RE: [swinog] UCEProtect Blacklist -- join the club
Charles Buckley wrote: And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason. mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps. Everyone is going crazy about security, so you're likely to see a proliferation of providers offering to maintain blacklists, who will do it badly. There is already plenty of such lists - I don't think the number is likely to grow a awful lot. Much better would be to let the users determine what is spam and what is not, getting the ISP out of the role of having to play judge on a topic they don't master. Nah, leave the spam-filtering to us :-) The user and the ISP both have better things to do. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
On Wed, 2007-11-07 at 10:54 +0100, Per Jessen wrote: commercial Nah, leave the spam-filtering to us :-) The user and the ISP both have better things to do. /commercial :-D - Dan ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
Per Jessen wrote: Charles Buckley wrote: And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason. mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps. Uh, sorry - I overlooked that you said shared. Well, according to SORBS, the server got listed because mail was sent to a spamtrap on 13 August. It could be one of your co-sharers ... if I were you, I'd talk to q-x.ch, and ask them what they're doing about it. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
I'm far ahead of you -- I already knew all this, and have done all the right steps. The server uses strictly SMTP_AUTH; it has not been compromised beyond the account details of the spammer being circulated. The provider moved instantaneously to identify the offender and kick them out. The compromised SMTP account is now closed. But, just as Sunrise, they are not willing to pay the fee to SORBS to change the status on the list. Instead, they have offered to set up a SMART host for me, but that hasn't happened yet. Perhaps this would be a good insurance line -- insuring against Rufmord from all these neighbourhood network grannies. But I somehow feel that dealing with the insurance Bürokraten would be worse than dealing with these issues by finding ways to protect from SPAM that don't involve hiring a bunch of self-appointed busybodies to strategically misinterpret actions and blackmail money out of people who add value by creating arbitrary sets of losers. Are we talking about mature individuals here? The ETH should know better than to be using such people anyway -- I have informed them of the problem. Charles -Original Message- From: Per Jessen [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 07, 2007 12:03 PM To: swinog@lists.swinog.ch Subject: RE: [swinog] UCEProtect Blacklist -- join the club Per Jessen wrote: Charles Buckley wrote: And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason. mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps. Uh, sorry - I overlooked that you said shared. Well, according to SORBS, the server got listed because mail was sent to a spamtrap on 13 August. It could be one of your co-sharers ... if I were you, I'd talk to q-x.ch, and ask them what they're doing about it. /Per Jessen, Herrliberg -- http://www.spamchek.com/ - your spam is our business. ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] UCEProtect Blacklist -- join the club
Hello Charles Charles Buckley wrote: The ETH should know better than to be using such people anyway -- I have informed them of the problem. At ETH Zurich it depends to which subdomain you are sending e-mail, because some departments run their own mail server with their own policies. But I guess most others depend on the mail service provided from Informatikdienste (ID). I once had a chance to attend a presentation of their mail setup (especialy the mx hosts with the spam and virus filtering) and therefore I know that they are using a few DNS Blacklists to drop mail at the smtp communication. But I don't remember which. Contacting the postmaster at ethz.ch should help. bye Fabian ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] verrizon and swisscom in the schoolyard
rustine:/etc/smokeping# traceroute 62.202.14.193 traceroute to 62.202.14.193 (62.202.14.193), 30 hops max, 40 byte packets 1 fa0-0.rt1.plo1.dfinet.net (195.70.0.65) 1.500 ms 0.675 ms 0.875 ms 2 fa0-6.sw-bb2.cc.dfinet.net (195.70.11.1) 1.093 ms 1.556 ms 0.847 ms 3 gi0-1.rt-b1.cc.dfinet.net (195.70.0.3) 1.117 ms 1.020 ms 0.847 ms 4 POS8-1-0.GW2.GVA2.ALTER.NET (146.188.70.101) 2.361 ms 1.036 ms 1.503 ms 5 GigabitEthernet3-0.CR3.GVA2.ALTER.NET (146.188.6.5) 0.998 ms 2.059 ms 0.921 ms 6 so-2-2-0.XR1.ZUR4.ALTER.NET (146.188.2.85) 5.754 ms 4.690 ms 5.358 ms 7 so-2-0-0.TL2.ZUR3.ALTER.NET (146.188.3.97) 5.090 ms 4.691 ms 4.775 ms 8 so-4-0-0.IR1.NYC12.ALTER.NET (146.188.3.201) 91.318 ms 91.107 ms 91.291 ms 9 0.so-0-2-0.IL3.NYC9.ALTER.NET (152.63.23.57) 91.972 ms 92.164 ms 92.144 ms 10 0.so-7-0-0.XL3.NYC4.ALTER.NET (152.63.10.21) 91.724 ms 91.529 ms 91.444 ms 11 510.ATM6-0.IG4.NYC4.ALTER.NET (152.63.20.57) 91.472 ms 91.618 ms 91.574 ms 12 swisscom-oc3-gw.customer.alter.net (157.130.219.226) 95.619 ms 95.028 ms 94.691 ms 13 i79zhb-005-pos4-0.bb.ip-plus.net (138.187.159.5) 221.616 ms 209.767 ms 216.794 ms 14 tge3-3.bwrt1inb.bluewin.ch (195.186.0.113) 98.431 ms 98.851 ms 98.780 ms 15 if98.ip-plus.bluewin.ch (195.186.0.98) 98.910 ms 98.789 ms 99.633 ms 16 ge0-1.bwrtrip1zhb.bluewin.ch (195.186.120.178) 98.896 ms 98.716 ms 98.524 ms 17 ge0-2.bwrtrip1zhh.bluewin.ch (195.186.55.226) 98.790 ms 98.805 ms 99.091 ms 18 ge0-2.bwadf2zhh.bluewin.ch (195.186.122.131) 99.276 ms 100.072 ms 99.006 ms 19 193.14.202.62.fix.bluewin.ch (62.202.14.193) 111.280 ms 112.007 ms 111.729 ms 20 * * * behave yourself, boys! -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] UCEProtect Blacklist -- join the club
On Wed, 2007-11-07 at 12:29 +0100, Charles Buckley wrote: The provider moved instantaneously to identify the offender and kick them out. The compromised SMTP account is now closed. But, just as Sunrise, they are not willing to pay the fee to SORBS to change the status on the list. As ISP you don't have to pay a fee for delisting at SORBS. Simply mail to [EMAIL PROTECTED] and tell them your ASN. Without ASN your mail will be dropped. Cheerio - Dan ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] adobe.com down?
working also over sunrise. cheers yves Quoting Silvan Gebhardt [EMAIL PROTECTED]: working also from init7 regards, silvan Am 07.11.2007 um 14:24 schrieb [EMAIL PROTECTED] [EMAIL PROTECTED]: http://www.adobe.com/de/ is working from Bluewin. Cheers, Günti -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andreas Weiler - Kabelfernsehen Boedeli AG Sent: Wednesday, November 07, 2007 2:19 PM To: swinog@lists.swinog.ch Subject: [swinog] adobe.com down? Hi all I'm getting no answer from the adobe.com or adobe.de site. Looks like adobe is not reachable at the moment. Can anybody confirm this? Andreas Weiler Kabelfernsehen Boedeli AG ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ServerBeach.ch your professional hosting provider ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] adobe.com down?
Hi all I'm getting no answer from the adobe.com or adobe.de site. Looks like adobe is not reachable at the moment. Can anybody confirm this? Andreas Weiler Kabelfernsehen Boedeli AG ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] adobe.com down?
http://www.adobe.com/de/ is working from Bluewin. Cheers, Günti -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andreas Weiler - Kabelfernsehen Boedeli AG Sent: Wednesday, November 07, 2007 2:19 PM To: swinog@lists.swinog.ch Subject: [swinog] adobe.com down? Hi all I'm getting no answer from the adobe.com or adobe.de site. Looks like adobe is not reachable at the moment. Can anybody confirm this? Andreas Weiler Kabelfernsehen Boedeli AG ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re[2]: [swinog] adobe.com down?
Now also reachable from here again. Looks like there was a problem: http://www.heise.de/foren/go.shtml?read=1msg_id=13843701forum_id=10541showthread=1 greetz, Andreas Weiler Am Mittwoch, 7. November 2007 um 14:35 schrieben Sie: Y working also over sunrise. Y cheers yves Y Quoting Silvan Gebhardt [EMAIL PROTECTED]: working also from init7 regards, silvan Am 07.11.2007 um 14:24 schrieb [EMAIL PROTECTED] [EMAIL PROTECTED]: http://www.adobe.com/de/ is working from Bluewin. Cheers, Günti -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andreas Weiler - Kabelfernsehen Boedeli AG Sent: Wednesday, November 07, 2007 2:19 PM To: swinog@lists.swinog.ch Subject: [swinog] adobe.com down? Hi all I'm getting no answer from the adobe.com or adobe.de site. Looks like adobe is not reachable at the moment. Can anybody confirm this? Andreas Weiler Kabelfernsehen Boedeli AG ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog Y Y ServerBeach.ch your professional hosting provider Y ___ Y swinog mailing list Y swinog@lists.swinog.ch Y http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog