swinog August 2013

swinog@lists.swinog.ch

37 participants
19 discussions

Swisscom setzt Einführung des Filters für den Mailverkehr via Port25 fort

by Security Swisscom Schweiz

Texte français en bas - Testo italiano al sotto - Text in english below -------------------------------------------------------------------------- Guten Tag, Mehr als 10 Millionen Spam-Mails werden täglich über das Swisscom Netz verschickt. Daher hat Swisscom vor drei Jahren begonnen, einen neuen Filter für den Mailverkehr ihrer DSL-Privatkunden einzusetzen. Swisscom setzt dessen Implementierung ab Juni dieses Jahres schrittweise fort um das Spam-Aufkommen weiter einzudämmen. Mit dem Abschluss der Einführung wird bis voraussichtlich März 2014 gerechnet. Swisscom geht davon aus, dass rund 98 Prozent aller Kunden nichts von der Umstellung bemerken werden. Einzig Swisscom Privatkunden, die für ihre ausgehenden E-Mails den Server eines anderen Anbieters verwenden und dabei die SMTP-Authentifizierung auf dem Port 25 nutzen, müssen neu ihre E-Mail-Einstellungen beim Postausgangsserver (SMTP) von Port 25 auf den dafür vorgesehenen Port 587 ändern. Betroffene Kunden werden mittels einer Fehlermeldung darauf hingewiesen und auf eine Hilfeseite von Swisscom geleitet, sodass sie die nötigen Einstellungen eigenhändig vornehmen können. Es ist jedoch nicht auszuschliessen, dass einzelne Kunden persönlichen Support bevorzugen und sich deshalb an den Anbieter ihres E-Mailkontos wenden. Diesen Kunden kann für Hilfeleistungen die folgende Swisscom Seite empfohlen werden: http://www.swisscom.ch/p25/. Viele Grüsse, Security Swisscom Schweiz Abuse & Security Operations -------------------------------------------------------------------------- Swisscom poursuit l'introduction du filtre pour l'échange d'e-mails sur le port 25 Bonjour, Plus de 10 millions de spams sont envoyés tous les jours sur le réseau de Swisscom. Il y a trois ans, Swisscom a donc commencé à utiliser un nouveau filtre pour l'échange d'e-mails de ses clients privés DSL. Swisscom poursuit à partir du juin 2013 progressivement ce déploiement afin d'endiguer le spam. Nous prévoyons qu'il sera terminé d'ici à mars 2014. Swisscom pense qu'environ 98% des clients ne remarqueront pas le changement. Seuls les clients privés de Swisscom qui utilisent le serveur d'un autre fournisseur pour envoyer leur e-mails et appliquent l'authentification SMTP sur le port 25 doivent modifier les paramètres du serveur de courrier sortant (SMTP) de leur compte de messagerie : ils doivent passer le numéro du port de 25 à 587, le port prévu. Un message d'erreur avertit les clients et ils sont dirigés sur une page d'aide de Swisscom afin qu'ils puissent modifier les paramètres eux-mêmes. Il n'est toutefois pas exclu que certains clients préfèrent une aide personnelle, auquel cas il faut qu'ils s'adressent au fournisseur de leur compte de messagerie. Il est possible de leur conseiller la page Swisscom suivante qui peut les aider: http://www.swisscom.ch/p25/. Meilleures salutations, Security Swisscom Suisse Abuse & Security Operations -------------------------------------------------------------------------- Swisscom prosegue l’introduzione del filtro per il traffico e-mail tramite il port 25 Bongiorno, Ogni giorno, più di 10 milioni di e-mail spam vengono inviate sulla rete Swisscom. Per questo motivo, tre anni fa Swisscom ha iniziato a impiegare un nuovo filtro per il traffico e-mail dei suoi clienti privati DSL. Dal giugno 2013, Swisscom porta avanti gradualmente l’implementazione del filtro per ridurre ulteriormente la presenza di spam. Si prevede che l’introduzione avrà termine entro marzo 2014. Swisscom ritiene che circa il 98% di tutti i clienti non si accorgerà del passaggio. Solo i clienti privati Swisscom, che utilizzano il server di un altro operatore per le e-mail in uscita e fanno ricorso all’autenticazione SMTP sul port 25, dovranno d’ora in poi modificare le impostazioni dell’e-mail nel server di posta in uscita (SMTP) passando dal port 25 al port 587 appositamente previsto. I clienti interessanti verranno informati a riguardo tramite un messaggio di errore e verranno indirizzati a una pagina di supporto di Swisscom, in modo da poter inserire personalmente le impostazioni necessarie. Tuttavia, non si esclude che alcuni clienti preferiscano il supporto personale e si rivolgano, quindi, all’operatore del proprio account di posta elettronica. Per i servizi di supporto è possibile consigliare a questi clienti la seguente pagina Swisscom: http://www.swisscom.ch/p25/. Distinti saluti, Security Swisscom Svizzera Abuse & Security Operations -------------------------------------------------------------------------- Swisscom continues implementation of the filter for mail service via Port25 Good afternoon, More than 10 million spam mails a day are sent over the Swisscom network. Three years ago, Swisscom began using a new filter for the mail service of its residential DSL customers. Since June 2013, Swisscom is continuing the stepwise implementation of this filter to further stem the flow of spam. Implementation is scheduled to be complete in March 2014. Swisscom estimates that about 98% of all customers will not notice any changes at all. Only residential Swisscom customers who use an outside provider's server for their outgoing e-mails in conjunction with SMTP authentication on Port 25 will be required to adjust their e-mail settings for the outgoing post server (SMTP) from Port 25 to Port 587. Affected customers will be notified with an error message, which will lead them to Swisscom’s Help page where they can make the necessary adjustments themselves. It is quite possible that some customers preferring personal, individual support will contact their e-mail account provider. It is recommended that these customers consult the following page for Swisscom help services: http://www.swisscom.ch/p25/. Best regards, Security Swisscom Switzerland Abuse & Security Operations

9 years, 8 months

SwiNOG-BE124 - Beer Event 124 @ Pumpstation / ZH

by Steven Glogger

Dear SwiNOGers, Enjoy the Sun, the Beer and the Lake. Details for the next event: ----------------------------------------------- Event: SwiNOG-BE124 - Beer Event 124 When? Monday, 2nd September 2013 18:30 Where? Pumpstation Utoquai 10, 8008 Zürich http://www.pumpstation.ch/ (GoogleMaps Link: http://goo.gl/maps/a7O3Q) !! In case it would rain: we would move over to another place. Stay tuned and check your mailbox before coming... !! !! Please note: I cannot reserve ANY table - the first one to come should get a big table for all ,-) !! ----------------------------------------------- Registration: Start: Friday, 30th August 2013 - 15:50 Stop: Monday, 2nd September 2013 - 12:00 Reg-URL: http://swinog.be/ ----------------------------------------------- Since we have to make reservations, I need to know who's coming and who not. If you can't attend and you're registered please inform me ASAP (+41 79 277 92 35). greetings -steven

9 years, 9 months

Last Chance to Register for EuroBSDcon 2013 Earlybird

by Andre Oppermann

Just want to give you a heads-up on this years EuroBSDcon 2013 from September 26-27 (Thu+Fri tutorials) and 28-29 (Sat+Sun main conference) in St. Julian's on Malta. If you have an interest in OpenSource BSD this is the place to be. All talks are strictly technical and non-commercial, absolutely no sales pitches. The entire conference is run like SWINOG on a non- profit basis. About 220 people have already registered. This year we have 42 truly excellent talks and 11 in-depth tutorial sessions. To give you a glimpse we have a number of high-profile people giving talks and keynotes: Mr. Nginx, Igor Sysoev, about Architecture and upcoming developments Mr. Varnish, Poul-Henning Kamp, about high-performance http offloading Mr. Global Top100, Eric Pickup, about Nginx+Redis+PHP+NodeJS powering a global top100 site Mr. Netflix, Scott Long and Alistair Crooks, about video CDN doing 30% of the US traffic Mr. PostgreSQL, Magnus Hagander, about upcoming features and performance in 9.3 Mr. ZFS, Matthew Ahrens, about upcoming features and performance improvements Mr. Cisco Datacenter, Landon Noll, keynote about security and its application to systems Mr. Flash, Warner Losh, about the evolution of super high speed flash storage Mr. 40+Gbit, Navdeep Parhar, about the FreeBSD network stack and driver interface Mr. 700k+IOPS, Alexander Motin, about SATA, SAS, SSD, CAM block storage Mr. ARM 64bit servers, Andrew Wafaa, about the upcoming 64bit ARM server cores Mr. NFSv4, Moritz Willers, about very large scale NFS enterprise deployments Mr. OpenBSD, Theo de Raadt, keynote about solving Y2038 before it is too late again and many more: http://2013.eurobsdcon.org/eurobsdcon-2013/talks/ Meet your favorite major project core developer and talk to him directly! Full day and half day tutorials include: Advanced BGP and OSPF Routing (Claudio Jeker), Mastering advanced SSH and DNSSEC (Michael W. Lucas), pfSense Firewall (Chris Buechler, Ermal Luci), Firewalls with pf (Peter Hansteen), High available Storage (Jeroen van Nieuwenhuizen), Deploying IPv6 and Setting up OSS VoIP PBX (Massimiliano Stucchi), Design and Implementation of the BSD Kernel (Dr. Kirk McKusick) and many more: http://2013.eurobsdcon.org/eurobsdcon-2013/tutorials/ I hope I could interest you to attend the conference. Make sure to register soon before the early-bird special expires on 1. September: http://2013.eurobsdcon.org/eurobsdcon-2013/registration/ Flights from Zurich to Malta and back are about CHF 450 (Thu-Mon or Web-Mon). A large number of hotels is available nearby from EUR20 to EUR200/night. Partners are welcome too and we have organized a guided tour of the islands. See you on Malta! -- Andre (EuroBSDcon 2013 OC Chair) PS: If you have any questions feel free to ping me directly. PPS: Sorry for being slightly spammy.

9 years, 9 months

SwissIX / google

by Matias Meier

Hello It seems that googles swissix link is down... Google isn't reachable from the Green network, also from iWay 8.8.8.8 isn't reachable. From Cyberlink and from Cablecom it seems tob e OK. Anyone else have problems? Freundliche Grüsse Matias Meier

9 years, 9 months

anyone else problem contacting bluewin.ch SMTP Servers?

by Michael Richter

mrichter@CL-LINUX-3OG-MR:~$ telnet mxzhh.bluewin.ch 25 Trying 195.186.227.50... Connected to mxzhh.bluewin.ch. Escape character is '^]'. 421 4.4.5 Service unavailable, concurrency limit reached. Connection closed by foreign host. Trying 195.186.227.50... telnet: connect to address 195.186.227.50: Connection refused telnet: Unable to connect to remote host This with all 3 MX: bluewin.ch. 88 IN MX 10 mxbw.bluewin.ch. bluewin.ch. 88 IN MX 42 mxzhb.bluewin.ch. bluewin.ch. 88 IN MX 42 mxzhh.bluewin.ch. Freundliche Grüsse sasag Kabelkommunikation AG Michael Richter Professional Bachelor ODEC in Engineering mrichter(a)sasag.ch 052 633 01 71

9 years, 9 months

gmx.ch not delivering emails to servers using greylisting?

by Marc Balmer

Dear Swinogers Customers of ours for whom we operate the email infrastructure report that since about a week they can not receive any emails sent from gmx accounts. The mailservers of our customers use greylisting. Are there any known problems with gmx.ch sending to greylisting servers? Thanks - Marc Balmer

9 years, 9 months

Swisscom down?

by Wunderlin Daniel

Swisscom down? No swisscom.ch No ip-plus.net ... Much customers down -> I'll take a coffee..

9 years, 9 months

Belgian spammer

by Klaus Ethgen

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, slowly I get pissed of from one Belgian spammer. Do anybody else see high personalized spam from smtp\.ymlp\d*\.net or smtp\d*\.ymlpsrv\.net? First I found them in uni zürich where they spammed all employees and all students with some festivals in zürich and now I even get spams from those spammer privately. It is not clear where the addresses comes from and I even wounder how this spammer is able to stay outside of all dnsrbls. And as he spawns new nodes on and on it is only possible to block him with the above regexes. Anybody saw any legal mail from this spammer? Gruß Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus(a)Ethgen.de> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQGcBAEBCgAGBQJSFdYHAAoJEKZ8CrGAGfasNmkL/igYRH62Sc8yOIpgr3IwVXC+ cXIVUTOJ5Y5oBZd0Tg3E21iJI3nYhYXKKttphfiYDHalKZirPDIAHITh8VBtUh7i VjAD7CjMOB2ll5oXGEORRT7t09zq2OJuIh14cg4UDPSVxT33Pj6IdPRTz9weNZw/ Xeu7cRv0WRts1r+f/zMinAw/eAXYdblsyTvJ99Yf71Pok6TE1/SSBI57Gz4RZl+l M7mr6l3sKI5B1H0a+S+nIiS6dxFMbeeSDVn70FFDDDNa6FulkozeRs7icyIEiCFw GI1kSGAwHilsosH4iqJw3gQY0rg44Xy3lE0gu+GLYv4SaH6sWV6nhuslUXzhUN6K SX08oEXG71lA5sQyMqMU3gXxZM2FswEOfbdCrBIv+IvXZ9AljsEIEl97I18wYXX7 a7SksyjUkkkuSlOGgQWD4YTA/87Z2CD0zdfdkRyBmL+Kh39H6WLwEFzQOlNCMEBU 8KeS2xj1lvRhcwyqnsY6qJXs2MYTgFvujeKJ/BgYRQ== =WQAv -----END PGP SIGNATURE-----

9 years, 9 months

Small VoIP PBX recommendations

by Andre Oppermann

I'm looking for recommendations on small VoIP PBX systems with these properties: - works well with Snom, Aastra, and Soft-phones - 10-15 phones - basic admin (web gui) to configure accounts and assign numbers (DDI) - reliable and secure operation - support for uplink SIP trunking (no BRI ports) - log for CDRs to see who cost how much An opensource solution running on Linux/FreeBSD would be preferred, a small and good complete "hardware" solution for a couple of hundred bucks would acceptable as well. In either case it should be relatively straight forward and low hassle installation and operation. What would you recommend? Which packages would you rather avoid? Thanks -- Andre

9 years, 9 months

How to automate abuse complaints for ip based violations

by Markus Wild

Hi there, when looking through traffic analysis, I can more or less easily identify IP addresses that exhibit bad behavior (like massive port/address scanning, attempting to log into joomla/wp administration URLs, POP3/SMTP account scanning, etc) which need to be blocked. Now, since most of these IPs are not the actual culprits, but merely infected machines, it would be helpful for the internet health as a whole to report such incidents to their respective ISPs. Here's where the problem starts:) My manual approach would be to lookup whois data for the respective IP (which by itself can be a multi step process, since you first need to find the right registry), and look for an abuse-contact there. But, whois isn't exactly engineered for automated mass lookups (+), and if I did this I'm sure I'd probably be violating terms of use of at least some of the registry whois servers, and be locked out. So, what alternatives are there? I saw that abuse.net keeps a nice DNS based lookup service for domain names, but they unfortunately don't do this for IP addresses. How are others doing this? I know I occasionally received output of fail2ban scripts when working for a larger ISP. Are these all in-house local developments? Cheers, Markus (+) joomla/wp scans alone yielded > 3000 ip addresses in one day for our little network...

9 years, 9 months

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog August 2013