On further reflection:
It occurs to me that if a lone researcher conducted such an intrusion
against the security and privacy of email (and its contents) (and
its users), possible outcomes might include a raid by heavily-armed
authorities, confiscation of anything that even looks like an electron
So I figured a little break from the NSA was in order.
I am looking for some info on current practice for an email server and
SMTP delivery. It has been a while since I have had to setup an email
server and I have been tasked with setting up a small one for a
friend. My question centers around
On Sun, Nov 03, 2013 at 12:39:25PM -0400, rw...@ropeguru.com wrote:
> I am looking for some info on current practice for an email server
> and SMTP delivery. It has been a while since I have had to setup an
> email server and I have been tasked with setting up a small one for
> a friend. My questio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/3/2013 8:39 AM, rw...@ropeguru.com wrote:
> So I figured a little break from the NSA was in order.
>
> I am looking for some info on current practice for an email server
> and SMTP delivery. It has been a while since I have had to setup an
> em
On Sun, Nov 3, 2013 at 11:08 AM, Rich Kulawiec wrote:
> non-generic DNS/rDNS. ("non-generic" meaning something that looks
> like a host that should sending and receiving email. In other
> words, mailgw.example.net looks real. ip-137-12-16-164.example.com
> looks like a random host that's proba
In addition to all the other reco's below,
1) only allow sending by your users from the submit port and only with
authentication. There should be no client sending through the SMTP port.
2) Implement SSL on POP & IMAP if at all possible Otherwise enforce CRAM-MD5
3) Review logs esp pop and ima
IPV6 connectivity to fireball.acr.fi is failing inside Cogent AS174. I
have already contacted the Cogent NOC, but I haven't heard anything back
yet. I'm wondering if somebody else with Cogent IPV6 connectivity can
run some tests. IPV4 connectivity is working fine.
--
Clinton Work
KNow
On Nov 3, 2013 1:10 PM, "TR Shaw" wrote:
> In addition to all the other reco's below,
>
> 1) only allow sending by your users from the submit port and only with
> authentication. There should be no client sending through the SMTP port.
>
> 2) Implement SSL on POP & IMAP if at all possib
On Sun, Nov 3, 2013 at 11:49 AM, Private Sender wrote:
> I would recommend you go a step further and use DKIM, ADSP, and DMARC.
Don't do DMARC if you expect to have end-users forward emails, or
subscribe to mailinglists. Despite the removal from the current DMARC
spec, the original guidelines cal
> IPV6 connectivity to fireball.acr.fi is failing inside Cogent AS174. I
> have already contacted the Cogent NOC, but I haven't heard anything back
> yet. I'm wondering if somebody else with Cogent IPV6 connectivity can
> run some tests. IPV4 connectivity is working fine.
It works from AS2547
>From AS54054 in Ashburn, VA I can ping your address but traceroute's
aren't making it through.
Andrew
Andrew Fried
andrew.fr...@gmail.com
On 11/3/13, 1:30 PM, Clinton Work wrote:
> IPV6 connectivity to fireball.acr.fi is failing inside Cogent AS174. I
> have already contacted the Cogent NOC, b
All good from AS4307 via Cogent:
Sending 20, 100-byte ICMP Echos to 2001:1BC8:100D::2, timeout is 2 seconds:
Success rate is 100 percent (20/20), round-trip min/avg/max = 200/203/204 ms
Traceroutes fail altogether.
On 11/3/2013 10:30 AM, Clinton Work wrote:
> IPV6 connectiv
On Sat, 02 Nov 2013 11:30:57 +0900, Masataka Ohta said:
> George Herbert wrote:
>
> > Anyone familiar with secure organizations will realize this as the
> > internal witch hunt problem.
>
> No hunting necessary to fire those agents who are hired at the
> request of NSA/CIA.
Do you *really* think t
On Sun, Nov 3, 2013 at 12:12 AM, Christopher Morrow
wrote:
> On Sat, Nov 2, 2013 at 3:13 PM, Jim Popovitch wrote:
>>
>> I can't be the only one to have been following this 12.8TB of neat-o-ness:
>>
>> http://www.bricscable.com/
>
> " 34 000 km, 2 fibre pair, 12.8 Tbit/s"
>
> so you can get 80
I can reach fireball.acr.fi on TCP port 80 so it looks like Cogent is
just filtering or dropping IPV6 traceroute packets.
Thanks for checking connectivity from other locations.
--
Clinton Work
Calgary, AB
On Sun, Nov 3, 2013, at 01:38 PM, Andrew Fried wrote:
> From AS54054 in Ashburn, VA I
valdis.kletni...@vt.edu wrote:
> How do you intend to *find* the agents
> who were hired at a government agency's under-the-table request that
> never had a written record that the company had access to?
By memories of those who are at the table.
M
On Mon, 04 Nov 2013 09:14:40 +0900, Masataka Ohta said:
> valdis.kletni...@vt.edu wrote:
>
> > How do you intend to *find* the agents
> > who were hired at a government agency's under-the-table request that
> > never had a written record that the company had access to?
>
> By memories of those who
[resurrecting this thread, as it's been a while since I read nanog-ml,
and this is surprisingly important to me...]
On 19 October 2013 15:36, Randy Bush wrote:
> abha ahuja, researcher and operator, died this day in 2001 at a
> tragically early age. if you did not know her, search a bit.
> she d
>MX, PTR, and SPF are really all you need.
So far so good, noting that a host name that doesn't look generic is
better than one that does.
> I would recommend you go a
>step further and use DKIM, ADSP, and DMARC.
Using DKIM is a good idea. Do *not* use ADSP. It is a failed
experiment which wil
> On Nov 3, 2013, at 15:38, Clinton Work wrote:
>
> I can reach fireball.acr.fi on TCP port 80 so it looks like Cogent is
> just filtering or dropping IPV6 traceroute packets.
"Traceroute packets" is extremely vague. As a general rule, if you
want to discover a complete path between endpoints tha
On Sun, Nov 03, 2013 at 08:49:32AM -0800, Private Sender wrote:
> On 11/3/2013 8:39 AM, rw...@ropeguru.com wrote:
> >
> > I am looking for some info on current practice for an email server
> > and SMTP delivery. It has been a while since I have had to setup an
> > email server and I have been tas
* Private Sender :
> On 11/3/2013 8:39 AM, rw...@ropeguru.com wrote:
> > I am looking for some info on current practice for an email server
> > and SMTP delivery. It has been a while since I have had to setup an
> > email server and I have been tasked with setting up a small one for
> > a friend.
22 matches
Mail list logo
