swinog

swinog@lists.swinog.ch

1 participants
2934 discussions

SwiNOG-14
by Pascal Gloor 16 Apr '07

16 Apr '07

Dear SwiNOGers, SwiNOG 14 will be held as usualy at the Altestramdepot in Bern. The meeting date is the 30.05.2007 Registration form: http://www.swinog.ch/meetings/registration.asp General meeting information: http://www.swinog.ch/meetings/swinog14/index.asp Cheers, Pascal The SwiNOG-Core Team

2 2

Re: [swinog] Re: blocking ports?
by Scott Weeks 13 Apr '07

13 Apr '07

: but still voting to block mail from dialup and adsl ranges On DHCP DSL ranges. I see some businesses that have a legitimate email server on statically assigned DSL ranges... scott --- roger(a)mgz.ch wrote: From: "Schmid" <roger(a)mgz.ch> To: <swinog(a)swinog.ch>, <surfer(a)mauigateway.com> Subject: Re: [swinog] Re: blocking ports? Date: Fri, 13 Apr 2007 10:32:28 +0200 isn't the most spam comming via compromized Computers ? adsl Dynamic or dialup user you should never trust them if the say the dont spam. they have to send mail the way smtp is thought for, that means send email to the smtp relay next to you. prevent him to send email via any other relay. if this would be consequent done by all ISP most of the spam would dissapear, and we could concentrate to prevent abusing other system for doing their harmfull work. Funny thing is one ISP is switching off his SMTP relay telling the client to use other smtp relay in the wild and call that a first action according to the "stop spam" campaign. another one is blocking port25 und force the user to use the ISP?s SMTP Relay and even explain this is done due to the "stop spam" campaign how to believe anything ? confused .... but still voting to block mail from dialup and adsl ranges ;-) ---------- Original Message ---------------------------------- From: "Scott Weeks" <surfer(a)mauigateway.com> Reply-To: swinog(a)swinog.ch, surfer(a)mauigateway.com Date: Thu, 12 Apr 2007 11:19:56 -0700 > > >Hello, > >: So if a customer proofs that he is able from a technical >: Point of view to operate an mail server in a secure manner >: and assures not to abuse email for spam then it's not >: acceptable that an ISP block anything to him. > >This is what I was saying to the guys here at my work. We just need a small proof that the customer isn't a spammer and we open it up. However, most of our customers are less-technical savy home folks. Did you have to prove to your ISP that you weren't spamming? If so, how did they have you do that? > >Thanks, >scott > > >--- Peter.Bickel(a)idv.ch wrote: > >From: Peter Bickel <Peter.Bickel(a)idv.ch> >To: swinog(a)swinog.ch, surfer(a)mauigateway.com >Subject: Re: [swinog] Re: blocking ports? >Date: Thu, 12 Apr 2007 12:03:28 +0200 > >Scott Weeks schrieb: >> >> >> : You'd be amazed how many companies operate their own >> : mail servers, even behind dynamic addresses >> >> I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this? >> >> scott > >Hi Scott > >we do exactly this for IDV & Network Consulting. We operate our own >Mailserver >(Solaris with sendmail and iamp) in our internal Network which is >connected to >Cablecom (DHCP ;-)) In addition we have some Maschines in a hosting >environment >which have of corse fixed IP addresses which we use to relay to the outside. >All hosts use Solaris and sendmail and are protected with IPFilter with very >restrictive Rules. Incomming email is going through the external hosts and >an IPIP Tunnel directly to the internal mail server. > >We really don't want to be dependend on an ISPs email SETUP. DNS is the >same which helped me in the past a lot where several customers weren't able >to use the net everything worked for us. So if a customer proofs that he >is able from a technical Point of view to operate an mail server in a >secure manner and assures not to abuse email for spam then it's not >acceptable >that an ISP block anything to him. >> >> >> >> >> --- swinog-list(a)dudes.ch wrote: >> >> From: Markus Wild <swinog-list(a)dudes.ch> >> To: swinog(a)swinog.ch >> Subject: Re: [swinog] Re: blocking ports? >> Date: Wed, 11 Apr 2007 19:26:39 +0200 >> >> Jonathan, >> >>> Sorry but I disagree with Per. ISPs have a duty to prevent email >>> Spam which is a terrible curse for us all. If they decide that >>> blocking port 25 outbound will help then they should do it. >>> >>> If you are a user, why can't you use the ISPs relay server? If you >>> are a provider you ought to have your own mail server on a fixed IP >>> address. >> >> You'd be amazed how many companies operate their own mail servers, even >> behind dynamic addresses (in which case they usually use some mailbox >> polling mechanism to feed their server from mail from the outside), but >> send outgoing mail directly with SMTP. >> >>> Of course, one day we need a better protocol than SMTP (*Simple* Mail >>> Transfer Protocol) which was never meant as a global email solution. >>> But until then we have to do something to stop people abusing it. >> >> But by killing the payload, not the messenger, please... >> >> Cheers, >> Markus >> _______________________________________________ >> swinog mailing list >> swinog(a)lists.swinog.ch >> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog >> >> >> _______________________________________________ >> swinog mailing list >> swinog(a)lists.swinog.ch >> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > > >-- > > >Gruss > Pitsch > >__________________________________________________________________________ > >Peter Bickel e-mail: bickel(a)idv.ch >IDV & Network Consulting Telefon: +41 1 853 24 16 >Gumpenwiesenstrasse 38 Fax: +41 1 853 27 04 >CH-8157 Dielsdorf Mobile: +41 79 666 15 50 > >__________________________________________________________________________ > > > > >_______________________________________________ >swinog mailing list >swinog(a)lists.swinog.ch >http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > ________________________________________________________________ Sent via the WebMail system at mgz.ch

1 0

Re: [swinog] Re: blocking ports?
by Schmid 13 Apr '07

13 Apr '07

isn't the most spam comming via compromized Computers ? adsl Dynamic or dialup user you should never trust them if the say the dont spam. they have to send mail the way smtp is thought for, that means send email to the smtp relay next to you. prevent him to send email via any other relay. if this would be consequent done by all ISP most of the spam would dissapear, and we could concentrate to prevent abusing other system for doing their harmfull work. Funny thing is one ISP is switching off his SMTP relay telling the client to use other smtp relay in the wild and call that a first action according to the "stop spam" campaign. another one is blocking port25 und force the user to use the ISP?s SMTP Relay and even explain this is done due to the "stop spam" campaign how to believe anything ? confused .... but still voting to block mail from dialup and adsl ranges ;-) ---------- Original Message ---------------------------------- From: "Scott Weeks" <surfer(a)mauigateway.com> Reply-To: swinog(a)swinog.ch, surfer(a)mauigateway.com Date: Thu, 12 Apr 2007 11:19:56 -0700 > > >Hello, > >: So if a customer proofs that he is able from a technical >: Point of view to operate an mail server in a secure manner >: and assures not to abuse email for spam then it's not >: acceptable that an ISP block anything to him. > >This is what I was saying to the guys here at my work. We just need a small proof that the customer isn't a spammer and we open it up. However, most of our customers are less-technical savy home folks. Did you have to prove to your ISP that you weren't spamming? If so, how did they have you do that? > >Thanks, >scott > > >--- Peter.Bickel(a)idv.ch wrote: > >From: Peter Bickel <Peter.Bickel(a)idv.ch> >To: swinog(a)swinog.ch, surfer(a)mauigateway.com >Subject: Re: [swinog] Re: blocking ports? >Date: Thu, 12 Apr 2007 12:03:28 +0200 > >Scott Weeks schrieb: >> >> >> : You'd be amazed how many companies operate their own >> : mail servers, even behind dynamic addresses >> >> I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this? >> >> scott > >Hi Scott > >we do exactly this for IDV & Network Consulting. We operate our own >Mailserver >(Solaris with sendmail and iamp) in our internal Network which is >connected to >Cablecom (DHCP ;-)) In addition we have some Maschines in a hosting >environment >which have of corse fixed IP addresses which we use to relay to the outside. >All hosts use Solaris and sendmail and are protected with IPFilter with very >restrictive Rules. Incomming email is going through the external hosts and >an IPIP Tunnel directly to the internal mail server. > >We really don't want to be dependend on an ISPs email SETUP. DNS is the >same which helped me in the past a lot where several customers weren't able >to use the net everything worked for us. So if a customer proofs that he >is able from a technical Point of view to operate an mail server in a >secure manner and assures not to abuse email for spam then it's not >acceptable >that an ISP block anything to him. >> >> >> >> >> --- swinog-list(a)dudes.ch wrote: >> >> From: Markus Wild <swinog-list(a)dudes.ch> >> To: swinog(a)swinog.ch >> Subject: Re: [swinog] Re: blocking ports? >> Date: Wed, 11 Apr 2007 19:26:39 +0200 >> >> Jonathan, >> >>> Sorry but I disagree with Per. ISPs have a duty to prevent email >>> Spam which is a terrible curse for us all. If they decide that >>> blocking port 25 outbound will help then they should do it. >>> >>> If you are a user, why can't you use the ISPs relay server? If you >>> are a provider you ought to have your own mail server on a fixed IP >>> address. >> >> You'd be amazed how many companies operate their own mail servers, even >> behind dynamic addresses (in which case they usually use some mailbox >> polling mechanism to feed their server from mail from the outside), but >> send outgoing mail directly with SMTP. >> >>> Of course, one day we need a better protocol than SMTP (*Simple* Mail >>> Transfer Protocol) which was never meant as a global email solution. >>> But until then we have to do something to stop people abusing it. >> >> But by killing the payload, not the messenger, please... >> >> Cheers, >> Markus >> _______________________________________________ >> swinog mailing list >> swinog(a)lists.swinog.ch >> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog >> >> >> _______________________________________________ >> swinog mailing list >> swinog(a)lists.swinog.ch >> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > > >-- > > >Gruss > Pitsch > >__________________________________________________________________________ > >Peter Bickel e-mail: bickel(a)idv.ch >IDV & Network Consulting Telefon: +41 1 853 24 16 >Gumpenwiesenstrasse 38 Fax: +41 1 853 27 04 >CH-8157 Dielsdorf Mobile: +41 79 666 15 50 > >__________________________________________________________________________ > > > > >_______________________________________________ >swinog mailing list >swinog(a)lists.swinog.ch >http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > ________________________________________________________________ Sent via the WebMail system at mgz.ch

4 3

RE: [swinog] Re: blocking ports?
by Schmid 13 Apr '07

13 Apr '07

Well only sending would be blocked.. RX could be open ;-) ---------- Original Message ---------------------------------- From: "Daniele Guazzoni" <daniele.guazzoni(a)gcomm.ch> Reply-To: swinog(a)swinog.ch, daniele.guazzoni(a)gcomm.ch Date: Fri, 13 Apr 2007 17:13:18 +0200 (CEST) >Ladu, Daniele wrote: >> Why not sell some fixed IPs, to customers who want use their own >> mailserver ? >> If i receive a request from such a user, that has a dyn IP, i tell him >> to buy >> a static one, because of full control and exclusion of DUHL. Furthermore >> the customer is self responsable, if a IP Adress in his range will be >> listed. >> Complaint Mails are also directly sent to the owner of the IP, so the >> Abuse Team >> don't need to work on such cases. > >That's the setup I have. >ADSL with static IP, own MTA, registered abuse e-mail, ... >Having a smarthost in front would not be a big problem too but I'll prefer >to be directly exposed to the internet as I'm developing a spam-filter and >the "raw scum" feeds my filter :-) > >Daniele > > >-- >This message has been scanned for viruses and >dangerous content by MailGate, and is >believed to be clean. > >_______________________________________________ >swinog mailing list >swinog(a)lists.swinog.ch >http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > ________________________________________________________________ Sent via the WebMail system at mgz.ch

1 0

SwiNOG-BE48 - Beer Event 48 - 23th of April 2007 @ Back&Brau/Zurich
by Steven.Glogger＠swisscom.com 13 Apr '07

13 Apr '07

hi all let me announce the next beer event ,-) i'm sorry, i had to shift the date because of 'sächsilüüüte'. the facts for the next event: ----------------------------- Date: 23th of April 2007 Time: starting around 18.30 o'clock Location: @ "Back&Brau" near TIX (Steinfels-Areal). It's just behind the Cinemax. See map/address/pictures on registration homepage. Registration deadline: 20.04.2007 17:00:00 (friday) Registration: ------------- Please register here: http://swinog.mrmouse.ch/ Since we have to make reservations, i need to know who's coming and who not. If you cannot attend and you're registered please inform me asap. greetings -steven

1 0

Re: [swinog] Re: blocking ports?
by Schmid 13 Apr '07

13 Apr '07

whats so bad to configure the client's Mailserver using the SMTP Relay from the ISP ? all Mailservers i know are able to do that, not allways called smarthost of corse ;-) ---------- Original Message ---------------------------------- From: "Scott Weeks" <surfer(a)mauigateway.com> Reply-To: swinog(a)swinog.ch, surfer(a)mauigateway.com Date: Wed, 11 Apr 2007 11:28:03 -0700 > > > >: You'd be amazed how many companies operate their own >: mail servers, even behind dynamic addresses > >I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this? > >scott > > > > >--- swinog-list(a)dudes.ch wrote: > >From: Markus Wild <swinog-list(a)dudes.ch> >To: swinog(a)swinog.ch >Subject: Re: [swinog] Re: blocking ports? >Date: Wed, 11 Apr 2007 19:26:39 +0200 > >Jonathan, > >> Sorry but I disagree with Per. ISPs have a duty to prevent email >> Spam which is a terrible curse for us all. If they decide that >> blocking port 25 outbound will help then they should do it. >> >> If you are a user, why can't you use the ISPs relay server? If you >> are a provider you ought to have your own mail server on a fixed IP >> address. > >You'd be amazed how many companies operate their own mail servers, even >behind dynamic addresses (in which case they usually use some mailbox >polling mechanism to feed their server from mail from the outside), but >send outgoing mail directly with SMTP. > >> Of course, one day we need a better protocol than SMTP (*Simple* Mail >> Transfer Protocol) which was never meant as a global email solution. >> But until then we have to do something to stop people abusing it. > >But by killing the payload, not the messenger, please... > >Cheers, >Markus >_______________________________________________ >swinog mailing list >swinog(a)lists.swinog.ch >http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > > >_______________________________________________ >swinog mailing list >swinog(a)lists.swinog.ch >http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > ________________________________________________________________ Sent via the WebMail system at mgz.ch

1 0

Re: [swinog] Re: blocking ports?
by Scott Weeks 13 Apr '07

13 Apr '07

: if(windows) then block else allow? :) This would be my preference. >;-) I doubt my pointy-clickey co-workers would like that. I'm seen as weird here since I despise Micro$loth and love *nix. scott --- daniel(a)lorch.cc wrote: From: Daniel Lorch <daniel(a)lorch.cc> To: swinog(a)swinog.ch Subject: Re: [swinog] Re: blocking ports? Date: Thu, 12 Apr 2007 22:04:31 +0200 Hi > This is what I was saying to the guys here at my work. We just need a > small proof that the customer isn't a spammer and we open it up. > However, most of our customers are less-technical savy home folks. Did > you have to prove to your ISP that you weren't spamming? If so, how did > they have you do that? There is a "passive OS fingerprinting" module for iptables (see http://ippersonality.sourceforge.net/). How about treating connections differently depending on the OS they're coming from? if(windows) then block else allow? :) Or is the OS fingerprint lost through NAT? I don't know. Daniel _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

1 0

Re: [swinog] Re: blocking ports?
by Scott Weeks 12 Apr '07

12 Apr '07

Hello, : So if a customer proofs that he is able from a technical : Point of view to operate an mail server in a secure manner : and assures not to abuse email for spam then it's not : acceptable that an ISP block anything to him. This is what I was saying to the guys here at my work. We just need a small proof that the customer isn't a spammer and we open it up. However, most of our customers are less-technical savy home folks. Did you have to prove to your ISP that you weren't spamming? If so, how did they have you do that? Thanks, scott --- Peter.Bickel(a)idv.ch wrote: From: Peter Bickel <Peter.Bickel(a)idv.ch> To: swinog(a)swinog.ch, surfer(a)mauigateway.com Subject: Re: [swinog] Re: blocking ports? Date: Thu, 12 Apr 2007 12:03:28 +0200 Scott Weeks schrieb: > > > : You'd be amazed how many companies operate their own > : mail servers, even behind dynamic addresses > > I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this? > > scott Hi Scott we do exactly this for IDV & Network Consulting. We operate our own Mailserver (Solaris with sendmail and iamp) in our internal Network which is connected to Cablecom (DHCP ;-)) In addition we have some Maschines in a hosting environment which have of corse fixed IP addresses which we use to relay to the outside. All hosts use Solaris and sendmail and are protected with IPFilter with very restrictive Rules. Incomming email is going through the external hosts and an IPIP Tunnel directly to the internal mail server. We really don't want to be dependend on an ISPs email SETUP. DNS is the same which helped me in the past a lot where several customers weren't able to use the net everything worked for us. So if a customer proofs that he is able from a technical Point of view to operate an mail server in a secure manner and assures not to abuse email for spam then it's not acceptable that an ISP block anything to him. > > > > > --- swinog-list(a)dudes.ch wrote: > > From: Markus Wild <swinog-list(a)dudes.ch> > To: swinog(a)swinog.ch > Subject: Re: [swinog] Re: blocking ports? > Date: Wed, 11 Apr 2007 19:26:39 +0200 > > Jonathan, > >> Sorry but I disagree with Per. ISPs have a duty to prevent email >> Spam which is a terrible curse for us all. If they decide that >> blocking port 25 outbound will help then they should do it. >> >> If you are a user, why can't you use the ISPs relay server? If you >> are a provider you ought to have your own mail server on a fixed IP >> address. > > You'd be amazed how many companies operate their own mail servers, even > behind dynamic addresses (in which case they usually use some mailbox > polling mechanism to feed their server from mail from the outside), but > send outgoing mail directly with SMTP. > >> Of course, one day we need a better protocol than SMTP (*Simple* Mail >> Transfer Protocol) which was never meant as a global email solution. >> But until then we have to do something to stop people abusing it. > > But by killing the payload, not the messenger, please... > > Cheers, > Markus > _______________________________________________ > swinog mailing list > swinog(a)lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > > > _______________________________________________ > swinog mailing list > swinog(a)lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- Gruss Pitsch __________________________________________________________________________ Peter Bickel e-mail: bickel(a)idv.ch IDV & Network Consulting Telefon: +41 1 853 24 16 Gumpenwiesenstrasse 38 Fax: +41 1 853 27 04 CH-8157 Dielsdorf Mobile: +41 79 666 15 50 __________________________________________________________________________

3 2

Exchange Servers having problems with SMTP 4xx temporary failures?
by Benoit Panizzon 12 Apr '07

12 Apr '07

Hi all During the last few days spent tracking strange problems with exchange servers from different companies. From my actual point of view exchange server seam to have troubles with tempfail messages. They notice a 4xx error, tryes again a few times and then occasionaly returns the email to the sender with following message: "Sie sind nicht berechtigt, Nachrichten an diesen Empfänger zu senden. Wenden Sie sich an den Systemadministrator." 550 5.7.1 <lucciola@*>... Relaying denied> This Relaying denied definitely is not from the server receiving the email. There I can only find tempfails. I also have seen other messages than relaying denied there which made even less sense. This happened a few times with graylists tempfails and also happens with a customer sending quite a lot of mails from his exchange and running into sendmails reject=452 4.3.2 Too many open connections. limit. Have other seen this behaviour of exchange servers and know how to prevent it? The strage thing is this only seams happens occasionaly. It can be that the customer sends a mail to hundreds of recipients, causes many tempfails about 'too many open connections' but the emails eventualy get through without problem after a while. I guess it could be, that exchange mixes up message status from other emails and just sends the wrong error message back to the sender. Mit freundlichen Grüssen Benoit Panizzon -- I m p r o W a r e A G - System Services ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

2 1

Re: [swinog] does Econophone block port25
by Scott Weeks 12 Apr '07

12 Apr '07

---------From: Jeroen Massar <jeroen(a)unfix.org>------------- : To avoid problems there, make a simple policy: if found : spreading a virus/spamming and having disabled the blockage: : no Internet for a week. Or a similar measure that can of : course be lifted after paying a fine. Wouldn't that make customers go to another comany for service? scott --- jeroen(a)unfix.org wrote: From: Jeroen Massar <jeroen(a)unfix.org> To: swinog(a)swinog.ch Subject: Re: [swinog] does Econophone block port25 Date: Wed, 04 Apr 2007 08:42:20 +0100 Candid Aeby wrote: > Hi > > first this is no local decision. We never liked it. I know it is unpopular > and i would prefer a better solution. Since Monday Port 25 is blocked for > Dial-Up and ADSL connections. Is that outbound from $customer -> $internet, or is that also for inbound $internet -> $customer? Having a block on port 25/tcp, 137-139/udp and some other magic virusports is acceptable on end-user IP's. BUT as long as the user of that line has the option to easily turn this off. Eg using a webinterface where they can login using their user/pass and then enable it again, that is disable the block. If that is not possible, then when a user moans about not getting "Internet connectivity" they are quite right. Users who are not the typical techy, can always use 587 as you indicated and should, in general, keep the block on. To avoid problems there, make a simple policy: if found spreading a virus/spamming and having disabled the blockage: no Internet for a week. Or a similar measure that can of course be lifted after paying a fine. Greets, Jeroen _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

10 10

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog