swinog

swinog@lists.swinog.ch

1 participants
2916 discussions

Handling of UCE / RBL while minor misconfigurations
by Mueller Urs SBB CFF FFS 27 Oct '20

27 Oct '20

Hello list I am writing on behalf of a colleague who is operating a small hosting business, mainly focused on the setup of the cms and consulting. He is not on the list and asked me to put his words into it. He had the following dispute with an ISP, but I will let him speak (translation via deepl reviewed by me). --- We run a small hosting business on three managed servers, which we rent from a well-known Swiss ISP and host our customers (SMEs and individuals) there. We have had the misfortune three times that the IP of one of our servers got on the blacklist "UCEprotect" through no fault of our own: http://www.uceprotect.net In each of these cases a Zurich-based ISP was at fault, who apparently is involved in this blacklist - he didn't want to tell us how exactly, but in the first case he still apologized and he was able to remove the IP from the blacklist at short notice without any problems. Therefore we assume that he has a great influence there. The first times the IP was blacklisted because there was a chaos with a telephone system (short: bounces on non-existent addresses). Last week the IP came back on UCEprotect because a customer had edited his SPF entry incorrectly (he forgot to enter the IP of the server) - a single mail from our customer to a customer of the mentioned Zurich provider was already enough for an entry on the RBL. There was neither a spam dispatch nor a spamtrap; the wrong SPF automatically led to a blacklisting of the whole IP with more than 200 hosting customers, who then of course got mail problems. It would be normal and justifiable for a mail to be classified as spam because of a wrong SPF record. However, we find it very questionable that a whole IP is "dragged into the abyss" because of this. Especially since we have been fighting against spam for almost 25 years, keeping our servers clean and thus "fighting on the same side", it is all the more irritating to have such obstacles put in the way by this provider. The fact that customers can adjust the DNS entries and thus the SPF record themselves is normal for many providers. A single hosting customer's mistake should not also affect his provider and dozens of other customers. The methods used for an automatic entry on the blacklist UCEprotect seem at least questionable. I would like to show the provider that he means well, but that it can easily hit the wrong people - and would be grateful for input. After the first case still said "sorry, you've been good to me", there are no more answers to the question whether he really considers these methods to be useful. What do you think can be done here? I don't have time and money for a legal dispute, and blocking any traffic to his IPs to prevent damage to our IPs would probably not be clean either. --- So, what is your opinion on the behavior of this ISP? Me, Urs, I am with my colleague and I think, it's not acceptable to block a whole IP just while receiving one or a small number of mail without a correct SPF. Thank you your thoughts, I will collect it and send it to my colleague. Urs Müller Schweizerische Bundesbahnen SBB Senior Architekt / Product Owner Informatik Operations-Management / CYBER Poststrasse 6 - Ostermundigen, 3000 Bern 65 urs.bf.mueller(a)sbb.ch / www.sbb.ch

10 19

IANA AS Numbers Registry Update
by Selina Harrington 21 Oct '20

21 Oct '20

Hi, The IANA AS Numbers registry has been updated to reflect the allocation of the following blocks to APNIC: 141626-142649 Assigned by APNIC 2020-10-20 142650-143673 Assigned by APNIC 2020-10-20 You can find the registry at: https://www.iana.org/assignments/as-numbers/ The allocation was made in accordance with the Policy for Allocation of ASN Blocks to Regional Internet Registries: https://www.icann.org/resources/pages/global-policy-asn-blocks-2010-09-21-en Best Regards, -- Selina Harrington Lead IANA Services Specialist

1 0

Bluewin Mail > Senior DevOps Engineer Unix/Linux
by Steven.Glogger＠swisscom.com 20 Oct '20

20 Oct '20

Hi All I have an open position @ Bluewin Mail. Details: https://jobs.swisscom.ch/professionals/offene-stellen/berufserfahrene/senio… greetings -steven

1 0

Looking for a VoLTE-SIP gateway
by Stanislav Sinyagin 28 Sep '20

28 Sep '20

hi all, Swisscom will discontinue the old GSM service soon, so I'll need to replace an old gateway. Any recommendation will be appreciated. I'm looking for a ready-made voice gateway, as follows: * 4 or 5 SIM card slots * support for VoLTE and UMTS (in Swiss frequency bands) * Voice calls routed via SIP * API for receiving SMS * Nice to have: support for OpenVPN or some other VPN. thanks, stan -- Stanislav Sinyagin Senior Consultant, CCIE #5478 ssinyagin(a)k-open.com +41 79 407 0224

4 6

Invitation for the Swiss Web Security Day 2020
by Michael Hausding 10 Sep '20

10 Sep '20

Dear SwiNOGers, We’re happy to invite you to the annual Swiss Web Security Day 2020. Due to the current circumstances, we will host a slightly adapted conference: it’ll be shorter and virtual. SISA, Swico and SWITCH are looking forward to welcoming you to a lively exchange on current security topics. When: 28 October 2020; 14:00 to 17:00 Where: online Programme and speakers: 13:30 – 14:00 Login to virtual conference and networking platform 14:00 – 14:30 Update on the Revision of the Ordinance on Internet Domains – Stéphane Bondallaz (BAKOM) 14:30 – 15:00 Open Standards Everywhere (OSE). International project to accelerate the deployment of security standards for web and email servers. - Dan York (Project leader OSE) 15:00 – 15:30 Everyone is talking cybercrime - what about law enforcement? – Kantonspolizei AG (Bernhard Droz Dienstleiter IT-Forensik und Cybercrime) 15:30 – 16:00 Coffee break and virtual networking 16:00 – 17:00 «How we made it through Corona. What new things were developed» Panel discussion moderated by Christoph Hugenschmidt (Founder inside-it.ch) with managers / business owners / engineers from Infomaniak, cyon and SWITCH (more participants have been asked to join us) Secure your place today and register at: https://swit.ch/websecurityday The presentations will be held in English. We look forward to welcoming you on the 28th October! Michael for SISA/SWICO/SWITCH ------------------------------------ Michael Hausding, Competence Lead DNS & Domain Abuse SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 77, incident phone +41 44 268 15 40 michael.hausding(a)switch.ch http://securityblog.switch.ch

1 0

Announcement of 'china government' routes 125.208.4[567].0/24 forbidden?
by Benoit Panizzon 27 Aug '20

27 Aug '20

Hi List A customer complained, he cannot reach the website of chinese embassy in Switzerland. CH.CHINA-EMBASSY.ORG The DNS Servers are hosted under 125.208.4[567].0/24 and none of our peers do announce those routes to us. The all, according to the looking glasses, seem to get those routes announced from AS24406 CNNIC but do not redistribute them. Do others also see this issue? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________

6 6

SwiNOG #37 postponed to Mai 4th 2021
by Simon Ryf 13 Aug '20

13 Aug '20

Dear SwiNOGers, due to COVID-19 SwiNOG #37 has been postponed to Mai 4th 2021. The decision has been made together with our sponsors and the results of the questionare. Because we see that a major part of SwiNOG Meetings is the personal interaction and discussions we decided that an online-event would not live up to the character of the meeting. Stay healthy and may the 4th be with us ;-) SwiNOG Core Team

1 0

DMARC Reports from Swiss Internetproviders
by Bohren, Andres 04 Aug '20

04 Aug '20

Hi all, Does anybody know, if Swiss Internetproviders do send DMARC Reports in theyr Email Service? https://de.wikipedia.org/wiki/DMARC Regards Andres

4 3

Re: [swinog] our zimbra webmail server is on the swisscom dns blacklist ...
by Tobias Oetiker 24 Jul '20

24 Jul '20

Hi Peter thanks ... I have submitted the surbl form yesterday already yes ... they seem to take their time too ... and above all it would be really helpful to get to know for what reason we ended up on that list ... cheers tobi ----- On Jul 24, 2020, at 9:55 AM, abuse quiet <abuse_quiet(a)bluewin.ch> wrote: > Good day > Thank you very much for your message. > We apologize for your trouble. > The domain is on the blacklist of our supplier. To solve the problem > immediately, we have added it to our whitelist and applied for its delisting. > Additionally you have to apply for a delisting via [ > http://www.surbl.org/surbl-analysis | http://www.surbl.org/surbl-analysis ] > SURBL is a reputation database for domains and is integrated as a source by many > services. Internet Guard is one such service. > Additional information about Internet Guard is available at [ > https://www.swisscom.ch/en/residential/help/internet/internetguard.html | > https://www.swisscom.ch/en/residential/help/internet/internetguard.html ] > Kind regards > Peter Fankhauser > ____________________________________________________________________________ > Lead Abuse Management > Security Operation Center > ____________________________________________________________________________ > Swisscom (Schweiz) AG > Group Security > Security Operation Center > 8005 Zürich > [ https://zimbra.oetiker.ch/zimbra/www.swisscom.com | www.swisscom.com ] > Von: [ mailto:swinog-bounces@lists.swinog.ch | swinog-bounces(a)lists.swinog.ch ] > < [ mailto:swinog-bounces@lists.swinog.ch | swinog-bounces(a)lists.swinog.ch ] > > Im Auftrag von Tobias Oetiker > Gesendet: Freitag, 24. Juli 2020 08:40 > An: [ mailto:swinog@swinog.ch | swinog(a)swinog.ch ] > Betreff: [swinog] our zimbra webmail server is on the swisscom dns blacklist ... > Hi All > We are running a zimbra web mail server [ > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fzimbox.ch… > | https://zimbox.ch ] for our customers. Yesterday afternoon swisscom has put > its IP (46.140.183.201) on their DNS blacklist ( [ > https://www.swisscom.ch/de/res/hilfe/internet/internetguard/url-checker.html | > https://www.swisscom.ch/de/res/hilfe/internet/internetguard/url-checker.html ] > ). Since the thing is running https, this leads to people with swisscom > internet access to get some cryptic error message about SSL problems from their > browser when they want to read their mail. > No, the server is not hacked, and we are running the latest version of zimbra > web mail on it. > We have filled in the swisscoms 'de-blacklisting' web form but nothing has > happened yet. We also called the swisscom kmu-hotline, but no, sorry we can not > do anything. > Any advice ? For now we are advising our customers to set their dns server in > their computers to 8.8.8.8 ... > By the light of day, swisscom is directly damaging our business with this ... > cheers > tobi (angry) > -- > Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland > [ > https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.oetike… > | www.oetiker.ch ] [ mailto:tobi@oetiker.ch | tobi(a)oetiker.ch ] +41 62 775 9902 -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland www.oetiker.ch tobi(a)oetiker.ch +41 62 775 9902

1 0

our zimbra webmail server is on the swisscom dns blacklist ...
by Tobias Oetiker 24 Jul '20

24 Jul '20

Hi All We are running a zimbra web mail server https://zimbox.ch for our customers. Yesterday afternoon swisscom has put its IP (46.140.183.201) on their DNS blacklist ( [ https://www.swisscom.ch/de/res/hilfe/internet/internetguard/url-checker.html | https://www.swisscom.ch/de/res/hilfe/internet/internetguard/url-checker.html ] ). Since the thing is running https, this leads to people with swisscom internet access to get some cryptic error message about SSL problems from their browser when they want to read their mail. No, the server is not hacked, and we are running the latest version of zimbra web mail on it. We have filled in the swisscoms 'de-blacklisting' web form but nothing has happened yet. We also called the swisscom kmu-hotline, but no, sorry we can not do anything. Any advice ? For now we are advising our customers to set their dns server in their computers to 8.8.8.8 ... By the light of day, swisscom is directly damaging our business with this ... cheers tobi (angry) -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland www.oetiker.ch tobi(a)oetiker.ch +41 62 775 9902

4 3

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog