on Wed, Aug 01, 2007 at 09:47:45AM -0400, Drew Weaver wrote:
Up until recently, we were only providing the RIR database with
information about our larger allocations /24 or larger. We have
noticed however that many anti-spam organizations such as Spamhaus,
and Fiveten will use the lack of
on Wed, Apr 04, 2007 at 06:25:18PM -0400, John L wrote:
This technique works great to keep spam out of your mailbox.
Inline rejection is a little dangerous for mailing lists
And for anyone else who doesn't feel like jumping through your hoops.
Providing a telephone number in the
on Fri, Feb 16, 2007 at 07:43:38AM -0500, Eric Gauthier wrote:
Dorms are basically large honey nets. :)
I run the network for a University with about 12,000 students and
12,000 computers in our dormitories. We, like many other Universities,
have spent the last five or six years putting
on Mon, Oct 02, 2006 at 06:45:46PM -0400, [EMAIL PROTECTED] wrote:
On Mon, 2 Oct 2006, Rick Kunkel wrote:
I had users that appeared to be getting their email blocked seemingly
because in their sigs, they write their phone number that stupid
IP-Address-Wannabe method, like:
206.555.1212
on Fri, Sep 01, 2006 at 11:45:53AM -0400, Sean Donelan wrote:
For example, Gmail doesn't include the originating IP address in its
email which makes it even more difficult for spam filters to judge its
reputation.
You misspelled makes it a veritable haven for 419 scammers.
--
on Fri, Aug 11, 2006 at 09:38:46AM +0100, Peter Corlett wrote:
On 10 Aug 2006, at 22:07, Barry Shein wrote:
[...]
The vector for these has been almost purely Microsoft Windows.
I wonder. From the point of view of a MX host (as opposed to a
customer-facing smarthost), would TCP
on Thu, Aug 10, 2006 at 01:11:50AM -0700, william(at)elan.net wrote:
On Aug 9, 2006, at 1:06 PM, Matthew Sullivan wrote:
This is also why I took the time to create:
http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt
The reason I do not
on Thu, Aug 10, 2006 at 08:55:37PM +0530, Suresh Ramasubramanian wrote:
On 8/10/06, Steven Champeon [EMAIL PROTECTED] wrote:
redundancy bigisp-foo-bar-baz.dyn.bigisp.net. Worst among those who
actually provide rDNS in SE Asia is probably tm.net.my, who name all of
their customer PTRs
on Fri, Jun 23, 2006 at 11:23:44AM -0700, [EMAIL PROTECTED] wrote:
The users have an expectation that their access to the Internet
works like a utility. When you say the power is shut off you don't
expect to expand on whether the power grid in your state had a
cascading failure but people on
on Thu, Oct 06, 2005 at 03:25:54PM -0500, John Kristoff wrote:
On Thu, 6 Oct 2005 11:54:34 +0100
[EMAIL PROTECTED] wrote:
While I realize that the nuke survivable thing is probably an old
wives tale, it seems ridiculous that the Internet can't adjust by
[...]
It's not a myth. If
on Tue, Sep 13, 2005 at 01:13:19PM +, Fergie (Paul Ferguson) quoth:
Attempts by agencies to spur the Federal Emergency Management Agency
into urgent action were met with bouncing emails, the Journal said.
It quoted a Department of Health official as saying every email it had
sent to
on Tue, Sep 13, 2005 at 09:54:42AM -0400, Mike Tancsa wrote:
At 09:31 AM 13/09/2005, Steven Champeon wrote:
Does anyone know what their mail infrastructure looks like? From what I
can see, they don't even have an MX record for fema.gov...
No MX record, and the A record for fema.gov does
on Fri, Sep 02, 2005 at 04:44:49PM +0100, [EMAIL PROTECTED] wrote:
From downtown New Orleans...
http://www.livejournal.com/users/interdictor/
-snip-
Fox News is reporting that there is an operation underway to refill
chillers at the Bell South building down the street to keep
Can someone point me to a mailing list that discusses netops? I seem
to have stumbled across the net.kook terrorism rant list by accident.
Thanks!
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
antispam news, solutions for sendmail, exim, postfix:
on Wed, Jun 01, 2005 at 12:07:33PM -0400, Rich Kulawiec wrote:
(As to Verizon itself, since three different people pointed out the
relative lack of SBL listings: keep in mind that SBL listings are put
in place for very specific reasons, and aren't the only indicator of
spam. Other DNSBLs and
on Wed, May 18, 2005 at 11:08:03AM +1000, Mark Andrews wrote:
RFC 952 and RFC 1123 describe what is currently legal
in hostnames.
Underscore is NOT a legal character in a hostname.
So, these are *all* non-compliant? Perhaps someone should tell them that.
Certainly would
Could whoever is responsible for the machine at 35.11.141.251 please
contact me offlist or otherwise investigate the box, which has already
sent several hundred viruses to hotmail.com addresses with forged
senders in my domain? I reported it yesterday to abuse/postmaster but
have heard nothing
on Sun, May 01, 2005 at 10:40:21PM -0400, Joe Maimon wrote:
What does the rest of the internet gain when all IPs have boilerplate
reverse DNS setup for them, especialy with all these wildly differing
and wacky naming conventions?
I don't care what the rest of the Internet gains, but I can
on Mon, May 02, 2005 at 01:55:19PM +, Paul Vixie wrote:
in this interminable thread from hell, someone finally said the magic words:
Thankfully, there's always procmail.
and helpfully gave a specific recipe:
Yeah, but not the one you really need. Thankfully, there's always more
on Mon, May 02, 2005 at 01:16:40PM -0400, Joe Maimon wrote:
Steven Champeon wrote:
on Sun, May 01, 2005 at 10:40:21PM -0400, Joe Maimon wrote:
What does the rest of the internet gain when all IPs have boilerplate
reverse DNS setup for them, especialy with all these wildly differing
on Sat, Apr 30, 2005 at 07:41:34AM +0530, Suresh Ramasubramanian wrote:
On 4/30/05, Steven Champeon [EMAIL PROTECTED] wrote:
ANantes-106-1-5-107.w193-251.abo.wanadoo.fr
You'll see 'abo' for 'cable', perhaps? as well as 'cable'. But for most
abo = short for abonnement
on Wed, Apr 27, 2005 at 03:19:04AM -0700, Owen DeLong wrote:
Yes, most water transit companies are also the water supply company, but,
in my analogy, and, in some areas, as a matter of fact, they are not the
same. The chemical tampering of which you speak is done by the water
supply company
on Wed, Apr 13, 2005 at 02:38:44PM -0600, Steve Meuse wrote:
On 4/13/05, John Palmer [EMAIL PROTECTED] wrote:
Thank you for that information. I can leave 41/8 in my router bogon list
and hopefully eliminate the Nigerian 419 problem somewhat.
Personally, I believe we should give them
on Thu, Feb 03, 2005 at 04:07:10PM +0100, Raymond Dijkxhoorn wrote:
The only thing I don't see is a way to remove these bots!
Not everyone knows how to even look at their machines for signs of these
bots. Heck, I know most of my guys here don't even know how these bots
work.
For a
Why content filtering is stupid:
- Forwarded message from [EMAIL PROTECTED] -
X-Delivered-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: AlterPoint Mail Security detected prohibited content in a message sent
from your address
on Thu, Jan 13, 2005 at 12:21:04PM +0100, Stephane Bortzmeyer wrote:
On Wed, Jan 12, 2005 at 10:59:43AM -0500,
Steven Champeon [EMAIL PROTECTED] wrote
a message of 98 lines which said:
1) any legitimate mail source MUST have valid, functioning,
non-generic rDNS indicating
on Wed, Jan 12, 2005 at 04:51:34PM -0800, william(at)elan.net wrote:
...a very long and useful and informative message, for which I thank him.
Off to go decipher the madness that is RFC3982,
Steve
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!
on Wed, Jan 12, 2005 at 01:52:43PM +, [EMAIL PROTECTED] wrote:
I think that a secure email infrastructure is a good thing to have, in
and of itself. By secure, I mean one in which messages get to their
destination reliably, i.e. not lost in some spam filter, and one in
which a recipient
on Wed, Jan 12, 2005 at 10:32:13AM -0600, Chris Adams wrote:
Once upon a time, Steven Champeon [EMAIL PROTECTED] said:
7) all ISPs MUST act on ANY single abuse report (including being
informed of infected customer machines, which MUST be removed from
the Internet ASAP. No excuses
on Wed, Jan 12, 2005 at 12:55:06PM +, Eric Brunner-Williams in Portland
Maine wrote:
4) all domains with invalid whois data MUST be deactivated (not
confiscated, just temporarily removed ...
