Re: [nanog] Re: Network Notifcation - SMS via Verizon
> The other side of this besides the delayed receiving of messages is > with monitoring you want to get the alerts even if your network is down > and unable to send via email to your pager, cellphone, etc. Having an > out of band method to get those alerts out on criticial alerts is > paramount. I've used Nagios for many years but unfortunately have never > worked with sending through Verizon. I've had decent experience using > Sprint's gateways sending to my phone with minimal delay. > Our solution, crufty as it might be, was that our monitoring server has a modem on it. As long as the pots lines are up, we just have it ring the on-call cell phone. When you see the caller ID, you know its time to get to a terminal. Usually our [EMAIL PROTECTED] would follow 10-15 seconds later. Tuc/TBOH
Re: [nanog] RE: Abandoned ship anchor found at FALCON cable cut
> > Doesn't sound like sabotage to me. In fact, it sounds like bad luck. > Will this now be termed "Anchor fade" in the future? Tuc
Re: Any help for Yahoo! Mail arrogance?
> > > On Oct 29, 2007 11:01 PM, Tuc at T-B-O-H.NET <[EMAIL PROTECTED]> wrote: > > > "Fix your forwarding a lot better". Not sure what this > > means. My machines are MX's for the clients domain. They > > accept it, and either forward it around locally to one of the > > processing MX's or ARE one one of the processing MX's. Its > > Yes, that's just how forwarding and .forwards work. > > And if you mix inbound email (much dirtier than outbound email even if > you run a secure shop) into a mail stream that includes email sent out > by your clients, you potentially have random botnet spam, spam from > sbl listed spammers etc (in other words, a lot of "block on sight" > stuff) leaking through your IP, the same IP that a bunch of your other > customers use to mail out to their aunt mary on yahoo. > AH, I see the confusion. We are a managed server hosting company, not a Cable/DSL/T#/Dialup provider. The only way mail gets sent out of here is Webmail, FormMail and Mail exploder. I'm pretty sure none of our systems have been comprimised and forwards mail that we don't know about. > > The numbers from that one .forward are enough to screw up the rest of > your numbers, a 5% or less complaint rate on email from your IP (and > believe me, if your user is jackass enough to click report spam on > email that comes through his .forward the complaints can go up real > high) .. is enough to get your IP blocked. > Except for maybe unfortunately backscatter from people CLAIMING to originate email from our clients, our outbound should be fairly low volume and reasonably clean. > > Dealing with tier 1 support anywhere (not the least of where is yahoo) > is always a pain. Which is why what I am suggesting is avoidance and > prevention rather than going around alternatively begging yahoo to fix > something or accusing them on nanog of being arrogant. > I'm not begging Yahoo to fix something, just to accept our mail. I'm doing the best I can, and I'm sure to the DETRIMENT of the user, to cut down on the spam, but short of having someone physically inspect all email for spam and backscatter I really can't do much else (Except get the user to have a local Webmail which I know they don't want). Tuc/TBOH
Re: Any help for Yahoo! Mail arrogance?
> > On 10/29/07, Tuc at T-B-O-H.NET <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > On 10/29/07, Tuc at T-B-O-H.NET <[EMAIL PROTECTED]> wrote: > > > > > > > "Unfortunately, we cannot provide you with > > > > specific information other than to suggest a review > > > > of the questionnaire we supplied and try to determine > > > > where your mailing practices may be improved upon." > > > > > > In other words, fix your forwarding a lot better (and possibly > > > segregate it from your main mail stream, clearly label the forwarding > > > IP as a forwarder, etc) > > > > > > Yahoo arent really in the business of teaching people how to do a > > > better job. If that sounds like arrogance .. > > > > > > srs > > > > > "Fix your forwarding a lot better". Not sure what this > > means. My machines are MX's for the clients domain. > > What are the addresses of the machines? > > -M< > 192.136.64.0/24, with the 3 main machines being at 108, 116, 156 and lesser machines at 204, 212, etc. Tuc/TBOH
Re: Any help for Yahoo! Mail arrogance?
