Re: [swinog] hotmail requires sender id
Hi I'm still looking for a deeper explanation. The one I found at Microsoft [1] exactly explains SPF as I know and the wizard [2] creates the same records as the wizard on spf.pobox.com. [1] http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx [2] http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx Do you have more information? This documents were very short and summarized Sender-ID very well: Sender ID Framework Executive Overview http://www.microsoft.com/downloads/details.aspx?FamilyId=F23A8DDD-F4DD-4419-B7E0-2B1D189789DBdisplaylang=en Sender ID Framework Deployment Overview http://www.microsoft.com/downloads/details.aspx?familyid=8958AB23-F350-40FE-BA0A-2967B968FD8D%20displaylang=en The Sender ID Framework (SIDF) is the name of the product, not the technology. SIDF uses SPF records and solves some of the problems with forwarding mails and stuff by introducing new mail headers and a new command in the SMTP transaction, which allows you to do all the funky SPF detection stuff even before DATA. Read more on this here: Sender Policy Framework: Authorizing Use of Domains in Mail From http://www.microsoft.com/downloads/details.aspx?familyid=d8a174b1-697c-4aea-9c92-2e70a013c30bdisplaylang=en They have also introduced something called the PRA (Purported Responsible Address) or PRD (Purported Responsible Domain) which basically means where did the mail come from? or more technically: does the From header (and a couple of other mail headers, see spec) match the server the mail came from? And here is the part which is incompatible with Classic SPF. The records are the same, but while Classic SPF ONLY used them to check the envelope from (Return-Path), Sender ID uses the SAME records to check for From. So the records are identical, but the interpretation is different and that can cause major headaches because in some cases it could work, in others not, depending on whether the receiving server interprets them as SPF or as Sender ID. Here's a translation of purported, btw: deutsch: http://dict.leo.org/?search=purported français: http://dict.leo.org/?lp=frdesearch=behaupten Coincidentially, I checked aol.com's SPF record today and I found this. I don't have the full bigger picture yet, but I believe these are Classic SPF records AND a Sender ID record - split up in two TXT records: $ dig +short txt aol.com spf2.0/pra ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all v=spf1 ip4:152.163.225.0/24 ip4:205.188.139.0/24 ip4:205.188.144.0/24 ip4:205.188.156.0/23 ip4:205.188.159.0/24 ip4:64.12.136.0/23 ip4:64.12.138.0/24 ptr:mx.aol.com ?all Note that you don't have to pay anything to use Sender-ID. Microsoft allows anyone to use Sender-ID for free (how generous!), in some cases you need to obtain a licence, tough. While this is free as in beer, it is not free as in speech and therefore it is incompatible with most open source licences: Q5: Who needs to execute a license with Microsoft? A: It's important to note that the license is only relevant to those organisations (ISP, large enterprise) who will be CHECKING e-mails using the PRA check alternative of the Sender ID Framrwork need to secure a license. Those simply publishing their Sender ID records do not need this license. Q7: Does Microsoft's patent licences require me to pay any fees or other royalties? A: No. There are no royalties or other fees associated with Micro- soft's patent license. [..] from Sender ID Framework and Intellectual Property Overview and FAQ http://www.microsoft.com/downloads/details.aspx?familyid=4b1c931a-57cf-40a4-91b0-80e18cfd2be1%20displaylang=en You won't need to obtain any licences if you are only publishing SPF records and want to be compatible with Hotmail. You'll only have to if you use Sender ID technology to check Emails. And even then, it's going to be free. Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] hotmail requires sender id
Hi The Sender ID Framework (SIDF) is the name of the product, not the technology. SIDF uses SPF records and solves some of the problems with forwarding mails and stuff by introducing new mail headers and a new command in the SMTP transaction, which allows you to do all the funky SPF detection stuff even before DATA. Read more on this here: Whoops sorry, wrong PDF. Here we go: SMTP Service Extension for Indicating the Responsible Submitter of an E-mail Message http://www.microsoft.com/downloads/details.aspx?FamilyId=8FE5AAF3-6E5B-478C-9303-6E1E9BBEC94Ddisplaylang=en Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] hotmail requires sender id
Hi http://www.microsoft.com/downloads/details.aspx?FamilyId=8FE5AAF3-6E5B-478C-9303-6E1E9BBEC94Ddisplaylang=en Reminds me: microsoft.com is definately not Cool URI compliant :) http://www.w3.org/Provider/Style/URI.html Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: AW: [swinog] swisscom dsl down?
Hi Rund eine Million ADSL-Kunden für 30 Minuten ohne Internet Took them longer to fix in Basel than in Lausanne: http://daniel.lorch.cc/tmp/TiscaliBasel_mini.png http://daniel.lorch.cc/tmp/TiscaliLausanne_mini.png Lucky, I didn't get up until 10:30 :) Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Re: swinog Digest, Vol 7, Issue 6
Hi People on this mailing list run switzerland's internet, but are not able to configure an auto responder. omg we're all so pwned.. Daniel Peter Leuzinger wrote: Sehr geehrte(r) Damen und Herren Besten Dank für Ihre eMail ! Ab Samstag, 20. August bis Sonntag, 4. September 2005 bin ich ferienabwesend. Bitte kontaktieren Sie in der Zwischenzeit für technische Belange Herrn Jan Elmer, [EMAIL PROTECTED]; für verkaufsorientierte und administrative Themen Herrn Sasha Arn, [EMAIL PROTECTED] Ab Montag, den 5. September 2005, freue ich mich sehr, Ihnen eine baldmöglichst Antwort zu geben. Besten Dank, und mit freundlichen Grüssen Thank you for your message. I am out of office from August 20 until September 4 and will not be able to check my mail box. ONLY, in case of any urgent technical matter, please contact: Jan Elmer, [EMAIL PROTECTED] - Tel. +41. 44 204 16 93 (direct). Best regards Peter Leuzinger, MBA Key Account Management Speednames GmbH - Staffelstrasse 10 - CH-8045 Zürich Tel. +41. 44 204 16 80 Fax. +41. 44 204 16 81 ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Facture from Switch
Hi Truth to be told, the Switch fee's are pure rip off compared to the big registries. But then again, nearly everything in Switzerland falls into that category... And they can't even do bulk updates .. maaan! planned for 2006 *ç%/(é£ Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Autoresponder
Hi OK, its requires skills and of course some technical magic to configure something as complex as a mailclient correctly. But for all those who are unwilling or unable to fullfill this job on their own there *is* in fact a solution to this problem. It is (astoundingly enough) possible to use more than one email account for exchangeing electronic mail. You don't need multiple mail accounts. There is Precedence: {bulk|list} for a reason. Have a look into your wiki (or procmailex(5) for everyone else), there's an autoresponder which does not reply to properly configured mailing lists. Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Facture from Switch
Hi We also did it in the past, but NOW switch has NO tool to handle that. :-(I've been told last week, that the bulk-update-tool in fact is planned for 2006. We had to manually update loooads of domains manually last week. I've also noticed that the whois service is rate-limited now. Even only a few successive whois-requests will lock you out for an indefinite amout of time. Whitelisting an IP is not possible, according to their helpdesk. The only solution is to use the whois-is-service, which only gives information on the availability of a domain. Oh well, I guess all the new features need some getting used to. You need to give them some credit for the new website, though, I think it looks very pretty. Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] WasserschadenOutage of Swisscom lines
Hi Aufgrund eines Rohrbruchs liegt die Hardstrasse teilweise unter Wasser. Unser Telefonsystem ist daher ausser Betrieb und im Falle eines Notfalls, bitte ich sie eine E-Mail zu senden an, [EMAIL PROTECTED] oder mich direkt auf dem Handy anzurufen. Here are the pictures: http://verkehr.pipeline.ch/index-l.html Hardbrücke Nord seems to show the water. Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] F-Secure Network Control
Hi anyone using this? This box will monitor traffic from end-users at the network edge, automatically denying offending computers access to the network. Those using too much bandwidth or operating as spam zombies will automatically get redirected to a self-help web page, explaining what they have to do (like clean your PC - install patches!) in order to regain network connectivity. http://www.f-secure.com/weblog/archives/archive-122005.html product website: http://www.f-secure.com/products/fsnc/ Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Server doesn't listen/answer on port 53 for TCP protocol
Hi But this is completely independent of the checks performed by the domain name registry. Is AXFR a requirement or not? Your FAQ doesn't say anything, your helpdesk doesn't respond, please, I need to know :) Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Cablecom Internet Port 25
Hi Ich stell die Frage schnell auf Deutsch. Hat die Cablecom den Ausgang auf für SMTP raus neu gesperrt. Wir haben diverse Hispeed Kunden, die Mails nicht mehr per SMTP über unsere Server senden können. Zur Zeit sind es 3 Reklamationen alles CC Kunden (Cabelmodem). Andere Kunden ADSL haben keine Probleme. Sollte dies der Fall sein, gibt es irgendwelche Work Orrounds??? Ja, es nennt sich Message Submission. Das ist quasi SMTP auf einem anderen Port. Zur Zeit gibts ja zwei Arten von SMTPs: Einer, der empfängt und einer der Weiterschickt (das Relaying), beide sind auf Port 25. Ich glaube das passende RFC dazu ist http://www.ietf.org/rfc/rfc2476.txt Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Cablecom Internet Port 25
[EMAIL PROTECTED] wrote: Tja das hat leider auch diverse Probleme. So bleiben die Mails in diversen Spamfiltern hangen. Einerseits weil der CC Server in einigen Blacklisten ist. 2. Da der Absendercheck nicht stimmt. Deshalb müssten die Kunden über unseren Server senden. Das mit dem smtp von CC gibt mehr ärger als einem lieb ist... Ich vermute es ist eine Anti-Spam-Massnahme à la Fredy's http://dial-spam-block.sourceforge.net/ . Im Prinzip eine gute Sache! Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] More Speed with ADSL
Hi Private und Firmen profitieren von noch schnelleren Datenverbindungen: In den kommenden Monaten erhöht Swisscom Fixnet Wholesale die Bandbreiten für ADSL-Anschlüsse je nach Angebot um mehr als das Dreifache. TechnologieProfil bisherProfil ab Mitte März 2006 ADSL Privat150/50 150/50 600/100 2000/100 1200/200 3500/300 2400/200 5000/300 ADSL Business 300/300 300/300 600/500 600/600 1200/500 4000/600 2400/500 6000/600 http://www.swisscom.com/GHQ/content/Media/Medienmitteilungen/2006/20060111_01_erhoehung_adsl_bandbreiten.htm?lang=de via: Gabriel Ambuehl Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Relay bluewin.ch
Hi bluewin.ch bluwin.ch have the same MX record... ;-) Which doesn't mean that the mailserver will accept mails for both domains :) btw: bluwin.ch used to belong to Datacomm along time ago. Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] guetesiegel.simsa.ch
Hi $ telnet guetesiegel.simsa.ch 80 Trying 212.71.111.25... telnet: connect to address 212.71.111.25: Connection refused telnet: Unable to connect to remote host I'm starting to doubt the actual value of this $$$ certificate :) Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Firefox AS Number Extension
Hi The AS Number Extension displays the AS Number, and consequently the Internet Service Provider, of every website visited along with some additional interesting information for those interested in how the Internet works below the shiny surface. http://www.asnumber.networx.ch/ as seen on: http://www.blogg.ch/index.php?/archives/314-Neues-ASNumber-Firefox-Plugin-von-networx.ch.html Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Firefox AS Number Extension
Hi as seen on: http://www.blogg.ch/index.php?/archives/314-Neues-ASNumber-Firefox-Plugin-von-networx.ch.html And seen before on Swinog. Sorry for the dupe :) I checked my RSS-Feeds before I read my mail. Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] ASNumber Extension for Firefox
Hi You can download the extension here (a screenshot is available too): http://www.asnumber.networx.ch And for everyone who does not have Firefox http://eu.asnumber.networx.ch/asnumber/asnum?ip=216.239.51.99 Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] 10'000/1'000 Cable Access
Hi 10'000/1'000 Kbps cable access here in lausanne for monthly 125 CHF (or 104 CHF with yearly payment). And how's the other side of the barrière de roesti doing? Still at 6000/600? http://www.citycable.ch/modules/news/ Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Job @ nine.ch (Draft)
Hi, nine.ch is hiring! There is a job available as a network engineer: http://www.nine.ch/job.php As always, there is an online assessment available, which is open to everyone. If you enjoy linux system administration and want to solve problems that have all been derived from real-world situations, feel free to send us your public ssh key to the mail address mentioned in the url above. The number of seats are limited, so we are going to prioritize real applicants. After the assessment has finished (and we have found our candidate) we will publish the solution along with all the files necessary to set up the assessment under an open licence. -- Kind regards, Daniel Lorch Nine Internet Solutions AG, nine.ch Binzmuehlestrasse 78a, CH-8050 Zuerich Tel +41 44 481 16 42, Fax +41 44 481 16 43 ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Job @ nine.ch (Draft)
Hi s/Draft//g :) Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Reading list as RSS feed
Hi It needs a Flash interface of course, with live XML updates of the articles. SOAP everywhere. You must see other people typing. And it must blink. It has to be enterprise ready [1], otherwise I'm not going to use it! [1] http://thedailywtf.com/forums/thread/64597.aspx Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Reading list as RSS feed
Hi convert email to RSS: why and how Why do we need that? RSS is a unidirectional, read-only, non-threaded (as in message-threads) medium. RSS is anonymous, whereas Swinog is a community und subscribing to the mailing list makes you a member. RSS offers less features with less comfort. RSS is a fuzzy standard (use Atom instead!). So could we just stop the discussion? The only advantage I could see is that we won't get autoresponder messages anymore (until someone invents RSS autoresponders, of course..). Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] SDSL
Hi Depending on your budget and application, you can use two Linux or *BSD based machines with some SDSL Bridges (e.G. ZyXEL), [..] Here's some information on how to do this with GNU/Linux: http://lartc.org/howto/lartc.loadshare.html Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Providers supporting TLS (for SMTP, POP, IMAP, ...)?
Hi From a cryptographical point of view, this would be a dangerous setup. You're transmitting the same message encrypted (local MX - Client) as well as unencrypted (sending MX - local MX). This leaves you open to a known plaintext attack against your server's private key, because it gives you an opportunity to gain more and more information about the key in use, and all you have to do is send regular-looking SPAM to the user. Are you sure? Isn't that exactly the point of asymmetric cryptography? The way I see it, TLS and SSL work like this (analogous to PGP): 1. The client connects to the server and obtains the server's public key. The public key is a mathematical recipe to encode (but not decode) a message for a specific recipient. 2. Using this public key, the client encodes the message (cleartext - ciphertext). Now the interesting part is, that the client isn't able to decode this cipher text he just encoded, because he doesn't have the private key (that's why it is also necessary to always encrypt PGP messages to yourself, otherwise you won't be able to read them later on in your sent box). 3. The cipher text is transmitted to the server where it is decoded using the private key. I could now connect to the mail server, obtain the public key and generate as many cleartext/ciphertext pairs as I want and I still would not be able to guess the private key from that information. If what you are saying were true, we at least had an explanation for all that nonsense spam. But it would leave is with a lot of other problems. Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Providers supporting TLS (for SMTP, POP, IMAP, ...)?
Hi SMTP/TLS does not encrypt individual messages - as it's name implies, it works on the *transport* layer. And there, the public key exchange is used to agree on a symmetric session key. PGP works the same way. The data is encrypted using a random symmetric key, then this symmetric key is encrypted asymmetrically for each recipient. That's why it's possible to send the same message to multiple recipients, without having to encrypt the same data multiple times. Symmetric encryption is also significantly faster. Therefore, everything that applies to SSL/TLS should also apply to PGP - at least from my understanding. Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] smtp attacks
Hi The problem was made worse by the fact that we had left the response code for a reject due to unknown recipient as 4xx, so naturally one of these emails resulted in many connection attempts if they came from a real mail server (as opposed to a zombie). At one point we were up to 500 connections per minute. The solution (in our case) was to set the response code to 5xx and accept the risk that mail will be rejected if the backend LDAP containing the mailbox names goes offline. What's really funny is when you set the MX of the domain to 127.0.0.1, so the mails bounce back to the postmaster of the offending server(s). Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] sFlow
Hi The 23rd CCC event videos are finally available. This could be interesting to anyone who needs to monitor 100 Gb/s of traffic. http://events.ccc.de/congress/2006/Fahrplan/events/1644.en.html Video: ftp://ftp.stw-bonn.de/pub/23C3/video/23C3-1644-en-sflow.m4v I haven't watched it yet, so no idea whether it's any good. Daniel ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Re: blocking ports?
Hi This is what I was saying to the guys here at my work. We just need a small proof that the customer isn't a spammer and we open it up. However, most of our customers are less-technical savy home folks. Did you have to prove to your ISP that you weren't spamming? If so, how did they have you do that? There is a passive OS fingerprinting module for iptables (see http://ippersonality.sourceforge.net/). How about treating connections differently depending on the OS they're coming from? if(windows) then block else allow? :) Or is the OS fingerprint lost through NAT? I don't know. Daniel ___ swinog mailing list [EMAIL PROTECTED] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog