Re: Suggestions for a more privacy conscious email provider

2017-12-03 Thread Rich Kulawiec
On Sun, Dec 03, 2017 at 05:08:33PM +, Filip Hruska wrote: > I personally run my own mail server, but route outgoing emails via Amazon > SES. Not a good idea. Amazon's cloud operations are a constant source of spam and abuse (e.g., brute-force SSH attacks), they refuse to accept complaints pe

Re: Ticketmaster?

2017-12-03 Thread Matt Palmer
On Sun, Dec 03, 2017 at 07:34:29PM -0800, Doug Barton wrote: > On 12/02/2017 02:39 PM, Ryan Gard wrote: > > *Oh, you must be sharing your IP with everyone else in your area* > > CGNAT by any chance? ... and yet: $ dig www.ticketmaster.com ; <<>> DiG 9.10.3-P4-Debian <<>> www.ticketmaster.c

Re: Alternatives to ISE?

2017-12-03 Thread Ray Van Dolson
On Sun, Dec 03, 2017 at 02:39:27PM +, Christopher J. Wolff wrote: > I've about reached my limit with the dumpster fire that is Cisco's > Identity Service Engine. Are there any reliable alternatives that do > endpoint classification, central web auth, and .1x auth? What version of ISE are you

Re: Ticketmaster?

2017-12-03 Thread mike . lyon
They’ve blocked a few of my end-user /24s and i’ve had zero luck getting them to unblock them. Just one more reason to hate them and not use them. They are the devil. -Mike > On Dec 3, 2017, at 19:34, Doug Barton wrote: > >> On 12/02/2017 02:39 PM, Ryan Gard wrote: >> *Oh, you must be sharing

Re: Ticketmaster?

2017-12-03 Thread Doug Barton
On 12/02/2017 02:39 PM, Ryan Gard wrote: *Oh, you must be sharing your IP with everyone else in your area* CGNAT by any chance?

Re: Suggestions for a more privacy conscious email provider

2017-12-03 Thread Grant Taylor via NANOG
On 12/03/2017 12:55 PM, Royce Williams wrote: Maybe the OP is interested in outsourcing all of that - letting someone else stay current with patching, spammer tactics, etc. You make a fair point. My point is that it is possible to do yourself /if/ you want to do so. Everyone has to make their

Re: Suggestions for a more privacy conscious email provider

2017-12-03 Thread Royce Williams
On Sun, Dec 3, 2017 at 10:31 AM, Grant Taylor via NANOG wrote: > On 12/03/2017 10:08 AM, Filip Hruska wrote: > >> It's kind of a pain to manage a mail server. >> > > I disagree. > > I have been running my own mail server for > 15 years and extremely happy > with it. > > I spend less than an hour

Re: Suggestions for a more privacy conscious email provider

2017-12-03 Thread Grant Taylor via NANOG
On 12/03/2017 10:08 AM, Filip Hruska wrote: It's kind of a pain to manage a mail server. I disagree. I have been running my own mail server for > 15 years and extremely happy with it. I spend less than an hour a month needing to do things to it. Usually that's just the same type of OS upd

Re: Alternatives to ISE?

2017-12-03 Thread Alan Buxey
if you're already slurping the commercial koolaid (support contracts, someone to blame etc etc) - then Aruba Clearpass? (otherwise local homebrew with FreeRADIUS core or PacketFence as FOSSOTS ;-) ) alan

Re: Suggestions for a more privacy conscious email provider

2017-12-03 Thread Filip Hruska
It's kind of a pain to manage a mail server. Even if you have SPF, DKIM correctly setup and you are not on any common blacklists, you constantly have to fight for good deliverability - some mail server solutions will simply reject you no matter what. You might be on some obscure blacklist nobod

Re: Alternatives to ISE?

2017-12-03 Thread Eriks Rugelis
$dayjob is a university where we use PacketFence to support .1x for a population of approx. 28K concurrent Wi-Fi devices. It took us a couple of iterations but we now have a clustered deployment (of VM’s) model which routinely handles >1200 logins per second, has a fair bit of headroom left ove

Re: Alternatives to ISE?

2017-12-03 Thread Mel Beckman
I’ve used PacketFence for several years, but it’s kind of fragile. Compared to many FOSS systems, it’s exceptionally well documented, and uses reasonably good Web GUI standards. It also supports Cisco switches well. However, I routinely have to twiddle with it when one or another internal compon

Re: Suggestions for a more privacy conscious email provider

2017-12-03 Thread Jean | ddostest.me via NANOG
If you plan to use it for a small group of people, you should consider hosting it yourself. You could set it up with SPF, dkim, dmarc, ipv6. It could be seen as a personal challenge to achieve. Then if you need real privacy, you will need to encrypt with public keys like PGP or S/MIME. You can up

Re: Alternatives to ISE?

2017-12-03 Thread Jean | ddostest.me via NANOG
I'm about to try this one. https://packetfence.org/ Not sure if it covers all the features you need though, but it seems promising. In case you give it a try, could you share your experience please? Thanks Jean On 17-12-03 09:48 AM, segs wrote: > Forescout but if you want something simpler with

Re: Alternatives to ISE?

2017-12-03 Thread segs
Forescout but if you want something simpler with SNMP authentication of switches and Domain Controller of authorized PCs you can have a look at Portnox. Done couple of deployments with Portnox. On Sun, Dec 3, 2017 at 3:39 PM, Christopher J. Wolff wrote: > I've about reached my limit with the dum

Alternatives to ISE?

2017-12-03 Thread Christopher J. Wolff
I've about reached my limit with the dumpster fire that is Cisco's Identity Service Engine. Are there any reliable alternatives that do endpoint classification, central web auth, and .1x auth? Thanks in advance, Christopher