hello all,
hopefully I do not break here a subscription-Law, so simply:
We have some Cisco parts / devices on Stock, which where nearly never
used:
2x Firewall Cisco ASA5520-AIP20-K9
(ASA 5520 Appl w/ AIP-SSM-20, SW,300 VPN, Prs,4GE+1FE,3DES/AES)
1x Switch Cisco WS-C4507R + some modules
(2x 24 port 10/100/1000 GBE / 2x V Console / 2x power supply etc
They where bought for a project, which was frozen, and there was no
fit in other needs / projects.
If you see need, please contact me directly in english or german.
mailto:swinog-ch@hightowernet.de
Detailed product list & photos available on request.
Condition of devices: nearly new
ASA's where tested only some hours
4507er was in use for about 2-3 months
Bougt end 2006. Used in Summer 2007
Will be sold on highest bid.
Test before possible, sold without warranty.
Device location: near to Zurich
Alternatively:
do you know company near Zurich, which makes business with
buying/selling used hardware in this class ?
We simply want to cleanup our stock ASAP.
--
Mit freundlichen Grüßen
Stephan Wolf
mailto:swinog-ch@hightowernet.de
Hi everyone
To officially talk about the "mail problems on port 25 with swisscom dsl" I would like to give you some (technical) information.
We had several needs to stop spam from our network:
- We're receiving about 30'000-100'000 abuse complaints per month (contains multiple reports per case)
- Mail filtering on our infrastructure (our mail servers) are only catching 20% of all spam sent from swisscom dsl - 80% is sent directly from the customer lines. (source: http://www.maawg.org/port25)
- About 60% to over 90% of all mails sent over residential customer lines are identified as spam. This is more than 10 millions spam emails per day (~375 terabytes per year)
The impacts are clear:
- Spam generates a quite high amount of cost within Swisscom (money, personal, time, storage, data, etc.)
- Our reputation is getting bad
- We might get listed on blacklists (-> impact on legimite traffic)
- Customers are getting blocked (e.g. in sandbox) and are not happy therefore (most of the customers are not realizing, that they are sending spam, because they are virus-/trojan-infected)
So, what we did and what are we doing?
We currently ran a pilot. The productive rollout which will affect all customers will start this week and will take around 2 months until all customers are migrated. Only (ex-)bluewin customers with dynamic adsl-lines will be affected.
Swisscom has published an official statement on http://www.swisscom.ch/p25 and modifies the error-message sent to the customer which will be more clearer.
The pilot showed very clearly that this countermeasure is very effectful in stopping outgoing spam.
Going to the technical part:
We're running a transparent proxy on port 25 (smtp) which gets communication from any customer to any port 25 (Layer 4 redirect feature).
The proxy is analyzing the email and if it detects that spam has been sent he will reject the connection by issuing an error message to the customer (the mailclient will notice: smtp-error). If the mail is a normal and legitimate email -> no problem: mail will be sent. We will even insert a "received-from:" line in the header. If a bot/trojan is trying to send emails, the customer will not notice. There are no mails beeing stored on the filter server. All decisions are made on-the-fly.
Customers, which are virus-affected are handled by the standard abuse process which we have in place (inform, quarantine in a sandbox, etc.).
The option for layer 4 redirect is activated via radius - so it can be turned off on request and the customer just has to reconnect.
For dynamic customers the option will be activated by default.
Customers are asked to authenticate their smtp session and use the mail submission port 587 (not filtered).
So, will this affect non-smtp traffic on port 25? Unfortunately, yes. This traffic will be lost. If the customer has a need to use port 25 for other purposes than email he can request turning of the redirecting feature.
If a customer usses SSL via port 25 does it work? No, it will be dropped.
Customers are kindly requested to use port 465 instead.
If a customer uses smtp auth via port 25, will this work? He will receive a smtp error like "sorry, smtp auth not possible. use 587" (error 573).
Will we start to block completely port 25 in the future? No, absolutely not.
So, I hope things are now getting clearer ,-)
Greetings
-steven
Steven Glogger
___________________________________________________________________________
Cisco CCIE#23778
Network Engineer
Telefon +41 44 294 58 41
Mobile +41 79 277 92 35
Fax +41 86 079 277 92 35
steven.glogger(a)swisscom.com
___________________________________________________________________________
Swisscom (Schweiz) AG
Network & IT
Network Engineering & Operations
Binzring 17
CH-8045 Zürich
www.swisscom.com
Hello,
Since midnight we are having problems sending traffic to du.ae (our
datacenter in Dubai (DIFC)). Does anyone else have problems with
communication to Dubai/DIFC/Du.ae ?
route: 91.189.12.0/22
origin: AS15802
<http://www.db.ripe.net/whois?searchtext=AS15802&inverse_attributes=orig
in&form_type=simple>
With Kind Regards
Thomas Nederman
Systems & Infrastructure
Penta Consulting SA
Voice +41 22 316 1090
Direct +41 22 316 1028
Fax +41 22 316 1099
infra(a)penta.ch <mailto:infra@penta.ch>
www.penta.ch <http://www.penta.ch>
______________________________________________
Your applications everywhere, always TM
______________________________________________
Hi All!
Finecom has an open position as Senior Network Engineer (3rd level,
m/w). For more informations please contact me
offline...
http://www.finecom.ch/jobs
cheers,
michel
Hi
Could someone from Cablecom contact me off-list? Its about SMTP/MX.
Thanks a lot
raf
Nine Internet Solutions AG
Raffael Schmid
Albisriederstrasse 243c
8047 Zuerich
044 637 40 00
raffael.schmid(a)nine.ch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
Is there a technician of Xincs.eu online? Please contact me offlist, all your official contact ways are dead/not answered!
thanks
Silvan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
iEYEARECAAYFAkuwd3kACgkQC82WwYR1u2qpcQCeKkHHACOEfHixbCjLaqvWbcQh
/NcAnRX6dEzZo5dxVgCiNOUpw2Jmok/I
=a1yQ
-----END PGP SIGNATURE-----
Does anybody have a contact person at web.de responsible for e-mail?
Their anti-spam settings seem to be pretty harsh. When our customers try
to send newsletters with more than about 10 web.de recipient addresses,
further mails are being blocked for quite some time, causing delays and
filling our outbound queue. Is there an easy way to get on a whitelist
at web.de?
Cheers,
Mike
--
Mike Kellenberger mike.kellenberger(a)escapenet.ch
Escapenet - the Web Company Tel +41 52 235 0700
http://www.escapenet.ch Skype mikek70atwork
