[swinog] Anyone from pcloud.com Zug on this List

[Benoît Panizzon via swinog]

Hi

If anyone from pcloud.com is reading this list. Could you please
quickly get in contact with me?

I know why your domain is listed on the SWINOG URIBL. I would like to
look into the root cause.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Any contact to sunrise / chello.at / libertyglobal Postmaster

[Benoît Panizzon via swinog]

Hi

We have a case of emails reproducible disappearing to one specific
sunrise recipient.

The recipient is quite sure, he has not activated any filtering rule in
his sunrise webmail. He requests us as the ISP of the sender, to
investigate the issue 'from the source'.

We see in our logs:

mx0.sunrise.ch has address 213.46.255.61

is happily accepting the email with 200 OK. No late bounce can be found.

Does anyone know, how to contact chello.at for such issue? I have tried
the contacts registered @ RIPE for this range. They are either 'not in
charge and don't know who is' or do not respond.
Sunrise seems not to know how to open a case with chello for such an
issue (as last time we faced such an issue).

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: Email Outage @ NZZ?

[Benoît Panizzon via swinog]

Hi

Thanks for the help. Issue found. I hate Fail2ban!

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: Email Outage @ NZZ?

[Benoît Panizzon via swinog]

Hi

According to NZZ we are rejecting all emails with sender domain
@bounce.email.nzz.ch with "Receiving email server is temporarily
overwhelmed with delivery attempts, from you and other
senders". Unfortunately their feedback is very vague, no logs or
exact times of issue from their side.

I can't find any such emails in our log, but I see some are SRS
forwarded from bluewin, VTX, Hostpoint etc. and do reach us.
Unfortunately I have no access (without customer permission) to the
content and therefore can not glimpse at the email headers to find the
true origin.

Could somebody do me a favour: From which IP Address do you see emails
with envelope domain @bounce.email.nzz.ch being delivered?

It used to be salesforce: 13.111.14.63 until 17. August, but I fear
this changed, which causes the issue, as I have seen at least one email
delivered with this domain, failing SPF from an IP belonging to Liberty
Global Austria if this was not some broken forwarding attempt.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: DNSSEC auto-disabled by SWITCH on some .ch domains?

[Benoît Panizzon via swinog]

Am Mon, 1 May 2023 15:48:16 +0200
schrieb Benoît Panizzon via swinog :

> Some update
> 
> It looks like Gandi at least messed up their Registrar UI.

Gandi Support confirmed the issue. Their API is getting stuck while
trying to remove no longer existing DS entries from the ch TLD,
preventing adding new ones.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: DNSSEC auto-disabled by SWITCH on some .ch domains?

[Benoît Panizzon via swinog]

Hi Daniel

> The nerd answer is that you can use Automated DNSSEC Provisioning [1]
> to enable DNSSEC. This also sends an EPP poll message to your
> registrar to update locally cached state information about a domain
> name.

Yes, trying to understand, how I correctly get rid of my old RRSIG
entries without shooting myself in the foot, I came across this whole
new dnssec-policy and automatic publishing CDS records via Bind.

Not sure if I have yet fully understood the mechanics. But I have
tentatively set it up now and I'll see, if this somehow, by the magic
of the internet, caused my DS entries to get refreshed.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: DNSSEC auto-disabled by SWITCH on some .ch domains?

[Benoît Panizzon via swinog]

Some update

It looks like Gandi at least messed up their Registrar UI.

From their point of view, my 'algo 5' .ch domains have still DNSSEC
active but deleting DS or disabling DNSSEC hangs forever and upon
reloading my old algo 5 keys are back. I guess they perform some API
calls to Switch and this fails, because both disagree on the DNSSEC
status?

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: DNSSEC auto-disabled by SWITCH on some .ch domains?

[Benoît Panizzon via swinog]

Hey

> To the partners at least, in October 2022 informing them that
> anything containing digest-type 1 and/or key algorithm 5 oder 7 are
> no longer supported and will be deleted. This was done last week and
> digest-type 2 and key algorithm should be used. Since end of January
> 2023 you could not use them anymore.

Darn, thank you for the hint! I'm also affected and missed the phase out
of those algos.

Guess I have to read:
https://www.dns.cam.ac.uk/news/2020-01-15-rollover.html

I wonder why my registrar never noticed me he would delete my DS
records disabling DNSSEC on my domains.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Anyone IT/Email/Marketing contact at United Nations or Geneva Forum or Objectif Sciences International

[Benoît Panizzon via swinog]

Hi all

Does anyone have a contact to the IT or more precisely Email /
Marketing Department of the UN Geneva Forum aka Objectif Sciences
International?

https://www.osi-ngo.org/

They most probably have acquired an email list containing SWINOG
Spamtraps and using this to advertised their science activities, getting
shared Office365 IP addresses, used by the UN and other Swiss Office365
customers, blacklisted.

I was in contact with the OSI Geneva Forum CEO, but he was not
successful in finding anyone in charge.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: DNSSEC issue with swizzonic DNS servers?

[Benoît Panizzon via swinog]

Hi Markus

> the name server from swizzonic is not supposed to provide you with a 
> answer to all the queries.

I guess if I point to our recursive validating caching NS and it does
not possess this data in it's cache, it will start by following from
the root by asking for _.numberportability.ch to avoid revealing which
host it is exactly looking for until it reaches the authoritative DNS
for that zone and then ask this one directly for the desired RR.

I guess this is where something is breaking the chain.

I also don't see why the swizzonic DNS which is the authoritative
primary should not answer to all queries. Well of course the DNSSEC
chain (Signed DS entries) has to be followed from the root over ch. to
swizzonic. But everything else should be obtainable from the
authoritative server for that zone, right?

Right now, all needed RR within numberportability.ch resolve ok. So
maybe the now found and fixed he issue.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: DNSSEC issue with swizzonic DNS servers?

[Benoît Panizzon via swinog]

Hi Markus

Thank for the hint regarding the delv tool.

The issue is back this morning:

$ delv @dns1.swizzonic.ch www.numberportability.ch
;; chase DS servers resolving 'numberportability.ch/DS/IN': 
2a01:8100:2901::1:183:201#53
;; REFUSED unexpected RCODE resolving 'ch/NS/IN': 195.110.124.196#53
;; REFUSED unexpected RCODE resolving 'ch/NS/IN': 2a01:8100:2901::1:183:201#53
;; REFUSED unexpected RCODE resolving './NS/IN': 195.110.124.196#53
;; REFUSED unexpected RCODE resolving './NS/IN': 2a01:8100:2901::1:183:201#53
;; REFUSED unexpected RCODE resolving 'ch/DS/IN': 2a01:8100:2901::1:183:201#53
;; REFUSED unexpected RCODE resolving 'ch/DS/IN': 195.110.124.196#53
;; broken trust chain resolving 'numberportability.ch/DNSKEY/IN': 
195.110.124.196#53
;; broken trust chain resolving 'www.numberportability.ch/A/IN': 
2a01:8100:2901::1:183:201#53
;; resolution failed: broken trust chain

Does anyone have a contact to a DNS technician working @ Swizzonic.
Preferably with a phone number.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Anyone else having email issues with Metanet?

[Benoît Panizzon via swinog]

Hi List

Yes, I am already in contact with Metanet techs.

We have a very strange issue with two of their email servers.

Connecting to Port 25 starts fine. SYN, SYN-ACK but then we start
seeing re-transmits until the connections times out.

This first happened to one of their server, then to another one, the
the first server became reachable again at the beginning of this week,
the second one still causes the same problem.

The Problem also occurs the other way round. Metanet is unable to
establish tcp connection to port 25 on rrmx.imp.ch

Is anyone else seeing such an issue, either to metanet or towards our
rrmx.imp.ch?

Has anyone any clue what could cause such an issue?

I compared traces of tcp connections to both of the affected metanet
servers, to the working one and to the one causing re-transmits.
The two initial SYN and SYN-ACK look identical and then to one
destination the re-transmits start and to the other destination I get
the SMTP HELO banner.

PS: Yes, I did disable the firewall on our mail-plattform and re-test.
This does not seem to be the cause.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Is AS203790 reading this list? (up-network.ch)

[Benoît Panizzon]

Hi

If so, could you please contact me off-list (attempted your abuse desk
last week) regarding either a joe-job against your company, or a real
incident where our customer involved is hiding his IP in our
network behind cloudflare.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] DNS help: named 'end of file resolving' a hostname.

[Benoît Panizzon]

Hi Team

Maybe some of you has already come over that issue and know how to fix.

Bind 9.18.4 fails to resolve the A record of: fd19g0409.drive.pro.io

Bind 9.11.36 works.

Both versions have DNSSEC Validation enabled and connected to a network
not restricting EDNS.

