Re: Is Hotmail in the habit of ignoring MX records?

[Jimmy Hess]

On 7/30/12, valdis.kletni...@vt.edu  wrote:
> On Mon, 30 Jul 2012 10:07:37 -1000, William Herrin said:
> The Internet uses DNS.  You use some other scheme at your own peril,

Aside from that RFC974 [Page 3] gives mailers significant leeway in
deciding how to handle errors:

"  Mailers are expected to do something reasonable in the face of an
error.  The behaviour for each type of error is not specified here,
but implementors should note that different types of errors should
probably be treated differently.  "

Attempting to find another path for an apparently unroutable message
(all MX offline) is not entirely out of the question.   You may not
assume that such measures will not be attempted,  if  anyone could
consider it a 'reasonable' error handling procedure.


I will echo that;  go back to the robustness principal of being
liberal in what you accept  You should either  not listen on port
25,   or  you should  not  create that A record  pointing to a mail
server that won't actually accept mail.

When  "yourdomain.example.com"   has an A record,   all the services
listening on that address are services for the domain.

"Relay not allowed"  to the same domain  may be considered
nonsensical,  and a mailer converting its error recovery attempt into
a permanent error at that point,  may be reasoned.

--
-JH

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[Allen McKinley Kitchen (gmail)]

On Jul 30, 2012, at 15:04, joel jaeggli  wrote:

> On 7/30/12 10:57 AM, Steven Noble wrote:
>> The fix for this issue is trivial. Every new signup ...

> Most of the subscribers to the mailing list never post.
> 
>> 

+1 (from an inveterate but VERY appreciative lurker)

..Allen

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[Mark Gauvin]

On list spam has been minimal but off list cold call type emails have  
been mounting for several months

Sent from my iPhone

On 2012-07-30, at 5:29 PM, "Brian Dickson"  wrote:

>>
>> As a quick update, we've implemented some list settings last week  
>> to help
>> to
>>
>> keep spam off the list.  New subscribers are moderated until we're
>> comfortable
>> with their posts.  We rejected the idea of keyword based message  
>> filtering
>> since not only is a lot of work to maintain, it's trivial to get  
>> around it
>> if
>> you really want to post banned words.
>> Comments and suggestions are welcome.
>> Matt Griswold, on behalf of the NANOG Communications Committee
>>
>> I've always liked the idea found in xkcd.com/810 ;-).
>
> Brian

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[Brian Dickson]

>
> As a quick update, we've implemented some list settings last week to help
> to
>
> keep spam off the list.  New subscribers are moderated until we're
> comfortable
> with their posts.  We rejected the idea of keyword based message filtering
> since not only is a lot of work to maintain, it's trivial to get around it
> if
> you really want to post banned words.
> Comments and suggestions are welcome.
> Matt Griswold, on behalf of the NANOG Communications Committee
>
> I've always liked the idea found in xkcd.com/810 ;-).

Brian

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[Patrick W. Gilmore]

On Jul 30, 2012, at 16:35 , Jay Ashworth  wrote:

>> thanks MLC or whatever it calls itself this week
> 
> C'mon, Randy; It's been called that since it kicked me off 7 years ago.  :-)

Except, of course, it has been called the Communications Committee for a while 
now.  (The change was made because the committee took responsibility for more 
than just the mailing list.)

But 1 change in 7 years made years ago does not, IMHO, merit a "whatever it 
calls itself this week" snark.

-- 
TTFN,
patrick

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[Jay Ashworth]

- Original Message -
> From: "Randy Bush" 

> thanks MLC or whatever it calls itself this week

C'mon, Randy; It's been called that since it kicked me off 7 years ago.  :-)

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   +1 727 647 1274

Re: Is Hotmail in the habit of ignoring MX records?

[valdis . kletnieks]

On Mon, 30 Jul 2012 10:07:37 -1000, William Herrin said:

> If you can reference where in the SMTP RFC it offers an authoritative
> explanation what to do when merging results from various naming
> systems where one but not all of the naming systems has generated an
> error then let's read it.

RFC5321, section 5.1 is pretty clear on it:

5.1.  Locating the Target Host

   Once an SMTP client lexically identifies a domain to which mail will
   be delivered for processing (as described in Sections 2.3.5 and 3.6),
   a DNS lookup MUST be performed to resolve the domain name (RFC 1035
   [2]).  The names are expected to be fully-qualified domain names
   (FQDNs): mechanisms for inferring FQDNs from partial names or local
   aliases are outside of this specification.

The Internet uses DNS.  You use some other scheme at your own peril,
and probably shouldn't expect said other scheme to work outside the
range of your administrative control.


pgplG4P9rnSbz.pgp
Description: PGP signature

Re: Is Hotmail in the habit of ignoring MX records?

[William Herrin]

On Mon, Jul 30, 2012 at 7:03 AM, Mark Andrews  wrote:
> In message 
> , William 
> Herrin writes:
>> What *should* happen here is that the guy's web server should reject
>> the port 25 connection (an SMTP soft fail condition) and on the next
>> retry hotmail should find the MX record and follow it.
>
> No.  It is perfectly legal for A to accept mail for B, B for C, C
> for D and D for A with all mail being delivered to a host with a
> different name than the mail domain.  It is not and never has been
> correct processing to lookup addresses records for a domain if the
> MX lookup fails.  nodata/nxdomain are not failures.

Hi Mark,

If you can reference where in the SMTP RFC it offers an authoritative
explanation what to do when merging results from various naming
systems where one but not all of the naming systems has generated an
error then let's read it. If not... your common sense says one thing,
mine says another and folks implementing mail systems should be aware
the implications.

Until then, my view is that a lookup failure when seeking an MX record
should only block the MTA from seeking an address record in the DNS.
It should still seek an address record in higher priority naming
systems and use it if it finds one. If correct, and I think it is,
that's a pretty subtle thing to program for... something easily gotten
wrong.

Regards,
Bill Herrin


-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: 
Falls Church, VA 22042-3004

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[joel jaeggli]

On 7/30/12 10:57 AM, Steven Noble wrote:

The fix for this issue is trivial. Every new signup should require a sponsor or 
a deposit of funds into a new member fund. Once a member has made a relevant 
post regarding a NANOG related item their funds are returned.

If someone spams they forfeit the money and it is used to help defray the costs 
of attending NANOG for the 99%.

If the poster has been sponsored by a current member, said member is flogged in 
public at the next meeting.

Most of the subscribers to the mailing list never post.


...runs

Sent from my iPhone

On Jul 30, 2012, at 10:42 AM, "Patrick W. Gilmore"  wrote:


I'm sorry Panashe is upset by this rule.  Interestingly, "Your search - Panashe 
Flack nanog - did not match any documents."  So my guess is that a post from that 
account has not happened before, meaning the post was moderated yet still made it through.

Has anyone done a data mining experiment to see how many posts a month are from 
"new" members?  My guess is it is a trivial percentage.

--
TTFN,
patrick


On Jul 30, 2012, at 13:35 , valdis.kletni...@vt.edu wrote:

On Mon, 30 Jul 2012 21:04:36 +0200, Panashe Flack said:

list for continued activity. And just for reference - have you guys
SEEN the "Linux Kernel Mailing List"? - it gets frequent spam posts
and yet is perfectly able to ignore the spam/irrelevant posts and
continue on its remit.

For those who don't drink from the Linux-Kernel firehose, it averages
1 or 2 spams per day - and anywhere from 500 to 700 postings a day.

As Linus Torvalds said, back when it was averaging 200 a day:

"Note that nobody reads every post in linux-kernel.   In fact, nobody who
expects to have time left over to actually do any real kernel work will
read even half.  Except Alan Cox, but he's actually not human, but about
a thousand gnomes working in under-ground caves in Swansea.  None of the
individual gnomes read all the postings either,  they just work together
really well."

The list managers do an incredible job of stopping spam - but even if
50 or 75 a day got through, they'd just be lost in the noise.   You're skipping
several hundred messages a day, skipping a few more isn't any different.

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[rgolodner]

  I as well think some temporary moderation is a good idea.
  It would have been nice to think we were all mature enough to have 
ignored such spew. I will continue to have faith and wish the moderators a very 
light work load.
Richard Golodner
--Original Message--
From: Randy Bush
To: Etaoin Shrdlu
Cc: nanog@nanog.org
Subject: Re: Update from the NANOG Communications Committee regarding recent 
off-topic posts
Sent: Jul 30, 2012 13:15

> I applaud this change.



thanks MLC or whatever it calls itself this week

randy



Sent via BlackBerry from T-Mobile

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[Randy Bush]

> I applaud this change.



thanks MLC or whatever it calls itself this week

randy

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[Steven Noble]

The fix for this issue is trivial. Every new signup should require a sponsor or 
a deposit of funds into a new member fund. Once a member has made a relevant 
post regarding a NANOG related item their funds are returned.

If someone spams they forfeit the money and it is used to help defray the costs 
of attending NANOG for the 99%. 

If the poster has been sponsored by a current member, said member is flogged in 
public at the next meeting. 

...runs

Sent from my iPhone

On Jul 30, 2012, at 10:42 AM, "Patrick W. Gilmore"  wrote:

> I'm sorry Panashe is upset by this rule.  Interestingly, "Your search - 
> Panashe Flack nanog - did not match any documents."  So my guess is that a 
> post from that account has not happened before, meaning the post was 
> moderated yet still made it through.
> 
> Has anyone done a data mining experiment to see how many posts a month are 
> from "new" members?  My guess is it is a trivial percentage.
> 
> -- 
> TTFN,
> patrick
> 
> 
> On Jul 30, 2012, at 13:35 , valdis.kletni...@vt.edu wrote:
>> On Mon, 30 Jul 2012 21:04:36 +0200, Panashe Flack said:
>>> list for continued activity. And just for reference - have you guys
>>> SEEN the "Linux Kernel Mailing List"? - it gets frequent spam posts
>>> and yet is perfectly able to ignore the spam/irrelevant posts and
>>> continue on its remit.
>> 
>> For those who don't drink from the Linux-Kernel firehose, it averages
>> 1 or 2 spams per day - and anywhere from 500 to 700 postings a day.
>> 
>> As Linus Torvalds said, back when it was averaging 200 a day:
>> 
>> "Note that nobody reads every post in linux-kernel.   In fact, nobody who
>> expects to have time left over to actually do any real kernel work will
>> read even half.  Except Alan Cox, but he's actually not human, but about
>> a thousand gnomes working in under-ground caves in Swansea.  None of the
>> individual gnomes read all the postings either,  they just work together
>> really well."
>> 
>> The list managers do an incredible job of stopping spam - but even if
>> 50 or 75 a day got through, they'd just be lost in the noise.   You're 
>> skipping
>> several hundred messages a day, skipping a few more isn't any different.
>> 
> 
> 

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[Etaoin Shrdlu]

On 7/30/2012 12:04 PM, Panashe Flack wrote:

As a quick update, we've implemented some list settings last week to help to
keep spam off the list.  New subscribers are moderated until we're comfortable
with their posts...



I dislike this change - how long are subscribers considered "new"?


I applaud this change. If I still traveled, I'd show up to the next 
NANOG, and buy the committee a beer. Instead, I send them my thanks.


I run a couple of mailing lists, and every once in a while, someone will 
subscribe and set off my cynicism meter. I hit the moderate button on 
the new account, and sad to say, I've only been wrong to do so once, out 
of the last ten times I did it.


Thanks again.

--
"My name is Ozymandias, king of kings:
Look on my works, ye Mighty, and despair!"
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare
The lone and level sands stretch far away.

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[Patrick W. Gilmore]

I'm sorry Panashe is upset by this rule.  Interestingly, "Your search - Panashe 
Flack nanog - did not match any documents."  So my guess is that a post from 
that account has not happened before, meaning the post was moderated yet still 
made it through.

Has anyone done a data mining experiment to see how many posts a month are from 
"new" members?  My guess is it is a trivial percentage.

-- 
TTFN,
patrick


On Jul 30, 2012, at 13:35 , valdis.kletni...@vt.edu wrote:
> On Mon, 30 Jul 2012 21:04:36 +0200, Panashe Flack said:
>> list for continued activity. And just for reference - have you guys
>> SEEN the "Linux Kernel Mailing List"? - it gets frequent spam posts
>> and yet is perfectly able to ignore the spam/irrelevant posts and
>> continue on its remit.
> 
> For those who don't drink from the Linux-Kernel firehose, it averages
> 1 or 2 spams per day - and anywhere from 500 to 700 postings a day.
> 
> As Linus Torvalds said, back when it was averaging 200 a day:
> 
> "Note that nobody reads every post in linux-kernel.   In fact, nobody who
> expects to have time left over to actually do any real kernel work will
> read even half.  Except Alan Cox, but he's actually not human, but about
> a thousand gnomes working in under-ground caves in Swansea.  None of the
> individual gnomes read all the postings either,  they just work together
> really well."
> 
> The list managers do an incredible job of stopping spam - but even if
> 50 or 75 a day got through, they'd just be lost in the noise.   You're 
> skipping
> several hundred messages a day, skipping a few more isn't any different.
> 

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[valdis . kletnieks]

On Mon, 30 Jul 2012 21:04:36 +0200, Panashe Flack said:
> list for continued activity. And just for reference - have you guys
> SEEN the "Linux Kernel Mailing List"? - it gets frequent spam posts
> and yet is perfectly able to ignore the spam/irrelevant posts and
> continue on its remit.

For those who don't drink from the Linux-Kernel firehose, it averages
1 or 2 spams per day - and anywhere from 500 to 700 postings a day.

As Linus Torvalds said, back when it was averaging 200 a day:

"Note that nobody reads every post in linux-kernel.   In fact, nobody who
 expects to have time left over to actually do any real kernel work will
 read even half.  Except Alan Cox, but he's actually not human, but about
 a thousand gnomes working in under-ground caves in Swansea.  None of the
 individual gnomes read all the postings either,  they just work together
 really well."

The list managers do an incredible job of stopping spam - but even if
50 or 75 a day got through, they'd just be lost in the noise.   You're skipping
several hundred messages a day, skipping a few more isn't any different.



pgpzDuIKB14qt.pgp
Description: PGP signature

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

[Panashe Flack]

> As a quick update, we've implemented some list settings last week to help to 
> keep spam off the list.  New subscribers are moderated until we're 
> comfortable 
> with their posts.  We rejected the idea of keyword based message filtering
> since not only is a lot of work to maintain, it's trivial to get around it if
> you really want to post banned words.
> 
> Comments and suggestions are welcome.
> 
> 
> Matt Griswold, on behalf of the NANOG Communications Committee
> 

I dislike this change - how long are subscribers considered "new"? I 
believe (and I hope I'm wrong) that with this new rule the nanog 
maiing list will turn into another fulldisc (list activity greatly 
reduced) by this change. Before this change I had thought of nanog as 
the new fulldisc - I guess I will have to find yet ANOTHER mailing 
list for continued activity. And just for reference - have you guys 
SEEN the "Linux Kernel Mailing List"? - it gets frequent spam posts 
and yet is perfectly able to ignore the spam/irrelevant posts and 
continue on its remit.

Re: Is Hotmail in the habit of ignoring MX records?

[Mark Andrews]

In message 
, William 
Herrin writes:
> On Thu, Jul 26, 2012 at 10:45 PM, Mark Andrews  wrote:
> > In message , Michael J Wise 
> > writ
> > es:
> >> And maybe an endless loop for an MX lookup might be what is causing =
> >> hotmail to panic and throw out the MX records.
> >
> > You don't lookup MX records for MX targets.  This is basic MTA
> > processing.
> 
> Correct. An MX record points to a label containing one or more address
> records. It does not chain. In principle the MX record could point to
> a CNAME record which then chains until it reaches an address record
> but I wouldn't depend on such a configuration working correctly. Ditto
> the MX lookup fetching a CNAME which chains until it reaches a label
> with an MX record.
> 
> > You don't depend on ALL (ANY) returning MX records as they may not
> > be in the cache.  You need to make a explict MX query you get no
> > MX records are returned in response to a ALL query.
> 
> Also correct.
> 
> > If the MX lookup fails, as apposed to returns nodata, you don't
> > lookup the A/ records and synthesis a MX record.  You treat it
> > as a soft error and queue for retry later.  Again this is basic MTA
> > processing.
> 
> Maybe. In principle this is correct but as you wander through various
> bits of software in the name lookup process (which often consults more
> than just the DNS -- even today DNS isn't the only game in town) it's
> pretty easy to lose track of the difference between lookup failure and
> success:no data.

But it is the only ones that returns MX records.  If that step
errors you need to retry later.  If you get NXDOMAIN you go onto
other address sources.

> Think about it... how is the MTA to respond if the primary lookup
> reports success:no data (e.g. /etc/hosts) but a second tier lookup
> (e.g. DNS) reports lookup failure? What if DNS is third tier and the
> second tier is some kind of CIFS or NIS lookup which fails?

MX records can't be lookup up in /etc/hosts or in CIFS / NIS.  You
only look for address records *after* the MX lookup fails.

> Or reports
> success:no data. Or the DNS gets translated through a middleman (like
> NIS) which doesn't preserve the difference between fail and success no
> data. Does the whole lookup fail because part did? Gets ambiguous.
> 
> Further, falling back to the address lookup in the absence of MX
> records is correct behavior for an MTA.

The key words above are "in the absence".  Until you have determined
that they are absent you don't fall back.

> What *should* happen here is that the guy's web server should reject
> the port 25 connection (an SMTP soft fail condition) and on the next
> retry hotmail should find the MX record and follow it.

No.  It is perfectly legal for A to accept mail for B, B for C, C
for D and D for A with all mail being delivered to a host with a
different name than the mail domain.  It is not and never has been
correct processing to lookup addresses records for a domain if the
MX lookup fails.  nodata/nxdomain are not failures.

> Either way, I think I'd have to consider this -advanced- MTA
> processing. You have to really know your stuff to get this one right.

No.  This is the behaviour you get with a MX oblivious MTA.

> Regards,
> Bill Herrin
>
>
>
> --
> William D. Herrin  her...@dirtside.com  b...@herrin.us
> 3005 Crane Dr. .. Web: 
> Falls Church, VA 22042-3004
-- 
Mark Andrews, ISC 1 Seymour St., Dundas
Valley, NSW 2117, Australia PHONE: +61 2 9871 4742
INTERNET: ma...@isc.org

Global Crossing SJC Issues

[James Laszko]

Does anyone have any information on a "network outage" with Global Crossing in 
the San Jose area?  We've got hundreds of customers that use 8x8 VOIP services 
and they're all down.  All the Global Crossing routes to 8x8 have vanished and 
the routes left are with Internap and don't appear to go anywhere...  Curious 
if anyone has any information.


Thanks!


James Laszko
Mythos Technology Inc
jam...@mythostech.com