> > > On 10/29/07, Tuc at T-B-O-H.NET <[EMAIL PROTECTED]> wrote: > > > "Unfortunately, we cannot provide you with > > specific information other than to suggest a review > > of the questionnaire we supplied and try to determine > > where your mailing practices may be improved upon." > > In other words, fix your forwarding a lot better (and possibly > segregate it from your main mail stream, clearly label the forwarding > IP as a forwarder, etc) > > Yahoo arent really in the business of teaching people how to do a > better job. If that sounds like arrogance .. > > srs > "Fix your forwarding a lot better". Not sure what this means. My machines are MX's for the clients domain. They accept it, and either forward it around locally to one of the processing MX's or ARE one one of the processing MX's. Its then run through SpamAssassin hoping to do the best we can to filter out REALLY bad spam, and the box either directly tries to send to a Yahoo! MX mailer, or forwards to another outbound box to attempt to send it out. I'm not sure where in that whole equation we are doing anything that isn't the best we can except if we assign a person to sit down, read each and every email, and then forward it along to the destination user. As it is now, I'm sure we drop some legit mail... And I know some legit mail isn't getting through since Yahoo! relays aren't accepting ANYTHING. (And, as a result, even my emails to them were lagged by days while they stopped accepting anything from us for a while). Segregate from our main mail stream? We have this 1 customer (Yes, currently, one) who has this type of setup. They are on a shared server. I should set up a single box just to handle their MX? We are a hosting company, the only time we send mail to Yahoo! otherwise is if one of their customers fills a webform out that maybe copies them, they are on a mailing exploder, or we reply to a customer who uses Yahoo!. Label forwarding IP as a forwarder... We told them, they told us that our IP was RFC1918 (Which it wasn't) and that they wouldn't accept that. Once I could convince them that we weren't using RFC1918 to route, and that our IP range was Legacy Internic IP's which were perfectly valid to be routed, they then turned around and found another excuse. No, they aren't in the business to teach someone who's been in the industry all his life, and run Managed Server Companies for over 11 years... But to play the "We aren't going to tell you why we aren't accepting your mail, you'll just have to guess and submit back in *6* months (AND, tell their user to set up a filter to receive the email {WHEN ITS IMPOSSIBLE SINCE THE MAIL NEVER MAKES IT}) is just unbelievable and arrogant to me. Tuc/TBOH
Any help for Yahoo! Mail arrogance?
Background: We MX for a domain, and turn it right around to Yahoo! Mail. I know others have run into this before. Because a fair amount of it is spam, Yahoo stops accepting the mail, yadda yadda yadda. Problem: I jumped through all the hoops, and they tell me I'm denied. When I ask what part I fail on, I get : "Unfortunately, we cannot provide you with specific information other than to suggest a review of the questionnaire we supplied and try to determine where your mailing practices may be improved upon." WTF is that all about?! How can I improve on getting an email, spam filtering the best I can, and turning it around to it intended recipient. Anyone have any clues? Thanks, Tuc
Re: Do I or RR need dns clue?
> > > In article <[EMAIL PROTECTED]> you write: > > > >> > >> Tuc at T-B-O-H.NET wrote: > >> > Down is there isn't power to it until it gets repaired. So its not > >> > answering period. A "nslookup" shows "timed-out". A "dig" shows > >> > "connection timed out; no servers could be reached" (When querying ONLY > >> > against the down server). > >> > > >> > So how do I go back to RR, who told me to take it out of my > >> > NS records, that DNS is supposed to be silently falling back and trying > >> > again? > >> > >> > >> The fact that they're rejecting on a 5xx error based on no DNS PTR is a > >> bit harsh. While I'm all for requiring all hosts to have valid PTR > >> records, there are times when transient or problem servers can cause a > >> DNS lookup failure or miss, etc. If anything they should be returning a > >> 4xx to have the remote host"try again later". > >> > >Robert, > > > > Sorry, they aren't giving a hard fail. Its a soft fail, so we'll > >retry. But after 5 days of retrying, my servers will give up. (And, in > >the mean time, the mail isn't getting through, so my users are without mail > >{We store/forward for them} I don't know if the down (hard) server will be > >back that soon (Its been 2 days as is). But the whole POINT of DNS is I have > >a 2nd one listed, and they don't seem to care. They are telling me that they > >want my "primary" one back up and running. > > > > Tuc/TBOH > > I know this is strange for nanog but if you actually stated the > IP addresses of the mail servers we could look to see if there > is a problem other than what you think the problem is. > > You havn't stated it here or on bind-users > > Mark > Hi, Just a note to let everyone know its all working again. I was escalated to someone else in RR and intelligent things came out of their mouth and its not an issue anymore. The initial responder at RR needs a clue, and the bind-users said I was doing something "moderately bad" at the same time. I'm working out a tactic to resolve my bent-clue issue. I hope to have that fixed in a week or so. RR is now accepting my mail despite my "bent clue" and one DNS server being down. Tuc/TBOH
Re: Why do we use facilities with EPO's?
> If they can be avoided, why do we put up with them? Do we really > want our colo in downtown San Francisco bad enough to take the risk > of having a single point of failure? How can we, as engineers, ask > questions about how many generators, how much fuel, and yet take > for granted that there is one button on the wall that makes it all > turn off? Is it simply that having colo in the middle of the city > is so convenient that it overrides the increased cost and the reduced > redundancy that are necessitated by that location? > You forgot the default "Single Point of Failure" in anything.. HUMANS. Tuc/TBOH
Re: ASN Name of the week
> www.1800gotjunk.com. They're all over Canada and the US (at the very > least). It's a very successful franchise operation. > > I don't know why they need an AS, but I can say they did a bang-up > job of hauling the detritus out of a condo I used to own after the > renter abandoned it. > Maybe they'll take away all your unwanted SPAM and DDOS attack traffic. :) Or maybe they are getting large enough that they'll be moving out of their colo centers and into one of their own, multi homed. I just multihomed my house and might apply for an ASN for it... :) (When is ASNV6 coming?) Tuc/TBOH
Re: San Francisco Power Outage
But as George mentions... Sh*t happens There are things you can't forsee, or maybe spend way too much engineering to overcome that 1 in a million "oops". I've been at Telehouse 25B a few times when the "I never expected something like that would happen" happened. (I remember two guys with VERY LONG screwdrivers poking a live transfer switch to get it to reset properly, and was told to step back 20 feet as thats how far they expected to get thrown if they did something wrong). (I also remember them resetting the switch, then TRIPPING it again just to make sure it could be reset again!) Tuc/TBOH > > > They should have generators running...I can't foresee any good > datacenter not having multiple generators to keep their customers > servers online with UPS. > > -Ray > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Adrian Chadd > Sent: Tuesday, July 24, 2007 7:54 PM > To: Seth Mattinen > Cc: nanog list > Subject: Re: San Francisco Power Outage > > > On Tue, Jul 24, 2007, Seth Mattinen wrote: > > > I have a question: does anyone seriously accept "oh, power trouble" as > a > > reason your servers went offline? Where's the generators? UPS? Testing > > > said combination of UPS and generators? What if it was important? I > > honestly find it hard to believe anyone runs a facility like that and > > people actually *pay* for it. > > > If you do accept this is a good reason for failure, why? > > Didn't you read? He paid extra for super-reliable power from his > electricity provider.. > > > > Adrian > >
Re: How should ISPs notify customers about Bots (Was Re: DNS Hijacking
> > I would imagine that if we're talking about "unsophisticated" users, > the majority of them have no idea what IRC is anyway -- most of them > are using AIM, or Yahoo! IM, or > Quite true. I do know of a small fraction, however, that when Yahoo stopped supporting the chats for their groups, that went over to a Java IRC client. Granted, they still don't know that its IRC, but they'll still end up running into something totally unexplained. Tuc/TBOH
Re: How to stop UltraDNS sales people calling
> > I have a very special voice mailbox assigned to a fictional person. Any > sales calls get transferred to it. No, I don't monitor it. :-) > Yes, he works here too... Devlin Nuhl Good old Dev Nuhl. There are things he is responsible for that even I can't handle. Tuc/TBOH
Re: Need help explaining in-addr.arpa to Limelight
Hi all, (And especially to those emailing privately, Joe Abley and Adam Rothschild... I never disappeared... ;) ) Yes, I've misspoke. Bad on me #1. You can subdomain IN-ADDR.ARPA. I understand that if you do more than just simply put NS records in, it can be done. The issue still stands though, that according to my latest dig +trace of it, I see : 185.28.69.in-addr.arpa. 86400 IN NS dns.iad.llns.net. 185.28.69.in-addr.arpa. 86400 IN NS dns.lax.llns.net. 185.28.69.in-addr.arpa. 86400 IN NS dns.lga.llns.net. 185.28.69.in-addr.arpa. 86400 IN NS dns.sjc.llns.net. ;; Received 138 bytes from 192.35.51.32#53(dill.ARIN.NET) in 2880 ms 185.28.69.in-addr.arpa. 7200IN SOA ns8.zoneedit.com. soacontact.zoneedit.com. 1115928761 14400 7200 950400 7200 ;; Received 105 bytes from 69.28.156.99#53(dns.iad.llns.net) in 970 ms Which still is wrong I believe. If nothing else, it should point to the ns13 and ns8 servers at zoneedit.com . Jeroen said he saw : ;; ANSWER SECTION: 185.28.69.in-addr.arpa. 7200IN NS ns13.zoneedit.com. 185.28.69.in-addr.arpa. 7200IN NS ns8.zoneedit.com. from a dig, but I'm not sure how. And yes, I'm using zoneedit for diversity for this reverse. As for my bad #2, I incorrectly used SWIP. I guess I should have said that if you do : whois -h rwhois.llnw.net -p 4321 69.28.185.1 It shows up as that I am the contact for that. Howerver, it still remains that after telling them twice EXACTLY what to do, it seems like they are still wrong. I would think I'd need to see something like what WCG did for me for another subnet : 164.193.64.in-addr.arpa. 86400 IN NS ns8.zoneedit.com. 164.193.64.in-addr.arpa. 86400 IN NS ns13.zoneedit.com. ;; Received 126 bytes from 64.200.255.12#53(tuldns1.wcg.net) in 1030 ms Am I still wrong, or are they? Thanks, Tuc
Need help explaining in-addr.arpa to Limelight
Hi, I seem to be having a problem. Limelight has SWIP'd 69.28.185.0/24 to me, and I asked for IN-ADDR.ARPA control. I recently went to check and it seemed not to be working right. I sent them an email around 11p Eastern Sunday nite asking it to be fixed. I even included a reference to a web page on how to delegate in-addr.arpa. I received the following back : "This is done, but you will need to rename the zone on your end to: tboh.185.28.69.in-addr.arpa." Is there someone out there that might be able to help me explain this to the techs there. That you can't "subdomain" an in-addr.arpa like you do a domain name? Thanks, Tuc/TBOH
Re: latest variety of Nigeria scam
Maybe you should check your word of hearsay on what a country of over 150 mill people largest industry is before posting. Wouldn't this mean the possibility of getting a few hundreds of spam weekly? Scam is big in Nigeria but a lot of other things such as natural resources are bigger regardless of what the economy status is. getting off list topics here so please lets move on. Olu Scott Granados wrote: Just a note:) I heard this the other day. Did you know scams are the third largest Industry in Nigeria. I guess people sit in public places with access and send these out hoping to get bank account numbers. Funny:) - Original Message - From: "William B. Norton" <[EMAIL PROTECTED]> To: "hostmaster" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, December 06, 2002 5:15 PM Subject: Re: latest variety of Nigeria scam Just curious...Why post this - is there something unique here? I've been collecting these for years now, kinda like collecting insects. Currently I have about 120 variants from Princesses, widows, Prime Ministers, Ambassadors, and sons of deposed Kings, each with millions to give me. This looks like a plain old vanilla variety that we've all seen. Seems similar to spammers in terms of problem profile. A systematic approach is probably the right way to address it. (Please don't start a Spam thread here.) Bill At 12:50 AM 12/7/2002 +0100, hostmaster wrote: For those of you interested in the latest variety of the Nigeria -scam... it came straight from 217.78.73.1 SIOTEL NIGERIA LIMITED 217.78.73.5 SIOTEL NIGERIA LIMITED 217.78.73.160 SIOTEL NIGERIA LIMITED And for law enforcement in The Netherlands, this hopefully will lead you to something. best Bert === Dear x , WELTLOTTO-FIRMA WORLDLOTTO 41132, NL-1007 DB AMSTERDAM, THE NETHERLANDS. FROM: THE DESK OF THE DIRECTOR PROMOTIONS, INTERNATIONAL PROMOTIONS/PRIZE AWARD DEPARTMENT, REF: WFL/67-C337209635 ATTENTION ENTRANT: AWARD NOTIFICATION; FINAL NOTICE We are pleased to inform you of the announcement today, 13TH November 2002,of winners of the WELTLOTTO-FIRMA WORLDLOTTO/INTERNATIONAL PROGRAMS held on the 8TH OCTOBER, 2002. Your company, attached to ticket number 013-2316-2002-477, with serial number A025-09 drew the lucky numbers 37-13-34-85-56-42, and consequently won in category C. You have therefore been approved for a lump sum pay out of US$1,500,000.00 in cash credited to file REF NO. REF: WFL/67-C337209635. This is from total prize money of US$22,500,000.00 shared among the fifteen international winners in the category C. All participants were selected through a computer ballot system drawn from 30,000 names from Australia, New Zealand, America, Asia, Europe and North America as part our International Promotions Program, which is conducted annually. CONGRATULATIONS! Your fund is now deposited with a Finance and Security House insured in your name. Due to the mix up of some numbers and names, we ask that you keep this award strictly from public notice until your claim has been processed and your money remitted to your account. This is part of our security protocol to avoid double claiming or unscrupulous acts by participants of this program. We hope with a part of you prize, you will participate in our end of year high stakes US$1.3 billion International lotto. To collect your claim, please contact your claims officer immediately: MAXWELL FRIEDEL, FOREIGN SERVICE MANAGER, EUROSECURITIES NL, FAX : 31 205248020 EMAIL : [EMAIL PROTECTED] WEB URL : http:/www.eurosecurities-bv.com For due processing and remittance of your prize money to a designated account of your choice. Remember, you must contact your claims officer not later than DECEMBER 17TH, 2002. After this date, all funds will be returned as Unclaimed. NOTE: In order to avoid unnecessary delays and complications, please remember to quote your reference number in every one of your correspondences with your claims officer. Furthermore,should there be any change of your address, do inform your claims officer as soon as possible. ___ _ _ **NB** QUOTE YOUR REFERENCE NUMBER AS THE SUBJECT OF YOUR MAIL, AND ATTACH THIS ONE WHEN YOU MAIL YOUR CLAIMS AGENT TO EXPEDITE YOUR CLAIM AND AVOID SERIOUS DELAYS. ___ _ _ Congratulations again from all our staff and thank you for being part of our promotions program. Sincerely, THE DIRECTOR PROMOTIONS, WELT LOTTO FIRMA BV. www.weltlottofirma.s5.com N.B. Any breach of confidentiality on the part of the winners will result in disqualification. Please do not reply this e-mail.
Re: UUNET is not the Internet (and neither is AOL)
Hi there, What really confuses the heck out of me is that a company this size can't control/monitor their change management??. Then again not having all the facts has had everyone perplexed. later, vicky At 07:38 PM 10/5/2002 -0400, you wrote: >On Sat, 5 Oct 2002, Tim Thorne wrote: > > After reading all the stories about what supposedly happened does > > anyone know what really happened? Did UUNet US really do an IOS > > upgrade on a sizable proportion of their border routers in one go? > > This seems like suicide to me. What possible reason could there be for > > a network-wide roll out of an untested IOS apart from being in the > > mire already? > >Corporate culture is the hardest thing to change in a company. You'll need >to talk with your Worldcom account rep about what happened, and what >Worldcom intends to do about it. In the past, Worldcom has not been very >open or transparent when it has had network problems.