Bind Logs:

named[3156696]: end of file resolving '_.drive.pro.io/A/IN': 80.74.143.169#53

Dr. Google does not spit out any useful answer to this error.

Analyzing the traffic with Wireshark, shows the authoritative server for
this domain is answering and nothing jumps to my eye which could be
wrong with the answer I see in the trace.

I guess _.drive.pro.io is a dummy query performed to get OPTIONS.

So my usual attempt is to disable all options that might cause issues:

$ dig +noedns +nocookie +nodnssec +noednsnegotiation A fd19g0409.drive.pro.io 
@{BIND-9.18.4-NS}

Error persists. Any help appreciated in a pointer to the possible cause.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

Re: [swinog] Disable Recursion on Windows Server 2019

[Benoît Panizzon]

Hi

Thanks! I'll pass this on to our customer.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Disable Recursion on Windows Server 2019

[Benoît Panizzon]

Dear Community

We have a customer who operates hosting and uses a Windows Server 2019
as DNS for his hosting customers and for which we occasionally receive
complaints about this being an open resolver prone to DNS amplification
attacks.

Customers requirements:

* DNS reachable from the Internet, for the domains he is authoritative
  for.
* DNS recursion available for hosting customers in his IP range.

He tells me, that he can only switch recursion on and off completely,
but not restrict the ip ranges for which is shall be available.

My quick search via Google, also only revealed how to turn recursion
off completely on a Windows Server 2019.

Hopefully some Microsoft Guru on this list, can tell, how to restrict
recursive access to certain IP ranges?

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] OVH

[Benoît Panizzon]

Hi List

The main problem I observed with OVH and abuse from their network in
the past years, is that the did NOT monitor their abuse-desk email
addresses. I did not send emails to them them lately, so maybe that has
changed in the meantime.

They required you to fill out an abuse complaint form on their website,
which is not useful for automated reports generated by tools like
fail2ban or spamtraps.

I didn't observe a lot of abuse from their network lately, but in the
past it took some effort to get someone @ OVH to look at issues.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] G.Fast DSL modems - bridge only

[Benoît Panizzon]

Hi Jeroen

Interesting topic!

Swisscom deployed 'FTTS' at my home last year, promising 'at least
500 mbit/s with g.fast' for every household, causing the municipal
administration to reject plans for proper FTTH from competitors, this
as a sidenote.

Actual situation: I live about 250m away form the DSLAM in the street.
After several cases opened @ Swisscom, they found out it is just about
a little too far away for g.fast to work properly.

In this 'at the limit' situation I tested two ZyXEL XMG3927-B50A (to
make sure I had not a broken one) in bridge mode (PPPoE on Mikrotik).
Tested directly at the HÜP.

Results:
* g.fast is slower than VDSL2 at this distance in both up and down
  speed (way slower than what Swisscom announced).
* XMG3927 shows very strange packet delays. There is no packetloss, but
  latency sometimes jumps to about 500ms or more, for single packets
  (usually small packets like tcp syn) causing re-transmits, without
  apparent reason. This happens in g.fast AND VDSL2 mode.
  Also happening if ethernet interface is set to 100Mbit/Fduples.
  Opened Case @Studerus, They never heard of that issue.
* Older VDSL2 only Modem: VMG1312-B10A odes not show this lately issue
  (so I kept that modem)

I know, that the XMG3927 has wider filters (up to 500Mhz or so) to
allow g.fast. I know there are a couple of low power 430MHz
transmitters in my neighbourhood. Could they be the cause of that issue?

Looking forward of other's experiences with g.fast bridges.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Coop.ch geoblocking?

[Benoît Panizzon]

Follow up on this.

They use this service:
https://www.brightcloud.com/tools/url-ip-lookup.php

Which list the affected IP in 'high risk' category 'proxy'.

I opened a case with them to find out the cause.

They delistet 157.161.57.65 but not 157.161.57.70. Maybe I should
change the PTR of the later one :-). That only was an exit for very
short time (immediate abuse complaints).

Also 'Tor' is a separate category. So if my experiments with Tor
triggered that issue, why didn't they list it as 'Tor' which they have
as a category.

Another cause might be, that I use a transparent proxy to cache some
content in my LAN. But that only is accessible from my LAN, but of
course this might inject HTTP header indicating the proxy connection.

Also L2TP and PPTP is accessible, so I can access my private ipv4 space
from outside. So did they scan for those services and flag it as
'proxy'?

I'm looking forward for their reply.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Swisscom IPv6 Routing weirdness

[Benoît Panizzon]

I don't seem to have problem from AS6772:

$ openssl s_client -connect [2a02:a90:c400:5001::2]:https
[ssh handshake stuff]
GET / HTTP/1.0

HTTP/1.0 301 Moved Permanently
Location: https://www.swisscom.ch/de/privatkunden.html
Connection: close
Content-Length: 252
[...]

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Anyone from AS9009 / GlobalAXS / m247 Zurich NOC?

[Benoît Panizzon]

Happy new Year.

If anyone from AS9009 Zurich NOC reads this list. Please contact me off
list about a more serious incident involving some of your IP Addresses.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Cloudflare 'relaying' complaints and take down notices to the hosting ISP instead of handling them.

[Benoît Panizzon]

Hi Community

A website (no imprint, domain registered via anonymous proxy), which
allegedly breaks some copyright laws, is proxied by CloudFlare.

CloudFlare got a DMCA take-down notice from an attorney and replied to
the attorney, that the site in question is hosted at AS6772, ImproWare
AG, but did not tell the attorney the IP Address (nor the customer
which could have been looked up via RIPE).

Cloudflare also contacted us and told the IP Address. I contacted the
customer in question. He states he has nothing to do with that website
(I might be tempted to doubt this statement, it could be a customer of
the customer who is involved...).

But I cannot verify: I have no access to the logs of our customer's
Server. I have no access to the proxy logs @ Cloudflare.

The attorney is now getting a bit impatient and considers filing a
legal complaint against us to have us 'solve the issue'.

So I contact Cloudflare as they must have a customer who ordered said
proxy service with them and probably pays for it. Cloudflare could
handle the issue themself, directly at the source, knowing the paying
'culpit'.

I quickly got the reply, that they are not responsible for content
hosted by their customer, therefore they relay complaints to the ISP in
charge of the IP address in question.

That is a bit weird isn't it?

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Spam from 'Rocketmails.ch'

[Benoît Panizzon]

Dear List

Today we received several delisting request for URI's and IP Addresses
somehow associated with Newsletters sent by 'Rocketmails.ch'.

The listings were caused during the last 14 days or so by multiple
customers reporting those emails as spam and claiming not having
subscribed, nor being a customer of the advertising company.

And I guess I can figure out why...

Quote: "Sie erhalten dieses Mailing, weil Sie sich bei unseren
Aktionsseiten oder der unserer Werbepartner mit der Email-Adresse
 eingetragen haben."

There is no mention of WHAT partner or WHAT website they allegedly
subscribed. So that could also explain that they don't know the
company whose products are advertised via Rocketmails. So for the
recipient this is just spam.

Anyone else seeing these and knowing more about how the transfer of
such personal data happens between those partner and what kind of
partners those are?

So far no spamtrap hits, so this does not look like harvested addresses.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] WiFi Calling - traffic flow, protocols, ports, probes, ...

[Benoît Panizzon]

Hi

I have not been digging into this too much, but I have a few clues
which could be helpful.

* Swisscom branded mobile phones (Samsung at least) prevent WiFi (or
  VoLTE) calling (HD Audio) from being used when SIM cards of other
  operators are used. (Maybe Swisscom uses a specific flavour of WiFi
  calling or VoLTE which is incompatible to others?)

* Sunrise, for sure uses IPSEC for WiFi calling but uses GeoIP filter
  to only allows this service from Swiss IP Addresses.

Sidenote: Sunrise Mobile CGNat cannot handle GRE protocol.

-Benoît-


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] How / where to address weird 'akamai' cloud issues?

[Benoît Panizzon]

Hi List

I'm confronted with two strange akamai cloud platform issues.

Yangming.com:
When accessed from certain ip addresses, the akamai 'webserver' returns
a cryptic error number in about 6 of 5 attempts (ssl is established,
cert valid and everything, the error is then shown as website content
instead of the website). Yangming.com tells it's not 'their' problem
and we as ISP operating the affected ip addresses have to fix this.

Brack.ch:
When customers try to subscribe to their newsletter, the website
answers 'Bestätigungsemail gesendet'. But at least two specific email
address are never getting that email (not even a trace in the logs when
I try to subscribe them an watch the logs at the same time) as if it
were blocked @ the sender. Brack Techs never encountered such an issue
and don't know where to start looking as everything is in the akamai
cloud.

Has anyone a contact @ akamai able to debug such issues?

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Looking for UPC DNS Admin, urgent!

[Benoît Panizzon]

Hi List

We start seeing more and more logins from UPC IP addresses.
So it looks like the change got propagated now.

-Benoît-


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Looking for UPC DNS Admin, urgent!

[Benoît Panizzon]

Hi List

Today 12:00 3000 UPC Email accounts were migrated from one email
platform to another.

DNS TTL was set to 300s about 1 week ago.

Looks like the change of mailserver IP has not yet been propagated to
the UPC DNS servers that is being used by those customers.

upc.ch has SOA record ns1.cablecom.net. hostmaster.cablecom.net.

   - Transcript of session follows -
550 5.1.2 ... Host unknown

If anyone could hint the UPC hostmaster to please PM or better call me.

061 826 93 08

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Weird Bluewin Error: 'Unable to verify MX-Record for domain'

[Benoît Panizzon]

Re-Tested before changing MX.

Error is gone. So I suppose it was a temporary problem.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Weird Bluewin Error: 'Unable to verify MX-Record for domain'

[Benoît Panizzon]

Hi Andreas

> list.scout.ch. is not the same as aleka.scout.ch
> You could do instead

Yes, but this has been this way for months and has never caused an
issue yet. Not even with @bluewin.ch recipients. So did bluewin change
something?

Well I'll change the MX. Let's see if this solves this issue.

Strange that IMP has no such issue. We also have MX that point to
IP's resolve to other names to do DNS based load balancing.

rrmx.imp.ch has address 157.161.12.5
rrmx.imp.ch has address 157.161.12.4
rrmx.imp.ch has address 157.161.12.6
rrmx.imp.ch has IPv6 address 2001:4060:1:1001::12:4
rrmx.imp.ch has IPv6 address 2001:4060:1:1001::12:5
rrmx.imp.ch has IPv6 address 2001:4060:1:1001::12:6

5.12.161.157.in-addr.arpa domain name pointer obelix.imp.ch.

and so on.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Weird Bluewin Error: 'Unable to verify MX-Record for domain'

[Benoît Panizzon]

Hi List

Has anyone seen this error message and has a clue about the cause?

... while talking to mxbw.lb.bluewin.ch.:

<@bluewin.ch>
   (reason: 550-5.1.0 MAIL FROM:
   <*@list.scout.ch>
   Unable to verify MX-Record for domain list.scout.ch)

list.scout.ch.  3600IN  MX 50 list.scout.ch.
list.scout.ch.  3600IN  A 157.161.57.26
list.scout.ch.  3600IN   
2001:4060:dead:beef:200:e2ff:fe70:3b2f
list.scout.ch.  3600IN  TXT "v=spf1 a:list.scout.ch 
a:akela.scout.ch a:list.scoutnet.org -all"

Can't find anything wrong with the MX entry. Actually an MX is not even
really necessary.

-Benoît-


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] openssl 1.1.1c and too short DH key on @bluewin.ch

[Benoît Panizzon]

Hi List

If you also noticed emails not being delivered anymore to @bluewin
after uprading to Debian Buster or and other system with newer openSSL
libraries.

This is due to new versions of openSSL not accepting DH keys shorter
than 1024 to counter the logjam attack.

Unfortunately the keys provided by bluewin are too short, causing the
TLS handshake to fail.

Work-Around for now: Disable DH

Test with:

# openssl s_client -cipher 'DEFAULT:!DH' -connect \
mxbw.lb.bluewin.ch:smtp -starttls smtp

In sendmail.mc

O CipherList=HIGH:!DH

-Benoît-


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Troubles with IPv6 queries to whois.nic.ch?

[Benoît Panizzon]

Hello

Who else experiences that problem since a couple of days?

$ whois direktion.ch
The number of requests per client per time interval is
restricted. You have exceeded this limit.
Please wait a moment and try again.

(query was done via IPv6)

$ whois -h 130.59.31.241 direktion.ch
whois: This information is subject to an Acceptable Use Policy.
See http://www.nic.ch/terms/aup.html


Domain name:
direktion.ch
[...]

works!

I'm not doing more than max 10 queries/week from that specific ipv6 address, 
probably much less.

I'm not aware of having other clients within my /48 network doing any queries 
to whois.nic.ch (yes, my blacklist scripts do a lot of queries to 
whois.ripe.net and other RIR's to get abuse contacts, but not to switch)

-Benoît-


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Routing problems @ cablecom?

[Benoît Panizzon]

Hello

I'm not able to reach any address @as6772 from cablecom. Anyone else 
experiencing such Problems?

-böni 


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog