| Author |
[INFO] Runaway blocking Bigapple
|
|
| BigappleAdmin 2006-09-07, 1:13 am |
| I thought this problem was solved, but apparently not.
runaway@erhard-wittig.de Open Error 1sec (421 mails from 69.119.206.101 refused: Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?69.119.206.101)
-=-
This message was sent via two or more anonymous remailing services.
| |
| TwistyCreek 2006-09-07, 1:13 am |
| Anonymous-Remailer@See.Comment.Header (BigappleAdmin) wrote:
> I thought this problem was solved, but apparently not.
>
> runaway@erhard-wittig.de Open Error 1sec (421 mails from 69.119.206.101 refused: Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?69.119.206.101)
*sigh*
I suppose a snide "told ya' so" is in order. 
>
>
> -=-
> This message was sent via two or more anonymous remailing services.
>
>
>
>
| |
| Runaway Remailer Admin 2006-09-07, 1:13 am |
|
"BigappleAdmin" <Anonymous-Remailer@See.Comment.Header> schrieb im
Newsbeitrag news:5K49DFXQ38966.9501041667@anonymous...
>I thought this problem was solved, but apparently not.
>
> runaway@erhard-wittig.de Open Error 1sec (421 mails from 69.119.206.101
> refused: Dynamic IP Addresses See:
> http://www.sorbs.net/lookup.shtml?69.119.206.101)
>
>
> -=-
> This message was sent via two or more anonymous remailing services.
>
>
>
>
There are thousends of mails going in and out of my remailer without a
problem. Is there anybody else with that problem not being able to send to
my Remailer ?
| |
| George Orwell 2006-09-07, 7:15 am |
| Runaway Remailer Admin wrote:
>
> "BigappleAdmin" <Anonymous-Remailer@See.Comment.Header> schrieb im
> Newsbeitrag news:5K49DFXQ38966.9501041667@anonymous...
> There are thousends of mails going in and out of my remailer without a
> problem. Is there anybody else with that problem not being able to send to
> my Remailer ?
Yes. You and a couple other remailers have the same problem, and you'll
never see it because messages are rejected before you get them.
Remailers running on providers who use RBL's suck big time for those of
us who run our own mail transports, users and operators alike.
| |
| Runaway Remailer Admin 2006-09-07, 7:15 am |
|
"George Orwell" <nobody@mixmaster.it> schrieb im Newsbeitrag
news:28f3e6faa6e51ce1e11448657e2276b1@mi
xmaster.it...
> Runaway Remailer Admin wrote:
>
>
> Yes. You and a couple other remailers have the same problem, and you'll
> never see it because messages are rejected before you get them.
> Remailers running on providers who use RBL's suck big time for those of
> us who run our own mail transports, users and operators alike.
I have currently the incoming mail set-up in the following way:
When you send to my remailer it goes to runaway@erhard-wittig.de The
MX-Record of erhard-wittig.de is pointing to runaway.dynalias.org which is
the link to my machine. It goes then to my Mercury/32 MTA and from there to
Reliable.
An alternative would that the other Remailers would sent the mail directly
to runaway@runaway.dynalias.org. This on the other hand would mean that I
have to change again the remailer email address from
runaway@erhard-wittig.de to runaway@runaway.dynalias.org .This would avoid
that you need to go through erhard-wittig.de.
I don't know whether this would solve the problem you guys have. If, yes and
if we can solve with that the problem of everybody, I would do again the
change but we all need then to be sure because I do not want to make a third
change of the remailer-email-address and then we have a new problem for
other remailers. I face the same problem with some remailers when I was
sending out from my Mercury/32 MTA directly without going through a
provider. Then I changed the Mercury set-up to send via authorized SMTP
through a provider and I have since that NO problems at all sending mail
regardless whether I send mail to another remailer or to a non remailer
email address. I don't know what kind of environment bigapple or you are
running and if that would solve the problems you are currently facing
sending mail to my remailer.
If there is an set-up solving all problems for all remailers, I would do
again a change but my current impression was that when I changed I solved
some problems and some new came up.
I don't want to screw-up by anther change unless I can be 100 % sure that
this is the final solution satisfying the needs of everybody.
Let me have your experts advise what would be the best way to proceed. Is
there a set-up solving all problems for everybody ? How is panta remailer
set-up ? panta is as far as I know also a Remailer running with Reliable.
| |
| Nomen Nescio 2006-09-07, 7:15 am |
| "Runaway Remailer Admin" <anonymous@nym.alias.net> wrote:
> "BigappleAdmin" <Anonymous-Remailer@See.Comment.Header> schrieb im
> There are thousends of mails going in and out of my remailer without a
> problem. Is there anybody else with that problem not being able to send to
> my Remailer ?
Your secondary MX rejects mail from dialups. While most mail is send
directly to your primary MX, a small percentage will always be delivered to
your backup MX, even if your primary is up.
erhard-wittig.de. 86400 IN MX 5 runaway.dynalias.org.
erhard-wittig.de. 86400 IN MX 15 mx00.kundenserver.de.
erhard-wittig.de. 86400 IN MX 15 mx01.kundenserver.de.
| |
| BiKiKii Admin 2006-09-07, 7:15 am |
| -----BEGIN PGP SIGNED MESSAGE-----
On Thu, 7 Sep 2006, Runaway Remailer Admin wrote:
>"George Orwell" <nobody@mixmaster.it> schrieb im Newsbeitrag
> news:28f3e6faa6e51ce1e11448657e2276b1@mi
xmaster.it...
>
>I have currently the incoming mail set-up in the following way:
>When you send to my remailer it goes to runaway@erhard-wittig.de The
>MX-Record of erhard-wittig.de is pointing to runaway.dynalias.org which is
>the link to my machine. It goes then to my Mercury/32 MTA and from there to
>Reliable.
>An alternative would that the other Remailers would sent the mail directly
>to runaway@runaway.dynalias.org. This on the other hand would mean that I
>have to change again the remailer email address from
>runaway@erhard-wittig.de to runaway@runaway.dynalias.org .This would avoid
>that you need to go through erhard-wittig.de.
>I don't know whether this would solve the problem you guys have. If, yes and
>if we can solve with that the problem of everybody, I would do again the
>change but we all need then to be sure because I do not want to make a third
>change of the remailer-email-address and then we have a new problem for
>other remailers. I face the same problem with some remailers when I was
>sending out from my Mercury/32 MTA directly without going through a
>provider. Then I changed the Mercury set-up to send via authorized SMTP
>through a provider and I have since that NO problems at all sending mail
>regardless whether I send mail to another remailer or to a non remailer
>email address. I don't know what kind of environment bigapple or you are
>running and if that would solve the problems you are currently facing
>sending mail to my remailer.
>If there is an set-up solving all problems for all remailers, I would do
>again a change but my current impression was that when I changed I solved
>some problems and some new came up.
>I don't want to screw-up by anther change unless I can be 100 % sure that
>this is the final solution satisfying the needs of everybody.
>Let me have your experts advise what would be the best way to proceed. Is
>there a set-up solving all problems for everybody ? How is panta remailer
>set-up ? panta is as far as I know also a Remailer running with Reliable.
>
First fix this:
Getting MX record for erhard-wittig.de (from local DNS server, may be cached)... Got it!
Host Preference IP(s) [Country]
runaway.dynalias.org. 5 [No IP found]
mx01.kundenserver.de. 15 212.227.15.169 [DE]212.227.15.150 [DE]212.227.15.134 [DE]212.227.15.186 [DE]
mx00.kundenserver.de. 15 212.227.15.134 [DE]212.227.15.186 [DE]212.227.15.169 [DE]212.227.15.150 [DE]
Searching for runaway.dynalias.org MX record at d.root-servers.net [128.8.10.90]:
Got referral to TLD1.ULTRADNS.NET. (zone: org.) [took 8 ms]
Searching for runaway.dynalias.org MX record at TLD1.ULTRADNS.NET. [204.74.112.1]:
Got referral to ns5.dyndns.org. (zone: dynalias.org.) [took 6 ms]
Searching for runaway.dynalias.org MX record at ns5.dyndns.org. [63.170.10.81]:
Reports that no MX records exist. [took 6 ms]
Answer:
No MX records exist for runaway.dynalias.org. [Neg TTL=600 seconds]
Details:
ns5.dyndns.org. (an authoritative nameserver for dynalias.org.)
says that there are no MX records for runaway.dynalias.org.
When the MX for erhard-wittig.de points to the MX for runaway.dynalias.org then
most mail should go directly to your IP address of MercuryS.
But since there is no MX record for runaway.dynalias.org other MTAs will deliver to the next higher preference.
So now all mail is sent to the two kundenserver.de MXs.
>I face the same problem with some remailers when I was sending out
>from my Mercury/32 MTA directly without going through a >provider.
>
Whatever was this problem was a result of incorrect configuration.
You probably did not announce (HELO) with a FQDN but with a nonroutable IP address.
The only other issue would be some MTAs may want to IDENT your MTA.
No big deal there, either run a IDENT server or if no then transaction is slightly delayed.
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBRP/XpPRwi/ QFFzi5AQEafAf9EF2Mp3RrGQbPFNgZqpPNzPOHsz
dPjrLf
ocMkVMSl5A46obMhuJDCBZMuGvAjY7Ubs/J1f+Ylkhe0Zl22jA3BOdoFB6Yr07Ge
CCz46DATSNEsyAgZxijLtVxB97b1lsH02OXwiebD
74Y9ANPV0J62lLLVGKhjIA/u
zPmc2UbFf58g9RFjqtB/ dtAGzYZYjmq7QFpiFhDxoyCAROLfs6AMS8nFIs1l
bnL/
GilHOrh5ZHSda3h3GvHUhQEHnPrC6f+Uv2Aolf54
QmfW0XBm8EvUpRQ7tSbZK/Fq
cwXohjc20rJLYxr6SLsgvp7pvcpMqjU7QWITiLGc
ZU6Hk8O94frF+A==
=v4Sc
-----END PGP SIGNATURE-----
| |
| Runaway Remailer Admin 2006-09-07, 7:15 am |
|
"Nomen Nescio" <nobody@dizum.com> schrieb im Newsbeitrag
news:3869458d6a5cebf91d36ba95044b7cba@di
zum.com...
> "Runaway Remailer Admin" <anonymous@nym.alias.net> wrote:
>
>
> Your secondary MX rejects mail from dialups. While most mail is send
> directly to your primary MX, a small percentage will always be delivered
> to
> your backup MX, even if your primary is up.
>
> erhard-wittig.de. 86400 IN MX 5 runaway.dynalias.org.
> erhard-wittig.de. 86400 IN MX 15 mx00.kundenserver.de.
> erhard-wittig.de. 86400 IN MX 15 mx01.kundenserver.de.
>
Would the follwing be the solution ??? I think tis would avoid that some of
the incoming mail goes to the secondary MX mx00.kundenserver.de.I had
exactly for that reason changed the primary one from "mx00.kundenserver.de"
to "runaway.dynalias.org".
I have currently the incoming mail set-up in the following way:
When you send to my remailer it goes to runaway@erhard-wittig.de The
MX-Record of erhard-wittig.de is pointing to runaway.dynalias.org which is
the link to my machine. It goes then to my Mercury/32 MTA and from there to
Reliable.
An alternative would that the other Remailers would sent the mail directly
to runaway@runaway.dynalias.org. This on the other hand would mean that I
have to change again the remailer email address from
runaway@erhard-wittig.de to runaway@runaway.dynalias.org .This would avoid
that you need to go through erhard-wittig.de.
I don't know whether this would solve the problem you guys have. If, yes and
if we can solve with that the problem of everybody, I would do again the
change but we all need then to be sure because I do not want to make a third
change of the remailer-email-address and then we have a new problem for
other remailers. I face the same problem with some remailers when I was
sending out from my Mercury/32 MTA directly without going through a
provider. Then I changed the Mercury set-up to send via authorized SMTP
through a provider and I have since that NO problems at all sending mail
regardless whether I send mail to another remailer or to a non remailer
email address. I don't know what kind of environment bigapple or you are
running and if that would solve the problems you are currently facing
sending mail to my remailer.
If there is an set-up solving all problems for all remailers, I would do
again a change but my current impression was that when I changed I solved
some problems and some new came up.
I don't want to screw-up by anther change unless I can be 100 % sure that
this is the final solution satisfying the needs of everybody.
Let me have your experts advise what would be the best way to proceed.
If switching to a new remailer email address runaway@runaway.dynalias.org I
would do once more a change but it would have the disadvantage for all of
you that we have to change again which I rather like to avoid. On the other
hand if this is the only way, I would to it to help you to solve the problem
that is some circumstances the mail goes to the secondary backup MX
"mx00.kundenserver.de" which definitely rejects dynamic IP.
| |
| Runaway Remailer Admin 2006-09-07, 7:15 am |
|
"Nomen Nescio" <nobody@dizum.com> schrieb im Newsbeitrag
news:3869458d6a5cebf91d36ba95044b7cba@di
zum.com...
> "Runaway Remailer Admin" <anonymous@nym.alias.net> wrote:
>
>
> Your secondary MX rejects mail from dialups. While most mail is send
> directly to your primary MX, a small percentage will always be delivered
> to
> your backup MX, even if your primary is up.
>
> erhard-wittig.de. 86400 IN MX 5 runaway.dynalias.org.
> erhard-wittig.de. 86400 IN MX 15 mx00.kundenserver.de.
> erhard-wittig.de. 86400 IN MX 15 mx01.kundenserver.de.
>
I have set now as a first step for solution the priority of MX Record
runaway.dynalias.org to 0 instead of 5. I hope with the higher priority we
get less mail routed to the backup MX mx00.kundenserver.de. Let's see
whether this helps and reduces the probability of Dynamic IP errors.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Thu, 7 Sep 2006 10:44:10 +0200, Runaway Remailer Admin wrote in
Message-Id: <edom4t$tov$03$1@news.t-online.com>:
> I don't want to screw-up by anther change unless I can be 100 % sure that
> this is the final solution satisfying the needs of everybody.
> Let me have your experts advise what would be the best way to proceed.
> If switching to a new remailer email address runaway@runaway.dynalias.org I
> would do once more a change but it would have the disadvantage for all of
> you that we have to change again which I rather like to avoid. On the other
> hand if this is the only way, I would to it to help you to solve the problem
> that is some circumstances the mail goes to the secondary backup MX
> "mx00.kundenserver.de" which definitely rejects dynamic IP.
My advice would be to just drop your secondary MX's. Any service that
enforces SORBS is going to be a pain in the XXX in the long term. You
are no more likely to lose mail without secondary MX's as other MTA's
will continue retrying to reach your primary if it's down.
If you really want a secondary MX, I'll host one for you. Same goes for
any other remop.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRP/yQmoLu9HNUqmMAQqruAf/W0XOpXvpLm6RzWFpQumvehNl7URqqJC+
MtNg25mVj/vZHvp6/ iyKj+8xxESFQmgnakbVBqIF2VWI1dw5dM+YYhz8u
QalB3ah
iXPg08QS4EPMeR1RBjUSSY862A951IwMAxEYEUjn
x8qvykHa1DT45mvGOCibynNE
r0JJPV6eBU+emyOdHuyN+XVg5NcHimSjzm6gm2mh
6vyvTDm+DKI62VlweqOj3cEm
3O3NEa1PC9lZY2Sidgw8NYr0YfT82K7Jo5yDMxAT
PcF7dv11L7kirUVGqHrxacpr
HA/ sPJnBBlAusN8q5gfs3fJsr7uqG9+FFMUHI9dp4ie
Bjnl41zACHw==
=mcTq
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Nomen Nescio 2006-09-07, 7:15 am |
| "Runaway Remailer Admin" <anonymous@nym.alias.net> wrote:
> I have set now as a first step for solution the priority of MX Record
> runaway.dynalias.org to 0 instead of 5. I hope with the higher priority we
> get less mail routed to the backup MX mx00.kundenserver.de.