All? Even those unpublished and therefore non-resolving? Sensible for the
on Wed, Jan 12, 2005 at 01:49:53PM +, Eric Brunner-Williams in Portland
Maine wrote:
Why would it matter if you deactivated an unpublished/non-resolving domain?
How do you deactivate an unpublished/non-resolving domain? You may borrow
a registrar or registry hat if that is useful to
on Wed, Jan 12, 2005 at 10:18:30AM -0800, Owen DeLong wrote:
Michael,
Whether you like it or not, SPAM is the problem.
SPAM is a luncheon meat. UCE is one of the many problems, among the
others being viruses/worms/trojans and their traffic (easily blocked by
the proper upstream
on Wed, Jan 12, 2005 at 12:41:44PM -0600, Adi Linden wrote:
0) for the love of God, Montresor, just block port 25 outbound already.
What is wrong with dedicating port 25 to server to server communication
with some means of authentication (DNS?) to ensure that it is indeed a
vaild mail
on Wed, Jan 12, 2005 at 05:28:45PM +, Eric Brunner-Williams in Portland
Maine wrote:
All is too blunt a tool.
So, then, when registering a domain, there should be a little checkbox
saying I intend to abuse the Internet with this domain? It makes no
sense to have a universal policy if it is
on Wed, Jan 12, 2005 at 04:24:42PM +, Eric Brunner-Williams in Portland
Maine wrote:
(quoting Anonymous):
Numerous (as in at least hundreds, probably more) of spam gangs are
purchasing domains and burning through them in spam runs. In many
cases, there's a pattern to them; in others,
on Wed, Jan 12, 2005 at 07:49:59PM +, Eric Brunner-Williams in Portland
Maine wrote:
snip
Thus far, all you've done is recycle the policy claim of the trademarks
interests, a highly effective stakeholder and rational entity within
ICANN, and the policy claim of the law enforcement
on Thu, Jan 13, 2005 at 10:25:18AM +0530, Suresh Ramasubramanian wrote:
On Wed, 12 Jan 2005 23:19:47 -0500, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
On Wed, 12 Jan 2005 19:19:24 PST, Dave Crocker said:
In general, that's what dkeys/iim and csv (and maybe spf) are attempting
to
on Fri, Dec 10, 2004 at 12:36:12PM -0800, william(at)elan.net wrote:
On Fri, 10 Dec 2004, Rich Kulawiec wrote:
Verizon has put in place an exceedingly stupid anti-spam system which
does not work, which facilitates DoS attacks, and which provides active
assistance to spammers.
The
on Thu, Dec 02, 2004 at 02:56:29PM -0500, Hannigan, Martin wrote:
Possibly. What will happen if the Lycos botnet gets hijacked?
The conversations between the clients and the servers don't appear
to be keyed. If a million clients got owned, it would be the
equivalent of an electronic
on Thu, Dec 02, 2004 at 12:55:02PM -0800, Chad Skidmore wrote:
quoting me:
What's the difference? Why is everyone so upset about Lycos and
nobody seems to be doing much of anything about the /existing
botnets/, which conservative estimates[1] already put at anywhere
from 1-3K per botnet to
on Thu, Dec 02, 2004 at 08:58:03PM +, Christopher L. Morrow wrote:
On Thu, 2 Dec 2004, Steven Champeon wrote:
on Thu, Dec 02, 2004 at 02:56:29PM -0500, Hannigan, Martin wrote:
Possibly. What will happen if the Lycos botnet gets hijacked?
The conversations between the clients
on Thu, Dec 02, 2004 at 04:15:34PM -0500, Hannigan, Martin wrote:
quoting me:
My point was to Martin's question about what would happen if - god
forbid - there were large botnets under the control of spammers; a
careful reading will suggest that my major point was, duh, that there
already
on Thu, Dec 02, 2004 at 04:18:52PM -0500, Hannigan, Martin wrote:
Can you direct me toward a singluar entity of 1MM bots controlled by
a single master?
No, I cannot. I *can*, and have, forward on reports by those more in
the know than I that estimate 100K new bots / day are being added, and
I
on Thu, Dec 02, 2004 at 04:46:00PM -0500, Hannigan, Martin wrote:
quoting me:
Um, not 1 million bots - in concert.
And you know this how, exactly? I'm sure not convinced.
http://w3.cambridge-news.co.uk/business/story.asp?StoryID=65877
Lycos Europe's 20 million users will all be
on Wed, Dec 01, 2004 at 02:41:00PM -0500, [EMAIL PROTECTED] wrote:
On Wed, 01 Dec 2004 13:16:49 EST, Steven Champeon said:
FWIW, 40% or more of the inbound spam mail here comes from hosts with a
generic rDNS naming convention (even after DNSBLs and other obvious
forgery checks
on Mon, Nov 15, 2004 at 04:45:24AM +, Paul Vixie wrote:
[EMAIL PROTECTED] (Sean Donelan) writes:
http://www.eff.org/wp/?f=SpamCollateralDamage.html
excerpt:
I. The Problem
MoveOn.org is a politically progressive organization that engages
in online
on Mon, Nov 15, 2004 at 01:06:09PM -0800, Tom (UnitedLayer) wrote:
On Mon, 15 Nov 2004, Steven Champeon wrote:
John Gilmore runs a well-known open relay at toad.com, and for some
reason thinks that free, anonymous speech is important enough to let
spammers drown it out through sheer volume
on Mon, Nov 15, 2004 at 02:47:14PM -0800, Tom (UnitedLayer) wrote:
On Mon, 15 Nov 2004, Steven Champeon wrote:
And this affects those of us with not-so-old, not-so-slow machines how?
By the fact that there is no way in hell that he could relay a large
amount of spam...
You seem
on Thu, Oct 21, 2004 at 09:19:11PM -0700, Bill Woodcock wrote:
...that there's some operational content somewhere in here:
http://www.cisco.com/edu/peterpacket/
...though I'm on kind of a slow link, so I'm still looking. My eternal
thanks to Suresh for finding this. My day is
on Wed, Oct 13, 2004 at 07:09:10AM +0530, Suresh Ramasubramanian wrote:
[EMAIL PROTECTED] [12/10/04 13:16 -0400]:
If I, and my little 7-man company, can afford to have me solve the
problem on our end, why the heck can't you do the same?
You can do it because you are a 7-man
on Thu, Sep 23, 2004 at 10:37:10AM +0200, Lars-Johan Liman wrote:
[EMAIL PROTECTED]:
Congrats. Ask your ISP for non-generic rDNS, in your domain, so I know
where to send the abuse reports.
I did.
Reverse *what*?
So explain it to them in words of two syllables or less, where
on Wed, Sep 22, 2004 at 10:16:41AM +0200, Lars-Johan Liman wrote:
I cannot agree to the block port 25 line of action.
I am a Unix sysadmin, with 15 years of experience as sendmail and DNS
expert. I have a DSL line at home, with static IP, and generic rDNS
provided by my ISP. Behind it I
on Tue, Sep 21, 2004 at 10:16:52AM -0600, james edwards wrote:
This is the rudest, most arrogant abuse complaint I have seen. It is a
frigging dial up user.
I'm confused. Your user on 65.19.17.201 - a dialup user, probably
running an infected Windows box, sent spam to the complainant, who
on Tue, Sep 21, 2004 at 11:00:53AM -0600, james edwards wrote:
Sheesh. Get over /yourself/. Your network is rude by its very existence,
if it lets spammers relay crud by way of it. Your own arrogance in
thinking it's not your problem to fix is astounding.
I did no say it is not my
on Tue, Sep 21, 2004 at 02:11:11PM -0400, Daniel Senie wrote:
snip good info
2) for dialup, DSL and Cable users on dynamic ports who should not
generally be running servers, name the INADDR with something like:
w-x-y-z.dialup.example.net
w-x-y-z.dynamic.example.net
or similar.
on Tue, Sep 21, 2004 at 02:04:18PM -0700, Sean Crandall wrote:
We configure our DSL customers the same way you do. Static PVC, Static
IP. Each user has a static IP and in 99% of the cases, we do not assign
any dynamic IPs.
However, I would say that it is safe to say that the majority of
on Tue, Jun 08, 2004 at 01:00:55AM -0700, william(at)elan.net wrote:
I'm not sure what will need to happen for ARIN to understand that validity
and security of whois data is important and people rely on that all the
time and they can't just ignore these issues. Unfortunetly most people who
on Wed, May 19, 2004 at 03:12:29PM -0700, James Couzens wrote:
On Tue, 2004-05-18 at 21:49, Eric A. Hall wrote:
There's one rule that will wipe out ~90% of spam, but nobody seems to have
written it yet.
if URL IP addr is in China then score=100
^^^
I
on Tue, May 18, 2004 at 04:01:40PM -0400, Todd Vierling wrote:
On Mon, 17 May 2004, Jared B. Reimer wrote:
: We had this problem when our inbound-smtp server ( the server the
: barracuda is dumping mail to) was accepting all RCPT TOs
: This is a pretty serious flaw IMHO, if it is (in
on Tue, May 18, 2004 at 11:37:49PM +0100, Chris Edwards wrote:
Much as I hate to come to their defence, hotmail rejects unknown users
during the dialog, and has done so for as long as I can remember.
That may be so. But I've got 208 hotmail.com hosts backlisted for
backscatter dreck such as
on Tue, May 18, 2004 at 07:17:58PM -0400, Christopher X. Candreva wrote:
On Tue, 18 May 2004, Steven Champeon wrote:
Granted, it's a DSN for an over-quota user, not a nonexistent user, but
the rejection happens after accept, and the DNS goes to the forged sender.
OK Steve let me know
on Sun, Apr 18, 2004 at 04:33:18PM +, Paul Vixie wrote:
Maybe a stupid question... But if broadband providers aren't going to do
this, and considering there are way less legitimate SMTP senders than
broadband users, wouldn't it make more sense to whitelist known real SMTP
sources
on Mon, Apr 12, 2004 at 12:31:59PM -0400, Robert Blayzor wrote:
I can understand the reasoning behind what they are doing, but perhaps
they are taking things in the wrong direction. Our abuse@ email address
is just that, abused. Our abuse@ mailbox gets probably 500+ spams a day
with
on Mon, Apr 12, 2004 at 01:01:28PM -0400, Robert Blayzor wrote:
Steven Champeon wrote:
[...] Having our techs/engineers go through the abuse@ box every day
to play hide and seek is a bit of an agonizing task that nobody really
wants, especially at the volume it is today.
Isn't
on Wed, Mar 10, 2004 at 10:19:18PM -0800, Gregory Taylor wrote:
The IP that 2mbit.com inhabits is on a Road Runner commercial block,
which is allocated for small to mid-sized businesses. There is no
reason for commercial cable networks to be blocked under the same
pretenses that
on Fri, Mar 05, 2004 at 07:36:36PM +, Paul Vixie wrote:
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client dynablock.easynet.nl,
reject_rbl_client proxies.easynet.nl
FYI, easynet.nl stopped hosting their DNSBLs in December.
on Sat, Feb 14, 2004 at 03:55:40PM -0800, Tim Thorpe wrote:
If these exist then why are we still having problems?
See my reply to the thread SMTP relaying policies for Commercial ISP
customers...? -- we have problems because the spammers are a lot smarter
than any of us and can bounce from
on Fri, Feb 13, 2004 at 12:35:17PM -0500, Andy Dills wrote:
For any responsible ISP, the problem is the spam coming into your
mailservers, not leaving. As long as you quickly castrate the people who
do relay spam through you, you're not going to have an egress spam
problem.
I beg to differ
on Fri, Oct 10, 2003 at 08:47:51PM +0530, Suresh Ramasubramanian wrote:
Set up header checks in sendmail / postfix to block all mail with
Received: headers showing Ralsky IPs. PCRE header checks in postfix
would be like -
snip
Sendmail rulesets to block Ralsky:
KRalsky1 regex [EMAIL
69 matches
Mail list logo