Re: WiFi - login page redirection not working

On Wed, Nov 29, 2017 at 10:34 PM, Ramy Hashish wrote: > Two points with this problem: 1)Is there a "non client" solution to the > problem of the WiFi login notification not showing up on the clients after > connecting to the WiFi network? > A Captive portal embedding WispR XML data for conne

WiFi - login page redirection not working

Good day all, A lot have been said on this topic, however I want to make sure I am not missing something. Two points with this problem: 1)Is there a "non client" solution to the problem of the WiFi login notification not showing up on the clients after connecting to the WiFi network? Second, any

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 07:16 PM, William Herrin wrote: There's no "must" standard for the format of bounce message, deferred bounces are still a thing and mail gets auto-forwarded to addresses which bounce (that is, bounce from an address different than the one you sent to). Agreed. I wish that more s

Re: Incoming SMTP in the year 2017 and absence of DKIM

On Wed, Nov 29, 2017 at 5:50 PM, John Levine wrote: > > In article <3677d101-3874-b8e4-87b3-37e4dd870...@tnetconsulting.net> you write: > >> Normal lists put their own bounce address in the > >> envelope so they can handle the bounces, so their own SPF applies. > > > >Yep. V.E.R.P. is a very powe

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On Wed, 29 Nov 2017 13:46:05 -0800, Michael Thomas said: > Apparently the levine unit is hearing things again because nobody -- > least of all me -- has > said anything about arc. I believe it was a pre-emptive statement. pgp2H7Fy1I06i.pgp Description: PGP signature

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 01:11 PM, John Levine wrote: PPS: Please spare us pontification about why ARC can't possibly work unless you're prepared to cite section numbers in the ARC spec supporting your argument. Apparently the levine unit is hearing things again because nobody -- least of all me -- has

Subnet being blocked by Level3 due to prior owner's misuse

We have a subnet that used to belong to someone else. One of our business customers that was recently moved to that subnet is being blocked from accessing one of their supplier's web site that's hosted by Level3. Our attempts to work through the supplier to resolve the issue have not worked as the

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 03:00 PM, Grant Taylor via NANOG wrote: On 11/29/2017 03:46 PM, Michael Thomas wrote: You know what the original header was via the signature. You can take the delta of the current subject line and remove any additions and validate the signature. Whether you're happy with the addi

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 03:46 PM, Michael Thomas wrote: You know what the original header was via the signature. You can take the delta of the current subject line and remove any additions and validate the signature. Whether you're happy with the additions is a different concern, Are you referring to t

Re: Incoming SMTP in the year 2017 and absence of DKIM

In article <11e9c18dac053c4bb91b95a4993c1...@mail.dessus.com> you write: > >Not old enough to have had an Executive Secretary processing your incoming >snail-mail before it gets to you? Probably about the same age as you, but I hope that after 50 years of e-mail we have figured out that the paral

Re: Incoming SMTP in the year 2017 and absence of DKIM

In article <3677d101-3874-b8e4-87b3-37e4dd870...@tnetconsulting.net> you write: >> Normal lists put their own bounce address in the >> envelope so they can handle the bounces, so their own SPF applies. > >Yep. V.E.R.P. is a very powerful thing. (B.A.T.V. is an interesting >alternative, but I ne

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 02:40 PM, Grant Taylor via NANOG wrote: On 11/29/2017 03:24 PM, Michael Thomas wrote: Message footers and subject lines can be dealt with. That's already been proven within the current DKIM spec. Please humor my ignorance and explain how a subject line (which is (over)signed) ca

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 03:24 PM, Michael Thomas wrote: Message footers and subject lines can be dealt with. That's already been proven within the current DKIM spec. Please humor my ignorance and explain how a subject line (which is (over)signed) can be dealt with in the current DKIM spec? I get how f

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 01:11 PM, John Levine wrote: In article <1d458e76-ab61-db28-79cb-6aabcab4f...@mtcc.com> you write: I've been saying for years that it should be possible to create the concept of DKIM-friendly mailing lists. ... I suppose, if your users are OK with no subject tags, message footers,

RE: Incoming SMTP in the year 2017 and absence of DKIM

Not old enough to have had an Executive Secretary processing your incoming snail-mail before it gets to you? The "envelope" in which a letter arrived is just as important as the letter itself and contains valuable information that is duplicated in e-mail -- the postmark (received headers), the

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 02:13 PM, John Levine wrote: A mailing list sending with bad rDNS or bad SPF is a pretty cruddy mailing list. s/mailing list sending/sending server/ Agreed. Normal lists put their own bounce address in the envelope so they can handle the bounces, so their own SPF applies. Yep

Re: Incoming SMTP in the year 2017 and absence of DKIM

In article <20171129183535.gb18...@ucsd.edu> you write: >As I see it, the problem isn't with DKIM, it's with the >implementation of DMARC and other such filters. Almost all >of them TEST THE WRONG FROM ADDRESS. They compare the Author's >address (the header From: line) instead of the Sender's add

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 11:35 AM, Brian Kantor wrote: As I see it, the problem isn't with DKIM, I don't think DKIM is (the source of) /the/ problem per say. Rather I think it's a complication of other things (DMARC) that interact with DKIM. it's with the implementation of DMARC and other such filter

Re: Incoming SMTP in the year 2017 and absence of DKIM

In article <85393a12-a51f-6722-4171-118919fcc...@mtcc.com> you write: >The real problem with large enterprise that we found, however, is that >it was really hard to track down every 25 year >old 386 sitting in dusty corners that was sending mail directly instead >of through corpro servers to make

Re: Incoming SMTP in the year 2017 and absence of DKIM

In article <88a1ae22-a5c1-dc46-caa7-cca813109...@tnetconsulting.net> you write: > - Requiring Reverse DNS > - SPF > >I'm not commenting about the viability of these things, just that they >are fairly well accepted and that they can trivially break mailing lists. A mailing list sending with bad

Re: lists and DMARC and ARC, was Incoming SMTP in the year 2017 and absence of DKIM

In article <1d458e76-ab61-db28-79cb-6aabcab4f...@mtcc.com> you write: >I've been saying for years that it should be possible to create the >concept of DKIM-friendly mailing lists. ... I suppose, if your users are OK with no subject tags, message footers, or any of the other cruft that list users

Re: tracking TCP session hop by hop

Thank you all for the reply! I think traceroute/tcptraceroute is a good way to track tcp session as we can use same 5 tuple as normal TCP does. Bill brought up an interesting point about MPLS and Ethernet, I give it a bit of think and here's what i can tell, please correct me if i'm wrong for MP

Re: Incoming SMTP in the year 2017 and absence of DKIM

As I see it, the problem isn't with DKIM, it's with the implementation of DMARC and other such filters. Almost all of them TEST THE WRONG FROM ADDRESS. They compare the Author's address (the header From: line) instead of the Sender's address, (the SMTP Mail From: transaction or Sender: header lin

RE: Incoming SMTP in the year 2017 and absence of DKIM

In which case neither will they be RFC compliant. (1) The "inaddr-arpa" ptr from the incoming connection, when resolved, MUST result in a set of IP Addresses which includes the original IP Address. (2) The "name" specified in the HELO/EHLO MUST resolve to an MTA that meets the above reverse/fo

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 01:35 PM, Blake Hudson wrote: Where DKIM/SPF really help is when there's a failure that indicates a message has been spoofed. There are other legitimate things that can break DKIM signatures. I have personally seen changes in content type encoding break a DKIM signature. The

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 01:17 PM, Michael Thomas wrote: Remember: if you treat a broken signature better than lack of signature, spammers will just insert phony signatures to game you. So they really are the same. Yes, they are /effectively/ the same. However it is possible to distinguish between a b

Re: Incoming SMTP in the year 2017 and absence of DKIM

On Wed, Nov 29, 2017 at 12:17:57PM -0800, Michael Thomas wrote: > The real problem with large enterprise that we found, however, is > that it was really hard to track down every 25 year > old 386 sitting in dusty corners that was sending mail directly > instead of through corpro servers to make cer

Re: Incoming SMTP in the year 2017 and absence of DKIM

Eric Kuhnke wrote on 11/29/2017 11:03 AM: For those who operate public facing SMTPd that receive a large volume of incoming traffic, and accordingly, a lot of spam... How much weight do you put on an incoming message, in terms of adding additional score towards a possible value of spam, for tota

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 11:53 AM, Grant Taylor via NANOG wrote: On 11/29/2017 11:33 AM, Michael Thomas wrote: A broken DKIM signature is indistinguishable from a lack of a signature header. I'll argue that it's possible to distinguish between the two. *However* the DKIM standard states that you should

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 11:03 AM, valdis.kletni...@vt.edu wrote: Only 90% should be considered horribly broken. Anything that makes it difficult to run a simple mailing list with less that at least 2 or 3 9's is unacceptable. There have been a number of things that fall into that category, two of whic

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 11:33 AM, Michael Thomas wrote: A broken DKIM signature is indistinguishable from a lack of a signature header. I'll argue that it's possible to distinguish between the two. *However* the DKIM standard states that you should treat a broken DKIM signature the same as no DKIM sig

Re: tracking TCP session hop by hop

On Wed, Nov 29, 2017 at 9:06 AM, William Herrin wrote: > On Tue, Nov 28, 2017 at 3:48 PM, Yifeng Zhou > wrote: > > > Is there any way that we can track TCP session hop by hop? > > > > Say we have 10 ECMP between A and Z point, what's the easiest way to > track > > specific session is using which

Re: Incoming SMTP in the year 2017 and absence of DKIM

A broken DKIM signature is indistinguishable from a lack of a signature header. It's possible that as a heuristic you might be able to divine something from lack of signature and the existence of selectors for a domain, but afaik there isn't an easy way to query for all of the dkim selectors for

Re: Incoming SMTP in the year 2017 and absence of DKIM

Anecdotal experience. I'm subscribed to a lot of mailing lists. Some pass through DKIM correctly. Others re-sign the message with DKIM from their own server. >98% of the spam that gets through my filters, which comes from an IP not in any of the major RBLs, has no DKIM signature for the domain. My

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 10:03 AM, valdis.kletni...@vt.edu wrote: On Wed, 29 Nov 2017 09:32:27 -0800, Michael Thomas said: There are quite a few things you can do to get the mailing list traversal rate > 90%, iirc. Only 90% should be considered horribly broken. Anything that makes it difficult to run a

Re: Incoming SMTP in the year 2017 and absence of DKIM

On Wed, 29 Nov 2017 09:32:27 -0800, Michael Thomas said: > There are quite a few things you can do to get the mailing list > traversal rate > 90%, iirc. Only 90% should be considered horribly broken. Anything that makes it difficult to run a simple mailing list with less that at least 2 or 3 9's

Re: Incoming SMTP in the year 2017 and absence of DKIM

On Wed, 2017-11-29 at 12:24 -0500, William Herrin wrote: > Alright, so "horribly broken design" overstates the case but there are > enough problems that weighting the absence of DKIM at something other > than zero will surely do more harm than good. +1. A DKIM signature by itself means nothing mor

Re: Incoming SMTP in the year 2017 and absence of DKIM

On 11/29/2017 09:24 AM, William Herrin wrote: On Wed, Nov 29, 2017 at 12:17 PM, Stephen Frost wrote: * William Herrin (b...@herrin.us) wrote: On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke wrote: How much weight do you put on an incoming message, in terms of adding additional score towards

Re: Incoming SMTP in the year 2017 and absence of DKIM

On Wed, Nov 29, 2017 at 12:17 PM, Stephen Frost wrote: > * William Herrin (b...@herrin.us) wrote: > > On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke > wrote: > > > How much weight do you put on an incoming message, in terms of adding > > > additional score towards a possible value of spam, for to

Re: Incoming SMTP in the year 2017 and absence of DKIM

Greetings, * William Herrin (b...@herrin.us) wrote: > On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke wrote: > > > For those who operate public facing SMTPd that receive a large volume of > > incoming traffic, and accordingly, a lot of spam... > > > > How much weight do you put on an incoming mess

Re: Incoming SMTP in the year 2017 and absence of DKIM

On Wed, Nov 29, 2017 at 12:03 PM, Eric Kuhnke wrote: > For those who operate public facing SMTPd that receive a large volume of > incoming traffic, and accordingly, a lot of spam... > > How much weight do you put on an incoming message, in terms of adding > additional score towards a possible val

Re: tracking TCP session hop by hop

On Tue, Nov 28, 2017 at 3:48 PM, Yifeng Zhou wrote: > Is there any way that we can track TCP session hop by hop? > > Say we have 10 ECMP between A and Z point, what's the easiest way to track > specific session is using which path? How we can check between > servers(Linux/Unix) and between Router

Incoming SMTP in the year 2017 and absence of DKIM

For those who operate public facing SMTPd that receive a large volume of incoming traffic, and accordingly, a lot of spam... How much weight do you put on an incoming message, in terms of adding additional score towards a possible value of spam, for total absence of DKIM signature?

Anyone from Earthlink here?

If anybody is here from Earthlink - or knows anyone at Earthlink, could you pretty please connect with me? Thank you! Anne Anne P. Mitchell, Attorney at Law Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant CEO/President, Institute for Social Inte

RE: tracking TCP session hop by hop

Somebody needs to renew their Let's Encrypt SSL cert. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jennifer Rexford Sent: Wednesday, November 29, 2017 8:08 AM To: Yifeng Zhou Cc: nanog@nanog.org Subject: Re: tracking TCP session hop by hop https://paris-tr

Re: tracking TCP session hop by hop

https://paris-traceroute.net/ > On Nov 28, 2017, at 3:48 PM, Yifeng Zhou wrote: > > Hi Experts, > > Is there any way that we can track TCP session hop by hop? > > Say we have 10 ECMP between A and Z point, what's the easiest way to track > specific session is us

Re: tracking TCP session hop by hop

Have a look at tcptraceroute: https://github.com/mct/tcptraceroute/blob/master/examples.txt On 28 November 2017 at 20:48, Yifeng Zhou wrote: > Hi Experts, > > Is there any way that we can track TCP session hop by hop? > > Say we have 10 ECMP between A and Z point, what's the easiest way to tra

RE: ATT AVPN BGP Communities

Ask your AT&T rep to get you the AVPN routing guide. That have a whole list of functions that can be manipulated by changing community information you send with a route. It is very useful and you would never figure it all out by just messing with it. I would send it to you but I don't have ac

Packet Loss through Level 3 in Southern California?

Hi All, We are an MSP in San Diego that also offers multi-datacenter Colo and Cloud hosting. We are multi-homed with Level 3 and Cogent. A physical server client reported newly slow FTP transfers, so we started a network investigation. Our data (see below) seem to show packet loss through Le

Re: Any one from Akamai here ? Got a problem.

Hi Bob, I’ll forward this to our network team to check the regions on those locations. Jorge Barrantes Senior Solutions Engineer – Enterprise & Carrier Akamai Technologies, Costa Rica Connect with Us:

ATT AVPN BGP Communities

Hey All, Does anyone know if AVPN lets end users set/add their own communities to routes? I see that they stamp several on the routes we originate (Community: 13979:2741 13979:2943 13979:5000 13979:6551) and curious if anyone had luck adding their own before I go start mucking around. Thanks!

tracking TCP session hop by hop

Hi Experts, Is there any way that we can track TCP session hop by hop? Say we have 10 ECMP between A and Z point, what's the easiest way to track specific session is using which path? How we can check between servers(Linux/Unix) and between Routers(Cisco/Juniper etc)? Thanks -Yifeng