No, the priority value has no influence in itself. It's only the relative
order that is important.
Also, you *will* always see mail delivered to the secondary MX even if your
primary is online due to reasons beyond your control. Maybe there was a
hiccup on the network and the sending host could not resolve or reach your
primary MX. For optimal results, all your MXs should accept mail to the
remailer address from any host.
> Let's see whether this helps and reduces the probability of Dynamic IP
> errors.
Can't you remove the kundenserver.de MX records?
With your current setup, there's still the problem that mail might bounce
or even get delivered to a completely different server when your own server
changes IP while the DynDNS record still points to the old address. This
can only be solved with a MX on a static IP address that forwards mail to
the remailer over an authenticated connection (eg. a VPN connection or by
checking the TLS certificate).
| |
| Runaway Remailer Admin 2006-09-07, 1:14 pm |
|
"Zax" <admin@bananasplit.info> schrieb im Newsbeitrag
news:edoro2$qsi$1@bananasplit.info...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Thu, 7 Sep 2006 10:44:10 +0200, Runaway Remailer Admin wrote in
> Message-Id: <edom4t$tov$03$1@news.t-online.com>:
>
>
> My advice would be to just drop your secondary MX's. Any service that
> enforces SORBS is going to be a pain in the XXX in the long term. You
> are no more likely to lose mail without secondary MX's as other MTA's
> will continue retrying to reach your primary if it's down.
>
> If you really want a secondary MX, I'll host one for you. Same goes for
> any other remop.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iQEVAwUBRP/yQmoLu9HNUqmMAQqruAf/W0XOpXvpLm6RzWFpQumvehNl7URqqJC+
> MtNg25mVj/vZHvp6/ iyKj+8xxESFQmgnakbVBqIF2VWI1dw5dM+YYhz8u
QalB3ah
> iXPg08QS4EPMeR1RBjUSSY862A951IwMAxEYEUjn
x8qvykHa1DT45mvGOCibynNE
> r0JJPV6eBU+emyOdHuyN+XVg5NcHimSjzm6gm2mh
6vyvTDm+DKI62VlweqOj3cEm
> 3O3NEa1PC9lZY2Sidgw8NYr0YfT82K7Jo5yDMxAT
PcF7dv11L7kirUVGqHrxacpr
> HA/ sPJnBBlAusN8q5gfs3fJsr7uqG9+FFMUHI9dp4ie
Bjnl41zACHw==
> =mcTq
> -----END PGP SIGNATURE-----
>
> --
> pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
> Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
> uid Admin <admin.bananasplit.info>
>
Thanks a lot for your help. I have dropped the secondary MX Records. Now
only one, the primary to runaway.dynalias.org exists. Hope this helps.
| |
| Runaway Remailer Admin 2006-09-07, 1:14 pm |
|
"Nomen Nescio" <nobody@dizum.com> schrieb im Newsbeitrag
news:d83e1e3e9409466364ef6ff5661ffb84@di
zum.com...
> "Runaway Remailer Admin" <anonymous@nym.alias.net> wrote:
>
>
> No, the priority value has no influence in itself. It's only the relative
> order that is important.
>
> Also, you *will* always see mail delivered to the secondary MX even if
> your
> primary is online due to reasons beyond your control. Maybe there was a
> hiccup on the network and the sending host could not resolve or reach your
> primary MX. For optimal results, all your MXs should accept mail to the
> remailer address from any host.
>
>
> Can't you remove the kundenserver.de MX records?
>
> With your current setup, there's still the problem that mail might bounce
> or even get delivered to a completely different server when your own
> server
> changes IP while the DynDNS record still points to the old address. This
> can only be solved with a MX on a static IP address that forwards mail to
> the remailer over an authenticated connection (eg. a VPN connection or by
> checking the TLS certificate).
