[swinog] Advice after hoax

[Daniel Kamm]

Hey mates,

Sorry for off topic, but I've just got hoaxed by someone by adding one 
of my email addy to quite a number of newsletter lists, manually. Though 
most of them are on opt-in nicely. Seems like I've tread on someones 
toes lately.


However, I am quite curious who it was or, at least, how far infos can 
be discovered. I know, that a legal complaint must be opened that 
information can be disclosed. But what is the reason for the complaint? 
Rather not "Urkundenfälschung" I guess, but what?


Anyone has similar experience and is able to share? Or an advice for the 
complaint? Thanks for your PM.


Best regards,
 - Dan

PS: None of the "Welcome" mails disclose the source IP in any part of 
the message.



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Zukunft von Abuse Desks

[Daniel Kamm]

On 19.03.2016 22:35, Gregor Riepl wrote:

Oder ein Script basteln das das Captcha löst und automatisiert das
Abuse-Formular ausfüllt...


Yes!! Automatically spamming Hotmail Abuse Desk with IP removal requests 
for 127.0.0.0/8. Go ahead please!


Regards,
 - Dan



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Bluewin MX Protocol Errors

[Daniel Kamm]

Many thanks to Marcel Gschwandl, we are still investigating together the
root cause for these problems.

For a workaround, try to disable TLS for @bluewin.ch and @bluemail.ch

Postfix/main.cf
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

# cat tls_policy
bluewin.ch none
bluemail.ch none

Bests,
 - Dan

On 03.11.2015 09:43, Skwar Alexander wrote:
> Hallo
> 
> Ja, wir haben da seit dem 2. November auch ein paar. 
> 
> 
> 
> (ep01-zcs-prod ) 0 # egrep 
> 'relay=mxbw.lb.bluewin.ch.*status=bounced.*Protocol error' /var/log/maillog | 
> wc -l
>   27
> (ep01-zcs-prod ) 0 # bzegrep 
> 'relay=mxbw.lb.bluewin.ch.*status=bounced.*Protocol error' 
> /var/log/maillog.0.bz2 | wc -l 
>   71
> (ep02-zcs-prod ) 0 # egrep 
> 'relay=mxbw.lb.bluewin.ch.*status=bounced.*Protocol error' /var/log/maillog | 
> wc -l
>   24
> (ep02-zcs-prod ) 0 # bzegrep 
> 'relay=mxbw.lb.bluewin.ch.*status=bounced.*Protocol error' 
> /var/log/maillog.0.bz2 | wc -l 
>   63
> (ep03-zcs-prod ) 0 # egrep 
> 'relay=mxbw.lb.bluewin.ch.*status=bounced.*Protocol error' /var/log/maillog | 
> wc -l
>   24
> (ep03-zcs-prod ) 0 # bzegrep 
> 'relay=mxbw.lb.bluewin.ch.*status=bounced.*Protocol error' 
> /var/log/maillog.0.bz2 | wc -l 
>   64
> (ep04-zcs-prod ) 0 # egrep 
> 'relay=mxbw.lb.bluewin.ch.*status=bounced.*Protocol error' /var/log/maillog | 
> wc -l
>   10
> (ep04-zcs-prod ) 0 # bzegrep 
> 'relay=mxbw.lb.bluewin.ch.*status=bounced.*Protocol error' 
> /var/log/maillog.0.bz2 | wc -l 
>   45
> 
> 
> Von insgesamt:
> 
> (ep01-zcs-prod ) 0 # egrep 'relay=mxbw.lb.bluewin.ch.*status=sent' 
> /var/log/maillog | wc -l
>  140
> (ep01-zcs-prod ) 0 # bzegrep 'relay=mxbw.lb.bluewin.ch.*status=sent' 
> /var/log/maillog.0.bz2 | wc -l 
>  602
> (ep02-zcs-prod ) 0 # egrep 'relay=mxbw.lb.bluewin.ch.*status=sent' 
> /var/log/maillog | wc -l
>  149
> (ep02-zcs-prod ) 0 # bzegrep 'relay=mxbw.lb.bluewin.ch.*status=sent' 
> /var/log/maillog.0.bz2 | wc -l 
>  582
> (ep03-zcs-prod ) 0 # egrep 'relay=mxbw.lb.bluewin.ch.*status=sent' 
> /var/log/maillog | wc -l
>  122
> (ep03-zcs-prod ) 0 # bzegrep 'relay=mxbw.lb.bluewin.ch.*status=sent' 
> /var/log/maillog.0.bz2 | wc -l 
>  625
> (ep04-zcs-prod ) 0 # egrep 'relay=mxbw.lb.bluewin.ch.*status=sent' 
> /var/log/maillog | wc -l
>  138
> (ep04-zcs-prod ) 0 # bzegrep 'relay=mxbw.lb.bluewin.ch.*status=sent' 
> /var/log/maillog.0.bz2 | wc -l 
>  584
> 
> 
> 
> 
> Wir nutzen:
> 
> (ep01-zcs-prod ) 0 # pkg info | grep postfix
> postfix-2.11.3_3,1 Secure alternative to widely-used Sendmail
> 
> Grüsse
> Alexander
> 
> 
> 
> 


