> dynamic: dynamika
> static: statik
>
One wonders how this will be handled when the flood of non-Latin domains
starts. Are these RBL maintainers really going to figure out how many
different ways there are to say the (English/Latin) equivalent of
"static" in Chinese, Cyrillic, Swahili, etc.
on Wed, Dec 16, 2009 at 09:27:06PM -0500, Mike Lieman wrote:
> >
> > ...and if people used "static" and "dynamic" keywords in DNS as I suggested
> > in my previously mentioned draft,
>
> What are the words for "static" and "dynamic" in Lower Sorbian?
I was bored so I looked them up. :-)
dynamic:
On Wed, Dec 16, 2009 at 9:07 PM, wrote:
> On Wed, 16 Dec 2009 09:21:42 PST, Matthew Petach said:
>> You clearly haven't set up webmail farms to handle half a billion accounts
>> before. ^_^;
>
> Yes, but we all already know who those 800 pound gorillas are. If you're
> doing automagic handling o
On Wed, 16 Dec 2009 09:21:42 PST, Matthew Petach said:
> You clearly haven't set up webmail farms to handle half a billion accounts
> before. ^_^;
Yes, but we all already know who those 800 pound gorillas are. If you're
doing automagic handling of this sort of DNS data, and not using a regexp
to
>
> ...and if people used "static" and "dynamic" keywords in DNS as I suggested
> in my previously mentioned draft,
>
>
What are the words for "static" and "dynamic" in Lower Sorbian?
Hi,
On Thu, 2009-12-10 at 16:55 +, Sven Olaf Kamphuis wrote:
> thing is that it's illegal to maintain a database with "personal details"
> which ip addresses according to various german courts are (don't ask..
> mmk? ;) ofcourse we all know ip addresses identify nodes on a network, not
> perso
> -Original Message-
> From: Michelle Sullivan [mailto:matt...@sorbs.net]
> Sent: Wednesday, December 16, 2009 6:09 PM
> To: nanog@nanog.org
> Subject: Re: Arrogant RBL list maintainers
>
> Please reply to the list, not me and the list!
>
> Sven Olaf Kamphu
on Wed, Dec 16, 2009 at 06:01:51PM +0100, Michelle Sullivan wrote:
> ...and if people used "static" and "dynamic" keywords in DNS as I
> suggested in my previously mentioned draft, there would be *NO NEED*
> for DUL/DUHL/PBL lists at all because people could create a very
> simple set of patterns t
Niels Bakker wrote:
* matt...@sorbs.net (Michelle Sullivan) [Wed 16 Dec 2009, 17:41 CET]:
[..]
. The obvious answer is if you have signed SLAs then you should
adhere to those SLAs as a minimum and give better service if time
allows... Hands up those who have an SLA (free or not) with an RB
* matt...@sorbs.net (Michelle Sullivan) [Wed 16 Dec 2009, 17:41 CET]:
[..]
. The obvious answer is if you have signed SLAs then you should
adhere to those SLAs as a minimum and give better service if time
allows... Hands up those who have an SLA (free or not) with an RBL
maintainer... I do
Matthew Petach wrote:
Take a look at the reverse DNS for the entire 66.163.178.0/23 subnet;
you'll find that when you're doing things at large scale, you can't really
get away from having sequentially numbered reverse DNS entries all
in a row, exactly as you seem to think "Nobody has". :/
Of
On Wed, Dec 16, 2009 at 5:21 AM, wrote:
> On Wed, 16 Dec 2009 07:06:55 EST, Mike Lieman said:
>
>> What's the word for 'mail server' in Lower Sorbian, and does your algorithm
>> properly detect it in a hostname? See the problem here?
>
> When the hostname at that IP address is exactly one increm
Please reply to the list, not me and the list!
Sven Olaf Kamphuis wrote:
thing is that it's illegal to maintain a database with "personal details"
which ip addresses according to various german courts are (don't ask..
mmk? ;) ofcourse we all know ip addresses identify nodes on a network, not
per
Mikael Abrahamsson wrote:
On Wed, 9 Dec 2009, Frank Bulk wrote:
Two sides of an SP's coin: I want to maximize my e-mail servers'
deliverability, so I make sure those have appropriately named PTRs
and make
sure that outbound messages aren't spammy; I also want to restrict
The point he was tr
most on this list
are the competent admins, a minority being people learning (nothing
wrong with that!) but unfortunately there are some who are not and they
don't care that they are not.
I know that makes me an arrogant w***er, or another one of those
"Arrogant RBL list maintainers
On Wed, 16 Dec 2009, James Hess wrote:
On Tue, Dec 15, 2009 at 11:30 PM, Adam Armstrong wrote:
personally, i'd recommend not being a dick and setting valid *meaningful*
reverse dns for things relaying mail.
Many sites don't use names that will necessarily be meaningful to an outsider.
Sometim
valdis.kletni...@vt.edu wrote:
When the hostname at that IP address is exactly one incremented character
different than the preceding address, and one decremented character different
than the following address, and that pattern holds across a /24, they're
probably not mail servers. Nobody has 25
On Wed, 16 Dec 2009 07:06:55 EST, Mike Lieman said:
> What's the word for 'mail server' in Lower Sorbian, and does your algorithm
> properly detect it in a hostname? See the problem here?
When the hostname at that IP address is exactly one incremented character
different than the preceding addre
On Wed, Dec 16, 2009 at 7:06 AM, Mike Lieman wrote:
> Wouldn't SPF ( RFC 4408) tell people more about where the real mailservers
> are than some half-baked idea of trying to enforce what hostnames should
> look like?
>
> What's the word for 'mail server' in Lower Sorbian, and does your algorithm
>
On Wed, Dec 16, 2009 at 12:12:22AM -0600, James Hess wrote:
> Many sites don't use names that will necessarily be meaningful to an outsider.
Then they should expect issues with mail acceptance by outsiders.
> Some sites might want to avoid certain "meaningful" RDNS entries
> since spammers, h
Wouldn't SPF ( RFC 4408) tell people more about where the real mailservers
are than some half-baked idea of trying to enforce what hostnames should
look like?
What's the word for 'mail server' in Lower Sorbian, and does your algorithm
properly detect it in a hostname? See the problem here?
On We
On 16/12/2009 06:12, James Hess wrote:
On Tue, Dec 15, 2009 at 11:30 PM, Adam Armstrong wrote:
personally, i'd recommend not being a dick and setting valid *meaningful*
reverse dns for things relaying mail.
Many sites don't use names that will necessarily be meaningful to an outsider
Security by obscurity, in this day and age? :)
On Wed, Dec 16, 2009 at 11:42 AM, James Hess wrote:
> As is common for many domains.
> Spammers coming in by scanning large ranges of IPs, have no
> pointer to report the mailserver they discovered is �...@example.com
> inbound (or outbound)
On Tue, Dec 15, 2009 at 11:30 PM, Adam Armstrong wrote:
> personally, i'd recommend not being a dick and setting valid *meaningful*
> reverse dns for things relaying mail.
Many sites don't use names that will necessarily be meaningful to an outsider.
Sometimes the non-meaningful name is the actua
On 09/12/2009 15:18, Sven Olaf Kamphuis wrote:
a84-22-xx-xx.cb3rob.net. as it's RFC complient and we cannot be fucked to
haha. and what precisely did you expect? that's not really what most
people would consider valid reverse dns for a mail relay. (operational
practice often beats RFC whe
[ Note: you're not talking about the RBL. You're talking about
a DNSBL or RHSBL, which are generic terms. The RBL is a specific
DNSBL and, as far as I know, does not have a listing policy related
to this discussion. ]
On Wed, Dec 09, 2009 at 03:18:47PM +, Sven Olaf Kamphuis wrote:
> because
>thing is that it's illegal to maintain a database with "personal details"
>which ip addresses according to various german courts are (don't ask..
I've actually looked at some of the German decisions, and I didn't see
anything that would be a problem for DNSBLs
But if you're getting legal advice
on Thu, Dec 10, 2009 at 09:27:44AM -0800, Michael Thomas wrote:
> On 12/10/2009 09:06 AM, Joe Abley wrote:
>> I think Mark means "the question of whether a particular address is
>> statically-assigned or dynamically-assigned", but...
>
> Which assumes that that's the question that actually needs t
On 12/10/2009 09:06 AM, Joe Abley wrote:
On 2009-12-10, at 16:42, Michael Thomas wrote:
On 12/10/2009 08:38 AM, Mark Andrews wrote:
The way to do this is to put other data in the ip6.arpa/in-addr.arpa and
stop trying to infer things from the PTR records.
Sigh. What is the "this" to which y
On 2009-12-10, at 16:42, Michael Thomas wrote:
> On 12/10/2009 08:38 AM, Mark Andrews wrote:
>
>> The way to do this is to put other data in the ip6.arpa/in-addr.arpa and
>> stop trying to infer things from the PTR records.
>
> Sigh. What is the "this" to which you refer?
I think Mark means "t
> RBLs are neither authorised (EU privacy laws anyone?), nor the appointed
> authority to keep databases on "whats static or not". RIRs -are-, if
> anyone should maintain a database on such things, i'd be the rirs
> (which they have, it's called "whois", it just lacks a field that
> indicates the t
Hi!
thing is that it's illegal to maintain a database with "personal details"
which ip addresses according to various german courts are (don't ask..
mmk? ;) ofcourse we all know ip addresses identify nodes on a network, not
persons, but the germans seem to mainain a different view on this,
despi
thing is that it's illegal to maintain a database with "personal details"
which ip addresses according to various german courts are (don't ask..
mmk? ;) ofcourse we all know ip addresses identify nodes on a network, not
persons, but the germans seem to mainain a different view on this,
despite us i
Hi!
RBLs are neither authorised (EU privacy laws anyone?), nor the appointed
authority to keep databases on "whats static or not". RIRs -are-, if
anyone should maintain a database on such things, i'd be the rirs
(which they have, it's called "whois", it just lacks a field that
indicates the type
>
> On 12/10/2009 7:29 AM, Sam Hayes Merritt, III wrote:
> > As previously noted in this thread, msulli...@sorbs did a fairly good
> > job of documenting this in an RFC draft. I'd say its still the primary
> > goto to point people at for how to do things the "right way".
> >
> > http://tools.ietf.o
On 12/10/2009 08:38 AM, Mark Andrews wrote:
In message<4b211da6.9000...@mtcc.com>, Michael Thomas writes:
To Crocker's point though: if IETF came up with a way to publish your network's
dynamic space (assuming that's The Problem!), would operators do that? Or is
this another case where the energ
In message <4b211da6.9000...@mtcc.com>, Michael Thomas writes:
> On 12/10/2009 07:54 AM, Steven Champeon wrote:
> > In a nutshell, if you're not clearly indicating mail sources as mail
> > sources, don't expect great deliverability. If you're running a Web
> > hosting shop and don't have rate-limi
> I'm a bit confused by what it
> means to have an "internal" static public IP
"internal" means behind the firewall (which everything is,
transparently). We don't NAT because we don't have to .. the 1918 space
is used for stuff we don't want to be routable (like thermostats).
> that they have th
on Thu, Dec 10, 2009 at 08:11:18AM -0800, Michael Thomas wrote:
> I'd say that Mikael Abrahamsson's sentiment (or at least the way I read
> it) would be a better start: take a step back and ask what the problem is.
Well, as I see it, the problem is a widespread and systemic failure to
prevent mass
on Thu, Dec 10, 2009 at 07:43:36AM -0800, Dave CROCKER wrote:
>
>
> On 12/10/2009 7:29 AM, Sam Hayes Merritt, III wrote:
>> As previously noted in this thread, msulli...@sorbs did a fairly good
>> job of documenting this in an RFC draft. I'd say its still the primary
>> goto to point people at for
On 12/10/2009 07:54 AM, Steven Champeon wrote:
In a nutshell, if you're not clearly indicating mail sources as mail
sources, don't expect great deliverability. If you're running a Web
hosting shop and don't have rate-limited outbound smarthosts, expect all
your clients' mail to be suspected of be
on Thu, Dec 10, 2009 at 10:48:05AM -0500, Michael Holstein wrote:
> Like many places, we run seperate internal and external DNS .. when a
> user requests a static IP, they can opt to make it "external", but few
> do, since we point out that when they do that, they loose the anonymity
> of the "gene
on Thu, Dec 10, 2009 at 09:29:15AM -0600, Sam Hayes Merritt, III wrote:
>
>> Creating a standard on what to put in WHOIS/DNS for
>> dynamic/static/infrastructure would make a lot of sense, seems nobody is
>> doing it though.
>
> As previously noted in this thread, msulli...@sorbs did a fairly goo
> Is your network setup so chaotic that you don't know what address
> chunks are allocated by DHCP or PPP?
Aww .. stop it, just stop. I could send the .vsd of the network overview
to everyone and there'd still be someone that'd chime in and say "Ha!
you moron .. you used ORANGE lines to interco
On 12/10/2009 7:29 AM, Sam Hayes Merritt, III wrote:
As previously noted in this thread, msulli...@sorbs did a fairly good
job of documenting this in an RFC draft. I'd say its still the primary
goto to point people at for how to do things the "right way".
http://tools.ietf.org/html/draft-msull
Creating a standard on what to put in WHOIS/DNS for
dynamic/static/infrastructure would make a lot of sense, seems nobody is
doing it though.
As previously noted in this thread, msulli...@sorbs did a fairly good job
of documenting this in an RFC draft. I'd say its still the primary goto to
On Thu, Dec 10, 2009 at 8:20 AM, Tony Finch wrote:
> On Thu, 10 Dec 2009, Chris Edwards wrote:
>> On Wed, 9 Dec 2009, Michael Holstein wrote:
>>
>> | Their initial email said :
>> |
>> | [snip]
>> | Trend Micro Notification: 137.148.0.0/16 added to DUL
>> | [snip]
>>
>> Oh dear. I can see why man
On Thu, 10 Dec 2009, Chris Edwards wrote:
> On Wed, 9 Dec 2009, Michael Holstein wrote:
>
> | Their initial email said :
> |
> | [snip]
> | Trend Micro Notification: 137.148.0.0/16 added to DUL
> | [snip]
>
> Oh dear. I can see why many sites that once used MAPS now don't :-(
It isn't just idiocy
On Wed, 9 Dec 2009, Michael Holstein wrote:
| Their initial email said :
|
| [snip]
| Trend Micro Notification: 137.148.0.0/16 added to DUL
| [snip]
Oh dear. I can see why many sites that once used MAPS now don't :-(
On Wed, 9 Dec 2009, Frank Bulk wrote:
Two sides of an SP's coin: I want to maximize my e-mail servers'
deliverability, so I make sure those have appropriately named PTRs and make
sure that outbound messages aren't spammy; I also want to restrict
The point he was trying to make is that there is
ilto:se...@rollernet.us]
Sent: Wednesday, December 09, 2009 1:24 PM
To: nanog@nanog.org
Subject: Re: Arrogant RBL list maintainers
Michael Holstein wrote:
>
> Suit yourself .. but you can't arbitrarily force the Internet as a whole
> to adopt an unwritten standard just to make your l
hael.holst...@csuohio.edu]
Sent: Wednesday, December 09, 2009 3:18 PM
To: Ken Chase
Cc: nanog@nanog.org
Subject: Re: Arrogant RBL list maintainers
> To be clear: because the legitimate mailserver with a proper non-generic
> reverse was in a block with other generic reverses, they blacklisted
>1) TOTAL ALLOCATED SPACE in CIDR format
> Please include all information for the space you announce.
> The total of Static and Dynamic space must equal the
> Total Allocated Space.
>2) DYNAMIC SPACE LIST - in CIDR format
>3) STATIC SPACE LIST - in CIDR Format
>[snip]
>
>Which was,
On Wed, 9 Dec 2009, Michael Holstein wrote:
Their initial email said :
[snip]
Trend Micro Notification: 137.148.0.0/16 added to DUL
[snip]
That's just lazy/sloppy. A quick survey of your /16 suggests that the
majority of it has PTRs in the format of csu-137-148-36-160.csuohio.edu,
which lo
> To be clear: because the legitimate mailserver with a proper non-generic
> reverse was in a block with other generic reverses, they blacklisted you?
>
Their initial email said :
[snip]
Trend Micro Notification: 137.148.0.0/16 added to DUL
[snip]
and then went on to say :
[snip]
To work wi
> All of the DNSBLs I know are about outbound mail hosts, not inbound
> ones. What are your sending hosts called?
>
Outbound goes through the same 4 boxes. We used to split it up (2 at
MX10, 2 at MX20 .. reversed for outbound) but for capital
(licensing/hardware) reasons we decided to do in/o
>;; ANSWER SECTION:
>csuohio.edu.10800INMX10 antispam5.csuohio.edu.
>csuohio.edu.10800INMX10 antispam4.csuohio.edu.
>csuohio.edu.10800INMX10 antispam3.csuohio.edu.
>csuohio.edu.10800INMX10 antispam2.csuohio.edu.
>(and)
On Wed, 09 Dec 2009 15:09:20 EST, Ken Chase said:
> To be clear: because the legitimate mailserver with a proper non-generic
> reverse was in a block with other generic reverses, they blacklisted you?
>
> That's egregiously harsh.
>
> SORBS was blocking a customer for a generic reverse entry, I
To be clear: because the legitimate mailserver with a proper non-generic
reverse was in a block with other generic reverses, they blacklisted you?
That's egregiously harsh.
SORBS was blocking a customer for a generic reverse entry, I gave them a legit
looking reverse (that fwds properly too), so
Michael Holstein wrote:
No, we do have it correct .. they wanted us to fix all the *other* ones
(that can't even send mail because they're firewalled from doing so) ..
$ dig -t mx csuohio.edu
[..]
;; ANSWER SECTION:
csuohio.edu.10800INMX10 antispam5.csuohio.edu.
csuohio.edu.
> One could argue that you are *not* complying by using a generic PTR
> for a mail server. Some would say that a serious mail server should
> have proper DNS records, others will say that you should accept mail
> from any IP no matter what.
No, we do have it correct .. they wanted us to fix all t
Michael Holstein wrote:
Suit yourself .. but you can't arbitrarily force the Internet as a whole
to adopt an unwritten standard just to make your lives easier. If we
encounter problems with our end-users and not being able to deliver
email reliably to one of your customers, we'll have them call
> we've basically told them to go to hell and we advise everyone who uses
> their RBL lists to remove their RBLs from their configs, as what we have
> here is a mismanaged list.
>
Same thing we told them (snippit of my response below).
Cheers,
Michael Holstein
Cleveland State University
>
On Wed, Dec 9, 2009 at 11:57 AM, William Herrin
wrote:
> If you haven't made the effort to set up and secure a mail server then
perhaps his ISP does something dumb (like verizon does) and only
delegates to one server, which may/may-not be available at the time of
the incident? (or is blocked/dow
On Wed, 9 Dec 2009, Mike Lieman wrote:
Is there an RFC detailing that specific text strings must be used for static
v. dynamic addresses?
There's this expired draft
http://tools.ietf.org/id/draft-msullivan-dnsop-generic-naming-schemes-00.txt
But really, the rdns should just clearly indicate t
Mike Lieman wrote:
> Is there an RFC detailing that specific text strings must be used for static
> v. dynamic addresses?
>
> I can understanding keeping rDNS in sync, but that's not the issue here, is
> it?
>
There is no RFC that I'm aware of, but I'd say it's pretty common for
PTR records that
On Dec 9, 2009, at 12:11 PM, Mike Lieman wrote:
> Is there an RFC detailing that specific text strings must be used for static
> v. dynamic addresses?
>
Well there is this draft Document, FWIW,
http://tools.ietf.org/id/draft-msullivan-dnsop-generic-naming-schemes-00.txt
Which contains sugges
Is there an RFC detailing that specific text strings must be used for static
v. dynamic addresses?
I can understanding keeping rDNS in sync, but that's not the issue here, is
it?
On Wed, Dec 9, 2009 at 11:57 AM, William Herrin
wrote:
> On Wed, Dec 9, 2009 at 10:18 AM, Sven Olaf Kamphuis
> wrote
On Wed, Dec 9, 2009 at 10:18 AM, Sven Olaf Kamphuis
wrote:
> We've noticed that Trend Micro "mail-abuse.com" just "assumes" ips are
> dynamic by default,
>
> because they just assume that working, rfc compliant, reverse dns that
> just-so-happens to be automatically generated would indicate dynami
Hi NANOG readers,
We've noticed that Trend Micro "mail-abuse.com" just "assumes" ips are
dynamic by default, adds them to their stupid list, and then expects US to
update -their- database -for them- for free to get them off their stupid
list again. (as ofcourse our customers bug us when their emai
70 matches
Mail list logo