>
Thanks a lot for your help. I have removed the secondary MX Records. Now
only one, the primary to runaway.dynalias.org exists. Hope this helps.
| |
| BigappleAdmin 2006-09-07, 1:14 pm |
| In article <edo8s5$3s0$03$1@news.t-online.com>
"Runaway Remailer Admin" <anonymous@nym.alias.net> wrote:
>
>
> "BigappleAdmin" <Anonymous-Remailer@See.Comment.Header> schrieb im
> Newsbeitrag news:5K49DFXQ38966.9501041667@anonymous...
> There are thousends of mails going in and out of my remailer without a
> problem. Is there anybody else with that problem not being able to send to
> my Remailer ?
Interestingly, your stats look ok on my system and I'm not sure what to make
of the below.
07 08:56:43[966601] Later 192.168.1.4 <BigappleRemailer@bigapple.yi.org> <runaway@erhard-wittig.de> 29526 <2RB4GJ4Q38967.3703703704@anonymous> "Open Error 2sec (421 mails from 69.119.206.101 refused: Dynamic IP Addresses See: http://www.sorbs.net/lookup.s
html?69.119.206.101)"
07 08:56:46[966601] Sent 192.168.1.4 <BigappleRemailer@bigapple.yi.org> <runaway@erhard-wittig.de> 29526 <2RB4GJ4Q38967.3703703704@anonymous> "Delivered to remote host 84.160.88.168"
-=-
This message was sent via two or more anonymous remailing services.
| |
| Runaway Remailer Admin 2006-09-07, 1:14 pm |
|
"BigappleAdmin" <Anonymous-Remailer@See.Comment.Header> schrieb im
Newsbeitrag news:PEKFYC1H38967.427037037@anonymous...
> In article <edo8s5$3s0$03$1@news.t-online.com>
> "Runaway Remailer Admin" <anonymous@nym.alias.net> wrote:
>
> Interestingly, your stats look ok on my system and I'm not sure what to
> make
> of the below.
>
> 07 08:56:43[966601] Later 192.168.1.4 <BigappleRemailer@bigapple.yi.org>
> <runaway@erhard-wittig.de> 29526 <2RB4GJ4Q38967.3703703704@anonymous>
> "Open Error 2sec (421 mails from 69.119.206.101 refused: Dynamic IP
> Addresses See: http://www.sorbs.net/lookup.shtml?69.119.206.101)"
> 07 08:56:46[966601] Sent 192.168.1.4 <BigappleRemailer@bigapple.yi.org>
> <runaway@erhard-wittig.de> 29526 <2RB4GJ4Q38967.3703703704@anonymous>
> "Delivered to remote host 84.160.88.168"
>
>
> -=-
> This message was sent via two or more anonymous remailing services.
>
>
>
>
I have meanwhile deleted the backup MX Records pointing to the server
denying dynamic IP. Now I have only one MX Record pointing from
erhard-wittig.de to runaway.dynalias.org. This avoids that a few mails going
to the backup MX. Now everthing goes directly from you via
runaway.dynalias.org to my MTA Server.
Before there were some messages going via the backup MX to the mail server
of my provider hosting erhard-wittig.de. And this provider denies dynamic
IP. I hope that due to the removal of the backup MX Record we have fixed it
now. If you still get denies let me know and we need to further investigate.
You need to be aware that some denies can also result from updates of my IP
(the provider makes once a day a hard stop of my ADSL connection and then
the router reconnects (with a new IP, since myone is not static). In this
case there might be a small time-lag between the change of IP address and
the update to the new IP done by dydns. Should not be a bg problem since I
thing your MTA tries several times to resend a message and as soon as the
dyndns update is done in the system (shortly after reconnect an dyndns
update) it should be delivered to me slightly later. So let's see within the
next 24 hours whether the deletion of my backup MX shows improvements in the
sense that you get less denies. If not just come back with a post.
| |
| BigappleAdmin 2006-09-07, 1:14 pm |
| In article <edpe4u$su9$01$1@news.t-online.com>
"Runaway Remailer Admin" <anonymous@nym.alias.net> wrote:
>
>
> "BigappleAdmin" <Anonymous-Remailer@See.Comment.Header> schrieb im
> Newsbeitrag news:PEKFYC1H38967.427037037@anonymous...
>
> I have meanwhile deleted the backup MX Records pointing to the server
> denying dynamic IP. Now I have only one MX Record pointing from
> erhard-wittig.de to runaway.dynalias.org. This avoids that a few mails going
> to the backup MX. Now everthing goes directly from you via
> runaway.dynalias.org to my MTA Server.
>
That seems to have fixed the problem. No denies for the past hour.
-=-
This message was sent via two or more anonymous remailing services.
| |
| Runaway Remailer Admin 2006-09-07, 1:14 pm |
|
"BigappleAdmin" <Anonymous-Remailer@See.Comment.Header> schrieb im
Newsbeitrag news:104MYD8138967.5006944444@anonymous...
> In article <edpe4u$su9$01$1@news.t-online.com>
> "Runaway Remailer Admin" <anonymous@nym.alias.net> wrote:
>
> That seems to have fixed the problem. No denies for the past hour.
>
>
> -=-
> This message was sent via two or more anonymous remailing services.
>
>
>
>
Good to hear, thanks for making me aware of the error.
| |
| Borked Pseudo Mailed 2006-09-07, 1:14 pm |
| Zax wrote:
> If you really want a secondary MX, I'll host one for you. Same goes for
> any other remop.
Wouldn't that give you the opportunity to gather information you
shouldn't have about how messages are routed through the network? In
fact if several RemOps routed their mail through an exchange under your
control couldn't you theoretically see entire chains laid out right in
front of you?
That's not an accusation, just an observation of fact that it's unwise
for a RemOp to hand his traffic off to another RemOp as a matter of
principle.
| |
| TwistyCreek 2006-09-07, 1:14 pm |
| Borked Pseudo Mailed <nobody@pseudo.borked.net> wrote:
> Zax wrote:
>
>
> Wouldn't that give you the opportunity to gather information you
> shouldn't have about how messages are routed through the network? In
> fact if several RemOps routed their mail through an exchange under your
> control couldn't you theoretically see entire chains laid out right in
> front of you?
How that? Unless he has the remailer's private key, all he can see are
encrypted messages.
| |
| TwistyCreek 2006-09-07, 1:14 pm |
| TwistyCreek wrote:
> Borked Pseudo Mailed <nobody@pseudo.borked.net> wrote:
>
>
> How that? Unless he has the remailer's private key, all he can see are
> encrypted messages.
Nobody said anything about reading message content, although with
enough third party remailer traffic passing through your mail exchange
it would certainly be possible to traffic analyze messages to the point
that the unencrypted text emerging from the remailer network could be
collated with encrypted ingress traffic. One might even devise a few
methods for adding certain "delay and burst" cycles to make the task
all the easier.
Once again I have no inclination to believe Steve would do any such
thing. Not without provocation anyway, or coercing from some
proverbial "big brother" type entity. But it's hard to fathom how one
wouldn't see this as a topic for discussion. On one hand you have the
security of a diverse and geographically separated network, and on the
other the notion that a "God" who sees all demolishes remailer network
security entirely.
It's a scale, not an either/or situation. There's no mathematical point
at which X number of shared messages crosses some boundary, and while
backup MX might be at the low end of the scale, it still registers.
It's another nugget of information in a game where accumulated nuggets
count more than massive boulders because there's so many nuggets and so
few boulders. 
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Thu, 7 Sep 2006 10:13:29 -0600 (MDT), Borked Pseudo Mailed wrote in
Message-Id: <c6bf2a84fd4d6cebcccf42c947b8800e@pseudo.borked.net>:
> Wouldn't that give you the opportunity to gather information you
> shouldn't have about how messages are routed through the network?
Just a little bit of info. It would let me see who was sending messages
to the dest I was acting as secondary for. The traffic would all be
encrypted but I could see the source of it. Mixmaster is designed to
protect against a global adversary who can monitor all points of the
network, so the significance of remops running secondary MX's for other
remops seems very small.
> That's not an accusation, just an observation of fact that it's unwise
> for a RemOp to hand his traffic off to another RemOp as a matter of
> principle.
I can see where you're coming from but I don't think there is really a
risk involved. Traffic on the Internet is to all intents and purposes
public. In the good old days, all MTA's ran as open relays and would
route traffic anywhere for anyone. The encryption is there to protect
content in transit.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBRQBqO2oLu9HNUqmMAQrf9Af/aCf7KywWaDZ5GUbnNv+M/4YH4oid5b3Q
ZpAselncLns8c7GOuAy+LEOIqVc3NsZQG/XL8ikHkeOuPiJJ1nRrS6UhALtuWs7g
sxzkzR62iQo7tUKTA8zut96Ut+3looC6QZJfDVkM
5ejs9KmpV2ogUL+0r1AiVq0n
fkpd60b9cQrlqTB6ezxvMuWfuUdkgbAxo1Mgk9jz
5ghx55maqf7LL5JJMyzK4rqW
N2exA9UaOU+WLkOeUHFImTtPLDTN5e7rvMLf0S5b
C2XhjLyPRWm81L+akjeeolMa
lEFz0VWwJIwSw+BVrvu023j9fxwAhDOhUbgvW4JY
/tdJ3dNnKmjF9w==
=N80D
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Nomen Nescio 2006-09-07, 7:16 pm |
| Zax <admin@bananasplit.info> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Thu, 7 Sep 2006 10:13:29 -0600 (MDT), Borked Pseudo Mailed wrote in
> Message-Id: <c6bf2a84fd4d6cebcccf42c947b8800e@pseudo.borked.net>:
>
>
> Just a little bit of info. It would let me see who was sending messages
> to the dest I was acting as secondary for. The traffic would all be
> encrypted but I could see the source of it. Mixmaster is designed to
> protect against a global adversary who can monitor all points of the
> network, so the significance of remops running secondary MX's for other
> remops seems very small.
>
>
> I can see where you're coming from but I don't think there is really a
> risk involved. Traffic on the Internet is to all intents and purposes
> public. In the good old days, all MTA's ran as open relays and would
> route traffic anywhere for anyone. The encryption is there to protect
> content in transit.
As long as it's not EELBASH or FROG.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TwistyCreek <anon@comments.header> wrote in
news:BLJARGNT38966.9716435185@twistycreek.com:
> Anonymous-Remailer@See.Comment.Header (BigappleAdmin) wrote:
>
>
> *sigh*
>
> I suppose a snide "told ya' so" is in order.
Looks to me like Runaway's mail server has his mercury32 set to query sorbs
for all mail connections.. bad idea since sorbs hates dynamic addresses.
- --
http://blog.peculiarplace.com
http://lurasbookcase.com/weightloss...se-weight.shtml
http://purrfectdomains.com
-----BEGIN PGP SIGNATURE-----
Version: N/A
iQEVAwUBRP+egHV+YnyE1GYEAQKh+gf/YEwe4OlTCU7ua36JbX7uNw4V/YgiZ2mp
6s1oeA56u8KZfkF1mlsOzXOHXwy5jYag1HLCcxsG
/0S7I23ZX/RleXfxglLYO6J6
QNTWy13Y0YV/ Y9AasoTACFecGVlQPcA4MyfxbUfMTDYkjEbl56W5
LilB9iV8pgDE
qd7bDmYzErq9b1TY00dAD1SQ2dX03I90gWqxjgP1
hFBLneKAYy/IFPRBYG6qszj8
fhqKOaIB9Jq9JzM898QNhqdEwaVhLN7SNVAzQVH6
RgTgtLd914ru6TO0yaJ44N5e
sqlLbFVdi3hq4ZfAYsbBT7DFYD5/B2fP/z4poVlYhyZwG4yMUavalg==
=aIg3
-----END PGP SIGNATURE-----
| |
|
|
|
|