swinog April 2021

swinog@lists.swinog.ch

19 participants
11 discussions

Switzerlandwide Internet problem
by Michele Capobianco 16 Jul '23

16 Jul '23

Hey all A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem. Does anybody know something? Cheers Michele -------- Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32 http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch> --------

8 7

Swinog's Blacklists
by Florian Blaser 29 Apr '21

29 Apr '21

Hi all, I’ve setup an internal DNSBL and URIBL to better fight spam for our customers (and am thinking about setting up an HASHBL as well soon). I’m wondering if this work could be shared with the community by integrating our data in the Swinog RBLs. Would that be an option? Kind regards, Florian

1 0

OVH
by Klaus Ethgen 27 Apr '21

27 Apr '21

Hi folks, do any of you know just one legit service that is hosted by OVH? They own massive amount of /16 networks and many of them are already in my blocklist as I have seen massive server attacks from that OVH networks. Regards Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus(a)Ethgen.ch> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C

5 4

mail.protection.outlook.com said: 451 4.7.500 Server busy. Please try again later
by Per Jessen 27 Apr '21

27 Apr '21

Does anyone have any idea what sort of rate limits are used by Office365 ? We seem to be hitting $SUBJ more and more often, so we have been scaling back delivery frequencies. It just seems a bit random and arbitrary. -- Per Jessen, Zürich (19.4°C)

2 1

someone at infomaniak
by Silvan M. Gebhardt 26 Apr '21

26 Apr '21

Can someone at Infomaniak contact me offlist urgently please. (phishing site takedown. thanks) Merci Silvan

1 0

somebody from Backbone/sipcall arround ?
by roger mgz 16 Apr '21

16 Apr '21

please contact me offlist for some Voip abuse Question Roger

1 0

New glue record, transfer of domains and such things
by Mueller Urs SBB CFF FFS 15 Apr '21

15 Apr '21

Hi there A friend reminded me to use the list, as it is sometimes a bit quiet here. ;-) My understanding of a glue record is, that the registrar of a domain is responsible to configure them (in my case at home, this was Cyon, but they were a bit puzzled, as they don't do this very often). Just to understand this technically (I'm perhaps totally wrong): - Domain registrar receives customer order (put dns.xyz.zyx with 1.2.3.4 as glue record into some system) - Registrar has an interface (fax, carrier pigeon or something similar) to tld registry, which can save the record to its database If I further change my registrar, this doesn't affect that entry, but any change has to be ordered through the new registrar. There is usually no way to do this myself (if the registrar is not offering such an interface). Please help or correct me. Thank you. Urs Müller SBB AG Cyber Defense Center Poststrasse 6, 3072 Ostermundigen Mobil +41 79 433 21 67 urs.bf.mueller(a)sbb.ch / www.sbb.ch

3 2

FYI: COMLOT Geldspielgesetz Key expired
by Jeroen Massar 14 Apr '21

14 Apr '21

As it is 1 april tomorrow, some things expired yesterday: Not After : Mar 30 13:28:58 2021 GMT That thing is.... the COMLOT key to verify those Geldspielgesetz keys for their fun list of worldwide casinos: https://blacklist.comlot.ch/comlot_blacklist.txt see full cert details below. You can get the key with or attached: $ wget -vS https://blacklist.comlot.ch/blacklist.comlot.ch.pub --2021-03-31 16:50:00-- https://blacklist.comlot.ch/blacklist.comlot.ch.pub Resolving blacklist.comlot.ch (blacklist.comlot.ch)... 194.187.88.5 Connecting to blacklist.comlot.ch (blacklist.comlot.ch)|194.187.88.5|:443... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK Server: nginx/1.14.2 Date: Wed, 31 Mar 2021 14:50:01 GMT Content-Type: application/octet-stream Content-Length: 2927 Connection: keep-alive Last-Modified: Wednesday, 31-Mar-2021 14:50:01 GMT Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Strict-Transport-Security: max-age=15768000 Accept-Ranges: bytes Length: 2927 (2.9K) [application/octet-stream] Saving to: ‘blacklist.comlot.ch.pub’ blacklist.comlot.ch.pub 100%[==========================================================>] 2.86K --.-KB/s in 0s 2021-03-31 16:50:01 (558 MB/s) - ‘blacklist.comlot.ch.pub’ saved [2927/2927] Funny that nginx claims the file changed... the moment I downloaded it, bit strange for a static file. Anybody has contacts at COMLOT. As technically speaking, we should not be updating the list anymore into RPZ now; the process I have is thus stuck at the list from yesterday.... (not that it matters, with such a nice list, a bit of VPN and/or simply choosing any non-provider DNS server and voila... bypassed the law.... you, know, Their Law! https://www.youtube.com/watch?v=zKNoU2P0dQc Enjoy! Greet, Jeroen -- openssl x509 -in blacklist.comlot.ch.pub -text Certificate: Data: Version: 3 (0x2) Serial Number: 61:5d:a4:eb:83:eb:a0:a3:be:97:59:c9:56:9b:28:e9 Signature Algorithm: sha256WithRSAEncryption Issuer: C = CH, O = SwissSign AG, CN = SwissSign CH Person Platinum CA 2017 - G22, organizationIdentifier = NTRCH-CHE-109.357.012 Validity Not Before: Mar 30 13:28:58 2020 GMT Not After : Mar 30 13:28:58 2021 GMT Subject: C = CH, L = Bern, ST = BE, organizationIdentifier = NTRCH-CHE-196.380.112, O = Lotterie- und Wettkommission Comlot, CN = Lotterie- und Wettkommission Comlot Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:8d:2c:7f:48:c2:07:30:b9:fa:29:26:1d:29:83: 82:41:ef:73:2e:8e:dc:de:28:a4:6b:0b:93:0d:19: b6:ee:d2:c5:63:95:3f:d0:ed:a7:f3:80:70:e3:07: 48:6e:f3:e7:5a:d1:fd:80:d5:2e:4e:6d:3d:e1:db: 8e:44:2f:4f:a7:21:58:1d:c9:59:40:9b:97:85:4c: b6:5a:f6:cc:1a:71:a1:ef:59:59:65:f2:6c:be:25: 74:15:37:29:40:b1:6c:6d:3b:43:82:85:ee:5b:e8: 01:86:92:32:a5:f8:a9:ba:8b:85:6e:14:6e:ca:cc: 33:35:ff:7e:b7:fb:1c:c6:dc:c3:c4:f8:31:7b:73: c8:91:86:59:07:4b:75:1f:10:68:50:61:93:19:5b: ac:3d:43:c4:49:0a:ea:17:1b:ea:0e:f5:c1:7f:d5: db:c0:58:c5:61:19:dd:05:b7:b5:35:27:85:ea:ec: 70:6e:c5:a6:d5:c1:ca:5b:85:3e:42:08:14:f0:01: aa:b5:47:93:ed:ed:eb:20:35:db:d8:d8:58:da:6b: dc:3d:14:ee:e1:91:c8:85:12:d5:59:9c:fc:4f:04: 0e:f5:a4:d5:c0:ab:ec:57:6b:c1:d9:8f:1d:6b:dc: bf:5a:0e:58:a0:4c:01:0f:13:31:c0:0b:dd:ac:aa: 2b:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: 1B:2B:A0:91:2C:6F:2B:92:49:EC:96:04:BD:1C:8D:36:35:45:4D:76 X509v3 Authority Key Identifier: keyid:1E:C8:04:6D:FB:72:62:51:60:A2:73:24:6F:BE:F2:5F:4D:34:92:FC X509v3 CRL Distribution Points: Full Name: URI:http://crl.swisssign.net/1EC8046DFB72625160A273246FBEF25F4D3492FC Full Name: URI:ldap://directory.swisssign.com/CN=1EC8046DFB72625160A273246FBEF25F4D349… X509v3 Certificate Policies: Policy: 2.16.756.1.89.1.1.1.1.10 CPS: https://repository.swisssign.com/SwissSign-Platinum-CP-CPS.pdf User Notice: Explicit Text: regulated certificate Policy: 0.4.0.194112.1.3 Authority Information Access: CA Issuers - URI:http://swisssign.net/cgi-bin/authority/download/1EC8046DFB72625160A2732… OCSP - URI:http://platinum-g2.ocsp.swisssign.net/1EC8046DFB72625160A273246FBEF25F4… qcStatements: 0c0......F..0B.....F..08.2https://repository.swisssign.com/SwissSign-PDS.pd…... Signature Algorithm: sha256WithRSAEncryption 10:08:b0:64:2d:63:90:e2:07:4e:ed:d1:87:62:0a:43:88:c8: 87:b9:85:91:ae:ba:8b:f7:f6:33:d3:cd:a0:63:37:28:28:4f: c0:ec:15:06:a7:e4:86:1f:03:28:ad:e5:32:68:14:e2:ee:6e: 62:97:fc:95:7a:ac:fe:b1:a4:24:d1:99:89:2e:cd:ee:ca:c3: 76:c9:38:8e:3b:16:bd:6f:89:5e:4a:94:d5:ea:f1:73:46:15: 41:45:a4:8a:0b:8a:14:22:35:36:8c:fa:70:bb:19:73:6e:39: 93:5d:0d:5c:43:60:8e:0e:38:ed:ac:96:74:0a:b9:51:bc:23: 51:80:4d:cf:e2:64:02:80:af:dd:ef:40:b9:ba:36:0e:aa:3d: 88:d9:29:20:56:68:39:a8:74:46:79:81:df:d0:c8:fb:4b:76: 2b:c4:41:42:e8:c6:16:f7:94:7f:30:de:ba:22:d9:67:94:a7: c2:01:4f:1f:31:2b:52:16:f3:ae:c4:b6:a4:f8:87:df:7f:92: 73:e1:89:07:05:9b:8d:e9:c1:21:8a:b6:87:59:04:12:fb:b0: f3:1a:95:0e:29:5d:95:af:a2:82:54:cb:9f:77:d7:90:00:42: 06:53:88:d4:9f:26:b0:43:e9:b0:c1:9a:24:17:69:fc:87:66: e3:67:01:bf -----BEGIN CERTIFICATE----- MIIG9zCCBd+gAwIBAgIQYV2k64ProKO+l1nJVpso6TANBgkqhkiG9w0BAQsFADB5 MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMTMwMQYDVQQDEypT d2lzc1NpZ24gQ0ggUGVyc29uIFBsYXRpbnVtIENBIDIwMTcgLSBHMjIxHjAcBgNV BGETFU5UUkNILUNIRS0xMDkuMzU3LjAxMjAeFw0yMDAzMzAxMzI4NThaFw0yMTAz MzAxMzI4NThaMIGlMQswCQYDVQQGEwJDSDENMAsGA1UEBxMEQmVybjELMAkGA1UE CBMCQkUxHjAcBgNVBGETFU5UUkNILUNIRS0xOTYuMzgwLjExMjEsMCoGA1UEChMj TG90dGVyaWUtIHVuZCBXZXR0a29tbWlzc2lvbiBDb21sb3QxLDAqBgNVBAMTI0xv dHRlcmllLSB1bmQgV2V0dGtvbW1pc3Npb24gQ29tbG90MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAjSx/SMIHMLn6KSYdKYOCQe9zLo7c3iikawuTDRm2 7tLFY5U/0O2n84Bw4wdIbvPnWtH9gNUuTm094duORC9PpyFYHclZQJuXhUy2WvbM GnGh71lZZfJsviV0FTcpQLFsbTtDgoXuW+gBhpIypfipuouFbhRuyswzNf9+t/sc xtzDxPgxe3PIkYZZB0t1HxBoUGGTGVusPUPESQrqFxvqDvXBf9XbwFjFYRndBbe1 NSeF6uxwbsWm1cHKW4U+QggU8AGqtUeT7e3rIDXb2NhY2mvcPRTu4ZHIhRLVWZz8 TwQO9aTVwKvsV2vB2Y8da9y/Wg5YoEwBDxMxwAvdrKorbwIDAQABo4IDTDCCA0gw DgYDVR0PAQH/BAQDAgeAMAwGA1UdEwQFMAMBAQAwHQYDVR0OBBYEFBsroJEsbyuS SeyWBL0cjTY1RU12MB8GA1UdIwQYMBaAFB7IBG37cmJRYKJzJG++8l9NNJL8MIIB BAYDVR0fBIH8MIH5MEegRaBDhkFodHRwOi8vY3JsLnN3aXNzc2lnbi5uZXQvMUVD ODA0NkRGQjcyNjI1MTYwQTI3MzI0NkZCRUYyNUY0RDM0OTJGQzCBraCBqqCBp4aB pGxkYXA6Ly9kaXJlY3Rvcnkuc3dpc3NzaWduLmNvbS9DTj0xRUM4MDQ2REZCNzI2 MjUxNjBBMjczMjQ2RkJFRjI1RjREMzQ5MkZDJTJDTz1Td2lzc1NpZ24lMjBBRyUy Q0M9Q0g/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNz PWNSTERpc3RyaWJ1dGlvblBvaW50MIGXBgNVHSAEgY8wgYwwfwYKYIV0AVkBAQEB CjBxMEoGCCsGAQUFBwIBFj5odHRwczovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNv bS9Td2lzc1NpZ24tUGxhdGludW0tQ1AtQ1BTLnBkZjAjBggrBgEFBQcCAjAXDBVy ZWd1bGF0ZWQgY2VydGlmaWNhdGUwCQYHBACL7EABAzCB0gYIKwYBBQUHAQEEgcUw gcIwZAYIKwYBBQUHMAKGWGh0dHA6Ly9zd2lzc3NpZ24ubmV0L2NnaS1iaW4vYXV0 aG9yaXR5L2Rvd25sb2FkLzFFQzgwNDZERkI3MjYyNTE2MEEyNzMyNDZGQkVGMjVG NEQzNDkyRkMwWgYIKwYBBQUHMAGGTmh0dHA6Ly9wbGF0aW51bS1nMi5vY3NwLnN3 aXNzc2lnbi5uZXQvMUVDODA0NkRGQjcyNjI1MTYwQTI3MzI0NkZCRUYyNUY0RDM0 OTJGQzBxBggrBgEFBQcBAwRlMGMwCAYGBACORgEEMEIGBgQAjkYBBTA4FjJodHRw czovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS9Td2lzc1NpZ24tUERTLnBkZhMC ZW4wEwYGBACORgEGMAkGBwQAjkYBBgIwDQYJKoZIhvcNAQELBQADggEBABAIsGQt Y5DiB07t0YdiCkOIyIe5hZGuuov39jPTzaBjNygoT8DsFQan5IYfAyit5TJoFOLu bmKX/JV6rP6xpCTRmYkuze7Kw3bJOI47Fr1viV5KlNXq8XNGFUFFpIoLihQiNTaM +nC7GXNuOZNdDVxDYI4OOO2slnQKuVG8I1GATc/iZAKAr93vQLm6Ng6qPYjZKSBW aDmodEZ5gd/QyPtLdivEQULoxhb3lH8w3roi2WeUp8IBTx8xK1IW867EtqT4h99/ knPhiQcFm43pwSGKtodZBBL7sPMalQ4pXZWvooJUy59315AAQgZTiNSfJrBD6bDB miQXafyHZuNnAb8= -----END CERTIFICATE-----

