on Wed, Dec 16, 2009 at 09:27:06PM -0500, Mike Lieman wrote:
...and if people used static and dynamic keywords in DNS as I suggested
in my previously mentioned draft,
What are the words for static and dynamic in Lower Sorbian?
I was bored so I looked them up. :-)
dynamic: dynamika
dynamic: dynamika
static: statik
One wonders how this will be handled when the flood of non-Latin domains
starts. Are these RBL maintainers really going to figure out how many
different ways there are to say the (English/Latin) equivalent of
static in Chinese, Cyrillic, Swahili, etc.
On 16/12/2009 06:12, James Hess wrote:
On Tue, Dec 15, 2009 at 11:30 PM, Adam Armstrongli...@memetic.org wrote:
personally, i'd recommend not being a dick and setting valid *meaningful*
reverse dns for things relaying mail.
Many sites don't use names that will necessarily be
Wouldn't SPF ( RFC 4408) tell people more about where the real mailservers
are than some half-baked idea of trying to enforce what hostnames should
look like?
What's the word for 'mail server' in Lower Sorbian, and does your algorithm
properly detect it in a hostname? See the problem here?
On
On Wed, Dec 16, 2009 at 12:12:22AM -0600, James Hess wrote:
Many sites don't use names that will necessarily be meaningful to an outsider.
Then they should expect issues with mail acceptance by outsiders.
Some sites might want to avoid certain meaningful RDNS entries
since spammers,
On Wed, Dec 16, 2009 at 7:06 AM, Mike Lieman mikelie...@gmail.com wrote:
Wouldn't SPF ( RFC 4408) tell people more about where the real mailservers
are than some half-baked idea of trying to enforce what hostnames should
look like?
What's the word for 'mail server' in Lower Sorbian, and does
On Wed, 16 Dec 2009 07:06:55 EST, Mike Lieman said:
What's the word for 'mail server' in Lower Sorbian, and does your algorithm
properly detect it in a hostname? See the problem here?
When the hostname at that IP address is exactly one incremented character
different than the preceding
valdis.kletni...@vt.edu wrote:
When the hostname at that IP address is exactly one incremented character
different than the preceding address, and one decremented character different
than the following address, and that pattern holds across a /24, they're
probably not mail servers. Nobody has
On Wed, 16 Dec 2009, James Hess wrote:
On Tue, Dec 15, 2009 at 11:30 PM, Adam Armstrong li...@memetic.org wrote:
personally, i'd recommend not being a dick and setting valid *meaningful*
reverse dns for things relaying mail.
Many sites don't use names that will necessarily be meaningful to an
Ronald Cotoni wrote:
Very true. At my old place of employment a DUHL listed an ip since
before my previous company existed. For some reason, when we obtained
it, they still listed it. Sounds like a bug in the DUHL bot to me.
Also the standard makes a lot of sense. You may be on Trend Micros
Mikael Abrahamsson wrote:
On Wed, 9 Dec 2009, Frank Bulk wrote:
Two sides of an SP's coin: I want to maximize my e-mail servers'
deliverability, so I make sure those have appropriately named PTRs
and make
sure that outbound messages aren't spammy; I also want to restrict
The point he was
Please reply to the list, not me and the list!
Sven Olaf Kamphuis wrote:
thing is that it's illegal to maintain a database with personal details
which ip addresses according to various german courts are (don't ask..
mmk? ;) ofcourse we all know ip addresses identify nodes on a network, not
On Wed, Dec 16, 2009 at 5:21 AM, valdis.kletni...@vt.edu wrote:
On Wed, 16 Dec 2009 07:06:55 EST, Mike Lieman said:
What's the word for 'mail server' in Lower Sorbian, and does your algorithm
properly detect it in a hostname? See the problem here?
When the hostname at that IP address is
Matthew Petach wrote:
Take a look at the reverse DNS for the entire 66.163.178.0/23 subnet;
you'll find that when you're doing things at large scale, you can't really
get away from having sequentially numbered reverse DNS entries all
in a row, exactly as you seem to think Nobody has. :/
Of
* matt...@sorbs.net (Michelle Sullivan) [Wed 16 Dec 2009, 17:41 CET]:
[..]
. The obvious answer is if you have signed SLAs then you should
adhere to those SLAs as a minimum and give better service if time
allows... Hands up those who have an SLA (free or not) with an RBL
maintainer... I
Niels Bakker wrote:
* matt...@sorbs.net (Michelle Sullivan) [Wed 16 Dec 2009, 17:41 CET]:
[..]
. The obvious answer is if you have signed SLAs then you should
adhere to those SLAs as a minimum and give better service if time
allows... Hands up those who have an SLA (free or not) with an
on Wed, Dec 16, 2009 at 06:01:51PM +0100, Michelle Sullivan wrote:
...and if people used static and dynamic keywords in DNS as I
suggested in my previously mentioned draft, there would be *NO NEED*
for DUL/DUHL/PBL lists at all because people could create a very
simple set of patterns to match
Hi,
On Thu, 2009-12-10 at 16:55 +, Sven Olaf Kamphuis wrote:
thing is that it's illegal to maintain a database with personal details
which ip addresses according to various german courts are (don't ask..
mmk? ;) ofcourse we all know ip addresses identify nodes on a network, not
persons,
...and if people used static and dynamic keywords in DNS as I suggested
in my previously mentioned draft,
What are the words for static and dynamic in Lower Sorbian?
On Wed, 16 Dec 2009 09:21:42 PST, Matthew Petach said:
You clearly haven't set up webmail farms to handle half a billion accounts
before. ^_^;
Yes, but we all already know who those 800 pound gorillas are. If you're
doing automagic handling of this sort of DNS data, and not using a regexp
to
[ Note: you're not talking about the RBL. You're talking about
a DNSBL or RHSBL, which are generic terms. The RBL is a specific
DNSBL and, as far as I know, does not have a listing policy related
to this discussion. ]
On Wed, Dec 09, 2009 at 03:18:47PM +, Sven Olaf Kamphuis wrote:
because
On 09/12/2009 15:18, Sven Olaf Kamphuis wrote:
a84-22-xx-xx.cb3rob.net. as it's RFC complient and we cannot be fucked to
haha. and what precisely did you expect? that's not really what most
people would consider valid reverse dns for a mail relay. (operational
practice often beats RFC
On Tue, Dec 15, 2009 at 11:30 PM, Adam Armstrong li...@memetic.org wrote:
personally, i'd recommend not being a dick and setting valid *meaningful*
reverse dns for things relaying mail.
Many sites don't use names that will necessarily be meaningful to an outsider.
Sometimes the non-meaningful
Security by obscurity, in this day and age? :)
On Wed, Dec 16, 2009 at 11:42 AM, James Hess mysi...@gmail.com wrote:
As is common for many domains.
Spammers coming in by scanning large ranges of IPs, have no
pointer to report the mailserver they discovered is �...@example.com
inbound
On Wed, 9 Dec 2009, Michael Holstein wrote:
| Their initial email said :
|
| [snip]
| Trend Micro Notification: 137.148.0.0/16 added to DUL
| [snip]
Oh dear. I can see why many sites that once used MAPS now don't :-(
On Thu, 10 Dec 2009, Chris Edwards wrote:
On Wed, 9 Dec 2009, Michael Holstein wrote:
| Their initial email said :
|
| [snip]
| Trend Micro Notification: 137.148.0.0/16 added to DUL
| [snip]
Oh dear. I can see why many sites that once used MAPS now don't :-(
It isn't just idiocy like
On Thu, Dec 10, 2009 at 8:20 AM, Tony Finch d...@dotat.at wrote:
On Thu, 10 Dec 2009, Chris Edwards wrote:
On Wed, 9 Dec 2009, Michael Holstein wrote:
| Their initial email said :
|
| [snip]
| Trend Micro Notification: 137.148.0.0/16 added to DUL
| [snip]
Oh dear. I can see why many
Creating a standard on what to put in WHOIS/DNS for
dynamic/static/infrastructure would make a lot of sense, seems nobody is
doing it though.
As previously noted in this thread, msulli...@sorbs did a fairly good job
of documenting this in an RFC draft. I'd say its still the primary goto to
On 12/10/2009 7:29 AM, Sam Hayes Merritt, III wrote:
As previously noted in this thread, msulli...@sorbs did a fairly good
job of documenting this in an RFC draft. I'd say its still the primary
goto to point people at for how to do things the right way.
Is your network setup so chaotic that you don't know what address
chunks are allocated by DHCP or PPP?
Aww .. stop it, just stop. I could send the .vsd of the network overview
to everyone and there'd still be someone that'd chime in and say Ha!
you moron .. you used ORANGE lines to
on Thu, Dec 10, 2009 at 09:29:15AM -0600, Sam Hayes Merritt, III wrote:
Creating a standard on what to put in WHOIS/DNS for
dynamic/static/infrastructure would make a lot of sense, seems nobody is
doing it though.
As previously noted in this thread, msulli...@sorbs did a fairly good job
on Thu, Dec 10, 2009 at 10:48:05AM -0500, Michael Holstein wrote:
Like many places, we run seperate internal and external DNS .. when a
user requests a static IP, they can opt to make it external, but few
do, since we point out that when they do that, they loose the anonymity
of the generic
On 12/10/2009 07:54 AM, Steven Champeon wrote:
In a nutshell, if you're not clearly indicating mail sources as mail
sources, don't expect great deliverability. If you're running a Web
hosting shop and don't have rate-limited outbound smarthosts, expect all
your clients' mail to be suspected of
on Thu, Dec 10, 2009 at 07:43:36AM -0800, Dave CROCKER wrote:
On 12/10/2009 7:29 AM, Sam Hayes Merritt, III wrote:
As previously noted in this thread, msulli...@sorbs did a fairly good
job of documenting this in an RFC draft. I'd say its still the primary
goto to point people at for how to
on Thu, Dec 10, 2009 at 08:11:18AM -0800, Michael Thomas wrote:
I'd say that Mikael Abrahamsson's sentiment (or at least the way I read
it) would be a better start: take a step back and ask what the problem is.
Well, as I see it, the problem is a widespread and systemic failure to
prevent
I'm a bit confused by what it
means to have an internal static public IP
internal means behind the firewall (which everything is,
transparently). We don't NAT because we don't have to .. the 1918 space
is used for stuff we don't want to be routable (like thermostats).
that they have the
In message 4b211da6.9000...@mtcc.com, Michael Thomas writes:
On 12/10/2009 07:54 AM, Steven Champeon wrote:
In a nutshell, if you're not clearly indicating mail sources as mail
sources, don't expect great deliverability. If you're running a Web
hosting shop and don't have rate-limited
On 12/10/2009 08:38 AM, Mark Andrews wrote:
In message4b211da6.9000...@mtcc.com, Michael Thomas writes:
To Crocker's point though: if IETF came up with a way to publish your network's
dynamic space (assuming that's The Problem!), would operators do that? Or is
this another case where the energy
On 12/10/2009 7:29 AM, Sam Hayes Merritt, III wrote:
As previously noted in this thread, msulli...@sorbs did a fairly good
job of documenting this in an RFC draft. I'd say its still the primary
goto to point people at for how to do things the right way.
Hi!
RBLs are neither authorised (EU privacy laws anyone?), nor the appointed
authority to keep databases on whats static or not. RIRs -are-, if
anyone should maintain a database on such things, i'd be the rirs
(which they have, it's called whois, it just lacks a field that
indicates the type of
thing is that it's illegal to maintain a database with personal details
which ip addresses according to various german courts are (don't ask..
mmk? ;) ofcourse we all know ip addresses identify nodes on a network, not
persons, but the germans seem to mainain a different view on this,
despite us
Hi!
thing is that it's illegal to maintain a database with personal details
which ip addresses according to various german courts are (don't ask..
mmk? ;) ofcourse we all know ip addresses identify nodes on a network, not
persons, but the germans seem to mainain a different view on this,
RBLs are neither authorised (EU privacy laws anyone?), nor the appointed
authority to keep databases on whats static or not. RIRs -are-, if
anyone should maintain a database on such things, i'd be the rirs
(which they have, it's called whois, it just lacks a field that
indicates the type of
On 2009-12-10, at 16:42, Michael Thomas wrote:
On 12/10/2009 08:38 AM, Mark Andrews wrote:
The way to do this is to put other data in the ip6.arpa/in-addr.arpa and
stop trying to infer things from the PTR records.
Sigh. What is the this to which you refer?
I think Mark means the
On 12/10/2009 09:06 AM, Joe Abley wrote:
On 2009-12-10, at 16:42, Michael Thomas wrote:
On 12/10/2009 08:38 AM, Mark Andrews wrote:
The way to do this is to put other data in the ip6.arpa/in-addr.arpa and
stop trying to infer things from the PTR records.
Sigh. What is the this to which
on Thu, Dec 10, 2009 at 09:27:44AM -0800, Michael Thomas wrote:
On 12/10/2009 09:06 AM, Joe Abley wrote:
I think Mark means the question of whether a particular address is
statically-assigned or dynamically-assigned, but...
Which assumes that that's the question that actually needs to be
thing is that it's illegal to maintain a database with personal details
which ip addresses according to various german courts are (don't ask..
I've actually looked at some of the German decisions, and I didn't see
anything that would be a problem for DNSBLs
But if you're getting legal advice
On Wed, Dec 9, 2009 at 10:18 AM, Sven Olaf Kamphuis
s...@cyberbunker.com wrote:
We've noticed that Trend Micro mail-abuse.com just assumes ips are
dynamic by default,
because they just assume that working, rfc compliant, reverse dns that
just-so-happens to be automatically generated would
Is there an RFC detailing that specific text strings must be used for static
v. dynamic addresses?
I can understanding keeping rDNS in sync, but that's not the issue here, is
it?
On Wed, Dec 9, 2009 at 11:57 AM, William Herrin
herrin-na...@dirtside.comwrote:
On Wed, Dec 9, 2009 at 10:18 AM,
On Dec 9, 2009, at 12:11 PM, Mike Lieman wrote:
Is there an RFC detailing that specific text strings must be used for static
v. dynamic addresses?
Well there is this draft Document, FWIW,
http://tools.ietf.org/id/draft-msullivan-dnsop-generic-naming-schemes-00.txt
Which contains
Mike Lieman wrote:
Is there an RFC detailing that specific text strings must be used for static
v. dynamic addresses?
I can understanding keeping rDNS in sync, but that's not the issue here, is
it?
There is no RFC that I'm aware of, but I'd say it's pretty common for
PTR records that
On Wed, 9 Dec 2009, Mike Lieman wrote:
Is there an RFC detailing that specific text strings must be used for static
v. dynamic addresses?
There's this expired draft
http://tools.ietf.org/id/draft-msullivan-dnsop-generic-naming-schemes-00.txt
But really, the rdns should just clearly indicate
we've basically told them to go to hell and we advise everyone who uses
their RBL lists to remove their RBLs from their configs, as what we have
here is a mismanaged list.
Same thing we told them (snippit of my response below).
Cheers,
Michael Holstein
Cleveland State University
Michael Holstein wrote:
Suit yourself .. but you can't arbitrarily force the Internet as a whole
to adopt an unwritten standard just to make your lives easier. If we
encounter problems with our end-users and not being able to deliver
email reliably to one of your customers, we'll have them call
One could argue that you are *not* complying by using a generic PTR
for a mail server. Some would say that a serious mail server should
have proper DNS records, others will say that you should accept mail
from any IP no matter what.
No, we do have it correct .. they wanted us to fix all the
Michael Holstein wrote:
No, we do have it correct .. they wanted us to fix all the *other* ones
(that can't even send mail because they're firewalled from doing so) ..
$ dig -t mx csuohio.edu
[..]
;; ANSWER SECTION:
csuohio.edu.10800INMX10 antispam5.csuohio.edu.
csuohio.edu.
To be clear: because the legitimate mailserver with a proper non-generic
reverse was in a block with other generic reverses, they blacklisted you?
That's egregiously harsh.
SORBS was blocking a customer for a generic reverse entry, I gave them a legit
looking reverse (that fwds properly too),
On Wed, 09 Dec 2009 15:09:20 EST, Ken Chase said:
To be clear: because the legitimate mailserver with a proper non-generic
reverse was in a block with other generic reverses, they blacklisted you?
That's egregiously harsh.
SORBS was blocking a customer for a generic reverse entry, I gave
;; ANSWER SECTION:
csuohio.edu.10800INMX10 antispam5.csuohio.edu.
csuohio.edu.10800INMX10 antispam4.csuohio.edu.
csuohio.edu.10800INMX10 antispam3.csuohio.edu.
csuohio.edu.10800INMX10 antispam2.csuohio.edu.
(and)
All of the DNSBLs I know are about outbound mail hosts, not inbound
ones. What are your sending hosts called?
Outbound goes through the same 4 boxes. We used to split it up (2 at
MX10, 2 at MX20 .. reversed for outbound) but for capital
(licensing/hardware) reasons we decided to do in/out
To be clear: because the legitimate mailserver with a proper non-generic
reverse was in a block with other generic reverses, they blacklisted you?
Their initial email said :
[snip]
Trend Micro Notification: 137.148.0.0/16 added to DUL
[snip]
and then went on to say :
[snip]
To work with
On Wed, 9 Dec 2009, Michael Holstein wrote:
Their initial email said :
[snip]
Trend Micro Notification: 137.148.0.0/16 added to DUL
[snip]
That's just lazy/sloppy. A quick survey of your /16 suggests that the
majority of it has PTRs in the format of csu-137-148-36-160.csuohio.edu,
which
1) TOTAL ALLOCATED SPACE in CIDR format
Please include all information for the space you announce.
The total of Static and Dynamic space must equal the
Total Allocated Space.
2) DYNAMIC SPACE LIST - in CIDR format
3) STATIC SPACE LIST - in CIDR Format
[snip]
Which was, of
...@csuohio.edu]
Sent: Wednesday, December 09, 2009 3:18 PM
To: Ken Chase
Cc: nanog@nanog.org
Subject: Re: Arrogant RBL list maintainers
To be clear: because the legitimate mailserver with a proper non-generic
reverse was in a block with other generic reverses, they blacklisted you?
Their initial
: Wednesday, December 09, 2009 1:24 PM
To: nanog@nanog.org
Subject: Re: Arrogant RBL list maintainers
Michael Holstein wrote:
Suit yourself .. but you can't arbitrarily force the Internet as a whole
to adopt an unwritten standard just to make your lives easier. If we
encounter problems with our
On Wed, 9 Dec 2009, Frank Bulk wrote:
Two sides of an SP's coin: I want to maximize my e-mail servers'
deliverability, so I make sure those have appropriately named PTRs and make
sure that outbound messages aren't spammy; I also want to restrict
The point he was trying to make is that there
66 matches
Mail list logo
