Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

I realize there has been some call to end this thread but if I may add a little history... On December 5, 2017 at 06:49 l...@satchell.net (Stephen Satchell) wrote: > Indeed. What Ajit Pai missed in his deliberations for the Dec 14 FCC > vote is that the Internet as we know it was developed un

RE: Suggestions for a more privacy conscious email provider

On Wed, 06 Dec 2017 16:26:00 -0500, Rich Kulawiec said: >Better yet, why not study the large-scale patterns over time >and proactively address it? If only there was some sort of distributed analytics/search/etc platform they could use to do that https://www.elastic.co/ https://aws.amazon.com

Re: Suggestions for a more privacy conscious email provider

On Wed, Dec 06, 2017 at 04:26:00PM -0500, Rich Kulawiec wrote: > On Wed, Dec 06, 2017 at 12:29:30PM -0500, Gordon Ewasiuk via NANOG wrote: > > and an online form where you can report EC2 abusers: > > https://aws.amazon.com/forms/report-abuse > > 1. Used it (and the abuse@ address). Either (a) no

Re: Suggestions for a more privacy conscious email provider

On Wed, 06 Dec 2017 16:26:00 -0500, Rich Kulawiec said: > 2. Y'know, if I can see attacks/abuse arriving at networks/systems > that I run, then surely they can see it leaving networks/systems that > they run. A packet stream that will DoS a 20/2 cable subscriber is just a tiny fraction of a 100G p

Re: Suggestions for a more privacy conscious email provider

On Wed, Dec 06, 2017 at 12:29:30PM -0500, Gordon Ewasiuk via NANOG wrote: > and an online form where you can report EC2 abusers: > https://aws.amazon.com/forms/report-abuse 1. Used it (and the abuse@ address). Either (a) no response and/or (b) boilerplate response. No responses indicating that r

RE: Suggestions for a more privacy conscious email provider

-Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Gordon Ewasiuk via NANOG Sent: Wednesday, December 6, 2017 12:30 PM To: nanog@nanog.org Subject: Re: Suggestions for a more privacy conscious email provider > >Suggesting AWS doesn't care s

Re: Suggestions for a more privacy conscious email provider

On Behalf Of Stephen Satchell Sent: Wednesday, December 6, 2017 11:44 AM To: nanog@nanog.org Subject: Re: Suggestions for a more privacy conscious email provider http://docs.aws.amazon.com/ses/latest/DeveloperGuide/manage-sending-limits.html On 12/05/2017 10:16 AM, Gordon Ewasiuk via NANOG wrote:

Re: Suggestions for a more privacy conscious email provider

On Wed, 6 Dec 2017, Stephen Satchell wrote: http://docs.aws.amazon.com/ses/latest/DeveloperGuide/manage-sending-limits.html On 12/05/2017 10:16 AM, Gordon Ewasiuk via NANOG wrote: AWS imposes "email sending limitations", by default, on all EC2 accounts. Anyone who wants those limitations remov

RE: Suggestions for a more privacy conscious email provider

ephen Satchell Sent: Wednesday, December 6, 2017 11:44 AM To: nanog@nanog.org Subject: Re: Suggestions for a more privacy conscious email provider http://docs.aws.amazon.com/ses/latest/DeveloperGuide/manage-sending-limits.html On 12/05/2017 10:16 AM, Gordon Ewasiuk via NANOG wrote: > AWS impose

Re: Suggestions for a more privacy conscious email provider

http://docs.aws.amazon.com/ses/latest/DeveloperGuide/manage-sending-limits.html On 12/05/2017 10:16 AM, Gordon Ewasiuk via NANOG wrote: AWS imposes "email sending limitations", by default, on all EC2 accounts. Anyone who wants those limitations removed has to fill out a form and make a use case

RE: Suggestions for a more privacy conscious email provider

On Tue, 5 Dec 2017, Edwin Pers wrote: Last week we found out that Helpscout sends email from AWS servers. This is incorrect reasoning. Because they're the biggest cloud provider in the world, they should send the least amount of junk: the larger an operation is, the easier abuse detection/prev

Re: Suggestions for a more privacy conscious email provider

On 2017-12-02 10:35, Michael S. Singh wrote: Hi all, I am in need of some suggestions for some privacy conscious email providers. I am currently using Migadu email hosting from Switzerland, basically they allow their users to have as many domains and mailboxes without storage limits without extr

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

--- b...@herrin.us wrote: From: William Herrin Even the relatively good ones are bad. I have identified 60 and am on track to identify about 200 errors in the official ISC2 CISSP study guide. - One last one I promise... :-) I also have to maintain a

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

On Tue, Dec 5, 2017 at 6:11 PM, Scott Weeks wrote: > Have you seen neteng certs lately? I'm forced to maintain a > lower level one to keep my job and it makes me angry every > time I have to do it. The sales pitch is hidden in the words > and the correct answer is almost always something that ha

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

--- l...@satchell.net wrote: From: Stephen Satchell Indeed, I'm not aware of any certification that applies to system administrators. Network administrators have certs that are well-recognized and accepted. Mail admins? Server admins? The certs that are out there border on jokes or disgui

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

On Tue, Dec 5, 2017 at 9:49 AM, Stephen Satchell wrote: > the Internet as we know it was developed under the stern eyes of the > Department of Defense and the National Science Foundation. The NSF in > particular ran the 'Net like bouncers do in a strip club: you break the > rules, you go. No ar

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

Back in the day, only Ph.D's used the internet, so they were the sysadmins. These days, I recommend that system administration be only allowed for card-holding responsible people who have proven their technical abilities. Then, when you get awarded your Ph.D, they can take your sysadmin card back.

Re: Suggestions for a more privacy conscious email provider

In article <20171205105918.ga8...@gsp.org> you write: > "Current Peeve: The mindset that the Internet is some sort of > school for novice sysadmins and that everyone *not* doing stupid > dangerous things should act like patient teachers with the ones > who are." Up to a poi

Re: Suggestions for a more privacy conscious email provider

In my experience with creating new mail servers that use IP addresses belonging to dedicated hosting/colocation/VPS companies. This is *after* all of the obvious setup things like having a real static IP, A records, PTR records, SPF and DKIM set up proprely, are taken care of so that a public faci

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

In a message written on Tue, Dec 05, 2017 at 06:49:43AM -0800, Stephen Satchell wrote: > The NSF in particular ran the 'Net like bouncers do in a strip club: > you break the rules, you go. No argument. I'm not sure I've ever seen a more inaccurate description of the NSF. What in the world are y

Re: Suggestions for a more privacy conscious email provider

On Mon 2017-12-04 16:00:11-0700 Grant wrote: > I've been using a VPS as my primary mail server for > 2 years and > have only been black listed once. Even that was a 12 hour automated > listing because I sent one message to an address I had not used in 7 > years, which had since been converted into

Re: Suggestions for a more privacy conscious email provider

I run my own mailserver... ​ On Mon, Dec 4, 2017 at 3:00 PM, Grant Taylor via NANOG wrote: > On 12/04/2017 03:47 PM, Brad Knowles wrote: > >> The concept is sound, but attempting to use your $5 VPS as your outbound >> mail relay is only going to end in pain and tears -- your VPS cannot have >>

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

Thirty years ago I started my sysadmin journey on an Internet that was filled with helpful, experienced people that were willing to share their knowledge. Twenty years ago I was one of three people running CA*net, the cross-Canada research Internet with three connections to the NSFnet. I don't rem

Re: Suggestions for a more privacy conscious email provider

On 12/05/2017 06:38 AM, Edwin Pers wrote: You'd think so, yes. Somehow Google and DO and most other hosting companies manage to do it. Feels like AWS truly doesn't care about it. "Never attribute to malice that which is adequately explained by stupidity, ignorance, or negligence." --based on Ha

Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

On 12/05/2017 02:59 AM, Rich Kulawiec wrote: On Mon, Dec 04, 2017 at 07:38:18PM -0500, Eric Tykwinski wrote: Main point I think is mailops comes with a learning curve, and it happens... "Current Peeve: The mindset that the Internet is some sort of school for novice sysadmins an

RE: Suggestions for a more privacy conscious email provider

>Last week we found out that Helpscout sends email from AWS servers. Ouch. I'm in the same boat as you are - three of our biggest suppliers have all their public-facing stuff hosted on AWS, including their email smarthosts. None of them have static addresses. >This is incorrect reasoning. Bec

Re: Suggestions for a more privacy conscious email provider

On Mon, Dec 04, 2017 at 07:38:18PM -0500, Eric Tykwinski wrote: > Main point I think is mailops comes with a learning curve, and it happens... "Current Peeve: The mindset that the Internet is some sort of school for novice sysadmins and that everyone *not* doing stupid dang

Re: Suggestions for a more privacy conscious email provider

You can cut down significantly on SPAM by simply dropping any email with a gtld which didn't exist prior to 2001. Give it a try! On Dec 4, 2017 22:57, "Stephen Satchell" wrote: > On 12/04/2017 06:47 PM, Lyndon Nerenberg wrote: > >> Last week we found out that Helpscout sends email from AWS serve

Re: Suggestions for a more privacy conscious email provider

On 12/04/2017 06:47 PM, Lyndon Nerenberg wrote: Last week we found out that Helpscout sends email from AWS servers. Thank you, Helpscout, for forcing me to lift the AWS blocks on my incoming MTAs, that were cutting down my incoming spam scanning load by a factor of two. At least. If I may m

Re: Suggestions for a more privacy conscious email provider

On 12/04/2017 02:06 PM, Grant Taylor via NANOG wrote: Namely, when I ran my server at home, it took a search warrant to legally enter my house to access the server, which I would be immediately made aware of.  I can't say the same with the same degree of certainty for a server located in a co-l

Re: Suggestions for a more privacy conscious email provider

On Dec 4, 2017, at 5:22 PM, Naslund, Steve wrote: > There are all kinds of factual issues with the arguments in the referenced > document. > > 1. During Desert Storm I personally sent hundreds of STU-IIIs to the > sandbox. They didn't go in diplomatic pouches, they went as Air Force cargo >

Re: Suggestions for a more privacy conscious email provider

In article <0f7a39b9-efee-54d6-d449-081c7825c...@spamtrap.tnetconsulting.net> you write: >I was meaning to imply that I believe it would be more difficult to >access the server at my house than at a co-lo / hosting facility. Depends on the hosting facility. My server is in a locked room that us

Re: Suggestions for a more privacy conscious email provider

On 12/04/2017 06:46 PM, John Levine wrote: Your life appears to be much more exciting than the rest of ours. I've been running mail servers in various places including my house for the past 30 years, with no attention from law enforcement at all. I believe my comment "it took a search warrant"

Re: Suggestions for a more privacy conscious email provider

> On Dec 4, 2017, at 3:19 AM, Edwin Pers wrote: > > As an anecdotal aside, approx. 70% of incoming portscanners/rdp bots/ssh > bots/etc that hit the firewalls at my sites are coming from AWS. > I used to send abuse emails but eventually gave up after receiving nothing > beyond "well, aws ip's

Re: Suggestions for a more privacy conscious email provider

In article you write: >On 12/04/2017 02:24 PM, John Levine wrote: >> From your point of view, it's a linux box you can ssh into and manage >> the same way you'd manage linux on a small physical machine. >Namely, when I ran my server at home, it took a search warrant to >legally enter my house

Re: Suggestions for a more privacy conscious email provider

> On Dec 4, 2017, at 6:34 PM, Rich Kulawiec wrote: > > ---rsk > > [1] I don't expect them, or anyone else, to catch everything all the > time. There are always unpleasant surprises. But there is absolutely > no excuse for systemic, chronic abuse, for failure to accept abuse > reports, for fa

Re: Suggestions for a more privacy conscious email provider

On Sun, Dec 03, 2017 at 09:48:02AM -0800, Michael S. Singh wrote: > Will I also need a static IP address in order to connect to the server > from anywhere in the world? Yes. And it will need to be located in an allocation that's known to be static, i.e., a single static address in the midst of a

Re: Suggestions for a more privacy conscious email provider

On Mon, Dec 04, 2017 at 05:59:30PM +, Filip Hruska wrote: > AWS is probably the biggest cloud provider in the world. Of course the > majority of junk is going to be coming from their network, > simply because they are that big. This is incorrect reasoning. Because they're the biggest cloud pr

RE: Suggestions for a more privacy conscious email provider

ot treason my friend just focus on his mission. Steven Naslund Chicago IL -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Brad Knowles Sent: Monday, December 04, 2017 4:55 PM To: valdis.kletni...@vt.edu Cc: nanog@nanog.org; Grant Taylor Subject: Re: Su

Re: Suggestions for a more privacy conscious email provider

On 12/04/2017 03:47 PM, Brad Knowles wrote: The concept is sound, but attempting to use your $5 VPS as your outbound mail relay is only going to end in pain and tears -- your VPS cannot have or build a good enough reputation to get reliable delivery to the big mail providers. You need to use a

Re: Suggestions for a more privacy conscious email provider

On Dec 4, 2017, at 4:51 PM, valdis.kletni...@vt.edu wrote: >> Do I count? I only accused the Director of the NSA of High Treason in >> my letter to the editors of the Communications of the ACM (see >> ). > > Treason fail. What declared enemy of

Re: Suggestions for a more privacy conscious email provider

I'm not personally really worried about this. - I was just calling out that it is a difference. For others that do care. ;-) On 12/04/2017 03:42 PM, Andy Brezinsky wrote: If you're really worried about this, separate your mail storage from the mail transport.  Run an inbound and outbound sm

Re: Suggestions for a more privacy conscious email provider

On Mon, 04 Dec 2017 16:41:55 -0600, Brad Knowles said: > > (Those 6 of you who *are* serious professionals at this can ignore = > that advice :) > > Do I count? I only accused the Director of the NSA of High Treason in > my letter to the editors of the Communications of the ACM (see >

Re: Suggestions for a more privacy conscious email provider

On Dec 4, 2017, at 4:42 PM, Andy Brezinsky wrote: > If you're really worried about this, separate your mail storage from the mail > transport. Run an inbound and outbound smarthost on your $5 VPS to queue up > mail and deliver it back to your house where your long term mail is stored. > This

Re: Suggestions for a more privacy conscious email provider

On Dec 4, 2017, at 4:20 PM, valdis.kletni...@vt.edu wrote: > I'll just remind everybody that if this is a serious component of your threat > model, you probably need to have gotten in touch with some serious > professionals to help set everything up, because it's going to have more > little > got

Re: Suggestions for a more privacy conscious email provider

On 12/04/2017 04:06 PM, Grant Taylor via NANOG wrote: In my naive opinion, there are some subtle differences with where "the linux box you can ssh into" resides. Namely, when I ran my server at home, it took a search warrant to legally enter my house to access the server, which I would be imm

Re: Suggestions for a more privacy conscious email provider

On Mon, 04 Dec 2017 15:06:07 -0700, Grant Taylor via NANOG said: > Namely, when I ran my server at home, it took a search warrant to > legally enter my house to access the server, which I would be > immediately made aware of. I'll just remind everybody that if this is a serious component of your t

Re: Suggestions for a more privacy conscious email provider

On 12/04/2017 02:24 PM, John Levine wrote: From your point of view, it's a linux box you can ssh into and manage the same way you'd manage linux on a small physical machine. In my naive opinion, there are some subtle differences with where "the linux box you can ssh into" resides. Namely, when

Re: Suggestions for a more privacy conscious email provider

In article <37613d30-ae69-9140-5d88-7596857ce...@wadadli.me> you write: >I am considering purchasing a Raspberry Pi and hosting my own, as it >seems worth the experience. However does it require that I have my own >DNS server and a static IP address in order to connect to the mail >server from anyw

Re: Suggestions for a more privacy conscious email provider

y gave up after receiving nothing beyond "well, aws ip's are dynamic/shared so we can't help you" -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rich Kulawiec Sent: Monday, December 4, 2017 2:27 AM To: nanog@nanog.org Subject: Re: Suggestions fo

Re: Suggestions for a more privacy conscious email provider

On 12/03/2017 10:48 AM, Michael S. Singh wrote: I was considering purchasing a Raspberry Pi and setting up my own mail server on it. Would it be capable of running a personal mail server? I am on the Linux Kernel mailing list which receives around 300 emails a day. Is a Raspberry Pi capable of

Re: Suggestions for a more privacy conscious email provider

On Sun, 03 Dec 2017 09:48:02 -0800, "Michael S. Singh" said: > I am on the Linux Kernel mailing list which receives around 300 emails a day. If you're only getting 300 a day, your mail infrastructure is severely broken. As I write this, I've gotten 2,151 mails from linux-kernel so far this month,

RE: Suggestions for a more privacy conscious email provider

Sent: Sunday, December 3, 2017 12:57 PM To: nanog@nanog.org Subject: Re: Suggestions for a more privacy conscious email provider Hi Filip I appreciate the response! Do you host the mail server with a third party provider (e.g Rackspace) or do you have an 'in-house' solution. If you&

Re: Suggestions for a more privacy conscious email provider

Hi Filip I appreciate the response! Do you host the mail server with a third party provider (e.g Rackspace)  or do you have an 'in-house' solution. If you're able to elaborate more on your setup, I would love to read more about it. I am considering purchasing a Raspberry Pi and hosting my own, as

Re: Suggestions for a more privacy conscious email provider

Hi Jean, I appreciate your response. I was considering purchasing a Raspberry Pi and setting up my own mail server on it. Would it be capable of running a personal mail server? I am on the Linux Kernel mailing list which receives around 300 emails a day. Will I also need a static IP address in o

Re: Suggestions for a more privacy conscious email provider

On Mon, Dec 04, 2017 at 11:19:56AM +, Edwin Pers wrote: > As an anecdotal aside, approx. 70% of incoming portscanners/rdp bots/ssh > bots/etc that hit the firewalls at my sites are coming from AWS. Similar observations here. I have found it useful to attempt to enumerate their network allocat

RE: Suggestions for a more privacy conscious email provider

cheap way to get a reliable server (albeit virtual) on decently connected and configured infrastructure. >-Original Message- >From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rich >Kulawiec >Sent: Monday, December 4, 2017 2:27 AM >To: nanog@nanog.org >Subject: Re:

RE: Suggestions for a more privacy conscious email provider

uot; -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rich Kulawiec Sent: Monday, December 4, 2017 2:27 AM To: nanog@nanog.org Subject: Re: Suggestions for a more privacy conscious email provider On Sun, Dec 03, 2017 at 05:08:33PM +, Filip Hruska wrote: >

Re: Suggestions for a more privacy conscious email provider

On Sun, Dec 03, 2017 at 05:08:33PM +, Filip Hruska wrote: > I personally run my own mail server, but route outgoing emails via Amazon > SES. Not a good idea. Amazon's cloud operations are a constant source of spam and abuse (e.g., brute-force SSH attacks), they refuse to accept complaints pe

Re: Suggestions for a more privacy conscious email provider

On 12/03/2017 12:55 PM, Royce Williams wrote: Maybe the OP is interested in outsourcing all of that - letting someone else stay current with patching, spammer tactics, etc. You make a fair point. My point is that it is possible to do yourself /if/ you want to do so. Everyone has to make their

Re: Suggestions for a more privacy conscious email provider

On Sun, Dec 3, 2017 at 10:31 AM, Grant Taylor via NANOG wrote: > On 12/03/2017 10:08 AM, Filip Hruska wrote: > >> It's kind of a pain to manage a mail server. >> > > I disagree. > > I have been running my own mail server for > 15 years and extremely happy > with it. > > I spend less than an hour

Re: Suggestions for a more privacy conscious email provider

On 12/03/2017 10:08 AM, Filip Hruska wrote: It's kind of a pain to manage a mail server. I disagree. I have been running my own mail server for > 15 years and extremely happy with it. I spend less than an hour a month needing to do things to it. Usually that's just the same type of OS upd

Re: Suggestions for a more privacy conscious email provider

It's kind of a pain to manage a mail server. Even if you have SPF, DKIM correctly setup and you are not on any common blacklists, you constantly have to fight for good deliverability - some mail server solutions will simply reject you no matter what. You might be on some obscure blacklist nobod

Re: Suggestions for a more privacy conscious email provider

If you plan to use it for a small group of people, you should consider hosting it yourself. You could set it up with SPF, dkim, dmarc, ipv6. It could be seen as a personal challenge to achieve. Then if you need real privacy, you will need to encrypt with public keys like PGP or S/MIME. You can up

Re: Suggestions for a more privacy conscious email provider

Sort of a side note, but has anyone played with a Magma server? Ladar Levison’s project to create a totally encryption email system. I donated a bit, but have yet found time to beta test anything. Just looking for pro’s/con’s and if it’s even worth spending the time. https://darkmail.info/

Re: Suggestions for a more privacy conscious email provider

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Dec 2, 2017 at 1:35 PM, Michael S. Singh wrote: > I am in need of some suggestions for some privacy conscious email > providers. I am currently using Migadu [...] I use KolabNow, based in Switzerland, for a lot of personal e-mail communic

Re: Suggestions for a more privacy conscious email provider

On Sat, Dec 2, 2017 at 1:35 PM, Michael S. Singh wrote: > I am in need of some suggestions for some privacy conscious email > providers. I am currently using Migadu [...] > However they only allow 10 messages to be sent per day on their free tier. If you aren't paying for it and it's not a demo m

Suggestions for a more privacy conscious email provider

Hi all, I am in need of some suggestions for some privacy conscious email providers. I am currently using Migadu email hosting from Switzerland, basically they allow their users to have as many domains and mailboxes without storage limits without extra cost. However they only allow 10 messages to