Re: WiFi - login page redirection not working

2017-11-30 Thread Vincent Bernat
❦ 30 novembre 2017 18:26 -0800, Owen DeLong  : >> SSL requests are. For example, Google cache's their 301 redirect >> from http://www.google.com to >> https://www.google.com which means clients >> that had access while that browser ps stays acti

RE: End of 2017 hurricane season

2017-11-30 Thread John Souvestre
Any idea what their pre and post traffic levels are? John     John Souvestre - New Orleans LA -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Sean Donelan Sent: 2017 November 30, Thu 21:35 To: nanog@nanog.org Subject: End of 2017 hurricane season November 3

Re: Arista Layer3

2017-11-30 Thread Colton Conor
Jared, Which Arista box do you use for FTTH features? Whats the cost like as FTTH boxes are usually inexpensive, and Arista is not know to be inexpensive compared to something like Calix or Adtran. On Thu, Nov 30, 2017 at 1:32 PM, Jared Mauch wrote: > > > > On Nov 30, 2017, at 2:17 PM, Ken Chas

End of 2017 hurricane season

2017-11-30 Thread Sean Donelan
November 30 is the official end of hurricane season in North America. Puerto Rico's Internet routing announcements are 95% of pre-Maria levels. US Virgin Islands Internet routing announcements are 80% of pre-Maria levels. The #(provider name)sucks tweets on twitter in South Florida and South

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread John R. Levine
Yeah, that's what ARC is intended to do. Hum. My understanding of ARC is that it's a way for a server to assert things about what it received. - Where as my interpretation of what we were discussing is the sender authorizing intermediary MTAs to send the message. The former is after the f

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Grant Taylor via NANOG
On 11/30/2017 06:47 PM, John Levine wrote: I suppose that would make sense for the 0.1% of mailing lists run by people with the skill and interest to hack on their list software. I guess I'm in the 0.1% then. ATPS was an experiment that failed. Nobody uses it, it didn't scale. That's sort

Re: WiFi - login page redirection not working

2017-11-30 Thread Owen DeLong
> On Nov 30, 2017, at 13:24 , Josh Luthman wrote: > > non-SSL requests are not the issue. > > SSL requests are. For example, Google cache's their 301 redirect from > http://www.google.com to https://www.google.com > which means clients that

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread John Levine
In article <3d84c686-aa5f-8180-8a37-be77fef94...@tnetconsulting.net> you write: >I would also configure MLMs to forward unknown bounces to the -owner. >Hopefully the -owner would then feed (a sanitized copy of) the unknown >bounce type the MLM maintainer(s) to improve said MLM. I suppose that wo

Re: Arista Layer3

2017-11-30 Thread joel jaeggli
On 11/30/17 13:00, Ken Chase wrote: > >Arista DCS-7280SRA-48C6 is a 1ru box.?? > > > >Has a nominally million route fib, Jericho+ 8GB of packet buffer. > >control-plane is 8GB of ram andAMD GX-424CC SOC which is 4 core 2.4ghz. > >We do direct fib injection with bird rather than the arista

Re: Arista Layer3

2017-11-30 Thread Nick Hilliard
Ken Chase wrote: > Sounds pretty good - hows your power draw on that thing? Why'd you pick Bird > in this case? this is a 7280SR pushing ~130G-140G of traffic in/out with about 75% of the ports lit: > Router#show env power > Power InputOutput Output > Supply

Re: Arista Layer3

2017-11-30 Thread Job Snijders
On Thu, Nov 30, 2017 at 10:38:53PM +, Nick Hilliard wrote: > Jared Mauch wrote: > > Lots of folks also use MikroTik as well if the traffic is in the 1G > > range or so. > > mikrotik support for ipv6 is still dodgy: recursive next-hop is not > supported in bgp/ipv6: > > https://forum.mikrotik.

Re: Arista Layer3

2017-11-30 Thread Nick Hilliard
Jared Mauch wrote: > Lots of folks also use MikroTik as well if the traffic is in the 1G > range or so. mikrotik support for ipv6 is still dodgy: recursive next-hop is not supported in bgp/ipv6: https://forum.mikrotik.com/viewtopic.php?t=123964#p610239 ... and OSPFv3 routes with the local-addre

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread bzs
I'd love to hear, not here particularly, from someone very knowledgeable about the history of postal fraud and abuse. I suspect there are more than a few parallels and we'd find out how much of our efforts amount to reinventing wheels once one peels away the technical abstractions and jargon. Bas

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread John R. Levine
It's a one way correlation. If the rDNS is busted, you can be pretty sure you don't want the mail. If the rDNS is OK, you need more clues. Pretty sure, but far from certain. Even this one-way correlation is rather tenuous. It’s mostly harmless because everyone knows that mail servers are filt

Re: WiFi - login page redirection not working

2017-11-30 Thread Josh Luthman
non-SSL requests are not the issue. SSL requests are. For example, Google cache's their 301 redirect from http://www.google.com to https://www.google.com which means clients that had access while that browser ps stays active will still attempt https instead of http, regardless of what you actuall

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Grant Taylor via NANOG
On 11/30/2017 12:16 PM, Owen DeLong wrote: it’s a rather large PITA for a small site with an admin that needs to count on most things running on autopilot most of the time in order to survive. I have to disagree with that. I've been running SpamAssassin for > 15 years and have found it to be

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Owen DeLong
> On Nov 30, 2017, at 12:11 , valdis.kletni...@vt.edu wrote: > > On Thu, 30 Nov 2017 11:16:09 -0800, Owen DeLong said: >> i.e. rarely to bank robbers sign their names to the robbery note. > > An amazing number of them use a deposit slip with their name on it for the > note. I’m guessing that t

Re: Arista Layer3

2017-11-30 Thread Ken Chase
>Arista DCS-7280SRA-48C6 is a 1ru box.?? > >Has a nominally million route fib, Jericho+ 8GB of packet buffer. >control-plane is 8GB of ram andAMD GX-424CC SOC which is 4 core 2.4ghz. >We do direct fib injection with bird rather than the arista bgpd but the >control-plane is capable of m

RE: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Keith Medcalf
On Thursday, 30 November, 2017 10:55, Bjørn Mork , wrote: >Steve Atkins writes: >>> On Nov 30, 2017, at 1:22 AM, Bjørn Mork wrote: >>> "John Levine" writes: >> It tells you something about the competence of the operator and >> whether the host is intended by the owners to send email. >No.

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Grant Taylor via NANOG
On 11/30/2017 11:30 AM, John Levine wrote: If you look at the bounce handling in packages like sympa and mailman, they have lots of heuristics to try to figure out what bounces mean. They work OK but I agree they are far from perfect. I never have. Further, I think I'd like to not go insane.

Re: aggregate6 - a fast versatile prefix list compressor

2017-11-30 Thread Job Snijders
Someone suggested I should clarify what 'aggregate6' actually does :-) aggregate6 takes a list of IPv4 and/or IPv6 prefixes in conventional format, and performs two optimisations to attempt to reduce the length of the prefix list. The first optimisation is to remove any supplied prefixes which ar

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread valdis . kletnieks
On Thu, 30 Nov 2017 11:16:09 -0800, Owen DeLong said: > i.e. rarely to bank robbers sign their names to the robbery note. An amazing number of them use a deposit slip with their name on it for the note. pgpLt6XbYQz1w.pgp Description: PGP signature

aggregate6 - a fast versatile prefix list compressor

2017-11-30 Thread Job Snijders
Dear NANOG, I re-implemented the venerable 'aggregate' tool (by Joe Abley & co) in python under the name of 'aggregate6'. The 'aggregate6' tool is faster and also has IPv6 support. https://github.com/job/aggregate6 Installation is can be done through 'pip', or your operating system's package

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Rich Kulawiec
On Thu, Nov 30, 2017 at 10:22:40AM +0100, Bj??rn Mork wrote: > rDNS is not a host attribute, and will therefore tell you exactly > nothing about the host. The lack of rDNS disqualifies a system from being a legitimate mail host. The lack of FCrDNS does the same. (Note that it's usually prudent to

Re: Arista Layer3

2017-11-30 Thread joel jaeggli
On 11/30/17 11:17, Ken Chase wrote: > Back to this discussion! :) Arista as a viable full-table PE router. Was > hoping > for better experience reports since last mention. > > To make the Q bit more general, are there any PE routers yet that can handle > 3-8 > full feeds and use an amp and 1U or

Re: Arista Layer3

2017-11-30 Thread Ken Chase
Thx. Rather steer clear of microtik for now however. Guess I shoulda mentioned a baseline 10G capability at least on 4 sfp+ ports (I know there's some 2port Microtiks too). Everyone's got gig-to-the-home now, I can't see how anyone plans 1G PE builds anymore. They'll be obsolete by the time they'r

Re: Arista Layer3

2017-11-30 Thread Fredrik Korsbäck
On 2017-11-30 19:36, Romeo Czumbil wrote: So I've been using Arista as layer2 for quite some time, and I'm pretty happy with them. Kicking the idea around to turn on some Layer3 features but I've been hearing some negative feedback. The people that I did hear negative feedback don't use Arista

Re: Arista Layer3

2017-11-30 Thread Jared Mauch
> On Nov 30, 2017, at 2:17 PM, Ken Chase wrote: > > Back to this discussion! :) Arista as a viable full-table PE router. Was > hoping > for better experience reports since last mention. > > To make the Q bit more general, are there any PE routers yet that can handle > 3-8 > full feeds and us

Re: Arista Layer3

2017-11-30 Thread Ken Chase
Back to this discussion! :) Arista as a viable full-table PE router. Was hoping for better experience reports since last mention. To make the Q bit more general, are there any PE routers yet that can handle 3-8 full feeds and use an amp and 1U or so instead of 5 and 4U? Or we're ito whitebox/ ope

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Owen DeLong
> On Nov 30, 2017, at 10:28 , John Levine wrote: > > In article you write: >>> Or, for a more empirical way to look at it, there's reasonable correlation >>> between having missing, generic or incorrect reverse DNS and the host >>> being a source of unwanted or malicious email. >> >> I’m not s

Re: WiFi - login page redirection not working

2017-11-30 Thread Owen DeLong
> On Nov 30, 2017, at 10:15 , William Herrin wrote: > > On Thu, Nov 30, 2017 at 1:08 PM, Owen DeLong > wrote > > On Nov 30, 2017, at 08:20 , Josh Luthman > > wrote: > > > >> If TLS would somehow allow you to redirect... > > > > No bu

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread John Levine
In article you write: >> Without something like VERP to encode the original recipient in the return >> address, the percentage of bounces your list successfully processes each >> month will slowly but steadily decline. > >I think it's entirely possible to teach MLMs about the most common forms

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread John Levine
In article you write: >> Or, for a more empirical way to look at it, there's reasonable correlation >> between having missing, generic or incorrect reverse DNS and the host >> being a source of unwanted or malicious email. > >I’m not so sure about that. It's a one way correlation. If the rDNS is

Re: Arista Layer3

2017-11-30 Thread Tyler Conrad
For Enterprise/DC, it works great. For service provider, they're not 100% yet. The main issue is going to be around VRFs, as there's no interaction between them (at least in the code version I'm on, that may have changed recently or be changing soon). They'll work great as a P-Router, but if you ne

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Grant Taylor via NANOG
On 11/30/2017 01:53 AM, Benoit Panizzon wrote: DKIM is not widely used and DKIM does break a lot of mailinglists and sometimes also SRS compliant forwarding. How does DKIM break SRS compliant forwarding? (Assuming that only the message envelope is modified.) Or are you referring to DMARC's

Arista Layer3

2017-11-30 Thread Romeo Czumbil
So I've been using Arista as layer2 for quite some time, and I'm pretty happy with them. Kicking the idea around to turn on some Layer3 features but I've been hearing some negative feedback. The people that I did hear negative feedback don't use Arista themselves. (they just heard) So do we

Re: WiFi - login page redirection not working

2017-11-30 Thread William Herrin
On Thu, Nov 30, 2017 at 1:08 PM, Owen DeLong wrote > > On Nov 30, 2017, at 08:20 , Josh Luthman > wrote: > > > >> If TLS would somehow allow you to redirect... > > > > No but it would be nice to have a solution that redirects the user > instead > > of "this page can't load" creating confusion.

Re: WiFi - login page redirection not working

2017-11-30 Thread Owen DeLong
> On Nov 30, 2017, at 08:20 , Josh Luthman wrote: > >> If TLS would somehow allow you to redirect... > > No but it would be nice to have a solution that redirects the user instead > of "this page can't load" creating confusion. A well-known non-SSL (non-HSTS) URL that users could use for this

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Owen DeLong
> On Nov 30, 2017, at 09:55 , Bjørn Mork wrote: > > Steve Atkins writes: > >>> On Nov 30, 2017, at 1:22 AM, Bjørn Mork wrote: >>> >>> "John Levine" writes: >>> Broken rDNS is just broken, since there's approximately no reason ever to send from a host that doesn't know its own nam

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Owen DeLong
> On Nov 30, 2017, at 09:03 , Steve Atkins wrote: > > >> On Nov 30, 2017, at 1:22 AM, Bjørn Mork wrote: >> >> "John Levine" writes: >> >>> Broken rDNS is just broken, since there's approximately no reason ever >>> to send from a host that doesn't know its own name. >> >> rDNS is not a host

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Bjørn Mork
Steve Atkins writes: >> On Nov 30, 2017, at 1:22 AM, Bjørn Mork wrote: >> >> "John Levine" writes: >> >>> Broken rDNS is just broken, since there's approximately no reason ever >>> to send from a host that doesn't know its own name. >> >> rDNS is not a host attribute, and will therefore tell

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Steve Atkins
> On Nov 30, 2017, at 1:22 AM, Bjørn Mork wrote: > > "John Levine" writes: > >> Broken rDNS is just broken, since there's approximately no reason ever >> to send from a host that doesn't know its own name. > > rDNS is not a host attribute, and will therefore tell you exactly > nothing about t

Re: WiFi - login page redirection not working

2017-11-30 Thread Josh Luthman
>If TLS would somehow allow you to redirect... No but it would be nice to have a solution that redirects the user instead of "this page can't load" creating confusion. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Nov 30, 2017 at 2:02 AM

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Bjørn Mork
"John Levine" writes: > Broken rDNS is just broken, since there's approximately no reason ever > to send from a host that doesn't know its own name. rDNS is not a host attribute, and will therefore tell you exactly nothing about the host. Bjørn

Re: Incoming SMTP in the year 2017 and absence of DKIM

2017-11-30 Thread Benoit Panizzon
Hi > For those who operate public facing SMTPd that receive a large volume > of incoming traffic, and accordingly, a lot of spam... > > How much weight do you put on an incoming message, in terms of adding > additional score towards a possible value of spam, for total absence > of DKIM signature?