Hey all
A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem.
Does anybody know something?
Cheers
Michele
--------
Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil
Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32
http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch>
--------
Hi all,
I’ve setup an internal DNSBL and URIBL to better fight spam for our customers (and am thinking about setting up an HASHBL as well soon).
I’m wondering if this work could be shared with the community by integrating our data in the Swinog RBLs. Would that be an option?
Kind regards,
Florian
Hi folks,
do any of you know just one legit service that is hosted by OVH?
They own massive amount of /16 networks and many of them are already in
my blocklist as I have seen massive server attacks from that OVH
networks.
Regards
Klaus
--
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus(a)Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
Does anyone have any idea what sort of rate limits are used by
Office365 ? We seem to be hitting $SUBJ more and more often, so we
have been scaling back delivery frequencies. It just seems a bit
random and arbitrary.
--
Per Jessen, Zürich (19.4°C)
Hi there
A friend reminded me to use the list, as it is sometimes a bit quiet here. ;-)
My understanding of a glue record is, that the registrar of a domain is responsible to configure them (in my case at home, this was Cyon, but they were a bit puzzled, as they don't do this very often).
Just to understand this technically (I'm perhaps totally wrong):
- Domain registrar receives customer order (put dns.xyz.zyx with 1.2.3.4 as glue record into some system)
- Registrar has an interface (fax, carrier pigeon or something similar) to tld registry, which can save the record to its database
If I further change my registrar, this doesn't affect that entry, but any change has to be ordered through the new registrar.
There is usually no way to do this myself (if the registrar is not offering such an interface).
Please help or correct me. Thank you.
Urs Müller
SBB AG
Cyber Defense Center
Poststrasse 6, 3072 Ostermundigen
Mobil +41 79 433 21 67
urs.bf.mueller(a)sbb.ch / www.sbb.ch
As it is 1 april tomorrow, some things expired yesterday:
Not After : Mar 30 13:28:58 2021 GMT
That thing is.... the COMLOT key to verify those Geldspielgesetz keys
for their fun list of worldwide casinos:
https://blacklist.comlot.ch/comlot_blacklist.txt
see full cert details below.
You can get the key with or attached:
$ wget -vS https://blacklist.comlot.ch/blacklist.comlot.ch.pub
--2021-03-31 16:50:00-- https://blacklist.comlot.ch/blacklist.comlot.ch.pub
Resolving blacklist.comlot.ch (blacklist.comlot.ch)... 194.187.88.5
Connecting to blacklist.comlot.ch
(blacklist.comlot.ch)|194.187.88.5|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 31 Mar 2021 14:50:01 GMT
Content-Type: application/octet-stream
Content-Length: 2927
Connection: keep-alive
Last-Modified: Wednesday, 31-Mar-2021 14:50:01 GMT
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate,
max-age=0
Strict-Transport-Security: max-age=15768000
Accept-Ranges: bytes
Length: 2927 (2.9K) [application/octet-stream]
Saving to: ‘blacklist.comlot.ch.pub’
blacklist.comlot.ch.pub
100%[==========================================================>]
2.86K --.-KB/s in 0s
2021-03-31 16:50:01 (558 MB/s) - ‘blacklist.comlot.ch.pub’ saved [2927/2927]
Funny that nginx claims the file changed... the moment I downloaded it,
bit strange for a static file.
Anybody has contacts at COMLOT. As technically speaking, we should not
be updating the list anymore into RPZ now; the process I have is thus
stuck at the list from yesterday.... (not that it matters, with such a
nice list, a bit of VPN and/or simply choosing any non-provider DNS
server and voila... bypassed the law.... you, know, Their Law!
https://www.youtube.com/watch?v=zKNoU2P0dQc
Enjoy!
Greet,
Jeroen
--
openssl x509 -in blacklist.comlot.ch.pub -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:5d:a4:eb:83:eb:a0:a3:be:97:59:c9:56:9b:28:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = CH, O = SwissSign AG, CN = SwissSign CH Person
Platinum CA 2017 - G22, organizationIdentifier = NTRCH-CHE-109.357.012
Validity
Not Before: Mar 30 13:28:58 2020 GMT
Not After : Mar 30 13:28:58 2021 GMT
Subject: C = CH, L = Bern, ST = BE, organizationIdentifier =
NTRCH-CHE-196.380.112, O = Lotterie- und Wettkommission Comlot, CN =
Lotterie- und Wettkommission Comlot
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:2c:7f:48:c2:07:30:b9:fa:29:26:1d:29:83:
82:41:ef:73:2e:8e:dc:de:28:a4:6b:0b:93:0d:19:
b6:ee:d2:c5:63:95:3f:d0:ed:a7:f3:80:70:e3:07:
48:6e:f3:e7:5a:d1:fd:80:d5:2e:4e:6d:3d:e1:db:
8e:44:2f:4f:a7:21:58:1d:c9:59:40:9b:97:85:4c:
b6:5a:f6:cc:1a:71:a1:ef:59:59:65:f2:6c:be:25:
74:15:37:29:40:b1:6c:6d:3b:43:82:85:ee:5b:e8:
01:86:92:32:a5:f8:a9:ba:8b:85:6e:14:6e:ca:cc:
33:35:ff:7e:b7:fb:1c:c6:dc:c3:c4:f8:31:7b:73:
c8:91:86:59:07:4b:75:1f:10:68:50:61:93:19:5b:
ac:3d:43:c4:49:0a:ea:17:1b:ea:0e:f5:c1:7f:d5:
db:c0:58:c5:61:19:dd:05:b7:b5:35:27:85:ea:ec:
70:6e:c5:a6:d5:c1:ca:5b:85:3e:42:08:14:f0:01:
aa:b5:47:93:ed:ed:eb:20:35:db:d8:d8:58:da:6b:
dc:3d:14:ee:e1:91:c8:85:12:d5:59:9c:fc:4f:04:
0e:f5:a4:d5:c0:ab:ec:57:6b:c1:d9:8f:1d:6b:dc:
bf:5a:0e:58:a0:4c:01:0f:13:31:c0:0b:dd:ac:aa:
2b:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
1B:2B:A0:91:2C:6F:2B:92:49:EC:96:04:BD:1C:8D:36:35:45:4D:76
X509v3 Authority Key Identifier:
keyid:1E:C8:04:6D:FB:72:62:51:60:A2:73:24:6F:BE:F2:5F:4D:34:92:FC
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.swisssign.net/1EC8046DFB72625160A273246FBEF25F4D3492FC
Full Name:
URI:ldap://directory.swisssign.com/CN=1EC8046DFB72625160A273246FBEF25F4D349…
X509v3 Certificate Policies:
Policy: 2.16.756.1.89.1.1.1.1.10
CPS:
https://repository.swisssign.com/SwissSign-Platinum-CP-CPS.pdf
User Notice:
Explicit Text: regulated certificate
Policy: 0.4.0.194112.1.3
Authority Information Access:
CA Issuers -
URI:http://swisssign.net/cgi-bin/authority/download/1EC8046DFB72625160A2732…
OCSP -
URI:http://platinum-g2.ocsp.swisssign.net/1EC8046DFB72625160A273246FBEF25F4…
qcStatements:
0c0......F..0B.....F..08.2https://repository.swisssign.com/SwissSign-PDS.pd…...
Signature Algorithm: sha256WithRSAEncryption
10:08:b0:64:2d:63:90:e2:07:4e:ed:d1:87:62:0a:43:88:c8:
87:b9:85:91:ae:ba:8b:f7:f6:33:d3:cd:a0:63:37:28:28:4f:
c0:ec:15:06:a7:e4:86:1f:03:28:ad:e5:32:68:14:e2:ee:6e:
62:97:fc:95:7a:ac:fe:b1:a4:24:d1:99:89:2e:cd:ee:ca:c3:
76:c9:38:8e:3b:16:bd:6f:89:5e:4a:94:d5:ea:f1:73:46:15:
41:45:a4:8a:0b:8a:14:22:35:36:8c:fa:70:bb:19:73:6e:39:
93:5d:0d:5c:43:60:8e:0e:38:ed:ac:96:74:0a:b9:51:bc:23:
51:80:4d:cf:e2:64:02:80:af:dd:ef:40:b9:ba:36:0e:aa:3d:
88:d9:29:20:56:68:39:a8:74:46:79:81:df:d0:c8:fb:4b:76:
2b:c4:41:42:e8:c6:16:f7:94:7f:30:de:ba:22:d9:67:94:a7:
c2:01:4f:1f:31:2b:52:16:f3:ae:c4:b6:a4:f8:87:df:7f:92:
73:e1:89:07:05:9b:8d:e9:c1:21:8a:b6:87:59:04:12:fb:b0:
f3:1a:95:0e:29:5d:95:af:a2:82:54:cb:9f:77:d7:90:00:42:
06:53:88:d4:9f:26:b0:43:e9:b0:c1:9a:24:17:69:fc:87:66:
e3:67:01:bf
-----BEGIN CERTIFICATE-----
MIIG9zCCBd+gAwIBAgIQYV2k64ProKO+l1nJVpso6TANBgkqhkiG9w0BAQsFADB5
MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMTMwMQYDVQQDEypT
d2lzc1NpZ24gQ0ggUGVyc29uIFBsYXRpbnVtIENBIDIwMTcgLSBHMjIxHjAcBgNV
BGETFU5UUkNILUNIRS0xMDkuMzU3LjAxMjAeFw0yMDAzMzAxMzI4NThaFw0yMTAz
MzAxMzI4NThaMIGlMQswCQYDVQQGEwJDSDENMAsGA1UEBxMEQmVybjELMAkGA1UE
CBMCQkUxHjAcBgNVBGETFU5UUkNILUNIRS0xOTYuMzgwLjExMjEsMCoGA1UEChMj
TG90dGVyaWUtIHVuZCBXZXR0a29tbWlzc2lvbiBDb21sb3QxLDAqBgNVBAMTI0xv
dHRlcmllLSB1bmQgV2V0dGtvbW1pc3Npb24gQ29tbG90MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAjSx/SMIHMLn6KSYdKYOCQe9zLo7c3iikawuTDRm2
7tLFY5U/0O2n84Bw4wdIbvPnWtH9gNUuTm094duORC9PpyFYHclZQJuXhUy2WvbM
GnGh71lZZfJsviV0FTcpQLFsbTtDgoXuW+gBhpIypfipuouFbhRuyswzNf9+t/sc
xtzDxPgxe3PIkYZZB0t1HxBoUGGTGVusPUPESQrqFxvqDvXBf9XbwFjFYRndBbe1
NSeF6uxwbsWm1cHKW4U+QggU8AGqtUeT7e3rIDXb2NhY2mvcPRTu4ZHIhRLVWZz8
TwQO9aTVwKvsV2vB2Y8da9y/Wg5YoEwBDxMxwAvdrKorbwIDAQABo4IDTDCCA0gw
DgYDVR0PAQH/BAQDAgeAMAwGA1UdEwQFMAMBAQAwHQYDVR0OBBYEFBsroJEsbyuS
SeyWBL0cjTY1RU12MB8GA1UdIwQYMBaAFB7IBG37cmJRYKJzJG++8l9NNJL8MIIB
BAYDVR0fBIH8MIH5MEegRaBDhkFodHRwOi8vY3JsLnN3aXNzc2lnbi5uZXQvMUVD
ODA0NkRGQjcyNjI1MTYwQTI3MzI0NkZCRUYyNUY0RDM0OTJGQzCBraCBqqCBp4aB
pGxkYXA6Ly9kaXJlY3Rvcnkuc3dpc3NzaWduLmNvbS9DTj0xRUM4MDQ2REZCNzI2
MjUxNjBBMjczMjQ2RkJFRjI1RjREMzQ5MkZDJTJDTz1Td2lzc1NpZ24lMjBBRyUy
Q0M9Q0g/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNz
PWNSTERpc3RyaWJ1dGlvblBvaW50MIGXBgNVHSAEgY8wgYwwfwYKYIV0AVkBAQEB
CjBxMEoGCCsGAQUFBwIBFj5odHRwczovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNv
bS9Td2lzc1NpZ24tUGxhdGludW0tQ1AtQ1BTLnBkZjAjBggrBgEFBQcCAjAXDBVy
ZWd1bGF0ZWQgY2VydGlmaWNhdGUwCQYHBACL7EABAzCB0gYIKwYBBQUHAQEEgcUw
gcIwZAYIKwYBBQUHMAKGWGh0dHA6Ly9zd2lzc3NpZ24ubmV0L2NnaS1iaW4vYXV0
aG9yaXR5L2Rvd25sb2FkLzFFQzgwNDZERkI3MjYyNTE2MEEyNzMyNDZGQkVGMjVG
NEQzNDkyRkMwWgYIKwYBBQUHMAGGTmh0dHA6Ly9wbGF0aW51bS1nMi5vY3NwLnN3
aXNzc2lnbi5uZXQvMUVDODA0NkRGQjcyNjI1MTYwQTI3MzI0NkZCRUYyNUY0RDM0
OTJGQzBxBggrBgEFBQcBAwRlMGMwCAYGBACORgEEMEIGBgQAjkYBBTA4FjJodHRw
czovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS9Td2lzc1NpZ24tUERTLnBkZhMC
ZW4wEwYGBACORgEGMAkGBwQAjkYBBgIwDQYJKoZIhvcNAQELBQADggEBABAIsGQt
Y5DiB07t0YdiCkOIyIe5hZGuuov39jPTzaBjNygoT8DsFQan5IYfAyit5TJoFOLu
bmKX/JV6rP6xpCTRmYkuze7Kw3bJOI47Fr1viV5KlNXq8XNGFUFFpIoLihQiNTaM
+nC7GXNuOZNdDVxDYI4OOO2slnQKuVG8I1GATc/iZAKAr93vQLm6Ng6qPYjZKSBW
aDmodEZ5gd/QyPtLdivEQULoxhb3lH8w3roi2WeUp8IBTx8xK1IW867EtqT4h99/
knPhiQcFm43pwSGKtodZBBL7sPMalQ4pXZWvooJUy59315AAQgZTiNSfJrBD6bDB
miQXafyHZuNnAb8=
-----END CERTIFICATE-----
Hello everybody
Since yesterday, we see a lot of bounced messages to bluewin addresses with SMTP code 554, for example:
relay=mxbw-bluewin-ch.hdb-cs04.ellb.ch[195.186.227.50]:25, delay=0.16, delays=0/0.01/0.09/0.05, dsn=5.2.0, status=bounced (host mxbw-bluewin-ch.hdb-cs04.ellb.ch[195.186.227.50] said: 554 5.2.0 sc976: Rejected due to policy reasons - https://support.bluewin.ch/provider/bounce/XXXXXXXXXXXXXXXXX[redacted]== (in reply to end of DATA command))
Unfortunately, sc976 is not documented on https://postmaster.bluewin.ch/content/de/technical-details/
We can't see any general pattern behind those rejections (hosts trough our entire IP range are affected), switching to a different IP address for delivery works in most cases.
Do you see the same and have any insight what is going on here?
Greetings
Peter
Hello Simon,
Oops of course yes we found "NO" evidence... I should have re-read myself before sending the post.
Thanks for pointing that out 😊 and for the cheers.
Kind regards,
Sébastien
-----Message d'origine-----
De : Simon Leinen <simon.leinen(a)switch.ch>
Envoyé : mercredi, 7 avril 2021 10:30
À : Sébastien Riccio <sr(a)swisscenter.com>
Objet : Re: [swinog] Mail rejection at bluewin
Sébastien Riccio writes:
[...]
> It's the 3rd time it happens in two weeks and we found evidence of
> unusual SPAM activity from our servers that would justify such a
> ratelimiting/rejecting.
You found evidence? Or is there a "no" missing somewhere?
(Just trying to understand.)
Cheers and good luck with the delivery issues!
--
Simon.