| Author |
Twisty Creek Remailer Potential Outage
|
|
| Twisty Creek Admin 2006-10-29, 7:12 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I have been pretty busy with work. My wife just gave me a letter regarding
my ISP and business class service.
Just Great
Time Warner has purchased Comcast. They are going to switch over this
weekend. 10/28-10/30. Transition will be complete by 12:01 AM 10/31.
I have a static IP. A section of the letter reads as follows:
Static IP Customers
If you are a Static IP customer, you are not required to make any Static
IP-related changes. We will send you a follow-up letter October 31, 2006
with your new Static IP information.
My domain name and backup mail servers point to this IP. I don't know what
is going to happen if they change my IP. The re-mailer may experience some
difficulties including lost mail.
My apologies (my wife doesn't understand the impact this might have on the
re-mailer). I will try to keep up with their changes as quickly as I can.
Regards all,
Twisty Creek Admin
-----BEGIN PGP SIGNATURE-----
iQA/ AwUBRUSeFP9qPDhkRaWyEQKA9gCglrNtMthyBlj7
On6OuzqzX2ZujNcAn3Xr
Vw1qvSYzQ1g2pdcf6ilYykiS
=2rik
-----END PGP SIGNATURE-----
| |
| Albert Rosenfield 2006-10-29, 1:12 pm |
| In article <6o69k2hl89cuv6v9f2819mmghbpis3fm6g@4ax.com>
Twisty Creek Admin <admin^@^twistycreek^dot^com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all,
>
> I have been pretty busy with work. My wife just gave me a letter regarding
> my ISP and business class service.
>
> Just Great
>
> Time Warner has purchased Comcast. They are going to switch over this
> weekend. 10/28-10/30. Transition will be complete by 12:01 AM 10/31.
>
> I have a static IP. A section of the letter reads as follows:
>
> Static IP Customers
> If you are a Static IP customer, you are not required to make any Static
> IP-related changes. We will send you a follow-up letter October 31, 2006
> with your new Static IP information.
>
> My domain name and backup mail servers point to this IP. I don't know what
> is going to happen if they change my IP. The re-mailer may experience some
> difficulties including lost mail.
>
> My apologies (my wife doesn't understand the impact this might have on the
> re-mailer). I will try to keep up with their changes as quickly as I can.
>
> Regards all,
> Twisty Creek Admin
>
> -----BEGIN PGP SIGNATURE-----
>
> iQA/ AwUBRUSeFP9qPDhkRaWyEQKA9gCglrNtMthyBlj7
On6OuzqzX2ZujNcAn3Xr
> Vw1qvSYzQ1g2pdcf6ilYykiS
> =2rik
> -----END PGP SIGNATURE-----
That's understandable. I hope your downtime is brief. Thanks
for running a reliable and easy-to-use service.
| |
|
| > Time Warner has purchased Comcast.
Not quite.. It's called a "market rationalization" and it's a phased
thing over the next 3 moths.
Adelphia, Time Warner, and Comcast have agreed to swap markets in areas
where they each had small monopolies in the same general area. When the
re-organization is done they will each have big monopolies in some areas
and no customers where the used to have only a few. Comcast is
unfortunately pulling out of your area.
You can at least be glad you weren't part of the first wave of
transitions.. Both Adelphia and Time Warner customers were being
redirected to the Comcast help lines and they weren't in the database
yet.. couldn't even see thier modems.. what a XXXXin mess.. The
transition seems to be going a bit smoother at this point...
I wish you luck with Time Warner.. hopefully you keep that sweet price
deal you got with Comcast.
Moose
| |
|
| > My domain name and backup mail servers point to this IP..
Twisty dude.. I've been meaning to ask you about your backup service...
Your MX records show DNSMADEEASY.com is looking after that for you. I've
been looking for the same service for when I get the moose remailer back
online (ie. soon. I spotted what sounds like a big problem with thier
service for our purposes:
> Does DNS Made Easy block any emails or is this a spammers open relay to
my systems?:
> The DNS Made Easy backup email service is not an anti-spam service. But
we do simple email checking to help prevent spammers from using our emails
servers
> as an open relay to your mail servers. We currently:
> Check to make sure the system / server sending the email is matching who
they say they are. Many spamming email servers / software will pretend to
> be someone else. So reverse DNS is required (reverse DNS is also a
requirement by the SMTP RFCs).
<snip>
Do you have a "no-reverse DNS" option with these guys? I don't see
anything listed in thier offerings about backup without requiring reverse
DNS... The problem is (as you are probably well aware) that only senders
with a static IP address can possibly have a PTR record set up and without
a PTR there's no way you can pass a reverse DNS.. This meeans all the
remailers running dynamic IPs and anyone trying to send to you from thier
own SMTP server (on a dynamic /home) IP get blocked.
It would seem this would mean a BIG chunk of the mail you are looking to
catch with this service (when nessasary) would be refused...
Do you have an arrangement other than the "we'll do a reverse DNS for you"
service they mention?
TIA
Moose
| |
| Anonymous 2006-10-31, 1:14 am |
| moose <anon@comments.header> wrote:
> The problem is (as you are probably well aware) that only senders
> with a static IP address can possibly have a PTR record set up
Quite the contrary. Most dynamic IPs have proper PTR records while static
IPs only get them on request.
DNSMADEEASY servers are slow and overloaded but they do accept mail from
dynamic IPs. Couldn't you just try it before you made your assumptions?
| |
|
| > Most dynamic IPs have proper PTR records while static
> IPs only get them on request.
I'll save you the trouble of doing some BASIC research into the subject
and explain a reverse DNS look up for ya...
When an ISP (like Comcast, AOL, or DNSMadeEasy) get an incoming email they
look at the IP it's coming from (eg 70.89.231.62). They take that IP and
go to ARIN for the ISP that has been alocated that block. They then go to
that ISP and request the domain name associated with that IP via a PTR
record maintained by the ISP. The PTR for 70.89.231.62 for example is
"70.89.231.62 PTR record: twistycreek.com". They first verify that the
address matches the from address of the email and then they pull the A
record for that value and verify the IP matches. For example the A record
for twistycreek.com is "twistycreek.com. A IN 7200 70.89.231.62". There
is NO WAY a PTR record can be set for a dynamic IP because every time the
IP changes the PTR for that IP is left pointing to the same domain.
DynDNS, etc can not set PTR records because they are not the ISP that has
been alocated the IP address. This whole system involves DNS propogation
times, etc that take days. Dynamic IPs change in minutes.
DNSStuff dot com has good tutorial for ya,
HTH (you'll be OK)
| |
| Borked Pseudo Mailed 2006-10-31, 7:12 am |
| > only senders with a static IP address can possibly have a
> PTR record set up and without a PTR there's no way you can
> pass a reverse DNS
This sounds like dynamic IP users who send through thier
ISP's mail server would not be able to connect.
> and anyone trying to send to you from thier own SMTP server
> (on a dynamic /home) IP get blocked
This makes it a bit clearer that's not what was intended.
| |
| Twisty Creek Admin 2006-10-31, 7:12 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 31 Oct 2006 00:38:19 -0000, moose <anon@comments.header> wrote:
>
>Twisty dude.. I've been meaning to ask you about your backup service...
>Your MX records show DNSMADEEASY.com is looking after that for you. I've
>been looking for the same service for when I get the moose remailer back
>online (ie. soon. I spotted what sounds like a big problem with thier
>service for our purposes:
Hi Moose
Happy to see you are still here. Looking forward to your return.
I can't answer your question. DNSMADEEASY only kicks in when my re-mailer
is down. Over the past week or so, I have had an extended ISP outage and 2
extended power outages that drained the backup battery and shut down the
re-mailer.
Bigapple Admin suggested it to me. It seems to be working OK for me. I
processed a backlog of some 5,000+ messages when the ISP went down. Most
were from dynamic IPs. Very few re-mailers run a static IP. Dingo, Dizum,
and I am not sure who else does. I run a static to avoid some of the
"blacklists" that block messages from dynamic IPs.
The service is about to expire (Nov 17) and I have not renewed it yet. If
there is a potential problem, I would sure want to avoid it. Any thoughts
you may have would be welcome. I believe Runaway is using the same service
so a problem would affect both of us.
I know you are in a position to understand a potential problem like this
with far greater knowledge than me. I am wide open to suggestions. Anyone?
Twisty Creek Admin
-----BEGIN PGP SIGNATURE-----
iQA/ AwUBRUdEuf9qPDhkRaWyEQKqtgCgvkJ5VbbC5tTA
t9FUZgqS0td6K9oAn0sz
8fUyfOjWph6CSZ8lh43qtr7+
=Ovpm
-----END PGP SIGNATURE-----
| |
| Nomen Nescio 2006-10-31, 7:15 pm |
| On Tue, 31 Oct 2006, Twisty Creek Admin <admin^@^twistycreek^dot^com>
wrote:
>=====BEGIN PGP SIGNED MESSAGE=====
>Signature: 0x6445A5B2
>Date:
>Status: INVALID (Unknown)
>
>On 31 Oct 2006 00:38:19 -0000, moose <anon@comments.header> wrote:
>
>
>Hi Moose
>
>Happy to see you are still here. Looking forward to your return.
>I can't answer your question. DNSMADEEASY only kicks in when my re-mailer
>is down. Over the past week or so, I have had an extended ISP outage and 2
>extended power outages that drained the backup battery and shut down the
>re-mailer.
>
>Bigapple Admin suggested it to me. It seems to be working OK for me. I
>processed a backlog of some 5,000+ messages when the ISP went down. Most
>were from dynamic IPs. Very few re-mailers run a static IP. Dingo, Dizum,
>and I am not sure who else does. I run a static to avoid some of the
>"blacklists" that block messages from dynamic IPs.
>
>The service is about to expire (Nov 17) and I have not renewed it yet. If
>there is a potential problem, I would sure want to avoid it. Any thoughts
>you may have would be welcome. I believe Runaway is using the same service
>so a problem would affect both of us.
>
>I know you are in a position to understand a potential problem like this
>with far greater knowledge than me. I am wide open to suggestions. Anyone?
>
>Twisty Creek Admin
>=====END PGP SIGNATURE=====
>.
This is an asinine question I'm sure but I'll ask anyway.
Is there such a thing as a free dyndns style solution to allow a dynamic ip
to be mapped to a static one?
| |
|
|
| Twisty Creek Admin 2006-10-31, 7:15 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 31 Oct 2006 22:16:53 -0000, moose <anon@comments.header> wrote:
>
>I decided to take the OPs advice and double check before I answered... I'm
>still reading...
>
>http://www.dyndns.com/support/kb/ar...everse_dns.html
>
>and especially the sub link
>
>http://www.dyndns.com/support/kb/ar...custom_dns.html
>
>This is definately related... not sure exactly what they're selling here
>exactly though
>
>
I renewed my subscription to DNSMADEEASY for another year today. I decided
to keep this old klunker of a re-mailer operating for another year. A
couple days ago, I picked up my old PC from my daughter. I gave her one of
my laptops in place of it. "She likes the laptop better". The laptop is a
few years old and the battery made it too heavy for me to lug along. But,
it has super screen resolution and built in Bose speakers. The sound is
amazing. But if the re-mailer PC dies, I'll just switch to the old backup
PC.
DNSMADEEASY seems to handle all messages from either static or dynamic
addresses. It helps keep my stats high. I ping the other re-mailer pingers.
My internal stats (that I use for random hops) show that the othe re-mailer
pingers that miss me in their ping are also missed by my ping. I guess that
is one I'll never figure out.
One probem with DNSMADEEASY is I have opened port 2525 for mail. I don't
know what would happen if someone tried to use that port and my re-mailer
was down.
Regards,
Twisty Creek Admin
-----BEGIN PGP SIGNATURE-----
iQA/ AwUBRUfU5v9qPDhkRaWyEQJikgCgkd70ROeEZn7d
2rR5g7aiIcNwrkkAoPke
Ga51VJcF/hfJ+vWbPYBzXC4u
=0164
-----END PGP SIGNATURE-----
| |
|
| OK... I stand corrected... I was under the understanding that a "reverse
DNS" always does the match part between what appears in the From: field of
the incoming email and the value returned by the PTR lookup..
On further research this is not correct...
A "normal" dynamic IP PTR lookup will return something like
70.109.167.222 PTR record: pool-70-109-167-222.cncdnh.east.verizon.net
indicating that it is in the dynamic pool for the ISP indicated. If you
pull the A record for this giberish it does in fact return a matching IP like
pool-70-109-167-222.man.east.verizon.net. A IN 86400 70.109.167.222
Apparently this is all that is required to pass a Reverse DNS.. In the
case of MANY ISPs, etc there is an additional requirement that the PTR
indicate a domain related to the one in the FROM: field. Apparently this
IS NOT the case with DNSMADEEASY.
My Appologies to the OP for the condecending remarks .. (I'll be OK :-) )
Moose
| |
| Anonymous 2006-11-01, 1:15 am |
| On Tue, 31 Oct 2006, Borked Pseudo Mailed <nobody@pseudo.borked.net> wrote:
>
>This sounds like dynamic IP users who send through thier
>ISP's mail server would not be able to connect.
>
>
>This makes it a bit clearer that's not what was intended.
>
>
>
>.
Remember, blocking dynamic IP access is Evil.
| |
| Macarro 2006-11-01, 1:15 am |
| I'll save you the trouble of doing some BASIC research into the subject
> and explain a reverse DNS look up for ya...
>
> When an ISP (like Comcast, AOL, or DNSMadeEasy) get an incoming email
> they
> look at the IP it's coming from (eg 70.89.231.62). They take that IP and
> go to ARIN for the ISP that has been alocated that block. They then go to
> that ISP and request the domain name associated with that IP via a PTR
> record maintained by the ISP. The PTR for 70.89.231.62 for example is
> "70.89.231.62 PTR record: twistycreek.com".
So what happens with email privacy services like marmotmail.com that
provide 127.0.01 in the header as a sender?
It seems the system you say shouldnt deliver emails but it works.
--
Mapping the Internet 24/7: http://www.netdimes.org
| |
| Anonymous 2006-11-01, 1:15 am |
| > Does anyone else wonder how the police were able to identify
> Spicka even though he was using an anonymous remailer?
Please see the post I made a few hours ago (ie
<0O6OPQB539021.7818055556@twistycreek.com> ) that starts
> OK... I stand corrected..
I was going by what Comcast does to verify that incoming email is not
spam.. the system DNSMADEEASY, etc uses does not verify the from address
matches the contents of the PTR record at all.. in otherwords.. anybody
with 10 bucks for a dial up account (or 30 for a DSL account) is free to
pound them with as much spam as they like.. if they get cut off for too
many from a single IP the just disconnect and reconnect again to get a new
dynamic IP and go at it again.. the only people who are inconcienienced by
thier system are those who paid premium price for an account that includes
a static IP (about 3 times normal at Comcast) and it's these people alone
that need to ensure they have set up a PTR record... What spammer in thier
right mind use a static IP connection when the system is so biased against
it I don't know.. not much of an anti spam strategy if you ask me but at
least it doesn't interfere with remailer operations.
As in the other post,
Sorry for the condescending comments (except the ones aimed at DNSMADEEASY
for implementing this silly idea)
Moose
|
|
|
|