Diese Stellungsnahme habe ich sooeben von der Swisscom erhalten. Generell stellt
sich die Frage was ein öffentlicher Wireless Service tun kann um dieses Problem
zu lösen und wie man mit über Wireless versendete E-Mails behandelt so dass
'false-positives' vermieden werden können.
Irgendwelche Ideen wie man das Problem angehen könnte ?
-------------------------------------------------------------------------------
I've just received this statement to the swisscom pwlan blacklist problem which
I've reported earlier to this list. AFAIK there is no easy solution to
this problem and to avoid false positives in the spam-scanning prozess.
Any creative ideas how to solve this ?
-------------------------------------------------------------------------------
>Sie haben uns auf ein Problem aufmerksam gemacht, das wohl im Zusammenhang
>mit dem Sober-Virus steht, von dem u.a. auch unsere PWLAN Kunden betroffen
>sind. Besten Dank für Ihre Störungsmeldung und die uns zur Verfügung gestellten
>detaillierten Unterlagen zu diesem Vorfall.
>
>Leider müssen wir Ihnen mitteilen, dass die gemachten Abklärungen bei unseren
>Spezialisten vom PWLAN Netzbetrieb und Entwicklung ergeben haben, dass wir im
>Moment keine Möglichkeit sehen, das von Ihnen gemeldete Problem zu beheben,
>da wir die Verursacher der Spam-Mails nicht eruieren und herausfiltern können.
>
>In der Zwischenzeit haben wir unsere Supportorganisationen sowie die
>Security-Abteilung über den Vorfall informiert (siehe Anhang).
>
>Wir bedauern sehr, dass Sie und Ihre Kunden von diesem Problem betroffen sind
>und dadurch grosse Unannehmlichkeiten entstehen und bitten Sie um Verständnis.
>Nochmals besten Dank für Ihre Unterstützung.
>Probleme bei Mailversand über PWLAN im Zusammenhang mit Sober-Virus
>
>Ausgangslage:
>
>Wenn unsere Kunden den PWLAN-Service nutzen, wird für den Internetzugang eine
>öffentliche IP-Adresse aus dem Bereich XXX.XXX.XXX.XXX - XXX.XXX.XXX.XXX
>benutzt. Kunden haben uns mitgeteilt, dass diese IP-Adressen zur Zeit von
>mehreren Firewall Blacklists ausserhalb von Swisscom, insbesondere bei
>Mailprovidern, blockiert werden.
>
>Ursache:
>
>Wir vermuten, dass PCs, die mit dem Sober Virus verseucht sind, via
>PWLAN-Service ungewollt Spam-Mails mit einer Absender-Adresse von PWLAN
>versendet haben.
>Als Folge davon wurden obige IP-Adressen im Firewall bzw. Spam-Filter gewisser
>Mail-Provider automatisch vorübergehend gesperrt. Es ist für die Kunden eines
>betroffenen Providers nicht mehr möglich, Mails via PWLAN zu verschicken. Es
>können eventuell Mails verloren gehen und unter Umständen merkt der Kunde
>nicht, dass seine Mails nicht abgeschickt wurden!
>
>Situation bei PWLAN von Swisscom:
>Swisscom Mobile betreibt den Service PWLAN als Internet Service Provider ohne
>Content Filterung, das heisst, wir wissen nicht, welche Kunden Spam-Mails
>aussenden. Wir haben weder in den Hotspots noch im Data Center die Möglichkeit,
>bestimmte PWLAN-Kunden abzufangen und zu identifizieren.
>
>Massnahmen:
>
>Leider sehen wir im Moment keine Möglichkeit, das aufgetauchte Problem zu lösen.
>Die Spam Filter werden die betroffenen IP-Adressen nach unbestimmter Zeit wieder
>freigeben.
>Die Kunden sind darauf hinzuweisen, dass sie unbedingt ihre Antiviren-Software
>aktualisieren sollen, damit sie nicht von diesem Virus betroffen werden und in
>unserem Netz nicht weiterhin Spam-Mails verbreitet werden.
Martin Blapp, <mb(a)imp.ch> <mbr(a)FreeBSD.org>
------------------------------------------------------------------
ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH
Phone: +41 61 826 93 00 Fax: +41 61 826 93 01
PGP: <finger -l mbr(a)freebsd.org>
PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E
------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I search one of this Sonicwall to buy, if somewehre have one and like
to sell it please contact me Offlist.
