Tei:
such applications exist, see
http://dankaminsky.com/2010/12/15/dankam/
http://www.wpcentral.com/augmented-reality-app-windows-phone-ids-colors-real-world-video
http://daily-steampunk.com/steampunk-blog/2012/05/27/augmented-reality-steampunk-and-learing-color-vacuum/
On Sep 3, 2012 5:07 AM,
Hi All,
I've read old archive about blocking SMTP port (TCP port 25). In my current
situation we are mobile operator and use NAT for our subscribers and we
have few spammers, a bit difficult to track it because mostly our
subscribers are prepaid services. If we block TCP port 25, there might be
Feel free to block port 25. Most if not all mail providers offer
email access on webmail and on an alternate smtp port (587)
If you have NAT - the problem is that if you have spammers abusing
your service (or abusing other services on port 25) providers will end
up blocking your NAT gateway IP
Are you saying that you only allow your subscribers to use your DNS Servers
and block access to all other DNS Server?
On 4 September 2012 11:07, Ibrahim ibrah...@gmail.com wrote:
Hi All,
I've read old archive about blocking SMTP port (TCP port 25). In my current
situation we are mobile
Not block, but we use DNS transparent proxy mechanism. We need to do this
as our government request all ISP to block porn sites :-)
Regards
Ibrahim
On Tue, Sep 4, 2012 at 5:13 PM, Bacon Zombie baconzom...@gmail.com wrote:
Are you saying that you only allow your subscribers to use your DNS
On Tue, Sep 4, 2012 at 3:48 PM, Ibrahim ibrah...@gmail.com wrote:
Not block, but we use DNS transparent proxy mechanism. We need to do this
as our government request all ISP to block porn sites :-)
Plenty of ways to work around that actually. This stops random people
from accessing porn sites
Hi Suresh,
We create special NAT that all destination use TCP port 25 will be NATed to
one public IP address only. And this public IP address is registered on
most of RBLs. But we are still receiving complaint about spammer from this
public IP address :-)
Regards
Ibrahim
On Tue, Sep 4, 2012 at
Sure you will get it - but there's also spam through various webmail
services, spam through the outbounds of different ISPs etc that you
won't prevent with your approach.
On Tue, Sep 4, 2012 at 3:54 PM, Ibrahim ibrah...@gmail.com wrote:
We create special NAT that all destination use TCP port 25
Ibrahim ibrah...@gmail.com wrote:
We are thinking to block MX queries on our DNS server, so only spammer that
use their own SMTP server will got affected. [...] Any best practice to
block MX query?
Don't do this. It won't hinder spammers and it'll cause problems for legit
users.
Tony.
--
On Tue, Sep 4, 2012 at 6:07 AM, Ibrahim ibrah...@gmail.com wrote:
I've read old archive about blocking SMTP port (TCP port 25). In my current
situation we are mobile operator and use NAT for our subscribers and we
have few spammers, a bit difficult to track it because mostly our
subscribers
This seems like an opportune time to remind people about RPKI-based
origin validation as a hijack mitigation:
http://tools.ietf.org/html/draft-ietf-sidr-pfx-validate-08
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-2s/irg-origin-as.pdf
I haven't run the numbers, but it
Hello all,
I was wondering if anyone might be able to share their thoughts on a strange
issue we're experiencing with NTT at the moment. We're AS48273 and are
advertising a prefix 94.198.184.0/21 through AS 8190 (single upstream provider
at the moment). We've been doing this for some years
On Tue, Sep 04, 2012 at 08:05:06AM -0400, William Herrin wrote:
I also doubt the efficacy of the method. Were this to become common
practice, a spammer could trivially evade it by using his own DNS
software or simply pumping out the address list along with
pre-resolved IP addresses to deliver
I will bet that will bet that within 48 hours of you checking and
posting this the problem will mysteriously go away.
Ralph Brandt
Mechanicsburg PA 17055
-Original Message-
From: Bryn Sadler [mailto:bryn.sad...@essensys.co.uk]
Sent: Tuesday, September 04, 2012 9:02 AM
To:
I know a few folks from NTT have looked into this. If someone
from KPN would get in touch with Bryn I'm sure the issue could be
quickly resolved.
- Jared
On Sep 4, 2012, at 9:18 AM, Brandt, Ralph wrote:
I will bet that will bet that within 48 hours of you checking and
posting this the
Many thanks to Jared for jumping on this so quickly off-list, it's much
appreciated and hopefully we're getting towards a solution now.
Bryn
On 04/09/2012 15:12, Jared Mauch ja...@puck.nether.net wrote:
I know a few folks from NTT have looked into this. If someone
from KPN would get in
- Original Message -
From: William Herrin b...@herrin.us
There are no good subscribers trying to send email direct to a
remote port 25 from behind a NAT.
Users, like myself, running Linux on home computers and laptops; our local
sendmail-equivalents will in fact attempt direct
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On 09/04/2012 07:20 AM, Bryn Sadler wrote:
Many thanks to Jared for jumping on this so quickly off-list, it's
much appreciated and hopefully we're getting towards a solution
now.
Bryn
- --
yup you are in good hands, sounds
On Tue, Sep 4, 2012 at 7:44 AM, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: William Herrin b...@herrin.us
There are no good subscribers trying to send email direct to a
remote port 25 from behind a NAT.
Users, like myself, running Linux on home computers and
What sort of an mta do you run on your laptop that doesnt support smtp auth?
On Tuesday, September 4, 2012, Jay Ashworth wrote:
- Original Message -
From: William Herrin b...@herrin.us javascript:;
There are no good subscribers trying to send email direct to a
remote port 25 from
- Original Message -
From: Suresh Ramasubramanian ops.li...@gmail.com
What sort of an mta do you run on your laptop that doesnt support smtp
auth?
SMTP Auth to *arbitrary remote domains' MX servers*? Am I missing something,
or are you?
Cheers,
-- jra
--
Jay R. Ashworth
- Original Message -
From: John Peach john-na...@johnpeach.com
On Tue, 4 Sep 2012 11:57:38 -0400 (EDT)
Jay Ashworth j...@baylink.com wrote:
SMTP Auth to *arbitrary remote domains' MX servers*? Am I missing
something,
or are you?
I run an MTA on my server and auth to that from
Have your desktop MTA configured to relay through your smarthost with smtp
auth? Howtos for doing this on sendmail, qmail, postfix etc are over a
decade old now.
On Sep 4, 2012 9:28 PM, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Suresh Ramasubramanian
On 9/4/12 9:05 AM, Jay Ashworth wrote:
- Original Message -
From: John Peach john-na...@johnpeach.com
On Tue, 4 Sep 2012 11:57:38 -0400 (EDT)
Jay Ashworth j...@baylink.com wrote:
SMTP Auth to *arbitrary remote domains' MX servers*? Am I missing
something,
or are you?
I run an
On 09/04/2012 05:05 AM, William Herrin wrote:
There are no good subscribers trying to send email direct to a
remote port 25 from behind a NAT. The good subscribers are either
using your local smart host or they're using TCP port 587 on their
remote mail server. You may safely block outbound TCP
On Tue, Sep 4, 2012 at 10:44 AM, Jay Ashworth j...@baylink.com wrote:
There are no good subscribers trying to send email direct to a
remote port 25 from behind a NAT.
Users, like myself, running Linux on home computers and laptops; our local
sendmail-equivalents will in fact attempt direct
- Original Message -
From: William Herrin b...@herrin.us
I'm a bad subscriber, Bill?
Okay, fair enough. There are no good users *expecting* to send email
direct to a remote port 25 from behind a NAT. There are some good
users who occasionally run slightly sloppy configurations
- Original Message -
From: Owen DeLong o...@delong.com
I am confused... I don't understand your comment.
It is regularly alleged, on this mailing list, that NAT is bad *because it
violates the end-to-end principle of the Internet*, where each host is a
full-fledged host, able to
On Tue, Sep 4, 2012 at 12:59 PM, Michael Thomas m...@mtcc.com wrote:
On 09/04/2012 05:05 AM, William Herrin wrote:
There are no good subscribers trying to send email direct to a
remote port 25 from behind a NAT. The good subscribers are either
using your local smart host or they're using TCP
On Tue, Sep 4, 2012 at 11:57 AM, Jay Ashworth j...@baylink.com wrote:
What sort of an mta do you run on your laptop that doesnt support smtp
auth?
SMTP Auth to *arbitrary remote domains' MX servers*? Am I missing something,
or are you?
You are. You should be doing SMTP Auth to *your* email
On 09/04/2012 11:55 AM, William Herrin wrote:
On Tue, Sep 4, 2012 at 12:59 PM, Michael Thomas m...@mtcc.com wrote:
On 09/04/2012 05:05 AM, William Herrin wrote:
There are no good subscribers trying to send email direct to a
remote port 25 from behind a NAT. The good subscribers are either
On Sep 4, 2012, at 14:22, Jay Ashworth wrote:
I find these conflicting reports very conflicting. Either the end-to-end
principle *is* the Prime Directive... or it is *not*.
Just because something is of extremely high importance does not mean it still
can't be overridden when there's good
- Original Message -
From: William Herrin b...@herrin.us
SMTP Auth to *arbitrary remote domains' MX servers*? Am I missing
something, or are you?
You are. You should be doing SMTP Auth to *your* email server on which
you have an authorized account and then letting it relay your
On Tue, Sep 4, 2012 at 2:22 PM, Jay Ashworth j...@baylink.com wrote:
It is regularly alleged, on this mailing list, that NAT is bad *because it
violates the end-to-end principle of the Internet*, where each host is a
full-fledged host, able to connect to any other host to perform transactions.
On 9/4/2012 2:22 PM, Jay Ashworth wrote:
- Original Message -
From: Owen DeLong o...@delong.com
I am confused... I don't understand your comment.
It is regularly alleged, on this mailing list, that NAT is bad *because it
violates the end-to-end principle of the Internet*, where
- Original Message -
From: William Herrin b...@herrin.us
That's what firewalls *are for* Jay. They intentionally break
end-to-end for communications classified by the network owner as
undesirable. Whether a particular firewall employs NAT or not is
largely beside the point here.
On 09/04/2012 01:07 PM, David Miller wrote:
There is no requirement that all endpoints be *permitted* to connect to
and use any service of any other endpoint. The end-to-end design
principle does not require a complete lack of authentication or
authorization.
I can refuse connections to port
It does not sound as though the original holders of the space know/care - if
they are out of business, they probably don't care. If they are actively
involved in it, then it's not a hijack. If they haven't updated their company
name/website, then it's not a hijack, just poor record keeping.
If you are sending direct SMTP on behalf of your domain from essentially
random locations, how are we supposed to pick you out from spammers that
do the same?
Use your MX or SPF senders as your outbound mail agent, especially if
they are properly configured with full DNS records so we can
On 09/04/2012 09:34 AM, Daniel Taylor wrote:
If you are sending direct SMTP on behalf of your domain from essentially random
locations, how are we supposed to pick you out from spammers that do the same?
Use DKIM.
Mike
Within Verisign Labs we have a project underway to quantify the number of
DNSSEC-validating resolvers in use on the Internet. In particular, we
want to identify recursive name servers which have configured the root
zone trust anchor. We find this data a useful metric for DNSSEC adoption
and
Suresh Ramasubramanian wrote:
Have your desktop MTA configured to relay through your smarthost with smtp
auth? Howtos for doing this on sendmail, qmail, postfix etc are over a
decade old now.
What if, your home is also behind NAT or blocked port 25?
Who cares about NAT when you say smtp auth rather than allowing relay for
specific IPs? And if you mean your smarthost is a linux box in your home,
it isn't impossible to get static IP broadband .. which is neither natted
nor port 25 filtered.
On Sep 5, 2012 6:01 AM, Masataka Ohta
On 9/4/12, Rich Kulawiec r...@gsp.org wrote:
You're precisely correct. They've been doing this for many years,
(a) because it's efficient (b) because it evades detection by techniques
that monitor MX query volume (c) because few MX's change often (d) because
it scales beautifully across large
MUA's can make MX queries to validate entered addresses
before SMTP/SUBMISSION is even attempted.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
On Wed, 05 Sep 2012 09:29:49 +0900, Masataka Ohta said:
Suresh Ramasubramanian wrote:
Have your desktop MTA configured to relay through your smarthost with smtp
auth? Howtos for doing this on sendmail, qmail, postfix etc are over a
decade old now.
What if, your home is also behind NAT
On Wed, Sep 5, 2012 at 6:38 AM, Mark Andrews ma...@isc.org wrote:
MUA's can make MX queries to validate entered addresses
before SMTP/SUBMISSION is even attempted.
Sure but not on this guy's network as he's transparently proxying dns
and blocking MX requests on his proxy
Of
In message
CAArzuost70Yq=KfXHXZSOV+ptg6apiDzm71=fhcs+ty_yo5...@mail.gmail.com, Suresh
Ramasubramanian writes:
On Wed, Sep 5, 2012 at 6:38 AM, Mark Andrews ma...@isc.org wrote:
MUA's can make MX queries to validate entered addresses
before SMTP/SUBMISSION is even
This is a bit of a slippery slope. There is broad agreement that SPs
need to block port 25 outbound (and inbound) on dynamic IP space.
And he did say he's in a country where he's obliged by law to filter
out porn (and I guess anything else his country's government doesn't
like).
Where do
On Sep 4, 2012, at 12:07 PM, William Herrin b...@herrin.us wrote:
You are. You should be doing SMTP Auth to *your* email server on which
you have an authorized account and then letting it relay your messages
to the world.
This is not the thread for this conversation per se. The
All, thanks for the input and comment. In summary, I will block TCP port
25. My DNS loadbalancer (F5) can filter MX query and need license to do it.
But given the information the botnet use address list with
pre-resolved IP addresses then blocking MX query is not the answer :-)
Thanks Regards
On 9/4/12, Mark Andrews ma...@isc.org wrote:
In message
CAArzuost70Yq=KfXHXZSOV+ptg6apiDzm71=fhcs+ty_yo5...@mail.gmail.com, Suresh
Ramasubramanian writes:
STARTTLS from anywhere to anywhere is possible today and is not
vulnerable to interception except in the MX's themselves. You can
secure
In message
caaawwbxmxhs+8w2cv90b8x9xj0omvhtmwdy+wmycpw6giwf...@mail.gmail.com, Jimmy
Hess writes:
On 9/4/12, Mark Andrews ma...@isc.org wrote:
In message
CAArzuost70Yq=KfXHXZSOV+ptg6apiDzm71=fhcs+ty_yo5...@mail.gmail.com, Suresh
Ramasubramanian writes:
STARTTLS from anywhere to
valdis.kletni...@vt.edu wrote:
Have your desktop MTA configured to relay through your smarthost with smtp
auth? Howtos for doing this on sendmail, qmail, postfix etc are over a
decade old now.
What if, your home is also behind NAT or blocked port 25?
Weren't you the one who a few weeks
On Wed, Sep 5, 2012 at 9:10 AM, Masataka Ohta
mo...@necom830.hpcl.titech.ac.jp wrote:
While ISPs in the future should use not IPv6 but NAT with fixed
IP addresses and sets of port numbers assigned to their customers,
keeping the end to end transparency, it does not solve the
problem of blocked
55 matches
Mail list logo