swinog April 2007

swinog@lists.swinog.ch

34 participants
26 discussions

Re: [swinog] Re: blocking ports?
by Schmid 13 Apr '07

13 Apr '07

whats so bad to configure the client's Mailserver using the SMTP Relay from the ISP ? all Mailservers i know are able to do that, not allways called smarthost of corse ;-) ---------- Original Message ---------------------------------- From: "Scott Weeks" <surfer(a)mauigateway.com> Reply-To: swinog(a)swinog.ch, surfer(a)mauigateway.com Date: Wed, 11 Apr 2007 11:28:03 -0700 > > > >: You'd be amazed how many companies operate their own >: mail servers, even behind dynamic addresses > >I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this? > >scott > > > > >--- swinog-list(a)dudes.ch wrote: > >From: Markus Wild <swinog-list(a)dudes.ch> >To: swinog(a)swinog.ch >Subject: Re: [swinog] Re: blocking ports? >Date: Wed, 11 Apr 2007 19:26:39 +0200 > >Jonathan, > >> Sorry but I disagree with Per. ISPs have a duty to prevent email >> Spam which is a terrible curse for us all. If they decide that >> blocking port 25 outbound will help then they should do it. >> >> If you are a user, why can't you use the ISPs relay server? If you >> are a provider you ought to have your own mail server on a fixed IP >> address. > >You'd be amazed how many companies operate their own mail servers, even >behind dynamic addresses (in which case they usually use some mailbox >polling mechanism to feed their server from mail from the outside), but >send outgoing mail directly with SMTP. > >> Of course, one day we need a better protocol than SMTP (*Simple* Mail >> Transfer Protocol) which was never meant as a global email solution. >> But until then we have to do something to stop people abusing it. > >But by killing the payload, not the messenger, please... > >Cheers, >Markus >_______________________________________________ >swinog mailing list >swinog(a)lists.swinog.ch >http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > > >_______________________________________________ >swinog mailing list >swinog(a)lists.swinog.ch >http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > ________________________________________________________________ Sent via the WebMail system at mgz.ch

1 0

Re: [swinog] Re: blocking ports?
by Scott Weeks 13 Apr '07

13 Apr '07

: if(windows) then block else allow? :) This would be my preference. >;-) I doubt my pointy-clickey co-workers would like that. I'm seen as weird here since I despise Micro$loth and love *nix. scott --- daniel(a)lorch.cc wrote: From: Daniel Lorch <daniel(a)lorch.cc> To: swinog(a)swinog.ch Subject: Re: [swinog] Re: blocking ports? Date: Thu, 12 Apr 2007 22:04:31 +0200 Hi > This is what I was saying to the guys here at my work. We just need a > small proof that the customer isn't a spammer and we open it up. > However, most of our customers are less-technical savy home folks. Did > you have to prove to your ISP that you weren't spamming? If so, how did > they have you do that? There is a "passive OS fingerprinting" module for iptables (see http://ippersonality.sourceforge.net/). How about treating connections differently depending on the OS they're coming from? if(windows) then block else allow? :) Or is the OS fingerprint lost through NAT? I don't know. Daniel _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

1 0

Re: [swinog] Re: blocking ports?
by Scott Weeks 12 Apr '07

12 Apr '07

Hello, : So if a customer proofs that he is able from a technical : Point of view to operate an mail server in a secure manner : and assures not to abuse email for spam then it's not : acceptable that an ISP block anything to him. This is what I was saying to the guys here at my work. We just need a small proof that the customer isn't a spammer and we open it up. However, most of our customers are less-technical savy home folks. Did you have to prove to your ISP that you weren't spamming? If so, how did they have you do that? Thanks, scott --- Peter.Bickel(a)idv.ch wrote: From: Peter Bickel <Peter.Bickel(a)idv.ch> To: swinog(a)swinog.ch, surfer(a)mauigateway.com Subject: Re: [swinog] Re: blocking ports? Date: Thu, 12 Apr 2007 12:03:28 +0200 Scott Weeks schrieb: > > > : You'd be amazed how many companies operate their own > : mail servers, even behind dynamic addresses > > I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this? > > scott Hi Scott we do exactly this for IDV & Network Consulting. We operate our own Mailserver (Solaris with sendmail and iamp) in our internal Network which is connected to Cablecom (DHCP ;-)) In addition we have some Maschines in a hosting environment which have of corse fixed IP addresses which we use to relay to the outside. All hosts use Solaris and sendmail and are protected with IPFilter with very restrictive Rules. Incomming email is going through the external hosts and an IPIP Tunnel directly to the internal mail server. We really don't want to be dependend on an ISPs email SETUP. DNS is the same which helped me in the past a lot where several customers weren't able to use the net everything worked for us. So if a customer proofs that he is able from a technical Point of view to operate an mail server in a secure manner and assures not to abuse email for spam then it's not acceptable that an ISP block anything to him. > > > > > --- swinog-list(a)dudes.ch wrote: > > From: Markus Wild <swinog-list(a)dudes.ch> > To: swinog(a)swinog.ch > Subject: Re: [swinog] Re: blocking ports? > Date: Wed, 11 Apr 2007 19:26:39 +0200 > > Jonathan, > >> Sorry but I disagree with Per. ISPs have a duty to prevent email >> Spam which is a terrible curse for us all. If they decide that >> blocking port 25 outbound will help then they should do it. >> >> If you are a user, why can't you use the ISPs relay server? If you >> are a provider you ought to have your own mail server on a fixed IP >> address. > > You'd be amazed how many companies operate their own mail servers, even > behind dynamic addresses (in which case they usually use some mailbox > polling mechanism to feed their server from mail from the outside), but > send outgoing mail directly with SMTP. > >> Of course, one day we need a better protocol than SMTP (*Simple* Mail >> Transfer Protocol) which was never meant as a global email solution. >> But until then we have to do something to stop people abusing it. > > But by killing the payload, not the messenger, please... > > Cheers, > Markus > _______________________________________________ > swinog mailing list > swinog(a)lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > > > _______________________________________________ > swinog mailing list > swinog(a)lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- Gruss Pitsch __________________________________________________________________________ Peter Bickel e-mail: bickel(a)idv.ch IDV & Network Consulting Telefon: +41 1 853 24 16 Gumpenwiesenstrasse 38 Fax: +41 1 853 27 04 CH-8157 Dielsdorf Mobile: +41 79 666 15 50 __________________________________________________________________________

3 2

Exchange Servers having problems with SMTP 4xx temporary failures?
by Benoit Panizzon 12 Apr '07

12 Apr '07

Hi all During the last few days spent tracking strange problems with exchange servers from different companies. From my actual point of view exchange server seam to have troubles with tempfail messages. They notice a 4xx error, tryes again a few times and then occasionaly returns the email to the sender with following message: "Sie sind nicht berechtigt, Nachrichten an diesen Empfänger zu senden. Wenden Sie sich an den Systemadministrator." 550 5.7.1 <lucciola@*>... Relaying denied> This Relaying denied definitely is not from the server receiving the email. There I can only find tempfails. I also have seen other messages than relaying denied there which made even less sense. This happened a few times with graylists tempfails and also happens with a customer sending quite a lot of mails from his exchange and running into sendmails reject=452 4.3.2 Too many open connections. limit. Have other seen this behaviour of exchange servers and know how to prevent it? The strage thing is this only seams happens occasionaly. It can be that the customer sends a mail to hundreds of recipients, causes many tempfails about 'too many open connections' but the emails eventualy get through without problem after a while. I guess it could be, that exchange mixes up message status from other emails and just sends the wrong error message back to the sender. Mit freundlichen Grüssen Benoit Panizzon -- I m p r o W a r e A G - System Services ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

2 1

Re: [swinog] does Econophone block port25
by Scott Weeks 12 Apr '07

12 Apr '07

---------From: Jeroen Massar <jeroen(a)unfix.org>------------- : To avoid problems there, make a simple policy: if found : spreading a virus/spamming and having disabled the blockage: : no Internet for a week. Or a similar measure that can of : course be lifted after paying a fine. Wouldn't that make customers go to another comany for service? scott --- jeroen(a)unfix.org wrote: From: Jeroen Massar <jeroen(a)unfix.org> To: swinog(a)swinog.ch Subject: Re: [swinog] does Econophone block port25 Date: Wed, 04 Apr 2007 08:42:20 +0100 Candid Aeby wrote: > Hi > > first this is no local decision. We never liked it. I know it is unpopular > and i would prefer a better solution. Since Monday Port 25 is blocked for > Dial-Up and ADSL connections. Is that outbound from $customer -> $internet, or is that also for inbound $internet -> $customer? Having a block on port 25/tcp, 137-139/udp and some other magic virusports is acceptable on end-user IP's. BUT as long as the user of that line has the option to easily turn this off. Eg using a webinterface where they can login using their user/pass and then enable it again, that is disable the block. If that is not possible, then when a user moans about not getting "Internet connectivity" they are quite right. Users who are not the typical techy, can always use 587 as you indicated and should, in general, keep the block on. To avoid problems there, make a simple policy: if found spreading a virus/spamming and having disabled the blockage: no Internet for a week. Or a similar measure that can of course be lifted after paying a fine. Greets, Jeroen _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

10 10

Re: [swinog] Re: blocking ports?
by Scott Weeks 11 Apr '07

11 Apr '07

: You'd be amazed how many companies operate their own : mail servers, even behind dynamic addresses I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this? scott --- swinog-list(a)dudes.ch wrote: From: Markus Wild <swinog-list(a)dudes.ch> To: swinog(a)swinog.ch Subject: Re: [swinog] Re: blocking ports? Date: Wed, 11 Apr 2007 19:26:39 +0200 Jonathan, > Sorry but I disagree with Per. ISPs have a duty to prevent email > Spam which is a terrible curse for us all. If they decide that > blocking port 25 outbound will help then they should do it. > > If you are a user, why can't you use the ISPs relay server? If you > are a provider you ought to have your own mail server on a fixed IP > address. You'd be amazed how many companies operate their own mail servers, even behind dynamic addresses (in which case they usually use some mailbox polling mechanism to feed their server from mail from the outside), but send outgoing mail directly with SMTP. > Of course, one day we need a better protocol than SMTP (*Simple* Mail > Transfer Protocol) which was never meant as a global email solution. > But until then we have to do something to stop people abusing it. But by killing the payload, not the messenger, please... Cheers, Markus _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

1 0

Samsung SCM-140U Cable Modems
by Michel Renfer 11 Apr '07

11 Apr '07

Hi All Anyone using those SCM-140 modems? Please contact me offlist! cheers, michel

1 0

Looking for Cisco Switches...
by Matthias Hertzog 11 Apr '07

11 Apr '07

Hi folks For a temporary installation for a customer i'm looking for Cisco Switches with at least FE-Ports. Some 2900 or better are fine. If you have something to sale, please send an offer to me (off-list). Thanks & best wishes, Matthias _________________________________________ mhs @ internet AG Zürcherstrasse 204, CH - 9014 St. Gallen Phone +41 71 274 93 93, Fax +41 71 274 93 94 http://www.mhs.ch _________________________________________

1 0

Complete facilities in Basel, Bern, and Zurich
by Mickey Coggins 05 Apr '07

05 Apr '07

Hi, I've got complete "POPs" in Bern, Basel, and Zurich that have raised floors, aircon, UPS, batteries, even DC power rectifiers. I don't need them any longer. If you are interested in taking over the lease, and/or buying the stuff for a good price, please let me know. Thanks, Mickey -- Mickey Coggins Tel: +41-22-783-6630 GSM: +41-79-476-8183

2 1

does Econophone block port25
by Michele Capobianco 04 Apr '07

04 Apr '07

I will tell all our costumers to not use econophone/tele2 anymore. That is no behavior! And on the econophone FAQ is nothing about that. But to be honest i did not think about tele2 FAQ at the first time. Greets Michele

5 6

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog April 2007