Re: news from Google

2009-12-05 Thread Chris Hills 
On 04/12/09 19:25, Christopher Morrow wrote:
> one note: OpenDNS is not the only 'competitor' here just one of
> the better obviously known ones.
> 
> ie:
> 4.2.2.2  L(3)
> 198.6.1.1/2/3/4/5/122/142/146/195 ex-UU
> Neustar (can't recall ips, sorry)

I maintain a list here [1], many of which are reachable with IPv6.

[1] http://www.chaz6.com/files/resolv.conf



signature.asc
Description: OpenPGP digital signature

AW: AW: SPF Configurations

2009-12-05 Thread Andre Engel 
John,

> -Ursprüngliche Nachricht-
> Von: John R. Levine [mailto:jo...@iecc.com]
> Gesendet: Samstag, 5. Dezember 2009 01:54
> An: Andre Engel
> Cc: nanog@nanog.org
> Betreff: Re: AW: SPF Configurations
> 
> >> Right.  The only major mail system that pays attention to SPF is
> >> Hotmail, but there are enough small poorly run MTAs that use it that
> >> an SPF record which lists your outbounds and ~all (not -all) can be
> >> marginally useful to avoid bogus rejections of your mail.
> >
> > For example :
> > [ various large ISPs that publish SPF ]
> 
> Perhaps this is a language problem.  In English, "publishes" is not a
> synonym for "pays attention to."  As I said, you need to publish SPF
> to get mail into Hotmail.  That's why people do it.

As I said im almost german :-)
  
Some major providers ,1&1 for example, assigned their customers the
"responsibility" to "pay attention on SPF" for getting mails into their
boxes.(decision between suspicious or not)   

> > I know there is a problem so far with forwarded emails but there is
> also a
> > solution :
> > [ hoary SRS proposal to change every SMTP server in the world to make
> them
> > match what SPF does ]
> 
> Sigh.

I do not want to change every SMTP servers in the world. I just gonna show
an useful option .-)

> > Every time a mail arrives that is an SRS address the password and
> timestamp
> > could be checked, and faked or outdated recipients could be rejected.
> 
> You might want to look at BATV, which has nothing to do with SPF, but
> I have found is quite useful for recognizing spam blowback.


Sure ! For instance If your are providing an mail cluster for your customer
bills, a newsletter server or a cooperated
mail cluster and you know that you are sending emails only to receivers
email boxes BATV is indeed a awesome tool.
 
But if you are performing a shared mail cluster for your webhosting or your
Dial in customers which are using for instance some special kinds of mailing
lists maybe you need a additional solution.

>From a reputation perspective Id like the idea to combine a set of anti spam
tools if it is useful.
Indeed MAAWG is not "the badest place" to learn about.


> R's,
> John
> 
> PS:
> 
> > This message (including any attachments) is the property of FHE3 and
> may
> > contain confidential or privileged information. Unauthorized use of
> this
> > communication is strictly prohibited and may be unlawful. If you have
> > received this communication in error, please immediately notify the
> sender
> > by reply e-mail and destroy all copies of the communication and any
> > attachments.
> 
> Our policy is to send messages with confidentiality notices to all of
> your competitors.

Sure! Im here to learn *** .-)


Cheers

Andre 



 --
Andre Engel

Consulting Program Director, 
Email and Cyber Intelligence Services"..no space left on the
device/Kein Weltraum links auf dem Gerät"


FHE3 GmbHP: +49 721 869  5907
Scheffelstr. 17a M: +49 160 962 44476 
76135 Karlsruhe


andre.en...@fhe3.com
http://www.fhe3.com/

Amtsgericht Mannheim, HRB 702495
Umsatzsteuer-Ident: DE254677931
Geschäftsführer: Peter Eisenhauer, Michael Feger, Dimitrij Hilt

***
This email is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE ,...

Re: news from Google

2009-12-05 Thread Henry Linneweh 
I think this article best articulates what is going on with Google DNS

http://www.pcmag.com/article2/0,2817,2356703,00.asp

most people are not going to reconfigure their routers to use gdns 
as a secondary dns

-henry





From: Chris Hills 
To: nanog@nanog.org
Sent: Sat, December 5, 2009 5:21:24 AM
Subject: Re: news from Google

On 04/12/09 19:25, Christopher Morrow wrote:
> one note: OpenDNS is not the only 'competitor' here. just one of
> the better obviously known ones.
> 
> ie:
> 4.2.2.2  L(3)
> 198.6.1.1/2/3/4/5/122/142/146/195 ex-UU
> Neustar (can't recall ips, sorry)

I maintain a list here [1], many of which are reachable with IPv6.

[1] http://www.chaz6.com/files/resolv.conf

ASA5580-20 with IOS software

2009-12-05 Thread frogmanclay 
Does anyone have experience using an ASA5580-20 with IOS software? On top  
of that, using it as a headend for an Easy VPN solution? I am trying to  
figure out how many sites it can safely support, also are there any major  
problems with it? All of the documentation on Cisco's site only talks about  
using it with ASA software, but then it only supports Legacy Easy VPN and  
not Enhanced Easy VPN. In order to support Enhanced you have to run IOS.


Thanks for your time,
Clay

Re: ASA5580-20 with IOS software

2009-12-05 Thread Łukasz Bromirski 

On 2009-12-06 02:42, frogmanc...@gmail.com wrote:

Does anyone have experience using an ASA5580-20 with IOS software? On
top of that, using it as a headend for an Easy VPN solution? I am trying
to figure out how many sites it can safely support, also are there any
major problems with it? All of the documentation on Cisco's site only
talks about using it with ASA software, but then it only supports Legacy
Easy VPN and not Enhanced Easy VPN. In order to support Enhanced you
have to run IOS.


ASA doesn't run IOS, it runs ASA OS/PIX OS, so there's no selection
to choose from. Ask this question again on cisco-nsp@, this isn't
a 'product/vendor selection list'.

--
"Everything will be okay in the end. |  Łukasz Bromirski
 If it's not okay, it's not the end. |   http://lukasz.bromirski.net