RE: Apologies but...Verizon Postmaster?
Go ahead and send me your contact info offline and I'll see if I can forward it to the right people in the mail team. Wayne Gustavus, CCIE #7426 Operations Engineering Verizon Internet Services > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Michael Loftis > Sent: Thursday, November 20, 2003 5:09 PM > To: [EMAIL PROTECTED] > Subject: Apologies but...Verizon Postmaster? > > > I have been trying for weeks to get in touch with someone who > will respond > with something other than a form letter at Verizon. Can > someone please > contact me off-list? My company (Modwest) is being > unilaterally blocked. > I can't even send mail to abuse, postmaster, etc. from an > @modwest.com > address because of the block in place without a reason and > without recourse. > > TIA, and I'm sorry for posting here but it's really my last > resort (as it > should be anyones IMHO). > > -- > GPG/PGP --> 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 > 88B9 E736 BD7E >
Re: OC3 Router
I know this is not relevant, but the humour is perfectly apropos as a reply. This was the best "manager" call the support line of the day story: "We need an OC-192". "My god, why?" "We need to be able to support at least 192 simultaneous users to our website" "Uh Huh. well.. :-) Dan. Chris Strandt wrote: > I was hoping that someone could point me in the right direction. > > I'm looking for a cisco border router as a backup for our existing. > > We have a 7206VXR with NPE400. The only thing we have in the router is > a OC3c POS card on one side and a multimode Gig-Ethernet on the other. > We are not doing BGP with this router (upstream is annoucing for us). > Is there a vendor who can tell us the minimum we need to do this for > emergency situations, or someone on the list who can recommend a cisco > solution that can meet these requirments? > > Thanks, > -Chris Strandt > Liquid Web Inc.
Re: how to fix bad referral in pir.org whois?
> > I have four .org domains that I transferred from gandi to godaddy a couple > of months ago. However, the pir.org whois still lists whois.gandi.net > as the referral whois. For example: > > Domain ID: D46124408-LROR > Domain Name: HTCP.ORG > Created On:05-Dec-2000 03:30:16 UTC > Last Updated On: 08-Sep-2003 21:28:55 UTC > Expiration Date: 05-Dec-2004 03:30:16 UTC > Sponsoring Registrar: Go Daddy Software, Inc. (R91-LROR) > Status:OK > Registrant Name: SEE SPONSORING REGISTRAR > Registrant Street1:Whois Server:whois.gandi.net > Registrant Street2:Referral URL:http://www.gandi.net > Admin Name:SEE SPONSORING REGISTRAR > Billing Name: SEE SPONSORING REGISTRAR > Tech Name: SEE SPONSORING REGISTRAR > Name Server: NS.PACKET-PUSHERS.COM > Name Server: NS2.PACKET-PUSHERS.COM The sponsoring registrar (godaddy) is responsible for fixing it, in fact they are suppososed to reenter your information to be listed directly at PIR whois (instead of as referral to their own whois) upon the transfer. They are likely waiting to do it in bulk for multiple domains, but you can insist they do it ASAP for your domain, send email to their support. --- William Leibzon Elan Networks [EMAIL PROTECTED]
OC3 Router
I was hoping that someone could point me in the right direction. I'm looking for a cisco border router as a backup for our existing. We have a 7206VXR with NPE400. The only thing we have in the router is a OC3c POS card on one side and a multimode Gig-Ethernet on the other. We are not doing BGP with this router (upstream is annoucing for us). Is there a vendor who can tell us the minimum we need to do this for emergency situations, or someone on the list who can recommend a cisco solution that can meet these requirments? Thanks, -Chris Strandt Liquid Web Inc.
how to fix bad referral in pir.org whois?
I have four .org domains that I transferred from gandi to godaddy a couple of months ago. However, the pir.org whois still lists whois.gandi.net as the referral whois. For example: Domain ID: D46124408-LROR Domain Name: HTCP.ORG Created On:05-Dec-2000 03:30:16 UTC Last Updated On: 08-Sep-2003 21:28:55 UTC Expiration Date: 05-Dec-2004 03:30:16 UTC Sponsoring Registrar: Go Daddy Software, Inc. (R91-LROR) Status:OK Registrant Name: SEE SPONSORING REGISTRAR Registrant Street1:Whois Server:whois.gandi.net Registrant Street2:Referral URL:http://www.gandi.net Admin Name:SEE SPONSORING REGISTRAR Billing Name: SEE SPONSORING REGISTRAR Tech Name: SEE SPONSORING REGISTRAR Name Server: NS.PACKET-PUSHERS.COM Name Server: NS2.PACKET-PUSHERS.COM I called godaddy and they were very unhelpful. They claim it is not their problem because they are listed correctly as the sponsoring registrar. Whos fault is this? How can I get it fixed? Duane W.
Re: Apologies but...Verizon Postmaster?
On Fri, 21 Nov 2003, Charles Sprickman wrote: > On Fri, 21 Nov 2003, Jay Hennigan wrote: > > > In our case it's at the IP level. Our mailserver gets "connection refused" > > from their "business" mail servers at "bizmailsrvcs.net". We got someone > > on the phone who was supposed to look into it a week or so ago. > > Have a look at the logs on your primary MX. Part of their "anti-spam" > solution seems to be a connection back to your primary MXer to check if > the envelope from is valid or not. If you don't reply in the (very short) > timeout period, the mail is rejected with a *permanent* failure. Hmmm... Our primary MX is Postini. And they won't even open a socket on TCP 25 so we don't get far enough to give them an envelope from. beach% telnet mta1.bizmailsrvcs.net 25 Trying 206.46.164.22... Connected to mta1.bizmailsrvcs.net. Escape character is '^]'. 421 oe-mp1.bizmailsrvcs.net connection refused from [199.201.128.19] Connection closed by foreign host. What's weird is that any random dialup or DSL can connect to them just fine. It seems like they've put our mail sender in a local blacklist but we truly hate and kill what few spammers crop up here on sight. > It's a horrible design. It's useless for them on MTAs that just accept > everything into the queue and work it from there (qmail, ?) and a pain to > the sender if you happen to have your primary mx swamped in a spam attack > when they try to query it. From what I can see, the timeout is *very* > short and they do not try anything other than the primary mxer. I think it's two different issues, as ours is at a lower level. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Apologies but...Verizon Postmaster?
On Fri, 21 Nov 2003, Jay Hennigan wrote: > In our case it's at the IP level. Our mailserver gets "connection refused" > from their "business" mail servers at "bizmailsrvcs.net". We got someone > on the phone who was supposed to look into it a week or so ago. Have a look at the logs on your primary MX. Part of their "anti-spam" solution seems to be a connection back to your primary MXer to check if the envelope from is valid or not. If you don't reply in the (very short) timeout period, the mail is rejected with a *permanent* failure. > > VZ was unable to tell me why we were initially blocked, but we were for a > > number of days. Not at the IP level, but at the envelope level; meaning > > that if you issued a "mail from:" with the domain in question, you'd get > > the "550 You are not allowed to send mail:sc004pub.verizon.net" message. > > They couldn't tell us either. It's a horrible design. It's useless for them on MTAs that just accept everything into the queue and work it from there (qmail, ?) and a pain to the sender if you happen to have your primary mx swamped in a spam attack when they try to query it. From what I can see, the timeout is *very* short and they do not try anything other than the primary mxer. There also does not seem to be a whitelist for problem sites (which we apparently are) so the problem never really goes away, it just gets better and worse as a direct parallel to your mxers load... They also block mail to their postmaster and abuse addresses, so you have to do some work to get in touch with someone there. Charles > -- > Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] > WestNet: Connecting you to the planet. 805 884-6323 WB6RDV > NetLojix Communications, Inc. - http://www.netlojix.com/ >
Re: Apologies but...Verizon Postmaster?
On Fri, 21 Nov 2003, Charles Sprickman wrote: > > On Thu, 20 Nov 2003, Michael Loftis wrote: > > > I have been trying for weeks to get in touch with someone who will respond > > with something other than a form letter at Verizon. Can someone please > > contact me off-list? My company (Modwest) is being unilaterally blocked. > > I can't even send mail to abuse, postmaster, etc. from an @modwest.com > > address because of the block in place without a reason and without recourse. > > Welcome to the club! > > I'm sure someone will get back to you shortly. But in the meantime, I can > share my experience with this, and perhaps get some opinions on how wise > their "anti-spam" measures are. Me, too! In our case it's at the IP level. Our mailserver gets "connection refused" from their "business" mail servers at "bizmailsrvcs.net". We got someone on the phone who was supposed to look into it a week or so ago. > VZ was unable to tell me why we were initially blocked, but we were for a > number of days. Not at the IP level, but at the envelope level; meaning > that if you issued a "mail from:" with the domain in question, you'd get > the "550 You are not allowed to send mail:sc004pub.verizon.net" message. They couldn't tell us either. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Juno (United Online) contact phone?
Rich Casto writes on 11/21/2003 3:56 PM: Can someone please provide a phone number for the Juno (aka United Online) NOC? I already have the $1.95/minute support number (877-912-5866), so don't send that one. One of my client's emails are being bounced so I need to call them to find out why. Juno's abuse desk is based in Hyderabad, India. Send email with sample bounces / logs to [EMAIL PROTECTED] - you will get a reply from them within 24 hours. --srs (who used to be on the [EMAIL PROTECTED] team) -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: IPSEC VPNs capable of handling worm traffic
Daniel Golding wrote: All of these cute references to "vendor c" and "vendor n" go by the wayside when we slip and say "Nortel" or refer to "CEF". :) IMHO, if you aren't breaking an NDA, you might as well name names. If you are breaking an NDA, using initials won't screen you from legal jeopardy... I thought the letter expressions were popular to obfuscate information for the less knowledgeable/intelligent lurkers on the list. Pete
Juno (United Online) contact phone?
Can someone please provide a phone number for the Juno (aka United Online) NOC? I already have the $1.95/minute support number (877-912-5866), so don't send that one. One of my client's emails are being bounced so I need to call them to find out why. Thanks! Rich
Re: Apologies but...Verizon Postmaster?
On Thu, 20 Nov 2003, Michael Loftis wrote: > I have been trying for weeks to get in touch with someone who will respond > with something other than a form letter at Verizon. Can someone please > contact me off-list? My company (Modwest) is being unilaterally blocked. > I can't even send mail to abuse, postmaster, etc. from an @modwest.com > address because of the block in place without a reason and without recourse. Welcome to the club! I'm sure someone will get back to you shortly. But in the meantime, I can share my experience with this, and perhaps get some opinions on how wise their "anti-spam" measures are. VZ was unable to tell me why we were initially blocked, but we were for a number of days. Not at the IP level, but at the envelope level; meaning that if you issued a "mail from:" with the domain in question, you'd get the "550 You are not allowed to send mail:sc004pub.verizon.net" message. To this day, we still see some refusals from them like this in our logs. What I imagine is happening is that the check they do (connect back to your mx and try to verify the address exists) times out occasionally, either due to mail server load or connectivity issues. This causes your mail to them to bounce with a permanent error. Not really the best way to handle mail, but I digress. Looking at your mxer, I see that the "rcpt to:" is a bit slow. I wouldn't be totally shocked if this had something to do with your problem... Charles > TIA, and I'm sorry for posting here but it's really my last resort (as it > should be anyones IMHO). > > -- > GPG/PGP --> 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E
OT: Internet.com hostmaster
Hi, If there's anyone here from "internet.com" or if you know someone over there, could you please let them know that their domain for the "isp-bgp" list has expired. The list has been idle since the 11th of this month. Thanks, Charles Registrant: Jupitermedia Corporation (MVQRRLSERD) 23 Old Kings Highway S. Darien, CT 06820 US Domain Name: ISP-BGP.COM Administrative Contact: Jupitermedia Corporation (ZFBKBPQRAO) [EMAIL PROTECTED] 23 Old Kings Highway S. Darien, CT 06820 US 203-662-2800 Technical Contact: Hegedus, Peter (PH535) [EMAIL PROTECTED] 23 OLD KINGS HWY S DARIEN, CT 06820-4538 US (203) 662-2800 fax: (203) 655-4686 Record expires on 04-Nov-2003. Record created on 04-Nov-1999. Database last updated on 21-Nov-2003 13:06:08 EST.
RE: Increase in traffic to/from DSL subs since August?
