Re: RFC-Ignorant (was Re: Irony)
On 03/02/2011 22:51, Adam Moffett wrote: That's an interesting point of view. It was suggested on this list fairly recently to publish a fake secondary MX as a way to reduce spam. The stated reason being that some spamming software hits the backup MX first and if that doesn't work will give up without trying any others. I realize that can be done without using a 127 or RFC 1918 address, but some people are doing it that way. Out of curiosity, did you start blocking those because you saw that as a pattern in spam email or is it more a matter of principle? Although the fake-MX was discussed I think the discussion included a caveat that if you are going to use a fake-MX you need to use it for an IP address that is allocated and is controlled by you. Otherwise you open up the potential for real mail to do very strange things!!! Use of a BOGON address might have been an idea, as long as it wasn't a BOGON that had special uses (e.g. RFC1918), however, there are no such BOGONs left anymore... the last allocatable IPs were given out this very week. -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey smime.p7s Description: S/MIME Cryptographic Signature
FYI: IPv6 Update: IANA IPv4 Exhaustion, World IPv6 Day
-- Forwarded Message -- Subject: Hurricane Electric IPv6 Update Date: Friday February 4 2011, 04:13:01 From: Hurricane Electric i...@he.net * IANA IPv4 Exhaustion At a ceremony held on 3 February, 2011 the Internet Assigned Numbers Authority (IANA) allocated the remaining last five /8s of IPv4 address space to the Regional Internet Registries (RIRs) in accordance with the Global Policy for the Allocation of the Remaining IPv4 Address Space. With this action, the free pool of available IPv4 addresses is now fully depleted. To read the full text of this announcement please go to: http://www.nro.net/news/ipv4-free-pool-depleted * World IPv6 Day Facebook, Google (NASDAQ: GOOG) and Yahoo (NASDAQ: YHOO), websites with more than one billion combined visits each day, are joining major content delivery networks Akamai (NASDAQ: AKAM) and Limelight Networks (NASDAQ: LLNW), and the Internet Society, for the first global-scale trial of the new Internet Protocol, IPv6. On June 8, 2011, dubbed World IPv6 Day, participants will enable IPv6 on their main services for 24 hours. Cisco, Juniper, Hurricane Electric, and Bing have also announced their participation. http://isoc.org/wp/worldipv6day/ Hurricane Electric's open letter to Hurricane Electric Customers, Partners and Managers of Interconnected Networks about World IPv6 Day. http://he.net/news/Hurricane_Electric_Letter_Regarding_World_IPv6_Day.pdf At Hurricane Electric, every day is an IPv6 day. * IPv6 Deployment Growth The global IPv6 routing table has passed 4000 IPv6 prefixes. Of the 36820 networks in the world running BGP, the number running IPv6 has increased to 3107, or 8.4 percent. Source: http://bgp.he.net/ipv6-progress-report.cgi * Hurricane Electric Updated Network Map We've continued to expand our network. Updated Network Map: http://he.net/HurricaneElectricNetworkMap.pdf Hurricane Electric now has over 6000 BGP sessions with over 1600 IPv4 and IPv6 networks at 45 different exchange points in North America, Europe, and Asia.
Re: RFC-Ignorant (was Re: Irony)
On 2/4/11 4:54 AM, Giles Coochey wrote: to use it for an IP address that is allocated and is controlled by you. O I think the ip of your router might work. as long as a) you never have an ip on it b) you don't load 'hits' on it to dshield. your dns server, the ip of your outbound nat (as long as it would never answer port 25), etc yes, selecting a RANDOM ip would be bad. someone might put an smtp server on that ip. allowing anyone who is NOT under contract to you to potentially access your inbound email could violate privacy laws in several geopolitical regions. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: FYI: IPv6 Update: IANA IPv4 Exhaustion, World IPv6 Day
On 2/4/11 5:42 AM, Mark Martinec wrote: On June 8, 2011, dubbed World IPv6 Day, participants will enable IPv6 on their main services for 24 hours. fug! anyone remember when you were only allowed one domain per company? -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: FYI: IPv6 Update: IANA IPv4 Exhaustion, World IPv6 Day
On 2/4/11 6:21 AM, J4K wrote: IP over X25 sold my first piece of software to 'time net' a division of Coca cola. one of the largest X.25 pads at the time. 110baud was all the rage. took AT 2 months to engineer a landline to our house that would keep up with 110baud. finally, they installed this experimental 'twisted pair' -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: FYI: IPv6 Update: IANA IPv4 Exhaustion, World IPv6 Day
On 04/02/2011 12:35, Michael Scheidell wrote: On 2/4/11 6:21 AM, J4K wrote: IP over X25 sold my first piece of software to 'time net' a division of Coca cola. one of the largest X.25 pads at the time. 110baud was all the rage. took AT 2 months to engineer a landline to our house that would keep up with 110baud. finally, they installed this experimental 'twisted pair' I remember randomly choosing ftp servers to get source code, because uudecoding packages from usenet comp.os.sources. was a bit of a pain. Most hosts had anonymous ftp and a partial mirror batch of sunsite software on them. Yep, can't remember using DNS in those days... Never even thought of checking MD5 checksums in those days (not sure if they even existed!!) -- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey smime.p7s Description: S/MIME Cryptographic Signature
Re: FYI: IPv6 Update: IANA IPv4 Exhaustion, World IPv6 Day
On 2/4/11 6:38 AM, Giles Coochey wrote: I remember randomly choosing ftp servers to get source code, because uudecoding packages from usenet comp.os.sources. was a bit of a pain. Archie, Veronica? or that kid with that list of lynx bookmarks? what was the domain name? something strange, yahoo or something? Gotta tell you, that sure made searching for source code easy. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: RCVD_IN_RP_SAFE where to report spam? http://www.returnpath.net/commercialsender/certification/
On Jan 28, 2011, at 9:23 PM, Michael Scheidell wrote: that said, I still think there needs to be a easy link to report spam on returnpath's web site. under contact, and/or, like most of their ESP clients who have a clearly stated anti-spam link with a abuse@ address for reporting spam. It's in progress (finally.) Once everything's ready, we'll also request updates to the relevant descriptions in the rulesets. -- J.D. Falk Director, Internet Standards and Governance Email Intelligence Group Return Path Inc.
Re: RFC-Ignorant (was Re: Irony)
Le 03/02/2011 22:51, Adam Moffett a écrit : That's good. The only useful list (BogusMX) can be discovered without querying rfc-ignorant anyway. Just get the MX records for the sending domain (which are almost certainly in cache) and make sure they resolve to real IP addresses. We reject domains that publish MX records in 127/8 or the RFC 1918 networks. Out of 3.7 million recent messages, we have rejected just over 26,000 for this reason. There may be FPs, but no-one has complained and anyone who publishes such an MX record IMO deserves to be banned. Regards, David. That's an interesting point of view. It was suggested on this list fairly recently to publish a fake secondary MX as a way to reduce spam. The stated reason being that some spamming software hits the backup MX first and if that doesn't work will give up without trying any others. I realize that can be done without using a 127 or RFC 1918 address, but some people are doing it that way. Out of curiosity, did you start blocking those because you saw that as a pattern in spam email or is it more a matter of principle? I'd say both. we're in war against spammers. if non-spammers take a spammer attitude, then they are part of the problem. if you want to catch silly ratware, then - make your MX different from the A of your domain. some ratware will connect to your A record. - change your MX from time to to time. some rateware resolves the MX before deployment - setup a real second MX that defers all mail. sure you'll also block qmail, but is that really a problem?
Pyzor Server
Hello, I don't keep constant eye on the mail server logs but did notice that pyzor was not working. I've ping the server that I've been using for years: # pyzor ping 82.94.255.100:24441 TimeoutError: And see it is not working. I did a pyzor discover and found a public server and did a ping on it: # pyzor ping public.pyzor.org:24441 (200, 'OK') My question: Did this old server go away? And it this new server the one to use now days? Thanks, Ken
Re: Pyzor Server
On 2/4/2011 7:08 PM, User for SpamAssassin Mail List wrote: Hello, I don't keep constant eye on the mail server logs but did notice that pyzor was not working. I've ping the server that I've been using for years: # pyzor ping 82.94.255.100:24441 TimeoutError: And see it is not working. I did a pyzor discover and found a public server and did a ping on it: # pyzor ping public.pyzor.org:24441 (200, 'OK') My question: Did this old server go away? And it this new server the one to use now days? News 2010-06-01 The public server has moved to a different IP. Please make sure you are using public.pyzor.org. From: http://sourceforge.net/apps/trac/pyzor/
Re: FYI: IPv6 Update: IANA IPv4 Exhaustion, World IPv6 Day
On Fri, 4 Feb 2011 06:13:59 -0500, you wrote: On 2/4/11 5:42 AM, Mark Martinec wrote: On June 8, 2011, dubbed World IPv6 Day, participants will enable IPv6 on their main services for 24 hours. fug! anyone remember when you were only allowed one domain per company? I remember making a phone call asking for that domain name and our IP blocks and getting them assigned on the spot and having them restart the DNS Server (no that's not a typo there was only one of them and they guy reloaded it to get out DNS file into it in the middle of the day during the week). This was around Nov. 1992 or so. First heard of Bitnet/Arpanet/Internet in College around 1984was great to get weather data from Madison WI to Milwaukee to Champaign IL ;) -- George, Ginger/The Beast Kasica(8/1/88-3/19/01, 1/17/02- ), Rosie(9/1/07- ), Merlin/MR. Tibbs(8/1/90-5/24/06, 2/10/08- ), Nazarene(6/1/99-1/28/08) Jackson, WI USA geor...@netwrx1.com http://www.netwrx1.com/georgek ICQ #12862186 (`-''-/).___..--''`-._ `6_ 6 ) `-. ( ).`-.__.`) (_Y_.)' ._ ) `._ `. ``-..-' _..`--'_..-_/ /--'_.' ,' (il),-'' (li),' ((!.-'