Re: [mailop] % in SRS ?
It appears that Julian Bradfield via mailop said: >An idle question: people who do SRS or similar things usually use >'=' as the replacement for '@' in the rewritten address >localpart=origdomain@mydomain > >Is there any reason not to use the old routing character '%' instead? You will still run into a fair number of systems that still see % as an attempt to do source routing and reject the message. So don't do that. If you need a delimiter, = should be fairly safe. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] % in SRS ?
On 3/8/2024 9:21 AM, Bill Cole via mailop wrote: Yes: it is an old routing character As such, some sites may misinterpret it in ways that are NOT appropriate for SRS. oh? SRS is not a standard. If there are sites trying to do automated interpretation -- other than the site that put the string there -- that's the problem, not the choice of a semantic character. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@dcrocker@mastodon.social ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] % in SRS ?
On 3/8/2024 9:21 AM, Bill Cole via mailop wrote: Yes: it is an old routing character As such, some sites may misinterpret it in ways that are NOT appropriate for SRS. oh? SRS is not a standard. If there are sites trying to do automated interpretation -- other than the site that put the string there -- that's the problem, not the choice of a semantic character. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@dcrocker@mastodon.social ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] % in SRS ?
On 3/8/2024 9:07 AM, Julian Bradfield via mailop wrote: Is there any reason not to use the old routing character '%' instead? Well, that's certainly a bit of ancient history. Fwiw, here's some background on it: I chose % for use in CSNet mostly because of its established postal use IRL to mean "in care of", as well as to use a character that was not yet a 'special' for any (or at least most) operating system command interfaces. Note that @, for Arpanet mail, and !, for UUCP, were already taken. So the range of choices was limited in 1979... d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net mast:@dcrocker@mastodon.social ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
On 8 March 2024 17:04:36 Stefano Bagnara via mailop wrote: I just got an answer from them that the issue is fixed. Thanks to everyone! Thank you to you for doing the right thing. I know everyone wants to smack down on OVH but ascribing actions such as those mentioned in this thread to an actor who may not be represented here is... unhelpful. It does the posters, and ultimately the list, very few favours. I also know that nature abhors a vacuum and we all want to get an explanation but my engineer's hat says "find the issue or report it to someone who can, and either fix it or get them to" rather than "speculate wildly based on your specific prejudices". IOW: facts please, not speculation. Thanks! Graeme ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] % in SRS ?
On 2024-03-08, Bill Cole via mailop wrote: > On 2024-03-08 at 12:07:23 UTC-0500 (Fri, 08 Mar 2024 17:07:23 +) > Julian Bradfield via mailop > is rumored to have said: >> Is there any reason not to use the old routing character '%' instead? > Yes: it is an old routing character > > As such, some sites may misinterpret it in ways that are NOT appropriate > for SRS. How so? Even in the old world, the only site that ever needed to interpret it was the receiving site after the @. It has no special status, and is just another character that can appear in an unquoted local-part. It never had a status in Internet email (RFC822 routing was with the @route.domain: syntax). I don't deny that somebody *could* construct a configuration that did something weird with it, but I bet there isn't an existence proof; and if they did something weird for addresses not part of their domain, they wouldn't be compliant with either old or new RFCs, so who cares? Julian. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] % in SRS ?
On 2024-03-08 at 12:07:23 UTC-0500 (Fri, 08 Mar 2024 17:07:23 +) Julian Bradfield via mailop is rumored to have said: Is there any reason not to use the old routing character '%' instead? Yes: it is an old routing character As such, some sites may misinterpret it in ways that are NOT appropriate for SRS. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] % in SRS ?
An idle question: people who do SRS or similar things usually use '=' as the replacement for '@' in the rewritten address localpart=origdomain@mydomain Is there any reason not to use the old routing character '%' instead? I did this some years ago when I hacked in SRS to keep gmail happy with one user's forwards, and never noticed a problem, but I've always wondered why people don't do this, since surely nobody in the world still runs a server that actually relays % addresses, and the people doing the SRS certainly don't. Julian. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
On Fri, 8 Mar 2024 at 17:47, Stefano Bagnara wrote: > > Poking a few people, this looks like a return path issue on Freenet's > > side; So they likely fnorded something on their side. > > Guess the only way to get this fixed is for them to realize the issue. > > ;-) > > I wrote an email to peer...@mcbone.net (I found it in their AS record at RIPE) I just got an answer from them that the issue is fixed. Thanks to everyone! -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
On Fri, 8 Mar 2024 at 17:18, Tobias Fiebig via mailop wrote: > Moin, > to get a bit back to the networking part of things... :-) > Poking a few people, this looks like a return path issue on Freenet's > side; So they likely fnorded something on their side. > Guess the only way to get this fixed is for them to realize the issue. > ;-) I wrote an email to peer...@mcbone.net (I found it in their AS record at RIPE) I also did some tests here: https://bgp.he.net/traceroute/ I put in the first field 194.97.8.138 (freenet NS) or one of my IPs at OVH Then in the second field I put AS13335 (cloudflare) and select one of the US probes. The traceroute to my IP works, while the traceroute to 194.97.8.138 doesn't work. This test does not even involve OVH, so I guess the OVH issue is just because OVH route traffic for freenet through Cloudflare. This is not even a generic Cloudflare-Freenet routing issue as from my office connection (italy) my traceroute to 194.97.8.138 works even if it goes throught Cloudflare, too. BTW my netwoking knowledge is very low, so I don't know if this helps identifying the issue. > So if somebody can poke netops of AS5430,... > Will try posting to denog to see if that helps. Thank you! Stefano ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
Moin, to get a bit back to the networking part of things... Poking a few people, this looks like a return path issue on Freenet's side; So they likely fnorded something on their side. Guess the only way to get this fixed is for them to realize the issue. ;-) So if somebody can poke netops of AS5430,... Will try posting to denog to see if that helps. With best regards, Tobias ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
+1 - Mark Alley On 3/8/2024 10:01 AM, Bill Cole via mailop wrote: On 2024-03-08 at 09:13:32 UTC-0500 (Fri, 8 Mar 2024 15:13:32 +0100) Stefano Bagnara via mailop is rumored to have said: Well, I undestand you all hate OVH, but this really doesn't look like an intended block. Sure it does. I tested that when I log to my @freenet.de email I am not able to write emails to any domain whose DNS are hosted by OVH. That really looks like an intended block... I know plenty of italian companies whose domain zone is at OVH: even if their email is at Google Workspace or somewhere else they currently cannot receive emails from @freenet.de and you are telling me this is something freenet.de done by purpose beucase they didn't want OVH spam? I'll believe that once a freenet.de people will confirm it. Considering OVH is the biggest registar in europe they are not delivering email to most european domains. Registrars, DNS providers, and hosters are very different things, even if they happen to sometimes be the same entity. For example, half of the domains I own don't even use DNS from their registrar, who doesn't even sell hosting. OVH being a major registrar doesn't mean much. OVH providing a lot of DNS for their registration customers means a bit more, but one can resolve DNS indirectly so it's not huge. Being a massive hoster makes the cost of blocking them significant, but not necessarily excessive for some providers. Freenet.de knows their users better than you do. They may have a thousand pinhole exemptions from that blocking making the effective price for their customers near zero. So, if they blocked the whole OVH ASN at their SMTP server I could even get that (even if I'm not aware of anyone else doing that), I block OVH ranges by announced route when I see anything in the range sending me spam, unless there's a concrete reason not to. It's not worthwhile to block by ASN, especially as I am not doing the blocking in BGP. but I really don't believe they blocked bidirectional routing between 2 ASN just because freenet thinks OVH is spammy. We hardly see a similar block when there is a war between 2 countries. All of your argumentation against this being an intentional block is based on the fact that it isn't something YOU would do, because YOU would find the cost unacceptable. That's not a very useful class of reasoning, especially when it is inconsistent with evidence. The evidence suggests a broad block of OVH by Freenet. That should not happen easily by accident, although it certainly could. It is far more likely that it was entirely intentional, but lacked careful analysis of the negative effects. It is possible that it was entirely intentional and the risks pre-mitigated in ways that you cannot see. Stefano On Fri, 8 Mar 2024 at 14:49, Yuval Levy via mailop wrote: On 2024-03-08 07:48, Stefano Bagnara via mailop wrote: On Fri, 8 Mar 2024 at 13:04, Mark Alley wrote: Have you considered they may be blocking OVH ASNs on their firewall? Well, blocking the whole ASNs even to their NS sounds something very unexpected. Extreme, yes. Unexpected? I disagree. It is just another logical escalation step towards the inevitable, but nothing new. Think of a collision between the internet's echo chambers and the Great Firewall: one side wants to control what the other side receives; and the other side wants to control what it does not receive. Simple Venn diagram. When the intersection between the two circles (agreement on what both sides want to send/receive) has less net value than one of the two separate half-moons, the concerned side may as well block the whole ASN: the cost of sacrificing the intersection is lower than the benefit from allowing the communication less the filtering/sanitation cost. Once one side decides that it gets less benefits than cost from the communication, the other side has three strategic choices: giving more value; causing less cost; or accepting the disconnect. They are now at the accepting the disconnect, waiting to see who blinks first. If no-one blinks, the disconnect becomes permanent. The problem is compounded by aggregation on the two sides: well behaved senders will put pressure on their side; the rats may abandon ship and raid the next ISP with weak policies. Affected recipients will put pressure on their side to remove the filter. The question is where those pressures will burst. My hope is that someone at OVH will wake up and mop up the neighborhood that they control. Personally, I am still looking for the ideal firewall: block all ASNs unless permitted. And even after that, the next battlefields are already in sight: wireless network traversal. Yuv ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs ___ mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
