Re: IP-Echelon Compliance

2015-10-14 Thread Valdis . Kletnieks 
On Wed, 14 Oct 2015 14:20:39 +0200, Randy Bush said:
> >> http://www.procmail.org/
> > I wouldn't necessarily recommend that approach.  There is no
> > obligation for victims of spammers to continue providing Internet
> > services to them, including SMTP services.
>
> computers are cheap.  my time is finite and i value it highly.  what is
> the minimal action i can take to see that idiots do not take my time?

I suppose it would be bad form to suggest hiring somebody from  with a Louisville Slugger to perform percussive maintenance on
the offending party?



pgpJJTA8UF7Sr.pgp
Description: PGP signature

Re: IP-Echelon Compliance

2015-10-14 Thread George Herbert 

You guys aren't devious enough.

These guys are in violation of CAN-SPAM.  To the tune of exceeding the 
statutory maximum $1,000,000 per ISP last *month* for some of you, much less in 
the statute of limitations period.  You could probably point to refusal to 
remove as justifying the triple damages claim.

Everyone on this list just earned your companies $3 million.

Call your attorneys.


George William Herbert
Sent from my iPhone

On Oct 14, 2015, at 5:20 AM, Randy Bush  wrote:

>>> http://www.procmail.org/
>> I wouldn't necessarily recommend that approach.  There is no
>> obligation for victims of spammers to continue providing Internet
>> services to them, including SMTP services.
> 
> computers are cheap.  my time is finite and i value it highly.  what is
> the minimal action i can take to see that idiots do not take my time?
> 
> randy

Re: IP-Echelon Compliance

2015-10-14 Thread Mike Hammett 
Some people here just strive to be dicks... 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 



Midwest Internet Exchange 
http://www.midwest-ix.com 


- Original Message -

From: "George Herbert"  
To: "Randy Bush"  
Cc: "North American Network Operators' Group" , "Rich 
Kulawiec"  
Sent: Wednesday, October 14, 2015 1:19:00 PM 
Subject: Re: IP-Echelon Compliance 


You guys aren't devious enough. 

These guys are in violation of CAN-SPAM. To the tune of exceeding the statutory 
maximum $1,000,000 per ISP last *month* for some of you, much less in the 
statute of limitations period. You could probably point to refusal to remove as 
justifying the triple damages claim. 

Everyone on this list just earned your companies $3 million. 

Call your attorneys. 


George William Herbert 
Sent from my iPhone 

On Oct 14, 2015, at 5:20 AM, Randy Bush  wrote: 

>>> http://www.procmail.org/ 
>> I wouldn't necessarily recommend that approach. There is no 
>> obligation for victims of spammers to continue providing Internet 
>> services to them, including SMTP services. 
> 
> computers are cheap. my time is finite and i value it highly. what is 
> the minimal action i can take to see that idiots do not take my time? 
> 
> randy

Re: IP-Echelon Compliance

2015-10-14 Thread Christopher Morrow 
looks like ip-echelon's MX's are:
67.43.171.100 - 67.43.171.96/27
67.43.165.163 - 67.43.165.160/27
203.122.134.3 - 122-134-3.dsl.connexus.net.au. ?

you could presumably just iptables away (or postfix reject) from
those, and then there's this:

;; ANSWER SECTION:
ip-echelon.com. 300 IN  TXT "v=spf1
include:mailgun.org ~all"
ip-echelon.com. 300 IN  TXT "v=spf1
include:mail.zendesk.com ?all"
ip-echelon.com. 300 IN  TXT "v=spf1
ptr:ip-echelon.com ip4:67.43.171.96/27 ip4:67.43.165.160/27
ip4:203.122.134.0/28 include:_spf.google.com ~all"
ip-echelon.com. 300 IN  TXT "MS=ms85153493"

joy. messy :(


On Wed, Oct 14, 2015 at 10:36 AM,   wrote:
> On Wed, 14 Oct 2015 14:20:39 +0200, Randy Bush said:
>> >> http://www.procmail.org/
>> > I wouldn't necessarily recommend that approach.  There is no
>> > obligation for victims of spammers to continue providing Internet
>> > services to them, including SMTP services.
>>
>> computers are cheap.  my time is finite and i value it highly.  what is
>> the minimal action i can take to see that idiots do not take my time?
>
> I suppose it would be bad form to suggest hiring somebody from  favorite
> crime cartel> with a Louisville Slugger to perform percussive maintenance on
> the offending party?
>

Fw: important message

2015-10-14 Thread Alberta Prieto via NANOG 
Hello!

 

Important message, please read 

 

Alberta Prieto

Re: IP-Echelon Compliance

2015-10-14 Thread Matthias Leisi 
> 
> Am 14.10.2015 um 18:49 schrieb Christopher Morrow :
> 
> looks like ip-echelon's MX's are:
> 67.43.171.100 - 67.43.171.96/27
> 67.43.165.163 - 67.43.165.160/27
> 203.122.134.3 - 122-134-3.dsl.connexus.net.au. ?

In or near these ranges, I see

67.43.171.121 (monthly magnitude 5.5)
67.43.165.164 (same monthly magnitude)

These two IPs also have roughly equivalent magnitude histories over the past 
six months. (Magnitude: mag 10 = „all email in the world as observed in this 
particular system“, magnitude 5.5 is already pretty big, but may be vastly 
different depending on the recipient)

— Matthias



smime.p7s
Description: S/MIME cryptographic signature

Re: IP-Echelon Compliance

2015-10-14 Thread Andrew Kirch 
Minimal? Probably 22LR.  I prefer 458SOCOM though.  As Bob Evans notes,
there may be some waiting periods, serial numbers, and background checks
involved.  :)

On Wed, Oct 14, 2015 at 8:20 AM, Randy Bush  wrote:

> >> http://www.procmail.org/
> > I wouldn't necessarily recommend that approach.  There is no
> > obligation for victims of spammers to continue providing Internet
> > services to them, including SMTP services.
>
> computers are cheap.  my time is finite and i value it highly.  what is
> the minimal action i can take to see that idiots do not take my time?
>
> randy
>

Re: IP-Echelon Compliance

2015-10-14 Thread Christopher Morrow 
pretty certain that the list ought not be pushing for bodily harm to
individuals...
it's fair to say: "trash all their mail" or "block their mailservers
at the edge"

but calling out hits .. not cool.

On Wed, Oct 14, 2015 at 4:43 PM, Andrew Kirch  wrote:
> Minimal? Probably 22LR.  I prefer 458SOCOM though.  As Bob Evans notes,
> there may be some waiting periods, serial numbers, and background checks
> involved.  :)
>
> On Wed, Oct 14, 2015 at 8:20 AM, Randy Bush  wrote:
>
>> >> http://www.procmail.org/
>> > I wouldn't necessarily recommend that approach.  There is no
>> > obligation for victims of spammers to continue providing Internet
>> > services to them, including SMTP services.
>>
>> computers are cheap.  my time is finite and i value it highly.  what is
>> the minimal action i can take to see that idiots do not take my time?
>>
>> randy
>>

Packetfront/Waystream gear

2015-10-14 Thread rdrake 
Does anyone have experience running Packetfront hardware in a production 
network?  We've looked at a few and they seem to be pretty good but I 
want to know if they have downsides.


We're looking at them for edge switches now and thinking about if they 
can be site routers or switches (either a q-in-q vlan handoff to a ring 
or a separate L3 with routing protocols depending on how the site is 
accessed)


You can contact me offlist if you don't want to talk about it publicly.

Thanks,
Robert

Re: IP-Echelon Compliance

2015-10-14 Thread Stephen Satchell 

On 10/14/2015 03:37 AM, Rich Kulawiec wrote:

On Wed, Oct 14, 2015 at 12:12:29PM +0200, Randy Bush wrote:

jeezus folk!

http://www.procmail.org/


I wouldn't necessarily recommend that approach.  There is no obligation
for victims of spammers to continue providing Internet services to them,
including SMTP services.  A much better move would be to identify the
network block emitting this abuse and block/drop all packets from it at
the perimeter of the network or in the firewall(s).  After all, spammers
frequently engage in other forms of abuse, so it would probably be best
to simply remove them from your view of the Internet.

---rsk



+1 -- I've taken the approach in my edge network to block spammers and 
SSH abusers completely, on the theory that people will have multiple bad 
habits.  I collect between 1000 and 2000 spam messages during each 
cycle, then add the worst offenders to my netblocks.  I don't recommend 
this approach for services that have a number of different customers; 
for enterprise networks, though, judicious use of ACLs can relieve a lot 
of headaches and clogging traffic.


Running multiple mail servers, one for incoming sales and one for 
general use, lets you tailor the blocks so that relatively few people 
have to deal with the sludge.

Re: IP-Echelon Compliance

2015-10-14 Thread Randy Bush 
jeezus folk!

http://www.procmail.org/

Re: IP-Echelon Compliance

2015-10-14 Thread Rich Kulawiec 
On Wed, Oct 14, 2015 at 12:12:29PM +0200, Randy Bush wrote:
> jeezus folk!
> 
> http://www.procmail.org/

I wouldn't necessarily recommend that approach.  There is no obligation
for victims of spammers to continue providing Internet services to them,
including SMTP services.  A much better move would be to identify the
network block emitting this abuse and block/drop all packets from it at
the perimeter of the network or in the firewall(s).  After all, spammers
frequently engage in other forms of abuse, so it would probably be best
to simply remove them from your view of the Internet.

---rsk

Re: Microsoft / Outlook.com contact???

2015-10-14 Thread Robert Glover 

On 10/13/2015 10:49 PM, Michael J Wise wrote:

Unfortunately, that's not going to work if the refusal reason was FBLW15
(or TBLW15).

You're not dealing with an issue on the Outlook/Hotmail side of the house.

If you had provided the last two octets, I might have been able to give
some advice earlier, but alas, everyone seems loathe to actually say which
IP is having issues.


IP in question: 65.111.224.51

Not trying to hide anything, but seeing the posts with obfuscated IPs 
has rubbed off on me I suppose (for better or for worse.


I appreciate if you can help us out here.

-Bobby

Re: IP-Echelon Compliance

2015-10-14 Thread Randy Bush 
>> http://www.procmail.org/
> I wouldn't necessarily recommend that approach.  There is no
> obligation for victims of spammers to continue providing Internet
> services to them, including SMTP services.

computers are cheap.  my time is finite and i value it highly.  what is
the minimal action i can take to see that idiots do not take my time?

randy

Spamhaus contact needed

2015-10-14 Thread Jason Baugher 
Sorry to clutter up this list with an email issue, but hopefully someone is
here from Spamhaus that can contact me off-list. I have a customer whose IP
keeps getting listed in the CBL, and even after doing packet captures of
everything in and out of their network, I still can't find a reason for it.

Thanks