Re: [swinog] SwiNOG-BE69 - Beer Event 69 - 5th of Janu ary 2009 @ Le Dézaley / ZH

2008-12-28 Diskussionsfäden Adrian Ulrich
Sorry for getting off-topic .. but...

 23:59:60 is the same (if wold exist) like 00:00:00 and this is the New
 year...

No: 23:59:60 is not the same as 00:00:00

 http://hpiers.obspm.fr/eoppc/bul/bulc/bulletinc.dat

So 31.12.2008 will be 86401 seconds long instead of 86400 seconds.

But anyway.. your good old wall-clock (or ntp server ;-) ) doesn't care :)


Regards,
 Adrian
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] SwiNOG-BE69 - Beer Event 69 - 5th of Janu ary 2009 @ Le Dézaley / ZH

2008-12-27 Diskussionsfäden Adrian Ulrich
 Registration deadline:31.12.2008 23:59:59

klugscheiss
 2008 is a 'leap-second-year' [1] and ends at 23:59:60, *NOT* at 23:59:59 :-p
/klugscheiss

Regards,
 Adrian


1: http://en.wikipedia.org/wiki/Leap_second
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] Netclean - news

2008-12-10 Diskussionsfäden Adrian Ulrich

 Filtering locally simply means stopping end users to access illegal sites.
 Ok, but the sites are still there and everybody else will still have access !

Yes, but i'm sure that the 'local' netclean box can log IPs of people who 
attempted
to access such illegal sites (such as Wikipedia)
So whenever your goverment goes into

  get_some_good_press(pretend_to_protect_kids());

mode, punishing people will be much easier than before.


 Just because some ISPs will filter-out those sites will not reduce the amount 
 of kids being abused.

I agree. They should punish people who:

 - Produce such content
 - Pay for such content

...but starting to block random sites is just silly: It didn't work when they
started to use DNS and it won't work this time either...


Regards,
 Adrian

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] Bluewin SMTP Policy

2008-06-13 Diskussionsfäden Adrian Ulrich
Hi Roger,

 Now we found out that bluewin doesn't allow authenticated smtp-relay
 from users outside their ip-range, so all our customers with
 bluewin-mailadresses would have no smtp-server available.

That's not entirely correct:

smtpauth.bluewin.ch will relay mails from non-bluewin-ip-ranges IF the 
mailaccount belongs
to a non-free Bluewin/Swisscom 'Abo'.

  
+---+
  | Pay account (= Mailaccount| - Can use mail.bluewin.ch from 
bluewin-range  |
  | is 'attached' to an ADSL abo  | - Can use smtpauth.bluewin.ch from 
EVERYWHERE |
  
+---+---+
  | Free account  | - Can use mail.bluewin.ch from 
bluewin-range (of course..)|
  |   | - Can use smtpauth.bluewin.ch from 
bluewin-range  |
  |   | - Can NOT use smtpauth.bluewin.ch from 
non-bluewin IPs|
  
+---+---+

Otherwise spammers would open 100th's of free accounts and use them to send 
spam from
non-bluewin IPs :-/


Regards,
 Adrian
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] Bluewin SMTP Policy

2008-06-13 Diskussionsfäden Adrian Ulrich
Hi,

 Thank you for clearing this up. So we have to give bluewin-users with
 free bluewin mail-accounts an smtp-account on our servers  I think.

Well, they could call our helpdesk and ask them to disable the
'Restricted IP-Range' feature for a specific mailaccount.

Our helpdesk will disable it as long as:
 #1: The user asks us to do it ;-)
 #2: His postal-address or telephone-number has been verified


 I see the problem, but perhaps something like a captcha would also be
 sufficient to prevent this.

It wouldn't prevent it, it just makes it harder. (Some spammers don't even use
bots to create accounts. Using real people appears to be cheaper sometimes..)


Regards,
 Adrian



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] Has Bluewin a DNS Problem

2008-03-26 Diskussionsfäden Adrian Ulrich
Hi,

 Bluewin does a reverse DNS lookup on your IP (195.141.232.78),

..yes

 Bluewin does a normal forward DNS lookup, using the result from the
 above query.

we don't.

The resolver implementation of our MTA software appears to have a problem
with truncated UDP responses.
(Btw: Why do you have such a lenghty PTR record for 195.141.232.78 ?)

I'm about to implement a workaround for this issue.


Regards,
 Adrian
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: AW: [swinog] Problems reaching large Websites

2008-01-28 Diskussionsfäden Adrian Ulrich

 dell.com works, but try any other host that is being contacted while loading 
 www.dell.com and is hosted by akamai, such as i.dell.com

No problem via Bluewin-DSL:

$ telnet i.dell.com 80
Trying 212.243.223.139...
Connected to i.dell.com (212.243.223.139).
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 187
Expires: Mon, 28 Jan 2008 17:05:56 GMT
Date: Mon, 28 Jan 2008 17:05:56 GMT
Connection: close


(Bad Request ? WTF?)

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: AW: [swinog] dns1.bluewin.ch not replicating

2008-01-25 Diskussionsfäden Adrian Ulrich

 ok, but why is there no answer?

Does 194.42.48.120 work correctly?

Regards,
 Adrian



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] bluewin mail servers load balancers don't like AAAA - breaks email

2007-10-31 Diskussionsfäden Adrian Ulrich
Hi Jeroen


 ;; -HEADER- opcode: QUERY, status: REFUSED, id: 22394
 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

We are aware that ns.bwlbmsg1zhh.bluewin.ch. doesn't play well with IPv6
(and we also know that some lb-vendors are not able to fix such simple bugs).


 And tada, my sweet postfix/bind/powerdns combo will give up on it as
 there is clearly no answer to be gotten for that hostlabel.

[EMAIL PROTECTED]:~$ dnsmx bluewin.ch
10 mxbw.bluewin.ch-- ns.bwlbmsg1zh[hb].bluewin.ch
42 mxzhh.bluewin.ch   -- dns[1234].bluewin.ch
42 mxzhb.bluewin.ch   -- dns[1234].bluewin.ch
66 mx49.bluewin.ch-- dns[1234].bluewin.ch

Why doesn't your postfix/bind/powerdns combo use mxzhb/mxzhh ?

Regards,
 Adrian


-- 
 RFC 1925:
   (11) Every old idea will be proposed again with a different name and
a different presentation, regardless of whether it works.

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] SMS alerting solution

2007-08-03 Diskussionsfäden Adrian Ulrich

 It's a little expensive if you have many SMS'es - does anyone know who
 to contact (e.g. at Swisscom) to get a package-deal with a direct TCP
 interface?

You are looking for an 'SMSC Large Account'

 http://www.swisscom-mobile.ch/scm/gek_sms_large_account-de.aspx

You'll get your own 'short id' and will be able to
send and receive messages from / to mobile phones using
UCP/EMI.


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] spamhaus.org

2007-06-22 Diskussionsfäden Adrian Ulrich

 Is there someone left who uses them to reject mails on smtp level?

Yes, we are still using Spamhaus.org on our MX servers, but we are using the
rsync feed and we are able to whitelist IPs within a few seconds.

Anyway:
  http://www.spamhaus.org/sbl/sbl.lasso?query=SBL55483 is still there
  but the SBL entry itself has vanished:

$ grep 192.174.68.0 sbl
#192.174.68.0/32 $055483

(- http://www.spamhaus.org/organization/statement.lasso?ref=7)

 any opinions on the game [1] that spamhaus.org is playing?

Blocking nic.at was not nice but refusing to delete domains just used
for phising is also not very clever...

Regards,
 Adrian
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] Exchange Servers having problems with SMTP 4xx temporary failures?

2007-04-12 Diskussionsfäden Adrian Ulrich
Hello Benoit,

 Have other seen this behaviour of exchange servers

Yes. One of our MX servers somehow managed to loose the connection to
the ldap server (didn't dare to re-establish it) and only returned
(valid) tempfail messages.

Sending mails from Exchange (internal messaging system) to this MX
server produced the same strage error messages.

Using snoop i could verify that the MX server did NEVER send a 550
error to the exchange server.


 and know how to prevent it?

No idea.


 The strage thing is this only seams happens occasionaly.

In my case it happened always.

Regards,
 Adrian
___
swinog mailing list
[EMAIL PROTECTED]
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] Re: blocking ports?

2007-04-11 Diskussionsfäden Adrian Ulrich

 Seems to me that the benefit of cutting down on Spam would be worth the 
 trouble of using port 587...

Blocking port 25 is just a quick-n-dirty 'fix'.

What will happen when virus-writers are going to spam using 587 (The
credentials are stored on the users PC anyway..)?

What would people do to stop blog-spamming? Blocking port 80 sounds
like fun.


Spam will be there as long as you can make money with it.

-- 
 RFC 1925:
   (11) Every old idea will be proposed again with a different name and
a different presentation, regardless of whether it works.

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] to SPF or not to SPF

2007-02-19 Diskussionsfäden Adrian Ulrich
 would they not then block official port 587 as well as port 25?
 That was the position I heard the 'customer service rep' take the last
 time I tried to solve such a problem through appeal to bureaucratic 
 sensibility.  

There isn't really a (valid) reason to block port 587:

Blocking outgoing connections to port 25 may be done in order to block
some zombie-networks (but IMO this is just silly.. will they also block port 80
soon to stop this blog-spamming? .. anyway ..)

..but you cannot spam using port 587 (unless you've been hijacking a
valid account):

An smtpd running on port 587 must not accept mails from unauthenticated
clients for any recipients:

 Connected to smtpauth.bluewin.ch.
 220 tr12.bluewin.ch ESMTP Service (Bluewin 7.3.121) ready
 helo bla
 250 tr12.bluewin.ch
 mail from:
 530 authentication required for mail submission


..only MUA/MSAs are supposed to use port 587.

Regards,
 Adrian

(Did anyone ever see/know an ISP blocking 587 ?)


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] to SPF or not to SPF

2007-02-18 Diskussionsfäden Adrian Ulrich

 So I would suggest offering SMTP (AUTH) support on ports 25 and 26, just to
 be sure.

No no no.

RFC: 2476:

| 3.  Message Submission
| 3.1.  Submission Identification
|
|   Port 587 is reserved for email message submission as specified in
|   this document.  Messages received on this port are defined to be
|   submissions.  The protocol used is ESMTP [SMTP-MTA, ESMTP], with
|   additional restrictions as specified here.
|
|   While most email clients and servers can be configured to use port
|   587 instead of 25, there are cases where this is not possible or
|   convenient.  A site MAY choose to use port 25 for message submission,
|   by designating some hosts to be MSAs and others to be MTAs.

Port 587 has been widely deployed:

 $ telnet smtpauth.bluewin.ch 587
 $ telnet mail.gmx.net 587
 $ telnet smtp.gmail.com 587

Inventing new ports  1024 is just plain wrong.



-- 
 RFC 1925:
   (11) Every old idea will be proposed again with a different name and
a different presentation, regardless of whether it works.

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] to SPF or not to SPF

2007-02-14 Diskussionsfäden Adrian Ulrich
 And why not using the existing authentication protocol on outgoing smtp 
 server ? So the sender can use the smtp server of the provider of its 
 email address from any network and SPF can work without any problem.

How would this solve the forwarding problem?

And how are you going to teach everybody to stop doing something that
has been working fine for years?

Just have a look at
 http://old.openspf.org/srspng.html

Yieks!




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: AW: [swinog] Mail Server suggestions

2006-12-22 Diskussionsfäden Adrian Ulrich
Hi,

 The only thing coming close to it in scalability is Critical Path.

Does the windows version of Critical Path still exist? ;-)

After all it's a good/stable product.
(Well: i dislike the CP-smtpd .. it works unless you try to do
 anything funky .. but replacing it with postfix/qmail isn't a problem)


 Both Yahoo Mail and Google Mail (Gmail) started off the qmail-ldap
 code base.

gmail used the qmail codebase? Do you have any reports/documentation
about this?

AFAIK they wrote the smtpd from scratch. Porting qmail to googles
non-posix GoogleFileSystem doesn't sound like fun and in the early
days it had a few bad quirks.. (like: sending long strings crashed
googles smtpd)


Regards,
 Adrian



-- 
My Wii-Code: 8617 9203 7763 4567

A. Top posters
Q. What's the most annoying thing on Usenet?
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog


Re: [swinog] [EMAIL PROTECTED] - anyone from bluewin in here?

2006-03-07 Diskussionsfäden Adrian Ulrich

 Can anyone please delete them and block the sender's address 
 [EMAIL PROTECTED]

Done: 
 [EMAIL PROTECTED] is now blacklisted on mail.bluewin.ch
 and i'm about to clean our queue.

 Regards,
  Adrian



 
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog