You don't need a central MX if each site MTA knows which users are at
which sites. Incoming email may have to take an extra hop if it comes in
to the wrong site, but that's a consequence of the specification that no
implementation can fix.
In other words, SMTP does not have the equivalent of
3. Change company policy to reflect names like
[EMAIL PROTECTED],
[EMAIL PROTECTED], etc, where DNS would resolve to the correct
server.
Doesn't give corporate the email image they are after.
unfortunately, all public routing to email servers is based only on
domain
names, so the
Hi guys. I notice a large increase in recent weeks of ISP directed
phishing - largely because of worms moving backward to using the user's
own domain for the spam, but not just in the from: address.
I believe this started out as a let's feel this out or wow, that
worked, let's phish ISP's
ras, all,
On Thu, Jun 23, 2005 at 12:14:12AM -0400, Richard A Steenbergen wrote:
On Wed, Jun 22, 2005 at 10:04:09PM -0400, Todd Underwood wrote:
a) many (all?) implementations of md5 protection of tcp expose
new, easy-to-exploit vulnerabilities in host OSes. md5 verification
is slow
Andrew Staples [EMAIL PROTECTED] wrote:
[...] the group wants to consolidate email addresses across the
group, i.e.. [EMAIL PROTECTED], regardless of where the mail
account lives, yet still give local control over the email server.
Due to the potential for namespace clashes, you *must* have a
[EMAIL PROTECTED] wrote:
[...]
In other words, SMTP does not have the equivalent of an HTTP
redirect which is what he wants here. Maybe SMTP really is broken?
;-)
If you don't mind dirty, unreliable kludges, you could hack the server
to give a 4xx and hope the client will try a different
Thanks to everyone who offered advice and links to resources. The
information I've gathered with your help will greatly assist me moving
forward, regardless of our decision on which protocol to use.
Regards,
Daniel
In other words, SMTP does not have the equivalent of an
HTTP redirect which is what he wants here. Maybe SMTP
really is broken? ;-)
hmm.
i seem to recall a similar redirect mechanism in SMTP some time ago. not
worth the effort; broken; or somesuch.
anyhow, once you've hit a server, the
In his case, it sounds like he actually has a business case
for solution 3 above.
I think there is *always* a business case for making infrastructure
communications services work efficiently and reliably.
However the world is pretty consistent about efforts to fix long-standing
human
On Thu, 23 Jun 2005, Dave Crocker wrote:
i seem to recall a similar redirect mechanism in SMTP some time ago. not
worth the effort; broken; or somesuch.
The 251 and 551 forwarding address responses. Many mail servers don't know
a user's forwarding address at SMTP time; most mail servers
morning all , experts
i am proud to announce a european cuseeme test reflector
cuseeme was a free available peer 2 peer multiconferencing
videoconferencing application for mac and pc
more info about installation and history:
http://www.cuseeme.de/
its open now
cuseeme.dyndns.tv CID 0 64/150
On Thu, 23 Jun 2005 [EMAIL PROTECTED] wrote:
You don't need a central MX if each site MTA knows which users are at
which sites. Incoming email may have to take an extra hop if it comes in
to the wrong site, but that's a consequence of the specification that no
implementation can fix.
In
Many mail servers don't know
a user's forwarding address at SMTP time;
ahh, right.
something about email being s/f, and therefore not direct.
requiring 'the next hop' to have complete knowledge doesn't work. requiring a
particular hop to the 'the last hop' also causes problems.
hmm. i
In the case where XREDIRECT cannot be negotiated, the server will just
have to accept and forward the message itself.
There's obviously a lot of work involved in deciding the exact
mechanism. Is gb.example.net looked up via MX, SRV, or something else?
Can clients cache the name, and for
On Wed, Jun 22, 2005 at 06:39:07PM -0700, william(at)elan.net wrote:
P.S. It would really be great if IETF remained true to its origin
and goals did did technical reviews and selected proposals based on
the technical capabilities and not on what large company is exerting
pressure on them
I don't have the answers but I think the 10 years of
failure to put a dent in spam have shown beyond the
shadow of a doubt that Internet email is broken by
design and bandaids are not going to fix this, no matter
how many different bandaids are applied. It is time
to re-engineer with the
At 05:37 AM 6/23/2005, you wrote:
Hi guys. I notice a large increase in recent weeks of ISP directed
phishing - largely because of worms moving backward to using the user's
own domain for the spam, but not just in the from: address.
I believe this started out as a let's feel this out or wow,
Todd,
eric, all, not to pick on eric at all, but since he raised the issue...
I always assume and, frankly hope, that when I post something someone will
pipe up and point out anything thats inaccurate, needs clarification,
is a bad idea, etc.
likely need to make modifications to our IGP/EGP
On Thu, 23 Jun 2005 [EMAIL PROTECTED] wrote:
Perhaps this is the time to find a new general solution rather than
continuing to tack extensions on the existing email service?
None of the email replacement proposals I have seen are likely to get any
significant deployment because none of them
my understanding is that md5 is still checked before the
ttl-hack check takes place on cisco (and perhaps most router
platforms). new attack vector for less security than you had
before. oh well. ras:
can you confirm that it is possible to implement ttl-hack and
have it check
how many different bandaids are applied. It is time
to re-engineer with the benefit of hindsight.
However desirable this may be, don't you agree that no matter what
mechanism comes along, there's a huge inertia to overcome.
We can debate the correct way to handle email forever. But of
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Todd Underwood
Sent: Thursday, June 23, 2005 5:57 AM
To: Richard A Steenbergen
Cc: nanog@merit.edu
Subject: Re: md5 for bgp tcp sessions
ras, all,
On Thu, Jun 23, 2005 at 12:14:12AM -0400,
marty,
On Thu, Jun 23, 2005 at 10:22:07AM -0400, Hannigan, Martin wrote:
rolling out magic code because your
vendor tells you to is a bad idea;
That's mostly the result of the calamitous failure in vulnerability
release methodology, not Operator stupidity.
totally agreed. vendors
Robert Boyle wrote:
At 05:37 AM 6/23/2005, you wrote:
Hi guys. I notice a large increase in recent weeks of ISP directed
phishing - largely because of worms moving backward to using the user's
own domain for the spam, but not just in the from: address.
I believe this started out as a
Good morning..
Have any noted significant performance issues (routing loops etc.) in
interconnects with Level3 infrastructure - particularly in Chicago, New
York or Seattle within the last 4 days?
Any feedback offline would be great.
Thank you.
On 2005-06-23, at 09:57, Eric Gauthier wrote:
likely need to make modifications to our IGP/EGP setup. Though
we filter
OSPF multicast traffic, we wanted to add in MD5 passwords to our
neighbors.
just a quick comment here. i would encourage you not to do that.
Honestly, I completely
Wild idea and there's just too much good german beer here at MAAWG
(www.maawg.org) in Dusseldorf, but .. anybody tried anycasting a
mailserver?
Operationally that is ...
On 23/06/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
You don't need a central MX if each site MTA knows which users
On Thu, Jun 23, 2005 at 10:27:49AM -0400, Todd Underwood wrote:
marty,
On Thu, Jun 23, 2005 at 10:22:07AM -0400, Hannigan, Martin wrote:
rolling out magic code because your
vendor tells you to is a bad idea;
That's mostly the result of the calamitous failure in vulnerability
On Thu, Jun 23, 2005 at 05:57:05AM -0400, Todd Underwood wrote:
ras, all,
On Thu, Jun 23, 2005 at 12:14:12AM -0400, Richard A Steenbergen wrote:
On Wed, Jun 22, 2005 at 10:04:09PM -0400, Todd Underwood wrote:
a) many (all?) implementations of md5 protection of tcp expose
new,
Eric Gauthier [EMAIL PROTECTED] writes:
Honestly, I completely agree with you that MD5'ing our OSPF
adjacencies isn't a great idea (I've so far stalled its roll-out).
I strongly argued against it internally. There were, however, those
in both the networking and security groups that were
Stepping out of the lurker's doorway for the first time.
On Jun 23, 2005 at 20:27 +0530, Suresh Ramasubramanian wrote:
=Wild idea and there's just too much good german beer here at MAAWG
=(www.maawg.org) in Dusseldorf, but .. anybody tried anycasting a
=mailserver?
=
=Operationally that is
At 12:04 PM -0400 2005-06-23, Derek Diget wrote:
I replied privately to the original poster since I was not on NANOG-post,
but this would be interesting if the anycasting was tied into some load
balancers doing geographical balancing.
GSLB only works if each and every server can supply
On 2005-06-23, at 10:57, Suresh Ramasubramanian wrote:
Wild idea and there's just too much good german beer here at MAAWG
(www.maawg.org) in Dusseldorf, but .. anybody tried anycasting a
mailserver?
Operationally that is ...
I know of people who have anycasted the address used by their
Measuring a customer service rep's time on a daily basis is a pretty easy
and straightforward task. You can get down to the minute by minute level of
how a CSR spends their time each day. You can also easily relate that back
to customer growth which gives you how many CSR's you need for your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 23 Jun 2005, Gadi Evron wrote:
Due to the huge number of variants in the wild, our AV software can't
keep up (probably nobody's can). Instead, we enabled a global rule which
blocks any email from accounts such as billing, root, postmaster,
Joel Jaeggli wrote:
snip
The bigger issue is that users simply don't trust any kind of official
communication anymore and I don't see anything other than pki that
could actually restore that.
PKI alone won't solve it, but we are not trying to fix phishing here
(good thought though!). I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 24 Jun 2005, Gadi Evron wrote:
Joel Jaeggli wrote:
snip
The bigger issue is that users simply don't trust any kind of official
communication anymore and I don't see anything other than pki that
could actually restore that.
PKI alone
On Fri, 24 Jun 2005 01:20:27 +0200, Gadi Evron said:
Thing is, user-trust or no user-trust, they click by the masses.
One wonders how many people would click on a phish from the First
National Bank of Dancing Hamsters, just because
pgpa4XUbqVkbA.pgp
Description: PGP signature
38 matches
Mail list logo