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

[swinog] Bluewin MX Protocol Errors

[Daniel Kamm]

Do any other also got troubles in messaging @bluewin.ch customers?

Nov  2 14:32:54 postfix/smtp[8102]: : to=,
relay=mxbw.lb.bluewin.ch[195.186.99.50]:25, delay=0.07,
delays=0/0/0.03/0.03, dsn=5.5.0, status=bounced (Protocol error: host
mxbw.lb.bluewin.ch[195.186.99.50] said: 250 2.0.0 RCPT TO accepted (in
reply to DATA command))

TIA
 - Dan



___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] www.bluewin.ch not on DNS. Monitored from 2 locations. Anyone else?

[Daniel Kamm]

Uhu!

On 06.04.2014 02:48, Matthias Hertzog wrote:

$ ping www.bluewin.ch
ping: cannot resolve www.bluewin.ch: Unknown host

The authoritative nameserver do not answer:

adnso1.bluewin.ch [195.186.196.180]
adnso2.bluewin.ch [195.186.196.190]
adnsz1.bluewin.ch [195.186.145.180]
adnsz2.bluewin.ch [195.186.145.190]


So that's why a customers VPN tunnel vanished. Another possibility to 
wake up techie collegues...


Regards,
 - Dan




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Blocking Malware distribution sites

[Daniel Kamm]

Dear Serge

On 11/11/2010 08:22 AM, Serge Droz wrote:
 From different third parties we receive a fairly large number of URLs in
 .ch/.li ccTLDs which distribute malware. We're talking a few hundred URLs per
 week. In a first step SWITCH verifies that this claim is true.

On the first glance, this seems to be a neat thing. But then again, who
decides if 'something' is considered to be malware or not? This actually
could be mistreated to a cencorship on DNS level.

My 0.02€.

Regards,
 - Dan


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Blocking Malware distribution sites

[Daniel Kamm]

On 11/11/2010 11:01 AM, Martin Jaggi wrote:
 You did mention AEFV SR784.104. Art 14bis requires Switch to do this:
 
 Die Registerbetreiberin muss einen Domain-Namen blockieren und die 
 diesbezügliche Zuweisung zu einem Namenserver aufheben:
 
 a.
 wenn der begründete Verdacht besteht, dass dieser Domain-Name benutzt wird:
 1.
 um mit unrechtmässigen Methoden an schützenswerte Daten zu gelangen, oder
 2.
 um schädliche Software zu verbreiten, und
 b.
 wenn eine in der Bekämpfung der Cyberkriminalität vom BAKOM anerkannte Stelle 
 die Blockierung beantragt hat.
 
 Source: http://www.admin.ch/ch/d/sr/784_104/a14bist.html 

Neither Serge nor Martin is noticing the next paragraph:

2 Wenn die Bedingungen gemäss Absatz 1 Buchstabe a erfüllt sind, aber
der Antrag auf Blockierung einer Stelle gemäss Absatz 1 Buchstabe b
fehlt, kann die Registerbetreiberin für höchstens fünf Werktage einen
Domain-Namen blockieren und die diesbezügliche Zuweisung zu einem
Namenserver aufheben. Nach Ablauf der festgelegten Frist hebt sie jede
Massnahme auf, die nicht durch einen Antrag einer Stelle gemäss Absatz 1
Buchstabe b bestätigt wird.

So this is only a temporary blockage of at max 7 days. After this
periode, the zone file must be delegated again. If DNS caches are not
flushed or overriden within this time, this non-delegation is futile.

But what really makes me angry is, that Swiss parliament agreed in self
judgement of a third party company. It really seems, that our parliament
needs more technical understanding.

 - Dan


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Internet connectivity maps for 2000 from Sunrise and (gasp) Nextra

[Daniel Kamm]

Hi Thomas,

After some googling, I've found it:

David Meyers BGP archive for University of Oregon:
* http://www.routeviews.org/
* http://archive.routeview.org/

The 'sh ip bgp' archive goes back to 1997'.

HTH
 - Dan


Am 5/18/10 4:17 PM, schrieb Thomas Kernen:


Hi Dan,

Sure if you do I would love to. I'm using Geoff Huston's BGP data for
the time being, but other pointers could be useful.

Thanks
T

On 5/18/10 2:50 PM, Daniel Kamm wrote:

Hello Thomas,

are you looking for BGP tables back on 2000? I remember I was using some
online BGP table archive for a study work of mine, but I cant remember
the name. Are you interested to have me search in my old studies archive?

Regards,
- Dan


Am 5/18/10 1:06 PM, schrieb Thomas Kernen:


For the presentation I'm building for the next SwniNOG meeting, I'm
trying to find old Internet connectivity maps from back in 2000.

Unfortunately Google has failed to provide me with the source to that
data.

I'm specifically looking for some from Sunrise and Nextra that that era.

If someone still has them in their archive folder, please unicast them
to me, to not spoil the fun.

Thanks
Thomas


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog





___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Performance Problems today...

[Daniel Kamm]

Am 5/7/10 10:39 AM, schrieb Pascal Gloor:

Yet again a fantastic FAIL of an ALL-IN-ONE-CAN-ALSO-DO-COFFEE firewall.


As long as it doesn't fail to brew coffee, I thing that device is still 
doing it's duty.


scnr,
 - Dan


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] ProLiant Debian

[Daniel Kamm]

Am 2/21/10 10:49 AM, schrieb Alexandre Suter:


You can find 2.5 trays on e-bay though (look for the corresponding Sun
part number).


For HP ProLiant users, that one could be very handy:
http://www.pcp.ch/product-1a15080534.htm?parnr=12832879

Cheerz,
 - Dan


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Debian vs. Ubuntu

[Daniel Kamm]

Hi Benjamin

Am 1/28/10 4:51 PM, schrieb Benjamin Schlageter:

Just running normal ISP services like dhcp, dns, webserver and so on.
Main focus is the long support, maybe I'll wait for 10.04 LTS - so I got
support to the year 2015:)


I run several Ubuntu Server boxes. For the services you meantioned, you 
can use Ubuntu without troubles. You even have more hardware support, 
which is essential if you use newer server hardware. However, 
dist-upgrading might be a PITA with Ubuntu, since they change concepts 
more frequently than Debian (f.e. upstart and udev).


Cheerz,
 - Dan


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Greylisting

[Daniel Kamm]

Stanislav Sinyagin wrote:
 last AprilMartin Blapp has presented a nice concept at SwiNOG:
 
 instead of greylisting, the SMTP server delays the first OK response to 
 HELO/EHLO 
 for 30 seconds. That is usually enough for the vast majority of spambots to 
 give up.

On a heavy traffic mail server, you probably run into a max session
problem when you try to hold many idle connections for 30 seconds.

  - Dan


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] SWITCH Sourceforge mirror available again

[Daniel Kamm]

Pascal,

Pascal Gloor wrote:
 It should be Note that, like mirror.switch.ch and many other of our 
 services, this is reachable over IPv4 in addition to IPv6

As long as IPv6 is not availabe for the end user *by default* (and I 
mean that as a broad hint for all the big xDSL and Cable providers), 
situation will not be like that.

Cheerz,
  - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] F*ing Spammers and stupid customer code...

[Daniel Kamm]

Mike Kellenberger wrote:
 totally correct, thanks! Looks like I'm the stupid SysAdmin as well... :-)

Actually, this problem is known since ages. I wonder, why you fall into 
that right now.

But what I really realise is, that this list is populated by Swiss 
Hosting Sysadmins from all important hosters. But they don't really 
share their experience and their actual problems. I mean in my old 
hosting days, I was glad to have some direct connections (for example 
per IRC), where I just could point out some troubles and solve them quickly.

So Hosting-Sysadmins, please get together and share your mind! This list 
is very network related and this is good so. Probably an other list 
would suit better for all hosters.

Cheerz,
  - Dan

PS: If I still was with a hoster, I would now take care of that. So 
maybe someone else can take the initiative.
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] IP Management Tool

[Daniel Kamm]

On Thu, 2008-11-13 at 11:39 +0100, Viktor Steinmann wrote:
 alternative to managing IP addresses
 on a Spreadsheet...

I personally prefer any Wiki to a Spreadsheet. It's able to handle
multiple users at a time, searchable, versionised and has about the same
clarity.

 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] RBL's (again) (Was: Anyone from Green here?)

[Daniel Kamm]

On Oct 15, 2008, at 11:01 AM, Marco wrote:

 we made the experience that not greylisting itself is the problem. the
 problem are miss configured mailservers with wrong queue times or
 servers interpreting the greylisting temp error code as an error.

There are times, where the sending MTAs queue size is far to big for  
the MTA to meet the queue times. I saw such problems multiple times.  
When graylisting is configured for too short acceptance time, you will  
have messages, which won't be transmitted.

My 0.015€.

  - Dan
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] bluewin ADSL ... everything okay?

[Daniel Kamm]

On Mar 12, 2008, at 9:08 AM, Matthias Hertzog wrote:

Does anyone else in here receives phone calls, that websites and  
mailservers cannot be reached from bluewin ADSL?


Yes, we too. Customers report, that instead of our company site they  
receive a my-space site with our logo on it.


Cheerz
 - Dan
___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: AW: [swinog] Large IP Block at Akamai?

[Daniel Kamm]

I've tested some connections I have access to with a pretty interesting
result:

- Two BB accesses within AS8404, one got access to [1], the other one
not!
- One ADSL behind AS21494 works fine.
- Upstream traffic over AS13030 works fine.

To me it seems like a large IP block on Akamai spread over several AS,
rather than an routing issue.

Here some traces:

[AS8404 doesn't work]
[EMAIL PROTECTED]:/home/dkamm# traceroute -I akamai.com
traceroute to akamai.com (124.40.41.103), 30 hops max, 40 byte packets
 1  gw.office.hostpoint (192.168.0.1)  0.303 ms  0.300 ms  0.301 ms
 2  10.167.128.1 (10.167.128.1)  120.307 ms  120.408 ms *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * us-was02a-rd1-pos-1-0.aorta.net (213.46.160.106)  114.573 ms
119.279 ms
 8  213.46.190.10 (213.46.190.10)  200.485 ms  200.502 ms *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * 124.40.41.103 (124.40.41.103)  312.662 ms  316.452 ms

[AS8404 works]
(09:40:28 AM) cal: antarctica:root # traceroute -I akamai.com
traceroute: Warning: akamai.com has multiple addresses; using
212.23.33.16
traceroute to akamai.com (212.23.33.16), 64 hops max, 72 byte packets
1 10.167.128.1 (10.167.128.1) 8.226 ms 8.688 ms 6.696 ms
2 * * *
3 * * *
4 194.42.48.74 (194.42.48.74) 6.537 ms 6.785 ms 6.881 ms
5 PO6-0.zrh-jos-access-1.interoute.net (212.23.43.225) 16.112 ms 25.241
ms 16.107 ms
6 PO10-0.fra-006-core-1.interoute.net (212.23.43.214) 16.478 ms 84.129
ms 25.999 ms
7 Gi7-0-0.fra-006-access-2.interoute.net (212.23.42.138) 16.246 ms
24.443 ms 15.907 ms
8 212.23.33.16 (212.23.33.16) 19.111 ms 14.429 ms 19.147 ms

[AS21494 works]
[EMAIL PROTECTED]:~$ sudo traceroute -I akamai.com
[sudo] password for dani:
traceroute to akamai.com (84.53.136.81), 30 hops max, 40 byte packets
 1  fritz.fonwlan.box (10.0.36.1)  0.855 ms  4.834 ms  4.838 ms
 2  zh1-lns01-lo1.noc.green.ch (80.254.161.230)  8.915 ms  10.382 ms
12.629 ms
 3  zh1-cor01-vlan200.noc.green.ch (80.254.161.49)  14.818 ms  16.788 ms
18.450 ms
 4  gi2-2.213.core01.zrh01.atlas.cogentco.com (130.117.243.173)  20.958
ms  22.591 ms  24.788 ms
 5  po6-0.core01.str01.atlas.cogentco.com (130.117.0.53)  75.911 ms
75.915 ms *
 6  te1-4.ccr01.str01.atlas.cogentco.com (130.117.0.190)  35.711 ms
35.550 ms  37.915 ms
 7  te7-1.mpd02.fra03.atlas.cogentco.com (130.117.3.81)  42.448 ms
14.337 ms  15.682 ms
 8  te3-1.ccr01.ams03.atlas.cogentco.com (130.117.2.202)  25.273 ms
20.738 ms  22.565 ms
 9  amsix-ams5.netarch.akamai.com (195.69.144.168)  25.149 ms  21.283 ms
23.363 ms
10  84.53.136.81 (84.53.136.81)  25.686 ms  27.271 ms  28.730 ms

[AS29097 works]
[EMAIL PROTECTED]:/home/dani# traceroute -I akamai.com
traceroute to akamai.com (84.53.136.81), 30 hops max, 40 byte packets
 1  pcore01-vl100.zrh01.hostpoint.ch (217.26.49.3)  10.322 ms  14.252 ms
14.386 ms
 2  edge-02-0-2.zrh01.hostpoint.ch (217.26.48.3)  13.865 ms  14.036 ms
14.145 ms
 3  gw-hostpoint.init7.net (82.197.163.17)  14.509 ms  14.654 ms  14.775
ms
 4  r1.core.init7.net (213.144.128.1)  14.887 ms  15.017 ms  15.136 ms
 5  r1ams.ce.init7.net (82.197.168.97)  24.252 ms  24.446 ms  24.563 ms
 6  amsix-ams5.netarch.akamai.com (195.69.144.168)  24.692 ms  19.390 ms
19.849 ms
 7  84.53.136.81 (84.53.136.81)  19.575 ms  19.739 ms  20.112 ms

Last hop of the one who doesn't work is within NTT in Japan.

HTH - Cheerz
 - Dan


[1]: I've tested sf.tv, microsoft.com, dell.ch and yahoo.com

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

RE: AW: [swinog] Large IP Block at Akamai?

[Daniel Kamm]

On Tue, 2008-01-29 at 01:05 -0800, Christian Jouas wrote:
 8404 has some Akamai servers inhouse

This is it!

Changed nameserver to AS8404 nameservers, Sites had been available
again. So it seems that Akamai traffic is not allowed to cross AS8404
but has to be loaded from the Akamai servers within AS8404.

Is that a likeley setup or a configuration failure? Am I bound to change
my resolvers?

Cheerz
 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

RE: AW: [swinog] Large IP Block at Akamai?

[Daniel Kamm]

On Tue, 2008-01-29 at 01:05 -0800, Christian Jouas wrote:
 8404 has some Akamai servers inhouse

And we are using our own name servers which are not behind 8404 access
network. That could be the reason. Stdby...

 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: Re: [swinog] The truth about UCEPROTECT-Blocklists

[Daniel Kamm]

Dear Claus

On Thu, 2008-01-17 at 02:41 +0100, Claus v. Wolfhausen wrote:
 we have Level 1 listed the IP 195.162.162.159 spamming the list with
it's 
 stupid autoresponder,
 so if swinog uses UCEPROTECT-Level 1 the loop should be broken now.

Tell me, that you are not really blocking IPs because of some email
domains behind are throwing automatically created reponses back? You are
really comparing apple to pears. You should block email domains but not
IPs.

Let's say you have a load balanced environment with let's say 100'000
domains and 1 mio email addresses, using a /24 for email services. The
collateral damage you are taking in account if one single address is
throwing back automated responses is immense. Not to mention if you are
blocking one IP - you then have a lottery if email will get transmitted.

Sorry, but that gets me upset.

Cheerz
 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

RE: [swinog] Windows-Pizza

[Daniel Kamm]

On Mon, 2007-11-26 at 14:39 -0800, Scott Weeks wrote:
 
 Lynx says it all:

 ** Bad HTML!!  ...snipped stuff here...

No wonder:

Taken out of 'the real site' shown in msie:

!-- index.php
Start von shop-pizza.novalku.com


äöü  07.10.01
--

!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
http://www.w3.org/TR/html4/loose.dtd;

  html

head


I don't call that correct HTML code. :-)
And by the way, they also blame Firefox (which they do not know to spell
right) if you're using Opera, Konqueror or Safari. The only thing was,
that my collegues Safari was hanging when the java script pop-up appear.

What a joker!
 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

RE: [swinog] UCEProtect Blacklist -- join the club

[Daniel Kamm]

On Wed, 2007-11-07 at 10:54 +0100, Per Jessen wrote:

commercial

 Nah, leave the spam-filtering to us :-)
 The user and the ISP both have better things to do.

/commercial

:-D
 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

RE: [swinog] UCEProtect Blacklist -- join the club

[Daniel Kamm]

On Wed, 2007-11-07 at 12:29 +0100, Charles Buckley wrote:
 The provider moved instantaneously to identify the offender and kick them
 out.  The compromised SMTP account is now closed.  But, just as Sunrise,
 they are not willing to pay the fee to SORBS to change the status on the
 list. 

As ISP you don't have to pay a fee for delisting at SORBS. Simply mail
to [EMAIL PROTECTED] and tell them your ASN. Without ASN your mail
will be dropped.

Cheerio
 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] UCEProtect Blacklist

[Daniel Kamm]

On Fri, 2007-11-02 at 21:46 +0100, Marco Meile wrote:
 We have some Problems with the UCEProtect.net blacklist.

We considered UCEprotect as absolutely unreliable and unprofessional and
are ignoring listings there. And I think so are 'the big swiss ones'.
And for sure, it's impossible to handle all those RBL which are online.

IMO any postmaster who blockes mails upon one blacklist entry is ...
(what was that polite description of moron?) ;)

Cheers
 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

RE: [swinog] Candid Aeby is out of the office.

[Daniel Kamm]

On Thu, 2007-10-04 at 15:41 +0200, [EMAIL PROTECTED] wrote:
  So what is your proposal?
 
 there are several solutions:
 a. quit the company
 b. fire / mob the mcma (mentally challenged mail admin)
 c. install your own mailexchanger and forward all mails to that one
 d. slap the mcma until he changes the mail software
 e. get rid of mcma and apply for his job 
 f. get a way to lower the budget for mailapplications ,-) -- install

g. use a private mail address, where you don't have to put stupid ooo
messages. Additionally you don't have to change all mailing-list
memberships when you get a new business card. ;)

Have funn!
 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] smtp attacks

[Daniel Kamm]

On Mon, 2006-11-27 at 17:58 +0100, Rene Luria wrote:
 It is due to bounces coming from everywhere. Spamers using fake email
 addresses from domains for which we are the MX.
 
 The amount of such emails (which we almost all reject, user unknown,
 etc.. because of the fake email addresses) is enormous compared to
 normal traffic (like 10 times what we have in general).

I can confirm such behaviour, thus here it's not that heavy like the end
of last year. Any catch-all is horrible in such cases.

In my opinion, this is tactically used to 'find' valid email addresses
for later use. But no proof of that.

On Mon, 2006-11-27 at 18:45 +0100, Daniel Lorch wrote:
 What's really funny is when you set the MX of the domain to 127.0.0.1,
 so the mails bounce back to the postmaster of the offending server(s).

Sure, you don't want to receive _any_ email? You will get rid of a lot of
customers like that, Daniel.

You rather limit the connection per host simultanously and - if possible - 
add more mx servers. Graylisting possibly helps as well.

Cheerz
 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: AW: [swinog] Sunrise network issues?

[Daniel Kamm]

On Fri, 2006-09-22 at 15:07 +0200, Gunther Stammwitz wrote:
 Some performance measurements from Frankfurt:

Back to our studies, we tried to implement a system, that periodically
stores traceroutes from looking glass servers to some other endpoints.
The main goal was to display a map which shows which provider uses wich
route and detect routing changes (well, this had never been reached).

If someones interessted, leave me a PM.

Have a nice weekend!
 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Formmailer-Scripts and Spam

[Daniel Kamm]

On Tue, 2006-08-15 at 17:35 +0200, Matthias Hertzog wrote:
 We're facing a growing amount of automatically generated HTTP POST requests, 
 all containing spamvertising links 

We are also struggling with this issue, but not only since a few days or
weeks. I get 3-6 abused forms each day!

IMO it's the 'programmers' fault, who should parse the rubbish, which
his form receives. Here two cool links (sorry, in german):

http://www.heise.de/security/artikel/66815
http://forum.jswelt.de/tutorials-php/28074-spam-ueber-kontakt-formulare-verhindern.html

Cheerz
 - Dan


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Out-of-Office Policies?

[Daniel Kamm]

EHLO

On Wed, 2006-07-26 at 08:21 +0200, Viktor Steinmann wrote:
 - We all agree OoO should not be sent to Mailinglists. This can usually 
 be achieved by checking for precedence bulk and not replying to those.

The easiest way to achieve that, is to use a separate mail box to handle
mailing list mails. Of course, this mail box does not have a OoO turned
on ;)


On Tue, 2006-07-25 at 20:13 +0200, Matthias Leisi wrote:

 1. Does your organisation allow OoO to external recipients?

Since our external customer contact is handled by a ticketing system,
our personal email addresses are mainly for internal use. We do not have
any regulations set up for OoO and there is no need for OoO here
anyway. 

Greez
 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] good and bad blacklists?

[Daniel Kamm]

Hi Marco

On Tue, 2006-02-28 at 11:28 +0100, Marco Balmer wrote:
 Has everyone experiences with good and bad blacklists for mail-servers? 
 
 For the moment I use the following three:
 relays.ordb.org
 sbl-xbl.spamhaus.org
 bl.spamcop.net

What about dnsrbl.swinog.ch? :-D
or: dnsbl.sorbs.net is another reliable address.

On Tue, 2006-02-28 at 11:34 +0100, Benoit Panizzon wrote: 
 I wouldn't use Blacklist for direct blocking anymore. Just combine scores of 
 blacklists in Spamassassin and if multiple blacklists match, then you could 
 block.

If you are only serving your private mail, you can block everything
exept SpamCop's entries. SpamCop is definetly the fastest one in
blocking everything.

If you are serving email services for customer purpose, please just
score the mails (Spamassassin makes a very good job!). All our
Abuse-Desks will appreciate that! :-)

Cheers
 - Dan


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] swisscom dsl down?

[Daniel Kamm]

On Fri, 2005-07-15 at 10:00 +0200, Martin Ebnoether wrote:
 Even here at GPS Technik AG, customers do call in.
 We don't sell ADSL or do ADSL but people complain
 anyway.

Also here customers called in saying I can't reach...

Cheers
 - Dan

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] Visit of Billag AG at home !

[Daniel Kamm]

On Fri, 2005-04-22 at 15:20 +0200, Willy van Gulik wrote:
[...]
 I own a car and didn't plugged the antenna so I m unable to receive any 
 FM Radio and so on. My building hasn't any antenna connection to cable 
 or whatever.
[...]

Sorry, this might be fully OT, but never mind.

Let's back up the whole 'Billag' thing. About 60% has got and/or:
- radio receivers in the house or in the car or incl in the handy
- tv receivers (incl. UMTS handy receivers)
- broadband access with installed media players

So there might be around 2-5% of swiss households who doesn't have any
media receivers according to the actual law. In early days there had
been more, ok, but their getting fewer and fewer (also because more and
more receivers are taxable).

So why don't we/they stop the whole thing and make everyone liable to
pay those taxes? We could safe much administration expense, e.g. all the
wages of those ppl who are checking our hoseholds. And this will finally
lower those taxes and make them affordable for everyone.

Any drawback? This will raise the unemployment.
Just an idea...

Have a nice weekend
 - Dan


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog