At 14:00 11/03/02 +1300, Richard Parry wrote:
Yep, I've definitely noticed it :) It got me annoyed enough to turn Postfix into a mail rejecter :) Here's what I've stuck in /etc/postfix/main.cf: [snip] Note that you need permit_mynetworks under the helo restrictions so that you still accept email from Outlook Express clients and the like (if this is your SMTP gateway for ISP customers) - OE will not present a FQDN for itself regardless of operating system (I believe it presents the NBT name).
I think you'll find just about all end user email software does this.
I'd be curious to know what sorts of policies ISPs have within NZ, and why. Before I put in my filters, most of my mail was spam - and this just isn't right :) Apart from the UCE recieved recently (I too got the "DHS Clubshop" mail) from within NZ, our local networks are really quiet.
I've been trialing orbz and ordb in the last couple of months (not related to orbs) and they've been very good. Naturally I've kept a very close eye on it, but I've only had 2 instance where genuine mail wasn't getting through that I know of - and in both cases they WERE actually open relays. I was easily able to add an exclusion for those two servers until they got off their ass and fixed their open relay. (Both did after a couple of weeks) Both also have good and fast removal policies so they're not the sort of list that once you get on you can never get off...(ala the original orbs :) When I first started using them it cut the spam by 80%, I'd hate to think what it would be now without it.
Certainly, I've been tempted to just block addresses from Asia... Most of the spam I saw before I put in my filters was for cheap Thai sex prostitues and whatnot. I'm just not that kind of girl :)
Well 90% of the ip addresses that I found were all Korea :/ One extremely prolific spammer in case anyone is interested is 4.42.113.104, which belongs to genuity's netblock. Even after blocking them with 550 Rejects, they're constantly hammering on our server every half hour. I suspect there is fat chance about Genuity doing anything about them, I've heard they don't have a good rep when it comes to shutting down spammers...:) Regards, Simon - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, Mar 12, 2002 at 11:49:26AM +1300, Simon Byrnand wrote:
One extremely prolific spammer in case anyone is interested is 4.42.113.104, which belongs to genuity's netblock. Even after blocking them with 550 Rejects, they're constantly hammering on our server every half hour. I suspect there is fat chance about Genuity doing anything about them, I've heard they don't have a good rep when it comes to shutting down spammers...:)
If you have a specific address - then just put a packet filter into your border router. Or even better - ask your upstream to do it. Dean - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
At 12:25 12/03/02 +1300, Dean Pemberton wrote:
On Tue, Mar 12, 2002 at 11:49:26AM +1300, Simon Byrnand wrote:
One extremely prolific spammer in case anyone is interested is 4.42.113.104, which belongs to genuity's netblock. Even after blocking them with 550 Rejects, they're constantly hammering on our server every half hour. I suspect there is fat chance about Genuity doing anything about them, I've heard they don't have a good rep when it comes to shutting down spammers...:)
If you have a specific address - then just put a packet filter into your border router. Or even better - ask your upstream to do it.
Yeah I thought about that, but its not annoying enough to do anything about yet. It just amuses me that they keep trying :) Regards, Simon - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
If you have a specific address - then just put a packet filter into your border router. Or even better - ask your upstream to do it.
try http://spamassassin.org/ if you have perl, (you don't have perl?) it's installable via CPAN. also, get the Razor database add-on as well, it contains the "checksum" of each reported spam, identification of spam using this method is really cool. procmail required. tcgs Some examples: Date: Tue, 12 Mar 2002 16:36:01 -1700 From: spyglasst5042(a)yahoo.com To: Undisclosed.Recipients(a)camelot.tdce.com.au Subject: *****SPAM***** last chance! cellphone antenna booster SPAM: -------------------- Start SpamAssassin results ---------------------- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (15.15 hits, 6 required) SPAM: Hit! (4.24 points) Faked To "Undisclosed-Recipients" SPAM: Hit! (1.2 points) From: does not include a real name SPAM: Hit! (0.5 points) Subject has an exclamation mark SPAM: Hit! (1.94 points) From: ends in numbers SPAM: Hit! (2.37 points) Invalid Date: header (timezone does not exist) SPAM: Hit! (3 points) Listed in Razor, see http://razor.sourceforge.net/ SPAM: Hit! (1.9 points) Forged yahoo.com 'Received:' header found SPAM: SPAM: -------------------- End of SpamAssassin results --------------------- As seen on late night television. Now you can purchase your own cell phone booster for the fraction of the advertised price Date: Wed, 13 Mar 2002 03:06:11 -0500 From: pnczx(a)jubiipost.dk To: cpbnr(a)luso.pt Subject: *****SPAM***** Underground Mailing Service.. 24487 SPAM: -------------------- Start SpamAssassin results ---------------------- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (21 hits, 6 required) SPAM: Hit! (1.2 points) From: does not include a real name SPAM: Hit! (1 point) Subject contains lots of white space SPAM: Hit! (0.01 points) BODY: Asks you to click below SPAM: Hit! (1 point) BODY: Claims you can be removed from the list SPAM: Hit! (1 point) BODY: Uses a dotted-decimal IP address in URL SPAM: Hit! (1.8 points) BODY: Tells you to click on a URL SPAM: Hit! (1.82 points) BODY: Link to a URL containing "remove" SPAM: Hit! (1.56 points) Contains phrases frequently found in spam SPAM: [score: 72, hits: click here, email address,] SPAM: [from future, from our, future mailings, list] SPAM: [click, mailing list, more information, one our,] SPAM: [received this, removed from, this email, you] SPAM: [must, your email] SPAM: Hit! (3 points) Listed in Razor, see http://razor.sourceforge.net/ SPAM: Hit! (1 point) spam-phrase score is over 20 SPAM: Hit! (1 point) spam-phrase score is over 30 SPAM: Hit! (3.33 points) HTML-only mail, with no text version SPAM: Hit! (0.8 points) Received via known spam-harbouring dialups SPAM: Hit! (1 point) Received via a relay in orbs.dorkslayers.com SPAM: [RBL check: found 140.64.129.61.orbs.dorkslayers.com.] SPAM: Hit! (1.48 points) Subject contains a unique ID number SPAM: SPAM: -------------------- End of SpamAssassin results --------------------- <html> <body> <p><b><font size="5" color="#FF0000">Hot Girls And Wild Horses!</font></b><br> - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
I have been trying to get the sysadm for ns1.dns.net.nz to reduce the default TTL for the popular .nz second level zones from 86400 seconds [1 day] to a lower value. Given the load on the zone and the number/diversity of name servers, one would have thought a lower number would be a reasonable ask. The problem I have discovered is that writing to the soa email of hostmaster.domainz.net.nz gets me to the land of buffonery. I have swapped several emails and have only been provided with an answer that bears no relevance to the question. Are there others here who would support a reduction in the TTL for at least .co.nz ? Maybe we can get together and go on a united search for clue to have it changed. regards Peter Mott Chief Enthusiast 2DAY INTERNET LIMITED It's kind of fun to do the impossible - Walt Disney -/- - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, 14 Mar 2002, Peter Mott wrote:
I have been trying to get the sysadm for ns1.dns.net.nz to reduce the default TTL for the popular .nz second level zones from 86400 seconds [1 day] to a lower value.
Given the load on the zone and the number/diversity of name servers, one would have thought a lower number would be a reasonable ask.
A quick check of some other 1LDs and 2LDs shows that most of them are set at one day including .com , .net and .com.au . Some of .de and .uk appears to be smaller however. Perhaps you could outline the pros and cons of the change, especially since AFAIK 3LDs in .nz are only updated twice a day. -- Simon Lyall. | Newsmaster | Work: simon.lyall(a)ihug.co.nz Senior Network/System Admin | Postmaster | Home: simon(a)darkmere.gen.nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
From: "Peter Mott"
Are there others here who would support a reduction in the TTL for at least .co.nz ?
Yes, something like four hours would be a reasonable compromise between load and practical requirements. In theory a TTL of one day is not an issue if Name Servers are changed to another server with an identical zone file. In practice the reason for changing Name Servers is usually "something is broken" e.g. a dispute and the provider has dumped the zone. The problem being that caching resolvers will cache the fact that a zone doesn't have any usable Name Servers (Hmm, remember Microsoft), so it takes 24 hours before a broken zone will burst back in to life. Far to long for a business.... a TTL of 4 hours means thay can be back online by 3pm. Cheers BG. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
In theory a TTL of one day is not an issue if Name Servers are changed to another server with an identical zone file.
That is almost never the case. Changes to resource records are nearly always made at the same time as the delegation is changed.
In practice the reason for changing Name Servers is usually "something is broken" e.g. a dispute and the provider has dumped the zone.
We find most requests relate to a business decision to change service provider, although above certainly occurs :-)
The problem being that caching resolvers will cache the fact that a zone doesn't have any usable Name Servers (Hmm, remember Microsoft), so it takes 24 hours before a broken zone will burst back in to life.
Yep, not to mention mail being delivered to mail servers that are no longer configured to accept mail for a domain, and web sites that are off the air for a time longer than they need to be. Some folk may suggest change the RR's in the old name servers first then change delegation later. In the old days when technical clue and cooperation was alive and well this is a reasonable suggestion. Not these days! regards Peter Mott Chief Enthusiast 2DAY INTERNET LIMITED It's kind of fun to do the impossible - Walt Disney -/- - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, 14 Mar 2002, Peter Mott wrote:
Some folk may suggest change the RR's in the old name servers first then change delegation later. In the old days when technical clue and cooperation was alive and well this is a reasonable suggestion. Not these days!
This sounds more like an education issue than a technical one. It's long been my view that a limited amount of "compulsory education" for people when they sign up for a domain would be a good thing -- so that they know what their rights *and responsibilities* are, from both business and technical perspectives (*). Having said that, getting the .nz TTL changed is likely to be a lot easier than getting Domainz web pages changed, or for that matter, getting agreement to provide that education from the SRS participants. :-( -Martin (* That doesn't mean we have to teach them the whole nine yards of an IP stack, but they should be made aware that things cannot not happen instantaneously, and if they fail to give at least 2n hours notice (n=24) when they want changes, then things are going to be broken. To back that up, a code of conduct for ISPs should include being graceful about giving up customers; that we don't just chop them off the moment the delegation is removed. If they're paying for service then we should continue to provide it, if necessary by proxying for their new ISP.) - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wednesday, March 13, 2002, at 09:00 , Martin D Kealey wrote:
(* That doesn't mean we have to teach them the whole nine yards of an IP stack, but they should be made aware that things cannot not happen instantaneously, and if they fail to give at least 2n hours notice (n=24) when they want changes, then things are going to be broken.
On the other hand, Domainz could change the arbitrary 24 hour component to something more convenient, and consequently serve their customers better. There is no technical reason I can think of to nail the TTLs at 24 hours instead of choosing a lower value which still presents an acceptable load on the authoritative nameservers. TTLs on delegations under other TLDs are interesting, but not especially relevant. "That's the way that Verisign Registry does it" is rarely good justification for anything. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
I don't mind putting forward a recommendation to the Domainz CEO to change the TTL, if all parties agree it is a good thing. I have no doubt that Don Stokes will have an opinion, but getting a consensus would be an excellent starting point. /R Joe Abley wrote:
On Wednesday, March 13, 2002, at 09:00 , Martin D Kealey wrote:
(* That doesn't mean we have to teach them the whole nine yards of an IP stack, but they should be made aware that things cannot not happen instantaneously, and if they fail to give at least 2n hours notice (n=24) when they want changes, then things are going to be broken.
On the other hand, Domainz could change the arbitrary 24 hour component to something more convenient, and consequently serve their customers better. There is no technical reason I can think of to nail the TTLs at 24 hours instead of choosing a lower value which still presents an acceptable load on the authoritative nameservers.
TTLs on delegations under other TLDs are interesting, but not especially relevant. "That's the way that Verisign Registry does it" is rarely good justification for anything.
- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
-- \_ Roger De Salis rdesalis(a)cisco.com
I don't mind putting forward a recommendation to the Domainz CEO to change the TTL, if all parties agree it is a good thing.
What happened to the days when system admins had control of their servers? Hopefully this will return when domainz hands over control of the DNS to the new SRS geek.
I have no doubt that Don Stokes will have an opinion, but
On this there can be *no* doubt. regards Peter Mott Chief Enthusiast 2DAY INTERNET LIMITED It's kind of fun to do the impossible - Walt Disney -/- - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Roger De Salis wrote:-
I don't mind putting forward a recommendation to the Domainz CEO to change the TTL, if all parties agree it is a good thing.
Looks like this one hit the too hard basket. How about sacking the CEO and employing a sysadmin? Domainz continues to employ passengers who add little or no value to the real job at hand. ... roll on SRS! regads Peter Mott Chief Enthusiast 2DAY INTERNET LIMITED It's kind of fun to do the impossible - Walt Disney -/- - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wednesday, March 13, 2002, at 10:05 , Roger De Salis wrote:
I don't mind putting forward a recommendation to the Domainz CEO to change the TTL, if all parties agree it is a good thing.
I have no doubt that Don Stokes will have an opinion, but getting a consensus would be an excellent starting point.
Do any of the nz nameserver operators have statistics available on the peak (or representative near-peak) query rate, and estimates of query rates that might cause load problems? Joe - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
From memory it was pretty uninteresting (ie. I could watch it scroll). If people really want statistics, then I'll ask someone to dump
On Wed, Mar 13, 2002 at 10:23:40PM -0500, Joe Abley wrote: Do any of the nz nameserver operators have statistics available on the peak (or representative near-peak) query rate, and estimates of query rates that might cause load problems? I had tcpdump running on one for a while (when we moved them to another platform). traffic for an hour or so for analysis. --cw - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
At 16:05 14/03/02 +1300, Roger De Salis wrote:
I don't mind putting forward a recommendation to the Domainz CEO to change the TTL, if all parties agree it is a good thing.
If it doesn't put too much load on their servers, I think just about everyone here would agree that it would be a good idea to reduce it. 24 hours of "limbo" while transfering a domain from one provider to another is not very satisfactory from the point of view of a business that wants to transfer its domain between providers and have working email again the same day.. How much to reduce it to rather than whether it needs reducing is the question, I think. The 4 hours suggested earlier seems reasonable, but then again I don't know how much load increase that would cause.. Regards, Simon Byrnand iGRIN Internet - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, 12 Mar 2002, Simon Byrnand wrote:
I've been trialing orbz and ordb in the last couple of months (not related to orbs) and they've been very good. Naturally I've kept a very close eye on it, but I've only had 2 instance where genuine mail wasn't getting through that I know of - and in both cases they WERE actually open relays. I was easily able to add an exclusion for those two servers until they got off their ass and fixed their open relay. (Both did after a couple of weeks) Both also have good and fast removal policies so they're not the sort of list that once you get on you can never get off...(ala the original orbs :)
I find orbz a bit of a pain, they are very fast to add us when a customer is open relay and using us as a smart-host. I've now got them notifying me/noc directly so that as soon as then add us (provisionally I think) we get notified and can (a) block the customer from our mail servers (b) notify orbz to retest (c) contact the customer. With respect to NZ spammers we had a problem with one going around all the Cyber Cafes and using computers there to send email, we have put in a block for those however. I understand the spammer in question (various e-gold (or something) related scams) was causing problems with other people as well. THe other pain is the private anti-spam lists the individual sites have, just this morning I had to ring the admin at a US Univeristy to get us off their blocks. -- Simon Lyall. | Newsmaster | Work: simon.lyall(a)ihug.co.nz Senior Network/System Admin | Postmaster | Home: simon(a)darkmere.gen.nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (10)
-
Brian Gibbons -
Chris Wedgwood -
Dean Pemberton -
Joe Abley -
Martin D Kealey -
Peter Mott -
Roger De Salis -
Simon Byrnand -
Simon Lyall -
Terence Giufre-Sweetser