmail in the habit of ignoring MX records?
On Jul 27, 2012, at 6:40 PM, David Miller wrote: MX records don't chain. But they do, Expand. And I can think of a way whereby if an MX record referenced itself, *AND* included something extra … (did you see the something extra?) That it would be possible (and I'm not saying this is what is happening, but … it could be) … That an internal process could go resolving MX records, and adds them all to an internal table, until it figures it's got 'em all… Gotta Get 'Em All! … and maybe, just maybe … it exhausts the table space, and gives up, and tries the A record. I'm not saying this would be Standard. I'm not saying this is the best, or perhaps even an acceptable way to do it. Or that it is in fact what is happening. But the config looked weird, and I can imagine … a system being written as described … and breaking just this way given that MX configuration. I can imagine Test … not catching it. Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: Is Hotmail in the habit of ignoring MX records?
On Jul 27, 2012, at 8:47 PM, Mark Andrews wrote: In message 25f0b21a-0319-45e3-9dbf-9906cb77a...@kapu.net, Michael J Wise writ es: On Jul 27, 2012, at 6:40 PM, David Miller wrote: MX records don't chain. But they do, Expand. And I can think of a way whereby if an MX record referenced itself, = *AND* included something extra =85 (did you see the something extra?) That it would be possible (and I'm not saying this is what is happening, = but =85 it could be) =85 That an internal process could go resolving MX records, and adds them = all to an internal table, until it figures it's got 'em all=85 Gotta Get 'Em All! =85 and maybe, just maybe =85 it exhausts the table space, and gives up, = and tries the A record. I'm not saying this would be Standard. It would be broken. I'm not disputing it. I'm also not saying it is, or it isn't, because I don't know. What I am saying is, what I do know is, that you probably can't open a Sev A DCR ticket with HotMail, and neither can I. That, and … it would seem there may be two things broken. And that fixing the MX recursion may re-cloak the apparent bug in HotMail. Maybe. Which one can be fixed faster? Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: Is Hotmail in the habit of ignoring MX records?
On Jul 26, 2012, at 1:35 AM, Lou Katz wrote: The domain is cookephoto.com Why does mail.metron.com have MX records? And they're different. $ host cookephoto.com cookephoto.com has address 192.160.193.89 cookephoto.com mail is handled by 10 mail.metron.com. cookephoto.com mail is handled by 12 mail2.metron.com. cookephoto.com mail is handled by 15 mail.katz.com. $ host mail.metron.com mail.metron.com has address 192.160.193.14 mail.metron.com mail is handled by 10 mail.metron.com. mail.metron.com mail is handled by 20 mail.katz.com. $ host mail.katz.com mail.katz.com has address 192.160.193.14 $ host mail2.metron.com mail2.metron.com has address 209.204.189.91 $ host plaid.metron.com plaid.metron.com has address 192.160.193.135 Normally, in my experience, the actual mail server doesn't have MX records as such, but…. Just seems 0dd. Also, you say … At the time of the transaction, nothing special was happening here, ... Was anything strange happening with any of the DNS records for any of these domains in the past two days? Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: Is Hotmail in the habit of ignoring MX records?
On Jul 26, 2012, at 6:34 PM, Mark Andrews wrote: In message a9a5c64b-831d-42bf-8a38-56cc3b9ba...@kapu.net, Michael J Wise writ es: On Jul 26, 2012, at 1:35 AM, Lou Katz wrote: The domain is cookephoto.com Why does mail.metron.com have MX records? Why do you care? There is nothing wrong with having explict MX records and they generally take up less room in a DNS cache then the negative response does especially if it is DNSSEC signed. And they're different. Again why do you care? Why do *I* care? I don't. I'm just trying to find the weird bit that maybe is causing hotmail to stumble. And maybe an endless loop for an MX lookup might be what is causing hotmail to panic and throw out the MX records. $ host cookephoto.com cookephoto.com has address 192.160.193.89 cookephoto.com mail is handled by 10 mail.metron.com. cookephoto.com mail is handled by 12 mail2.metron.com. cookephoto.com mail is handled by 15 mail.katz.com. $ host mail.metron.com mail.metron.com has address 192.160.193.14 mail.metron.com mail is handled by 10 mail.metron.com. mail.metron.com mail is handled by 20 mail.katz.com. $ host mail.katz.com mail.katz.com has address 192.160.193.14 $ host mail2.metron.com mail2.metron.com has address 209.204.189.91 $ host plaid.metron.com plaid.metron.com has address 192.160.193.135 Normally, in my experience, the actual mail server doesn't have MX records as such, but=85. Just seems 0dd. All address record (A and A) have MX records. Some may be implicit but as far as SMTP is concerned they all have MX records. Also, you say =85 At the time of the transaction, nothing special was happening here, ... Was anything strange happening with any of the DNS records for any of these domains in the past two days? Aloha, Michael. -- Please have your Internet License and Usenet Registration handy... -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: DNS poisoning at Google?
On Jun 27, 2012, at 12:06 AM, Matthew Black wrote: We found the aberrant .htaccess file and have removed it. What a mess! Trusting you carefully noted the date/time stamp before removing it, as that's an important bit of forensics. Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: DNS poisoning at Google?
On Jun 26, 2012, at 9:07 PM, Ishmael Rufus wrote: I'm glad I'm not the only one that miss this one: http://www.csulb.edu It is in his signature and email address as well ;) The queries do seem to be taking a number of seconds, though, as opposed to being nearly instant when I reference the DNS servers of record directly. The results I get at home (via SpeakEasy) all appear correct, though. On Tue, Jun 26, 2012 at 11:04 PM, Sadiq Saif sa...@asininetech.com wrote: Accidentally sent that to Matthew only, mind sharing the domain name? On Tue, Jun 26, 2012 at 11:53 PM, Matthew Black matthew.bl...@csulb.edu wrote: Google Safe Browsing and Firefox have marked our website as containing malware. They claim our home page returns no results, but redirects users to another compromised website couchtarts.com. We have thoroughly examined our root .htaccess and httpd.conf files and are not redirecting to the problem target site. No recent changes either. We ran some NSLOOKUPs against various public DNS servers and intermittently get results that are NOT our servers. We believe the DNS servers used by Google's crawler have been poisoned. Can anyone shed some light on this? matthew black information technology services california state university, long beach www.csulb.eduhttp://www.csulb.edu -- Sadiq S O ascii ribbon campaign - stop html mail - www.asciiribbon.org Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: DNS poisoning at Google?
On Jun 26, 2012, at 9:35 PM, Matthew Black wrote: Yes, we’ve used the Google Webmaster Tools a lot today. Submitted multiple requests and they keep insisting that our site issues a redirect. Unable to duplicate the problem here. … have you consulted the logs? If the redirect is there, it … 1) might not be from the home page, and 2) could be in … user content? awk '{if ($9 ~ /304/) { print $0 }}' access_log. … or some such. Granted, might be a storm of - index.html redirects, but they should be grep -v 'able in short order. You might also look for the rDNS of the Google spider to see exactly where it is looking, and what it sees. Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: Vixie warns: DNS Changer ‘blackouts’ inevitable
On May 22, 2012, at 10:47 PM, Randy Bush wrote: When those servers are turned off, Customer Support folks at many ISPs will prolly want to take their accrued vacation. Amen. And there will be thousands more of them when the court order expires than existed when the Feds called him in. they could extend the court order, or prolong the do-gooder hack longer under some other pretext, increasing the underlying problem further. more infected machines and more job creation for front line support when the whitewash finally stops. According to the pretty graphs, the number of machines querying the aforementioned infrastructure is going down. Just not as fast as pretty much everyone would prefer… and the DOJ is footing the bill, and grows tired of it. So at some point, the lights are gonna be turned off. It's a shame the ISPs who have the infected users have done less to mitigate the issue. And many solutions were suggested, but all of them ended up being … perceived to be worse than just shutting it down. Or so I recall the presentation that Paul gave to a bunch of us in San Francisco back in February. Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: Vixie warns: DNS Changer ‘blackouts’ inevitable
On May 23, 2012, at 8:22 AM, na...@namor.ca wrote: On Tue, 22 May 2012, Michael J Wise wrote: So at some point, the lights are gonna be turned off. It's a shame the ISPs who have the infected users have done less to mitigate the issue. To be fair, and take issue with this, it's not all on the ISPs, is it? Agreed. By definition, the numbers have been falling. So somewhere, someone is doing something to lessen the coming /facepalm I've been seeing our counts decrease for months, but there are some who will not/cannot get it. I am sadistically looking forward to the shutdown, admittedly. You have your time off approved I trust? :) Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: vixie, father of multitudes
On May 23, 2012, at 5:28 PM, paul vixie wrote: it's lovely to have so many fans. keep those cards and letters coming. (but, cc me!) Yessir! Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: Vixie warns: DNS Changer ‘blackouts’ inevitable
On May 22, 2012, at 8:35 PM, Randy Bush wrote: father of bind? that's news. http://boingboing.net/2012/03/29/paul-vixies-firsthand-accoun.html He was there, and Put The Fix In, to down the network. I gather he's the one pulling it out on the appointed day as well. dnschanger gonna be a mess? that's not news. Agreed. Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: Vixie warns: DNS Changer ‘blackouts’ inevitable
On May 22, 2012, at 9:10 PM, bmann...@vacation.karoshi.com wrote: On Tue, May 22, 2012 at 08:52:52PM -0700, Michael J Wise wrote: On May 22, 2012, at 8:35 PM, Randy Bush wrote: father of bind? that's news. http://boingboing.net/2012/03/29/paul-vixies-firsthand-accoun.html He was there, and Put The Fix In, to down the network. Certainly news to Phil Almquist and the entire BIND development team at UCB. Paul was at DECWRL and cut his teeth on pre-existing code. While he (and ISC) have since revised, gutted, tossed all the orginal code, rebuilt it twice - and others have done similar for their DNS software, based on the BIND code base, implementation assumptions, and with little or no ISC code, and they call it BIND as well, it would be a HUGE leap of faith to call Paul Vixie the father of BIND - The Berkeley Internet Naming Daemon. Methinks we're talking at cross purposes. As for being there and Put The Fix In... Makes for great PR but in actual fact, its a bandaid that is not going to stem the tide. An actual fix would really need to change the nature of the creaky 1980's implementation artifacts that this community loves so well. I don't think we're talking about the same thing at all. Paul was there to shut down the DNS changer system and replace it with something that restored functionality to the infected machines. And I gather Paul will be one of the people who will turn the lights out on it. Your other comments are non-sequitur to the main issue. When those servers are turned off, Customer Support folks at many ISPs will prolly want to take their accrued vacation. Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: Microsoft/Hotmail forgot to set reverse DNS pointers?
On Mar 21, 2012, at 1:54 AM, Michiel Klaver wrote: Diagnostic-Code: smtp;450 4.7.1 Client host rejected: cannot find your reverse hostname, [157.55.1.150] Anyone here who has proper contacts to give them the clue-bat? I gather the correct eyes are on the problem and it should be resolved soonest. Thanks for the heads-up. Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: Microsoft JMRP (Mail) Admin Needed
On Dec 19, 2011, at 6:10 PM, Richard Laager wrote: I'm trying to sign up for Microsoft's Junk Mail Reporting Program. Multiple representatives keep sending me more-or-less form responses saying they can't add my dynamic … Stop right there. Are the IP addresses you are sending mail from Dynamic? Do you *own* those addresses? Why are they, Dynamic? Mail should never be coming from Dynamic IP addresses. … customer IP ranges because they're included in...[a] third party block list. The list in question is the SpamHaus PBL. They clearly don't understand … They clearly *DO* understand. They know exactly what the PBL is. that the SpamHaus PBL (unlike other SpamHaus lists) is not a list of IPs that have sent spam. I'm looking for someone with a clue that can help me. You need to understand why they are not interested in your traffic as you currently describe your ability to send it. P.S. Even ignoring the PBL, this policy of not enrolling IP ranges that are listed on DNSBLs doesn't make a lot of sense to me. Even if the IPs had been sending spam, wouldn't Microsoft want the ISP's help in stopping that? They *HAVE* stopped it. :) Already. Aloha, Michael. -- Please have your Internet License and Usenet Registration handy...
Re: Removal from mailing list
Can I please get taken off all nanog mailing list. Some email programs will spell it out, but ... In the full headers, we see this: List-Unsubscribe: https://mailman.nanog.org/mailman/listinfo/nanog, mailto:nanog-requ...@nanog.org?subject=unsubscribe Aloha mai Nai`a. -- So this is how Liberty dies ... To Thunderous Applause.
Re: Contact for APEWS.org?
On Feb 21, 2011, at 3:41 PM, Kate Gerry wrote: We've been advised by a client that they're incorrectly listing a /15. What do your LOGS say? What did the BOUNCE say? Aloha, Michael. -- Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy...
Re: Alleged backdoor in OpenBSD's IPSEC implementation.
On Dec 14, 2010, at 9:56 PM, Ken Chase wrote: On Tue, Dec 14, 2010 at 09:39:02PM -0800, Chaim Rieger said: Does anyone remember the last time a law enforcement agency had someone sign a 10 year NDA on a backdoor? Oh, times up, I can post it on Facebook now. Cool. 22:42 @smartboy curious what the guy's motives really are. pretty sure the NDA expiration on putting a backdoor into software for the FBI would be when you're dead 22:42 @smartboy or when you'd like to be dead Someone is confusing FBI with NSA, methinks. And yes, if this is the kind of thing not talked about, NDAs expire when you do. But seriously ... this would seem to be the kind of code that Smart People should be doing security audits on Just Because. So rustle up a couple of PostDocs, and give them an idea for a Thesis, and yer set. Aloha, Michael. -- Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy...
Re: Tools for teaching users online safety
On Oct 25, 2010, at 9:06 PM, Ted Hatfield wrote: Whatever instructional plan you put together make certain it includes instructions on applying security patches and keeping your system up to date. Probably the best thing most users can do to keep their systems clean. That, and ... NEVER ever type your password into the body of an outgoing email. Ever. Aloha, Michael. -- Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy...
Re: BCP38 exceptions for RFC1918 space
On Aug 15, 2010, at 9:14 AM, Florian Weimer wrote: What's the current consensus on exempting private network space from source address validation? BCP38-land MUST *never* see RFC1918-space traffic. Ever. Unless you're using a border router as a NAT device, of course The only way your question makes sense is if someone who should know better is intending to announce some chunk of RFC1918-space via BGP. Please tell us that is not your intent. Aloha, Michael. -- Please have your Internet License http://kapu.net/~mjwise/ and Usenet Registration handy...