1 1

Mail rejection at bluewin
by Peter Rohrer 07 Apr '21

07 Apr '21

Hello everybody Since yesterday, we see a lot of bounced messages to bluewin addresses with SMTP code 554, for example: relay=mxbw-bluewin-ch.hdb-cs04.ellb.ch[195.186.227.50]:25, delay=0.16, delays=0/0.01/0.09/0.05, dsn=5.2.0, status=bounced (host mxbw-bluewin-ch.hdb-cs04.ellb.ch[195.186.227.50] said: 554 5.2.0 sc976: Rejected due to policy reasons - https://support.bluewin.ch/provider/bounce/XXXXXXXXXXXXXXXXX[redacted]== (in reply to end of DATA command)) Unfortunately, sc976 is not documented on https://postmaster.bluewin.ch/content/de/technical-details/ We can't see any general pattern behind those rejections (hosts trough our entire IP range are affected), switching to a different IP address for delivery works in most cases. Do you see the same and have any insight what is going on here? Greetings Peter

7 7

Re: [swinog] Mail rejection at bluewin
by Sébastien Riccio 07 Apr '21

07 Apr '21

Hello Simon, Oops of course yes we found "NO" evidence... I should have re-read myself before sending the post. Thanks for pointing that out 😊 and for the cheers. Kind regards, Sébastien -----Message d'origine----- De : Simon Leinen <simon.leinen(a)switch.ch> Envoyé : mercredi, 7 avril 2021 10:30 À : Sébastien Riccio <sr(a)swisscenter.com> Objet : Re: [swinog] Mail rejection at bluewin Sébastien Riccio writes: [...] > It's the 3rd time it happens in two weeks and we found evidence of > unusual SPAM activity from our servers that would justify such a > ratelimiting/rejecting. You found evidence? Or is there a "no" missing somewhere? (Just trying to understand.) Cheers and good luck with the delivery issues! -- Simon.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog April 2021