* SonicWall Pro 19" Version
* SonicWall Pro 100 19" Version
* SonicWall Pro 200 19" Version
* SonicWall Pro 300 19" Version
Mit freundlichen Grüssen
Marcel Stutz
Netzwerk & Unix Administrator
- ------------------------------------------------------------------
|
Genotec Internet Consulting AG | E-Mail : marcel.stutz(a)genotec.ch
Hegenheimermattweg 119a | Website : http://www.genotec.ch
CH - 4123 Allschwil | --------------------------------
Schweiz |
| Zentrale: +41 61 487 99 99
- ------------------------------- | Fax : +41 61 487 99 98
| Support : 0848 321 123
easy[hosting] |
500 MB, unl.Pointings, | --------------------------------
Subdomains und E-mails, | Supportanfragen bitte immer an
Internetzugang und mehr | support(a)genotec.ch
SFr. 150/Jahr | Web: http://support.genotec.ch
|
- ------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQos6Cm67Rst+AWkCEQI2NQCeIrRGyW++1Mlq3gY46zx0nx7h+csAn0Za
onZYkCPUETJG1nrtWLCeV7BF
=+V5E
-----END PGP SIGNATURE-----
Hi Juerg,
> I've run a little test whether Swiss ISPs use SPF or not and it turned
> out that very few have actually implemented it (actually, I found not
> a single one). Is there a reason for that? It's a very simple
> implementation and it could prevent a lot of damage like the most
> recent one after Sober.Q.
We do, too. We offered our customers to implement SPF for their domains
and some did, and most new customers have SPF too. People do not like
spam or viruses being sent out with their address as sender so they were
quite happy to hear about SPF (although it's sometimes hard to explain
that SPF does not prevent these mails from being SENT...).
Most customers are using SMTP AUTH and we're also offering port 587 in
case port 25 is blocked.
We are also filtering on SPF. It's not helping a LOT but it still is.
And it's also filtering viruses.
So in my experience SPF is a good thing, but I suppose implementing SPF
in larger companies than ours can be quite difficult.
Daniel
BTW: Hostpoint has SPF records for all customers, although it's just
"v=spf1 mx ?all" and thus quite useless.
Hi all
Some days ago I noticed the typical Microsoft SBS POP3 Connector Bug with
Green's messaging.ch 'shared exchange server' Service.
Their Server resent emails collected from a POP3 account to all recipients it
found in the 'To:' line.
At least they kept the Received: lines, so that the mailloops stopped themself
after the maximal amount of hops was reached.
From today on, they seam to have noticed the problem and start sending a
bounce to all recipients found in the 'To:' header that is not on a domain
hosted localy on their servers.
Thus totaly confusing our customers who ring us up and start asking why their
email was rejected by our server. (In fact they got the bounce from
postmaster(a)messaging.ch)
--- schnipp ---
Von: postmaster(a)messaging.ch [mailto:postmaster@messaging.ch]
Gesendet: Samstag, 14. Mai 2005 01:17
An: *(a)intergga.ch
Betreff: Delivery Status Notification (Failure)
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
[...]
Reporting-MTA: dns;mail.messaging.ch
Received-From-MTA: dns;messaging.ch
Arrival-Date: Sat, 14 May 2005 01:14:41 +0200
Final-Recipient: rfc822;*(a)cns.ch
Action: failed
Status: 5.5.3
Final-Recipient: rfc822;*(a)helvetiapatria.ch
Action: failed
Status: 5.5.3
Final-Recipient: rfc822;*(a)dplanet.ch
Action: failed
Status: 5.5.3
Final-Recipient: rfc822;*(a)finance-partner.ch
Action: failed
Status: 5.5.3
Final-Recipient: rfc822;*(a)netsurfer.ch
Action: failed
Status: 5.5.3
Final-Recipient: rfc822;*(a)pharmaplan.ch
Action: failed
Status: 5.5.3
Final-Recipient: rfc822;*(a)baut.admin.ch
Action: failed
Status: 5.5.3
(and so on for each address the customer had in it's 'To:' header field.)
Any others seen that problem?
Regards
-Benoit-
--
SPAM SPAM SPAM SPAM / Hormel's new miracle meat in a can
Tastes fine, saves time. / If you want something grand, / Ask for SPAM!
- Hormel's 1937 jingle for SPAM
Hippopotomonstrosesquippedaliophobia sh: http://en.wikipedia.org/wiki/-phobia
"
Information: Social Engineering mittels E-Mail (10.05.2005 12:22)
Die rasante Verbreitung des Wurms Sober.O, der letzte Woche gefälschte
E-Mails mit einer Bestätigung für Eintrittskarten zur Fussball-WM'06
in Deutschland verschickt hat, ist grösstenteils auf so genanntes
Social Engineering zurückzuführen.
http://www.melani.admin.ch/newsticker/00059/index.html?lang=de
"
--
Cheers
M.
EuroBSDCon 2005 - Call for Papers
4th European BSD Conference
November 25 - 27, 2005
University of Basel, Switzerland
http://www.eurobsdcon.org/
Introduction
The Berkeley Software Distribution (BSD) family of computer
operating systems is derived from software developed at the
University of California at Berkeley. The various family
members (Free-, Net- and OpenBSD, among others) are exten
sively used both for embedded appliances and for large
internet servers and have an excellent reputation for sta
bility and state-of-the-art technology. BSD-derived soft
ware is a driving force for IT research and development and
is well-received as a building block in commercial software
due to its unique license scheme.
The fourth European BSD conference is a great opportunity to
present new ideas to the community and to meet some of the
developers behind the different BSDs.
The two day conference program (Nov 26 and 27) will be com
plemented by a tutorial day preceeding the conference (Nov
25).
Call for Papers
The program committee is inviting authors to submit innova
tive and original papers not submitted elsewhere on the
applications, architecture, implementation, performance and
security of BSD-derived operating systems. Investigations
on economic aspects regarding the operation of BSD systems
are also welcome. Topics of interest for the Euro BSD Con
ference 2005 include, but are not limited to:
· kernel hacking
· embedded application development and deployment
· device drivers
· security and safe coding practices
· system administration: techniques and tools of the
trade
· operational and economic aspects
Prospective authors of contributions to the technical pro
gram are requested to submit an extended abstract through
the web-interface on the conference website. All submissions
will be reviewed by the program committee. The extended
abstract should be at least two but no longer than four
pages in either PostScript or-PDF format. Submissions accom
panied by a non-disclosure agreement are not acceptable and
will be returned unread.
Authors of accepted submissions have to provide a full paper
for publication in the conference proceedings and give per
mission to the organizers to publish the results in the
printed proceedings and on the conference web site. Instruc
tions to authors will be available on the conference web
site.
Call for Tutorial Proposals
Selected tutorials on practical and problem-solving aspects
of BSD-derived operating systems will be offered on the day
before the Euro BSD Conference. The tutorials will be pre
sented by speakers who have wide experience in developing
and administering the different BSDs. Potential tutorial
themes include, but are not limited to:
· Using FreeBSD in a datacenter environment
· Firewall configuration with OpenBSD
· Porting NetBSD to embedded devices
· Safe coding practices to provide secure solutions
If you are interested in presenting a tutorial, please con
tact the program committee at pc(a)eurobsdcon.org with details
about the topic, intended audience, required room and facil
ities as well as a meaningful CV before August 1, 2005.
Important Dates
Extended abstracts due: August 1
Tutorial proposals due: August 1
Notification to speakers: August 31
Final papers due: October 20
Tutorial day: November 25
Conference: November 26 - 27
Conference Organizers
General Chairs <chair(a)eurobsdcon.org>
Marc Balmer, micro systems
Vera Hardmeier, micro systems
Program Chair <prog-chair(a)eurobsdcon.org>
Christian Tschudin, CS Department, University
of Basel
Program Committee
Marc Balmer, micro systems
Emmanuel Dreyfus, the NetBSD project
Felix Kronlage, bytemine
Max Laier, the FreeBSD project
André von Raison, iX Magazin
Christian Tschudin, University of Basel
Wim Vandeputte, the OpenBSD project
Local Organizers
Marc Balmer, micro systems
Giacomo Cariello
Marcus Glocker, UBS AG
Vera Hardmeier, micro systems
Massimiliano Stucchi, WillyStudios.com
Marc Winiger, micro systems
hi there
as you may see: the weather is just bad and it's too cold :-(
so the "pumpi" will not be the a good place today and we have to move to the
backup-place:
so, it's now fixed to:
Next Event:
Date: 9th of May 2005
Time: starting around 18.30 o'clock
Location: we go to the "Outback" Bahnhof Stadelhofen
for informations: http://swinog.mrmouse.ch
greetings
-steven