Improperly patched machines infected with Nachi (aka Welchia) have been noted transmitting in excess of 500,000 ICMP echo requests via Class B alphabet lookups per hour. The one characteristic of Nachi that simplifies the identification of the infected machines is the fact that each of these echo requests are 92 byte pings. Any monitoring tools or packet sniffers configured to look for these 92 byte pings will greatly simplify the identification of the specific source addresses. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Suresh Ramasubramanian Sent: Thursday, November 20, 2003 9:27 PM Cc: [EMAIL PROTECTED] Subject: Re: Increase in traffic to/from DSL subs since August? Steven M. Bellovin writes on 11/20/2003 4:28 PM: > At the IETF Plenary, Bernard Aboba showed a graph of spam, with a > marked uptick since SoBig.F in August. My guess is worm-deposited spam > relays, though Joel's guess of Nachi or Welchia can't be ruled out, > either, without flow data. A ballpark estimate from a couple of friends who run small cable ISPs in India, and from a look at our mailserver log stats, says that yes, this is mostly because of open proxies and trojans infecting unpatched windows machines on broadband. Swen, MiMail and Jeem.mail.pv seem to be the worst offenders wrt spamming trojans, right now. Nachi and Welchia are almost as bad. I'd say blame can be split equally between the two. -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
The Cidr Report
This report has been generated at Fri Nov 21 21:47:57 2003 AEST. The report analyses the BGP Routing Table of an AS4637 (Reach) router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org/as4637 for a current version of this report. Recent Table History Date PrefixesCIDR Agg 14-11-03127686 90350 15-11-03127761 90470 16-11-03127866 90362 17-11-03127701 90382 18-11-03127919 90258 19-11-03127738 90168 20-11-03127684 90121 21-11-03127651 90186 AS Summary 16153 Number of ASes in routing system 6459 Number of ASes announcing only one prefix 1412 Largest number of prefixes announced by an AS AS701 : ALTERNET-AS UUNET Technologies, Inc. 73522432 Largest address span announced by an AS (/32s) AS568 : SUMNET-AS DISO-UNRRA Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 21Nov03 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 127761901783758329.4% All ASes AS4323 689 202 48770.7% TW-COMM Time Warner Communications, Inc. AS6197 748 262 48665.0% BATI-ATL BellSouth Network Solutions, Inc AS701 1412 978 43430.7% ALTERNET-AS UUNET Technologies, Inc. AS7018 1368 946 42230.8% ATT-INTERNET4 AT&T WorldNet Services AS7843 532 130 40275.6% ADELPHIA-AS Adelphia Corp. AS6198 613 254 35958.6% BATI-MIA BellSouth Network Solutions, Inc AS209885 540 34539.0% ASN-QWEST Qwest AS22909 312 10 30296.8% DNEO-OSP1 Comcast Cable Communications, Inc. AS1239 954 667 28730.1% SPRINTLINK Sprint AS22773 311 28 28391.0% CCINET-2 Cox Communications Inc. Atlanta AS27364 353 71 28279.9% ACS-INTERNET Armstrong Cable Services AS4355 382 101 28173.6% ERMS-EARTHLNK EARTHLINK, INC AS1221 952 680 27228.6% ASN-TELSTRA Telstra Pty Ltd AS4134 389 124 26568.1% CHINANET-BACKBONE No.31,Jin-rong Street AS6347 336 85 25174.7% DIAMOND SAVVIS Communications Corporation AS17676 279 36 24387.1% GIGAINFRA Softbank BB Corp. AS25844 243 16 22793.4% SKADDEN1 Skadden, Arps, Slate, Meagher & Flom LLP AS6140 343 128 21562.7% IMPSAT-USA ImpSat AS11305 229 38 19183.4% INTERLAND-NET1 Interland Incorporated AS2386 402 219 18345.5% INS-AS AT&T Data Communications Services AS4519 193 12 18193.8% MAAS Maas Communications AS14654 1802 17898.9% WAYPORT Wayport AS6327 203 27 17686.7% SHAW Shaw Communications Inc. AS2048 252 86 16665.9% LANET-1 State of Louisiana AS20115 583 423 16027.4% CHARTER-NET-HKY-NC Charter Communications AS9929 196 38 15880.6% CNCNET-CN China Netcom Corp. AS9583 236 79 15766.5% SATYAMNET-AS Satyam Infoway Ltd., AS15270 202 48 15476.2% AS-PAETEC-NET PaeTec.net -a division of PaeTecCommunications, Inc. AS6517 235 84 15164.3% YIPESCOM Yipes Communications, Inc. AS9800 207 57 15072.5% UNICOM CHINA UNICOM Total 14219 6371 784855.2% Top 30 total Possible Bogus Routes 24.138.80.0/20 AS11260 ANDARA-HSI Andara High Speed Internet c/o Halifax Cable Ltd. 61.12.32.0/24AS7545 TPG-INTERNET-AP TPG Internet Pty Ltd 61.12.34.0/24AS7545 TPG-INTERNET-AP TPG Internet Pty Ltd 64.30.64.0/19