On 2024-03-08 at 09:13:32 UTC-0500 (Fri, 8 Mar 2024 15:13:32 +0100) Stefano Bagnara via mailop is rumored to have said: Well, I undestand you all hate OVH, but this really doesn't look like an intended block. Sure it does. I tested that when I log to my @freenet.de email I am not able to write emails to any domain whose DNS are hosted by OVH. That really looks like an intended block... I know plenty of italian companies whose domain zone is at OVH: even if their email is at Google Workspace or somewhere else they currently cannot receive emails from @freenet.de and you are telling me this is something freenet.de done by purpose beucase they didn't want OVH spam? I'll believe that once a freenet.de people will confirm it. Considering OVH is the biggest registar in europe they are not delivering email to most european domains. Registrars, DNS providers, and hosters are very different things, even if they happen to sometimes be the same entity. For example, half of the domains I own don't even use DNS from their registrar, who doesn't even sell hosting. OVH being a major registrar doesn't mean much. OVH providing a lot of DNS for their registration customers means a bit more, but one can resolve DNS indirectly so it's not huge. Being a massive hoster makes the cost of blocking them significant, but not necessarily excessive for some providers. Freenet.de knows their users better than you do. They may have a thousand pinhole exemptions from that blocking making the effective price for their customers near zero. So, if they blocked the whole OVH ASN at their SMTP server I could even get that (even if I'm not aware of anyone else doing that), I block OVH ranges by announced route when I see anything in the range sending me spam, unless there's a concrete reason not to. It's not worthwhile to block by ASN, especially as I am not doing the blocking in BGP. but I really don't believe they blocked bidirectional routing between 2 ASN just because freenet thinks OVH is spammy. We hardly see a similar block when there is a war between 2 countries. All of your argumentation against this being an intentional block is based on the fact that it isn't something YOU would do, because YOU would find the cost unacceptable. That's not a very useful class of reasoning, especially when it is inconsistent with evidence. The evidence suggests a broad block of OVH by Freenet. That should not happen easily by accident, although it certainly could. It is far more likely that it was entirely intentional, but lacked careful analysis of the negative effects. It is possible that it was entirely intentional and the risks pre-mitigated in ways that you cannot see. Stefano On Fri, 8 Mar 2024 at 14:49, Yuval Levy via mailop wrote: On 2024-03-08 07:48, Stefano Bagnara via mailop wrote: On Fri, 8 Mar 2024 at 13:04, Mark Alley wrote: Have you considered they may be blocking OVH ASNs on their firewall? Well, blocking the whole ASNs even to their NS sounds something very unexpected. Extreme, yes. Unexpected? I disagree. It is just another logical escalation step towards the inevitable, but nothing new. Think of a collision between the internet's echo chambers and the Great Firewall: one side wants to control what the other side receives; and the other side wants to control what it does not receive. Simple Venn diagram. When the intersection between the two circles (agreement on what both sides want to send/receive) has less net value than one of the two separate half-moons, the concerned side may as well block the whole ASN: the cost of sacrificing the intersection is lower than the benefit from allowing the communication less the filtering/sanitation cost. Once one side decides that it gets less benefits than cost from the communication, the other side has three strategic choices: giving more value; causing less cost; or accepting the disconnect. They are now at the accepting the disconnect, waiting to see who blinks first. If no-one blinks, the disconnect becomes permanent. The problem is compounded by aggregation on the two sides: well behaved senders will put pressure on their side; the rats may abandon ship and raid the next ISP with weak policies. Affected recipients will put pressure on their side to remove the filter. The question is where those pressures will burst. My hope is that someone at OVH will wake up and mop up the neighborhood that they control. Personally, I am still looking for the ideal firewall: block all ASNs unless permitted. And even after that, the next battlefields are already in sight: wireless network traversal. Yuv ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs ___ mailop mailing list mailop@mailop.org
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
On 2024-03-08 09:13, Stefano Bagnara via mailop wrote: I undestand you all hate OVH, but this really doesn't look like an intended block. your understanding is wrong; your tarring "all" with the same brush is unacceptable; and hate has nothing to do with this. my personal position: if anything, I want OVH to succeed. Their offering here in Canada would be amazing if they would police their network. I almost switched to OVH. I am still caught by inertia in the same Digital Swamp that won my business more than a decade ago when they were doing the Right Thing(TM) before they have slacked on proper policing and became another candidate for ASN block. I am still looking for suggestion of clean ASN's / hosts who have an efficient API/UI/UX and are not trying to vendor-lock, with physical presence in Canada. My first candidates for ASN blocks would be Microsoft, Google, Facebook. And this is not hate. It is a message: control what bad actors emanate from your networks, or stay with them, out of my life. I tested that when I log to my @freenet.de email I am not able to write emails to any domain whose DNS are hosted by OVH. I know plenty of italian companies whose domain zone is at OVH: even if their email is at Google Workspace or somewhere else they currently cannot receive emails from @freenet.de and you are telling me this is something freenet.de done by purpose beucase they didn't want OVH spam? I'll believe that once a freenet.de people will confirm it. I did not "tell you that freenet.de has done this on purpose." I hope it did, and I hope the consequences will cause some bulbs to light up. The target is not OVH spam. The target is misbehaving customers of OVH who are ruining the network for everyone else, and OVH is in the best position to police them. KYC. If the filter does not hurt, OVH will not do anything about it. The block has to hurt, and that includes collateral damage as per your description. Just filtering email does not hurt enough. Disabling anything and everything dependent on OVH's ASN, including DNS, hurts where it matters. Think if you own an e-commerce site hosted at OVH, and you measure revenues in the thousands of EUR per hour of operation. Even a minute downtime matters to you. And now you have hours of no customers because they cannot access your servers. What do you do? And disabling (ranges of) IP addresses disable rogue IoT home-callers including top brands TV who no longer rely on traditional DNS to do their unwanted stuff. I really don't believe they blocked bidirectional routing between 2 ASN just because freenet thinks OVH is spammy. We hardly see a similar block when there is a war between 2 countries. Observed facts point to a block. Whether that's intentional or not, remains to be seen. Your analogy with war is a good one. In case you have not noticed, there are entities that behave worse than countries at war and are already resorting to APN as the driving filter/block in the war for control of the flow of information. https://community.cloudflare.com/t/is-this-the-proper-way-to-block-asn-s/426115 All I did in my message was exposing the economic incentives. No love, no hate. Actually some hate: I hate the marketers who have made the websites and emails from ski resorts useless to me (skier). One of the few marketing email lists that I did allow to reach me will be soon blocked. Yuv ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
Well, I undestand you all hate OVH, but this really doesn't look like an intended block. I tested that when I log to my @freenet.de email I am not able to write emails to any domain whose DNS are hosted by OVH. I know plenty of italian companies whose domain zone is at OVH: even if their email is at Google Workspace or somewhere else they currently cannot receive emails from @freenet.de and you are telling me this is something freenet.de done by purpose beucase they didn't want OVH spam? I'll believe that once a freenet.de people will confirm it. Considering OVH is the biggest registar in europe they are not delivering email to most european domains. So, if they blocked the whole OVH ASN at their SMTP server I could even get that (even if I'm not aware of anyone else doing that), but I really don't believe they blocked bidirectional routing between 2 ASN just because freenet thinks OVH is spammy. We hardly see a similar block when there is a war between 2 countries. Stefano On Fri, 8 Mar 2024 at 14:49, Yuval Levy via mailop wrote: > > On 2024-03-08 07:48, Stefano Bagnara via mailop wrote: > > On Fri, 8 Mar 2024 at 13:04, Mark Alley wrote: > >> Have you considered they may be blocking OVH ASNs on their firewall? > > > > Well, blocking the whole ASNs even to their NS sounds something very > > unexpected. > > Extreme, yes. Unexpected? I disagree. It is just another logical > escalation step towards the inevitable, but nothing new. Think of a > collision between the internet's echo chambers and the Great Firewall: > one side wants to control what the other side receives; and the other > side wants to control what it does not receive. > > Simple Venn diagram. When the intersection between the two circles > (agreement on what both sides want to send/receive) has less net value > than one of the two separate half-moons, the concerned side may as well > block the whole ASN: the cost of sacrificing the intersection is lower > than the benefit from allowing the communication less the > filtering/sanitation cost. > > Once one side decides that it gets less benefits than cost from the > communication, the other side has three strategic choices: giving more > value; causing less cost; or accepting the disconnect. They are now at > the accepting the disconnect, waiting to see who blinks first. If > no-one blinks, the disconnect becomes permanent. > > The problem is compounded by aggregation on the two sides: well behaved > senders will put pressure on their side; the rats may abandon ship and > raid the next ISP with weak policies. Affected recipients will put > pressure on their side to remove the filter. The question is where > those pressures will burst. My hope is that someone at OVH will wake up > and mop up the neighborhood that they control. > > Personally, I am still looking for the ideal firewall: block all ASNs > unless permitted. And even after that, the next battlefields are > already in sight: wireless network traversal. > > Yuv > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
Dnia 8.03.2024 o godz. 12:45:18 Paul Gregg via mailop pisze: > I can confirm your observations. I can't see their NS from my OVH box, > nor can I connect to port 25 of the 3 IPs behind their MX. > From home (UK broadband), I can see and query DNS servers, but I can't > talk to port 25. > From non-home/non-ovh, I can see DNS and talk to port 25. I can confirm as well. From my server (hosted at OVH) I can't even query their domain, nor can I ping the address you mentioned (194.97.8.138). From my home computer, both DNS query and ping work OK. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
On 2024-03-08 07:48, Stefano Bagnara via mailop wrote: On Fri, 8 Mar 2024 at 13:04, Mark Alley wrote: Have you considered they may be blocking OVH ASNs on their firewall? Well, blocking the whole ASNs even to their NS sounds something very unexpected. Extreme, yes. Unexpected? I disagree. It is just another logical escalation step towards the inevitable, but nothing new. Think of a collision between the internet's echo chambers and the Great Firewall: one side wants to control what the other side receives; and the other side wants to control what it does not receive. Simple Venn diagram. When the intersection between the two circles (agreement on what both sides want to send/receive) has less net value than one of the two separate half-moons, the concerned side may as well block the whole ASN: the cost of sacrificing the intersection is lower than the benefit from allowing the communication less the filtering/sanitation cost. Once one side decides that it gets less benefits than cost from the communication, the other side has three strategic choices: giving more value; causing less cost; or accepting the disconnect. They are now at the accepting the disconnect, waiting to see who blinks first. If no-one blinks, the disconnect becomes permanent. The problem is compounded by aggregation on the two sides: well behaved senders will put pressure on their side; the rats may abandon ship and raid the next ISP with weak policies. Affected recipients will put pressure on their side to remove the filter. The question is where those pressures will burst. My hope is that someone at OVH will wake up and mop up the neighborhood that they control. Personally, I am still looking for the ideal firewall: block all ASNs unless permitted. And even after that, the next battlefields are already in sight: wireless network traversal. Yuv ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
On Fri, Mar 08, 2024 at 02:15:21PM +0100, Marco Moock via mailop wrote: > Can you test 53/udp and 53/tcp on their authoritative NS from home? pgregg@pgsurfacepro8:~$ dig +short +tcp soa freenet.de @ns1.fdkcloud.de. ns1.fdkcloud.de. hostmaster.freenet-business.de. 2024030701 28800 7200 604800 3600 pgregg@pgsurfacepro8:~$ dig +short +tcp soa freenet.de @ns1.fdkcloud.net. ns1.fdkcloud.de. hostmaster.freenet-business.de. 2024030701 28800 7200 604800 3600 pgregg@pgsurfacepro8:~$ dig +short soa freenet.de @ns1.fdkcloud.de. ns1.fdkcloud.de. hostmaster.freenet-business.de. 2024030701 28800 7200 604800 3600 pgregg@pgsurfacepro8:~$ dig +short soa freenet.de @ns1.fdkcloud.net. ns1.fdkcloud.de. hostmaster.freenet-business.de. 2024030701 28800 7200 604800 3600 ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
Am 08.03.2024 schrieb Paul Gregg via mailop : > They do claim to use RBLs, but my OVH IP isn't on any RBLs (not even > uceprotect-L3 amazingly right now) - and based on my home 'DUL' IP not > being able to connect, they're certainly using RBLs on port 25. Can you test 53/udp and 53/tcp on their authoritative NS from home? ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
Having seen this behavior before from overzealous network admins, especially given the fact that freenet owns their netblock and their NS are self-hosted on said netblock rather than cloud DNS SaaS, it's very likely a firewall rule. I wouldn't be surprised if it was the case, OVH isn't exactly known for reputable traffic. - Mark Alley On Fri, Mar 8, 2024, 6:48 AM Stefano Bagnara wrote: > On Fri, 8 Mar 2024 at 13:04, Mark Alley wrote: > > Have you considered they may be blocking OVH ASNs on their firewall? > > Well, blocking the whole ASNs even to their NS sounds something very > unexpected. This mean any service (not only email) that is hosted in > OVH (in europe is the biggest provider) thinks their domains don't > even exists. > Also, freenet.de users are not able to write emails to anyone having > the DNS hosted at OVH (millions of domains): sounds like burning your > house to protect it from thieves :-D > > Seems like AS5430 and AS16276 are not talking at all, but I don't know > how confirm it and how to check where is the issue in more detail. > > > Their NS and zone seems resolvable and reachable from pretty much > everything else on the internet according to DNSchecker.org. > > Here you can see their NS IP is not reachable from 7 on 30 location > being tested from western europe: > https://www.host-tracker.com/en/ic/3/189c2804-114d-4be7-94e5-716f131bc458 > > So, I think the issue is more on freenet side than OVH side, but I'd > need someone who knows or have powers to check. > > Now I also wrote an email to the noc/peer emails for both ASN. > Stefano > > > On Fri, Mar 8, 2024, 5:54 AM Stefano Bagnara via mailop < > mailop@mailop.org> wrote: > >> > >> Hi, > >> > >> I'm experiencing routing issues to freenet.de MX since almost 3 days. > >> > >> I can't even lookup the domain as I cannot reach their NS, but the > >> same happens even if I try to ping their email server IP address: > >> > >> 194.97.8.138 > >> 195.4.92.217 > >> > >> From my servers @OVH they are not reachable at all. > >> > >> I checked the IPs at https://check-host.net/check-ping and I see both > >> IP pings from most places but a netherland one, hong kong and 4 > >> russians sources (by comparison my own IPs are reachable from all of > >> those sources). > >> > >> Failing traceroutes from check-host.net and from my IPs stuck at a > >> Cloudflare IP: > >> > >> # traceroute 194.97.8.138 > >> traceroute to 194.97.8.138 (194.97.8.138), 30 hops max, 60 byte packets > >> 1 MYIP 0.373 ms 0.484 ms 0.590 ms > >> 2 10.17.50.74 (10.17.50.74) 0.356 ms 10.17.50.72 (10.17.50.72) > >> 0.396 ms 0.458 ms > >> 3 10.73.17.68 (10.73.17.68) 0.101 ms 10.73.16.116 (10.73.16.116) > >> 0.107 ms 10.73.17.70 (10.73.17.70) 0.134 ms > >> 4 10.95.64.142 (10.95.64.142) 1.027 ms 10.95.64.156 (10.95.64.156) > >> 0.424 ms 10.95.64.136 (10.95.64.136) 0.421 ms > >> 5 par-gsw-sbb1-nc5.fr.eu (54.36.50.228) 3.949 ms 3.825 ms 3.821 ms > >> 6 10.200.2.85 (10.200.2.85) 4.079 ms 10.200.2.77 (10.200.2.77) > >> 71.136 ms 71.123 ms > >> 7 * * * > >> 8 172.71.120.4 (172.71.120.4) 4.689 ms 141.101.67.52 > >> (141.101.67.52) 4.538 ms 4.578 ms > >> 9 172.71.133.105 (172.71.133.105) 3.842 ms 172.71.129.237 > >> (172.71.129.237) 4.226 ms 172.69.187.98 (172.69.187.98) 4.214 ms > >> 10 172.71.133.23 (172.71.133.23) 5.352 ms 172.71.117.70 > >> (172.71.117.70) 4.631 ms 172.71.121.67 (172.71.121.67) 4.512 ms > >> 11 * * * > >> 12 * * * > >> 13 * * * > >> > >> I thought it was a peering issue, but 3 days should be enough for > >> someone to detect and fix it. > >> > >> It doesn't look like a blacklisting issue as I cannot even query their > >> authoritative NS and I can't do that even from IPs that never sent > >> emails. > >> > >> I also checked OVH looking glass and they fail routing to freenet from > >> all of their DCs: > >> > https://lg.ovh.net/traceroute/sgp+vin+sbg+bhs+hil+rbx+lim+bom+gra+waw+syd1+eri/ipv4?q=194.97.8.138 > >> > >> I also tried using OVH hosted email to write an email to a freenet.de > >> domain and it resulted in a "Domain not found" error, so to confirm > >> the whole OVH network can't reach the freenet.de NS. > >> > >> I opened a ticket to OVH but they closed it telling me the traceroute > >> show the problem in outside their network (last working hop is a > >> cloudflare IP). > >> > >> Peering/routing is not my field, so I'm looking for other people with > >> problems sending emails to freenet.de and for suggestions on how/who > >> to contact to fix the issue (maybe I should look for an NOC-op mailing > >> list?) . > >> > >> Stefano > >> > >> -- > >> Stefano Bagnara > >> Apache James/jDKIM/jSPF > >> VOXmail/Mosaico.io/VoidLabs > >> ___ > >> mailop mailing list > >> mailop@mailop.org > >> https://list.mailop.org/listinfo/mailop > > > > -- > Stefano Bagnara > Apache James/jDKIM/jSPF > VOXmail/Mosaico.io/VoidLabs > ___ mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
On Fri, 8 Mar 2024 at 13:04, Mark Alley wrote: > Have you considered they may be blocking OVH ASNs on their firewall? Well, blocking the whole ASNs even to their NS sounds something very unexpected. This mean any service (not only email) that is hosted in OVH (in europe is the biggest provider) thinks their domains don't even exists. Also, freenet.de users are not able to write emails to anyone having the DNS hosted at OVH (millions of domains): sounds like burning your house to protect it from thieves :-D Seems like AS5430 and AS16276 are not talking at all, but I don't know how confirm it and how to check where is the issue in more detail. > Their NS and zone seems resolvable and reachable from pretty much everything > else on the internet according to DNSchecker.org. Here you can see their NS IP is not reachable from 7 on 30 location being tested from western europe: https://www.host-tracker.com/en/ic/3/189c2804-114d-4be7-94e5-716f131bc458 So, I think the issue is more on freenet side than OVH side, but I'd need someone who knows or have powers to check. Now I also wrote an email to the noc/peer emails for both ASN. Stefano > On Fri, Mar 8, 2024, 5:54 AM Stefano Bagnara via mailop > wrote: >> >> Hi, >> >> I'm experiencing routing issues to freenet.de MX since almost 3 days. >> >> I can't even lookup the domain as I cannot reach their NS, but the >> same happens even if I try to ping their email server IP address: >> >> 194.97.8.138 >> 195.4.92.217 >> >> From my servers @OVH they are not reachable at all. >> >> I checked the IPs at https://check-host.net/check-ping and I see both >> IP pings from most places but a netherland one, hong kong and 4 >> russians sources (by comparison my own IPs are reachable from all of >> those sources). >> >> Failing traceroutes from check-host.net and from my IPs stuck at a >> Cloudflare IP: >> >> # traceroute 194.97.8.138 >> traceroute to 194.97.8.138 (194.97.8.138), 30 hops max, 60 byte packets >> 1 MYIP 0.373 ms 0.484 ms 0.590 ms >> 2 10.17.50.74 (10.17.50.74) 0.356 ms 10.17.50.72 (10.17.50.72) >> 0.396 ms 0.458 ms >> 3 10.73.17.68 (10.73.17.68) 0.101 ms 10.73.16.116 (10.73.16.116) >> 0.107 ms 10.73.17.70 (10.73.17.70) 0.134 ms >> 4 10.95.64.142 (10.95.64.142) 1.027 ms 10.95.64.156 (10.95.64.156) >> 0.424 ms 10.95.64.136 (10.95.64.136) 0.421 ms >> 5 par-gsw-sbb1-nc5.fr.eu (54.36.50.228) 3.949 ms 3.825 ms 3.821 ms >> 6 10.200.2.85 (10.200.2.85) 4.079 ms 10.200.2.77 (10.200.2.77) >> 71.136 ms 71.123 ms >> 7 * * * >> 8 172.71.120.4 (172.71.120.4) 4.689 ms 141.101.67.52 >> (141.101.67.52) 4.538 ms 4.578 ms >> 9 172.71.133.105 (172.71.133.105) 3.842 ms 172.71.129.237 >> (172.71.129.237) 4.226 ms 172.69.187.98 (172.69.187.98) 4.214 ms >> 10 172.71.133.23 (172.71.133.23) 5.352 ms 172.71.117.70 >> (172.71.117.70) 4.631 ms 172.71.121.67 (172.71.121.67) 4.512 ms >> 11 * * * >> 12 * * * >> 13 * * * >> >> I thought it was a peering issue, but 3 days should be enough for >> someone to detect and fix it. >> >> It doesn't look like a blacklisting issue as I cannot even query their >> authoritative NS and I can't do that even from IPs that never sent >> emails. >> >> I also checked OVH looking glass and they fail routing to freenet from >> all of their DCs: >> https://lg.ovh.net/traceroute/sgp+vin+sbg+bhs+hil+rbx+lim+bom+gra+waw+syd1+eri/ipv4?q=194.97.8.138 >> >> I also tried using OVH hosted email to write an email to a freenet.de >> domain and it resulted in a "Domain not found" error, so to confirm >> the whole OVH network can't reach the freenet.de NS. >> >> I opened a ticket to OVH but they closed it telling me the traceroute >> show the problem in outside their network (last working hop is a >> cloudflare IP). >> >> Peering/routing is not my field, so I'm looking for other people with >> problems sending emails to freenet.de and for suggestions on how/who >> to contact to fix the issue (maybe I should look for an NOC-op mailing >> list?) . >> >> Stefano >> >> -- >> Stefano Bagnara >> Apache James/jDKIM/jSPF >> VOXmail/Mosaico.io/VoidLabs >> ___ >> mailop mailing list >> mailop@mailop.org >> https://list.mailop.org/listinfo/mailop -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
On Fri, Mar 08, 2024 at 01:26:48PM +0100, Stefano Bagnara via mailop wrote: > On Fri, 8 Mar 2024 at 13:17, Marco Moock wrote: > > Can you access their website on freenet.de from OVH? > > No. I can't even reach their NS from OVH network. > So I can't resolve www.freenet.de: but if I try with the IP, then I > can't ping it. I can confirm your observations. I can't see their NS from my OVH box, nor can I connect to port 25 of the 3 IPs behind their MX. From home (UK broadband), I can see and query DNS servers, but I can't talk to port 25. From non-home/non-ovh, I can see DNS and talk to port 25. They do claim to use RBLs, but my OVH IP isn't on any RBLs (not even uceprotect-L3 amazingly right now) - and based on my home 'DUL' IP not being able to connect, they're certainly using RBLs on port 25. It also looks like there might be a separate transit issue with OVH. Might be deliberate, might not. PG ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
On Fri, 8 Mar 2024 at 13:17, Marco Moock wrote: > Can you access their website on freenet.de from OVH? No. I can't even reach their NS from OVH network. So I can't resolve www.freenet.de: but if I try with the IP, then I can't ping it. > > From my servers @OVH they are not reachable at all. > > OVH is known to host spammers. Maybe they blocked the entire AS in > their firewall. I know, but I don't think this is the case. If I go to my free @freenet.de inbox I can't write email to any recipient having their DNS hosted at OVH because of this connection issue between the 2 ASN. E.g. from my @freenet.de inbox I cannot write to my email address @bago.org because my NS is at OVH (while my email is at Google Workspace). So, if they did it by purpose because of spam I guess they blocked a bit too much :-) > > I opened a ticket to OVH but they closed it telling me the traceroute > > show the problem in outside their network (last working hop is a > > cloudflare IP). > > That is something OVH indeed can't fix. Of course it if is a blacklisting it is not something OVH can fix (or at lease, not easily). But if the issue is unwanted or a peering issue maybe someone can do something! > Maybe ask their postmaster from a public freemail service like gmx or > gmail. I wrote to postmas...@freenet.de too as not only they are not able to receive from OVH but they are not able to delivery to any domain with the DNS or email servers in the OVH network. The fact that they NS can't see each other let me think this is not something done by purpose, but I don't know how to investigate it to understand how is responsible for the issue and who can fix it. Stefano -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
Am 08.03.2024 schrieb Stefano Bagnara via mailop : > I can't even lookup the domain as I cannot reach their NS, but the > same happens even if I try to ping their email server IP address: I can reach them properly from AS8820. Do you get any ICMP messages back? tcptraceroute 194.97.8.138 53 Works fine for me (DNS can use both TCP and UDP). Can you access their website on freenet.de from OVH? > From my servers @OVH they are not reachable at all. OVH is known to host spammers. Maybe they blocked the entire AS in their firewall. > I opened a ticket to OVH but they closed it telling me the traceroute > show the problem in outside their network (last working hop is a > cloudflare IP). That is something OVH indeed can't fix. Maybe ask their postmaster from a public freemail service like gmx or gmail. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
Have you considered they may be blocking OVH ASNs on their firewall? Their NS and zone seems resolvable and reachable from pretty much everything else on the internet according to DNSchecker.org. - Mark Alley On Fri, Mar 8, 2024, 5:54 AM Stefano Bagnara via mailop wrote: > Hi, > > I'm experiencing routing issues to freenet.de MX since almost 3 days. > > I can't even lookup the domain as I cannot reach their NS, but the > same happens even if I try to ping their email server IP address: > > 194.97.8.138 > 195.4.92.217 > > From my servers @OVH they are not reachable at all. > > I checked the IPs at https://check-host.net/check-ping and I see both > IP pings from most places but a netherland one, hong kong and 4 > russians sources (by comparison my own IPs are reachable from all of > those sources). > > Failing traceroutes from check-host.net and from my IPs stuck at a > Cloudflare IP: > > # traceroute 194.97.8.138 > traceroute to 194.97.8.138 (194.97.8.138), 30 hops max, 60 byte packets > 1 MYIP 0.373 ms 0.484 ms 0.590 ms > 2 10.17.50.74 (10.17.50.74) 0.356 ms 10.17.50.72 (10.17.50.72) > 0.396 ms 0.458 ms > 3 10.73.17.68 (10.73.17.68) 0.101 ms 10.73.16.116 (10.73.16.116) > 0.107 ms 10.73.17.70 (10.73.17.70) 0.134 ms > 4 10.95.64.142 (10.95.64.142) 1.027 ms 10.95.64.156 (10.95.64.156) > 0.424 ms 10.95.64.136 (10.95.64.136) 0.421 ms > 5 par-gsw-sbb1-nc5.fr.eu (54.36.50.228) 3.949 ms 3.825 ms 3.821 ms > 6 10.200.2.85 (10.200.2.85) 4.079 ms 10.200.2.77 (10.200.2.77) > 71.136 ms 71.123 ms > 7 * * * > 8 172.71.120.4 (172.71.120.4) 4.689 ms 141.101.67.52 > (141.101.67.52) 4.538 ms 4.578 ms > 9 172.71.133.105 (172.71.133.105) 3.842 ms 172.71.129.237 > (172.71.129.237) 4.226 ms 172.69.187.98 (172.69.187.98) 4.214 ms > 10 172.71.133.23 (172.71.133.23) 5.352 ms 172.71.117.70 > (172.71.117.70) 4.631 ms 172.71.121.67 (172.71.121.67) 4.512 ms > 11 * * * > 12 * * * > 13 * * * > > I thought it was a peering issue, but 3 days should be enough for > someone to detect and fix it. > > It doesn't look like a blacklisting issue as I cannot even query their > authoritative NS and I can't do that even from IPs that never sent > emails. > > I also checked OVH looking glass and they fail routing to freenet from > all of their DCs: > > https://lg.ovh.net/traceroute/sgp+vin+sbg+bhs+hil+rbx+lim+bom+gra+waw+syd1+eri/ipv4?q=194.97.8.138 > > I also tried using OVH hosted email to write an email to a freenet.de > domain and it resulted in a "Domain not found" error, so to confirm > the whole OVH network can't reach the freenet.de NS. > > I opened a ticket to OVH but they closed it telling me the traceroute > show the problem in outside their network (last working hop is a > cloudflare IP). > > Peering/routing is not my field, so I'm looking for other people with > problems sending emails to freenet.de and for suggestions on how/who > to contact to fix the issue (maybe I should look for an NOC-op mailing > list?) . > > Stefano > > -- > Stefano Bagnara > Apache James/jDKIM/jSPF > VOXmail/Mosaico.io/VoidLabs > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)
Hi, I'm experiencing routing issues to freenet.de MX since almost 3 days. I can't even lookup the domain as I cannot reach their NS, but the same happens even if I try to ping their email server IP address: 194.97.8.138 195.4.92.217 From my servers @OVH they are not reachable at all. I checked the IPs at https://check-host.net/check-ping and I see both IP pings from most places but a netherland one, hong kong and 4 russians sources (by comparison my own IPs are reachable from all of those sources). Failing traceroutes from check-host.net and from my IPs stuck at a Cloudflare IP: # traceroute 194.97.8.138 traceroute to 194.97.8.138 (194.97.8.138), 30 hops max, 60 byte packets 1 MYIP 0.373 ms 0.484 ms 0.590 ms 2 10.17.50.74 (10.17.50.74) 0.356 ms 10.17.50.72 (10.17.50.72) 0.396 ms 0.458 ms 3 10.73.17.68 (10.73.17.68) 0.101 ms 10.73.16.116 (10.73.16.116) 0.107 ms 10.73.17.70 (10.73.17.70) 0.134 ms 4 10.95.64.142 (10.95.64.142) 1.027 ms 10.95.64.156 (10.95.64.156) 0.424 ms 10.95.64.136 (10.95.64.136) 0.421 ms 5 par-gsw-sbb1-nc5.fr.eu (54.36.50.228) 3.949 ms 3.825 ms 3.821 ms 6 10.200.2.85 (10.200.2.85) 4.079 ms 10.200.2.77 (10.200.2.77) 71.136 ms 71.123 ms 7 * * * 8 172.71.120.4 (172.71.120.4) 4.689 ms 141.101.67.52 (141.101.67.52) 4.538 ms 4.578 ms 9 172.71.133.105 (172.71.133.105) 3.842 ms 172.71.129.237 (172.71.129.237) 4.226 ms 172.69.187.98 (172.69.187.98) 4.214 ms 10 172.71.133.23 (172.71.133.23) 5.352 ms 172.71.117.70 (172.71.117.70) 4.631 ms 172.71.121.67 (172.71.121.67) 4.512 ms 11 * * * 12 * * * 13 * * * I thought it was a peering issue, but 3 days should be enough for someone to detect and fix it. It doesn't look like a blacklisting issue as I cannot even query their authoritative NS and I can't do that even from IPs that never sent emails. I also checked OVH looking glass and they fail routing to freenet from all of their DCs: https://lg.ovh.net/traceroute/sgp+vin+sbg+bhs+hil+rbx+lim+bom+gra+waw+syd1+eri/ipv4?q=194.97.8.138 I also tried using OVH hosted email to write an email to a freenet.de domain and it resulted in a "Domain not found" error, so to confirm the whole OVH network can't reach the freenet.de NS. I opened a ticket to OVH but they closed it telling me the traceroute show the problem in outside their network (last working hop is a cloudflare IP). Peering/routing is not my field, so I'm looking for other people with problems sending emails to freenet.de and for suggestions on how/who to contact to fix the issue (maybe I should look for an NOC-op mailing list?) . Stefano -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop