T-Online and problems with this list
Hey together, Because of T-Online not listening to our requests, and some T-Online user(s) continuesly spamming our servers, we've been forced into blocking all UDP and TCP/IP packets from the following IPs: mailout00.sul.t-online.com 194.25.134.16 mailout02.sul.t-online.com 194.25.134.17 mailout04.sul.t-online.com 194.25.134.18 mailout06.sul.t-online.com 194.25.134.19 mailout01.sul.t-online.com 194.25.134.80 mailout03.sul.t-online.com 194.25.134.81 mailout05.sul.t-online.com 194.25.134.82 Thanks, Mads Martin Jørgensen, ml-admin@suse.com -- Mads Martin Joergensen, http://mmj.dk "Why make things difficult, when it is possible to make them cryptic and totally illogic, with just a little bit more effort." -- A. P. J.
Hi, On Mon, Jun 11 2001 at 18:10 -0700, Mads Martin Jørgensen wrote:
Because of T-Online not listening to our requests, and some T-Online user(s) continuesly spamming our servers, we've been forced into blocking all UDP and TCP/IP packets from the following IPs:
mailout00.sul.t-online.com 194.25.134.16 mailout02.sul.t-online.com 194.25.134.17 mailout04.sul.t-online.com 194.25.134.18 mailout06.sul.t-online.com 194.25.134.19 mailout01.sul.t-online.com 194.25.134.80 mailout03.sul.t-online.com 194.25.134.81 mailout05.sul.t-online.com 194.25.134.82
This might upset a lot of German users. What are the problems with T-Online and what were your requests? Maybe if enough of their paying customers complain they change their mind. Ciao, Stefan -- Stefan Troeger o _ _ _ stefan@troeger.st __o __o /\_ _ \\o (_)\__/o (_) _`\<, _`\<, _>(_) (_)/<_ \_| \ _|/' \/ (_)/(_) (_)/(_) (_) (_) (_) (_)' _\o_
On 11 Jun 2001, at 18:10, Mads Martin Jørgensen wrote:
Hey together,
Because of T-Online not listening to our requests, and some T-Online user(s) continuesly spamming our servers, we've been forced into blocking all UDP and TCP/IP packets from the following IPs:
mailout00.sul.t-online.com 194.25.134.16 mailout02.sul.t-online.com 194.25.134.17 mailout04.sul.t-online.com 194.25.134.18 mailout06.sul.t-online.com 194.25.134.19 mailout01.sul.t-online.com 194.25.134.80 mailout03.sul.t-online.com 194.25.134.81 mailout05.sul.t-online.com 194.25.134.82
Hallo an alle, Darf ich das so interpretieren, daß ich, wenn ich von zu Hause mit meiner GMX-Adresse über das smtp-relay von t-online an die Liste schreiben will, das in Zukunft nicht mehr kann? (OK, technisch nicht so das Problem. Ich kann ja auch über gmx schicken, aber blöd ists schon, oder? Andreas
Hi, On Tue, Jun 12 2001 at 09:34 +0200, Andreas Kyek wrote:
Because of T-Online not listening to our requests, and some T-Online user(s) continuesly spamming our servers, we've been forced into blocking all UDP and TCP/IP packets from the following IPs: [...]
Darf ich das so interpretieren, daß ich, wenn ich von zu Hause mit meiner GMX-Adresse über das smtp-relay von t-online an die Liste schreiben will, das in Zukunft nicht mehr kann?
Sieht ganz so aus :-( Ciao, Stefan -- Stefan Troeger o _ _ _ stefan@troeger.st __o __o /\_ _ \\o (_)\__/o (_) _`\<, _`\<, _>(_) (_)/<_ \_| \ _|/' \/ (_)/(_) (_)/(_) (_) (_) (_) (_)' _\o_
Hi On Tue, Jun 12 2001 at 09:40 +0200, Stefan Troeger wrote:
Sieht ganz so aus :-(
Oder doch nicht. Diese Mail ging jedenfalls über den T-Online SMTP-Relay. Ciao, Stefan -- Stefan Troeger o _ _ _ stefan@troeger.st __o __o /\_ _ \\o (_)\__/o (_) _`\<, _`\<, _>(_) (_)/<_ \_| \ _|/' \/ (_)/(_) (_)/(_) (_) (_) (_) (_)' _\o_
On Tue, 12 Jun 2001 at 9:40 +0200, Stefan Troeger wrote:
Hi,
On Tue, Jun 12 2001 at 09:34 +0200, Andreas Kyek wrote:
Because of T-Online not listening to our requests, and some T-Online user(s) continuesly spamming our servers, we've been forced into blocking all UDP and TCP/IP packets from the following IPs: [...]
Darf ich das so interpretieren, daß ich, wenn ich von zu Hause mit meiner GMX-Adresse über das smtp-relay von t-online an die Liste schreiben will, das in Zukunft nicht mehr kann?
Sieht ganz so aus :-(
Eigentlich schon. Ich habe jetzt gerade mal eine Mail an mich selber geschickt, also SMTPrelay -> GMX und die lief über mailout05.sul.t-online.com. Wenn diese Mail aber ankommt, geht's doch. Und wenn's irgendwann nicht mehr geht, dann muss ich mich halt austragen. Und wenn SuSE jetzt glaubt, dass ettliche Listenteilnehmer ihren Mailserver wechseln, dann glaube ich dass sie falsch informiert sind. Die haben anscheinend die Bedeutung von T-Online in Deutschland nicht wahrgenommen. Gruß, Bernhard -- ----------------------------------------------------------------- -----> http://www.linuxfreunde.de <------- -----------------------------------------------------------------
Moin Bernhard, * Bernhard Walle schrieb am 12 Jun 2001:
On Tue, 12 Jun 2001 at 9:40 +0200, Stefan Troeger wrote:
On Tue, Jun 12 2001 at 09:34 +0200, Andreas Kyek wrote:
Because of T-Online not listening to our requests, and some T-Online user(s) continuesly spamming our servers, we've been forced into blocking all UDP and TCP/IP packets from the following IPs: [...]
Darf ich das so interpretieren, daß ich, wenn ich von zu Hause mit meiner GMX-Adresse über das smtp-relay von t-online an die Liste schreiben will, das in Zukunft nicht mehr kann?
Sieht ganz so aus :-(
Eigentlich schon. Ich habe jetzt gerade mal eine Mail an mich selber geschickt, also SMTPrelay -> GMX und die lief über mailout05.sul.t-online.com.
ACK. Bei mir wars mailout02, aber das wird nicht viel zu sagen haben ;-)
Wenn diese Mail aber ankommt, geht's doch. Und wenn's irgendwann nicht mehr geht, dann muss ich mich halt austragen.
ACK.
Und wenn SuSE jetzt glaubt, dass ettliche Listenteilnehmer ihren Mailserver wechseln, dann glaube ich dass sie falsch informiert sind. Die haben anscheinend die Bedeutung von T-Online in Deutschland nicht wahrgenommen.
ACK again. Erstmal abwarten, was passiert (ich weiß auch noch nicht, ob diese Mail ankommen wird). Gruß, Sebastian -- Do not meddle in the affairs of Wizards, for they are subtle and quick to anger. Sebastian Helms - http://www.helms.sh - mailto:mail@helms.sh (PGP welcome) SuSE-Linux-Mailinglisten-FAQ: http://www.helms.sh/faq/
Hallo Sebastian, hallo Liste, hallo SuSE-Mitarbeiter, On Tue, 12 Jun 2001 at 16:22 +0200, Sebastian Helms wrote:
* Bernhard Walle schrieb am 12 Jun 2001:
On Tue, 12 Jun 2001 at 9:40 +0200, Stefan Troeger wrote:
On Tue, Jun 12 2001 at 09:34 +0200, Andreas Kyek wrote:
Und wenn SuSE jetzt glaubt, dass ettliche Listenteilnehmer ihren Mailserver wechseln, dann glaube ich dass sie falsch informiert sind. Die haben anscheinend die Bedeutung von T-Online in Deutschland nicht wahrgenommen.
ACK again.
Erstmal abwarten, was passiert (ich weiß auch noch nicht, ob diese Mail ankommen wird).
Tja, auch das ist angekommen. Überhaupt scheint alles angekommen zu sein. Deshalb verstehe ich ja nicht, warum der SuSE-Mitarbeiter von "reopened" gesprochen hat. Ich hoffe, dass das Problem noch gelöst werden kann. Kann mich einer der Sendmail-Experten mal (und alle anderen) darüber aufklären, was überhaupt das Problem ist. Nicht die Mail übersetzen, sondern erklären was genau T-Online unternehmen müsste. Und überhaupt scheint man es sich bei der SuSE AG etwas einfach zu machen. Das Problem liegt nicht bei den Listenteilnehmern sondern bei T-Online. Dann sollen sie denen halt etwas Druck machen und nicht einfach den Server blocken. Gruß, Bernhard -- ----------------------------------------------------------------- -> http://www.links2linux.de <-> http://packman.links2linux.de <- -----------------------------------------------------------------
* Bernhard Walle
Ich hoffe, dass das Problem noch gelöst werden kann. Kann mich einer der Sendmail-Experten mal (und alle anderen) darüber aufklären, was überhaupt das Problem ist. Nicht die Mail übersetzen, sondern
The problem is this: A guy says his From: address is news@solar.phoenix.anet, which is a non-existant domain. He tries continuessly to connect to our mailserver to send mail to suse-linux from the 7 T-Online IPs in question. Our mailserver rejects all of them, because phoenix.anet is a non-existant domain. -- Mads Martin Joergensen, http://mmj.dk "Why make things difficult, when it is possible to make them cryptic and totally illogic, with just a little bit more effort." -- A. P. J.
Hello Mads, On Tue, 12 Jun 2001 at 11:08 -0700, Mads Martin Jørgensen wrote:
* Bernhard Walle
[Jun 12. 2001 11:04]: Ich hoffe, dass das Problem noch gelöst werden kann. Kann mich einer der Sendmail-Experten mal (und alle anderen) darüber aufklären, was überhaupt das Problem ist. Nicht die Mail übersetzen, sondern
The problem is this:
A guy says his From: address is news@solar.phoenix.anet, which is a non-existant domain. He tries continuessly to connect to our mailserver to send mail to suse-linux from the 7 T-Online IPs in question. Our mailserver rejects all of them, because phoenix.anet is a non-existant domain.
Ah. Thanks for your explanation. How did you understand my German question? Do you speak German? Gruß, Bernhard -- -------------------------------------------------------------------- ------------> http://www.links2linux.de <----------- --------------------------------------------------------------------
* Bernhard Walle
Hello Mads,
On Tue, 12 Jun 2001 at 11:08 -0700, Mads Martin Jørgensen wrote:
* Bernhard Walle
[Jun 12. 2001 11:04]: Ich hoffe, dass das Problem noch gelöst werden kann. Kann mich einer der Sendmail-Experten mal (und alle anderen) darüber aufklären, was überhaupt das Problem ist. Nicht die Mail übersetzen, sondern
The problem is this:
A guy says his From: address is news@solar.phoenix.anet, which is a non-existant domain. He tries continuessly to connect to our mailserver to send mail to suse-linux from the 7 T-Online IPs in question. Our mailserver rejects all of them, because phoenix.anet is a non-existant domain.
Ah. Thanks for your explanation. How did you understand my German question? Do you speak German?
I can read it if the amount of slang is kept low. But writing it is impossible to me. Wrt to speaking it, it's getting better, but not good :-) I could survive in Germany though, and I hope it will get better when I return to Nürnberg in the fall sometime. Again I would like to thank for the translation of the abuse mail. Nice to have the help of the community. To pay back maybe I can give you a new implementation of the mailinglist server, with a this time *functioning* search engine: http://lists2.suse.com (lists.suse.com will redirect) :-)) Take care, Mads Martin -- Mads Martin Joergensen, http://mmj.dk "Why make things difficult, when it is possible to make them cryptic and totally illogic, with just a little bit more effort." -- A. P. J.
Hello, On Tue, 12 Jun 2001 at 11:49 -0700, Mads Martin Jørgensen wrote:
* Bernhard Walle
[Jun 12. 2001 11:45]: On Tue, 12 Jun 2001 at 11:08 -0700, Mads Martin Jørgensen wrote:
* Bernhard Walle
[Jun 12. 2001 11:04]: Ich hoffe, dass das Problem noch gelöst werden kann. Kann mich einer der Sendmail-Experten mal (und alle anderen) darüber aufklären, was überhaupt das Problem ist. Nicht die Mail übersetzen, sondern
The problem is this:
A guy says his From: address is news@solar.phoenix.anet, which is a non-existant domain. He tries continuessly to connect to our mailserver to send mail to suse-linux from the 7 T-Online IPs in question. Our mailserver rejects all of them, because phoenix.anet is a non-existant domain.
Ah. Thanks for your explanation. How did you understand my German question? Do you speak German?
I can read it if the amount of slang is kept low. But writing it is impossible to me.
German orthography is a bit complicated, that's true.
Again I would like to thank for the translation of the abuse mail. Nice to have the help of the community. ^^^^^^^^^
That's Linux :-)
To pay back maybe I can give you a new implementation of the mailinglist server, with a this time *functioning* search engine:
http://lists2.suse.com (lists.suse.com will redirect)
This looks good. But the link of a search result points to the whole month and not to the one mail. Bug or feature? ;-) Just one question: What is this "MAPS-RBL list"? And please inform the list about further developements about T-Online and @suse.com *before* you'll activate the blocking meachnism. Gruß, Bernhard -- "Das Briefgeheimnis sowie das Post- und Fernmeldegeheimnis sind unverletzlich.", Art. 10 (1), Grundgesetz der BR Deutschland == Deshalb: Private E-Mails verschlüsseln. Jetzt! -> http://www.gnupg.de ==
Moin Bernhard, * Bernhard Walle schrieb am 12 Jun 2001:
Just one question: What is this "MAPS-RBL list"?
Das ist eine "blacklist" mit offenen Relays. Du kannst (konntest, sind jetzt leider offline) bei denen eine DNS-Anfrage machen und die Antwort sagt dir, ob der Server als offenes Relay bekannt ist. Wenn ja, dann war sendmail in der Lage, die Verbindung abzuweisen. Noch vor dem SMTP-Login. Gruß, Sebastian -- Do not meddle in the affairs of Wizards, for they are subtle and quick to anger. Sebastian Helms - http://www.helms.sh - mailto:mail@helms.sh (PGP welcome) SuSE-Linux-Mailinglisten-FAQ: http://www.helms.sh/faq/
On Die, 12 Jun 2001, Mads Martin Jørgensen wrote:
Ah. Thanks for your explanation. How did you understand my German question? Do you speak German?
I can read it if the amount of slang is kept low. But writing it is impossible to me. Wrt to speaking it, it's getting better, but not good :-) I could survive in Germany though, and I hope it will get better when I return to Nürnberg in the fall sometime.
*bg*
Again I would like to thank for the translation of the abuse mail. Nice to have the help of the community.
To pay back maybe I can give you a new implementation of the mailinglist server, with a this time *functioning* search engine:
http://lists2.suse.com (lists.suse.com will redirect)
:-))
Good news. Btw, and that's the main reason for this mail, the IPs of the "smtprelay.t-online.de" servers, which probably most of us here use, are: 194.25.134.28 194.25.134.29 194.25.134.30 194.25.134.31 194.25.134.92 194.25.134.93 194.25.134.94 194.25.134.95 i.e. smtprelay has _different_ IPs that mailin.t-online.de (or whatever the normal smtp-servers are called)[1]. But I do think, it's a "Bad Idea"[tm], to block (any) mail-servers of the biggest ISP in DE (and there's a lot of us using it)... As the SuSE list-server removes the 'Received:' Headers (which is good), I don't know what other means|criteria of blocking the spammer may be possible. Well, anyway, I'd say, if you (i.e. the list-server) gets spammed, and the provider in question doesn't react, you could call on us to "spam" abuse@, demanding to block the spammer... Simply because if you'd block a provider, that's bad for _us_... ;) Regards, -dnh [1] t-online has "normal" smtp-swervers (mailin), which rewrite the From-Header, and it has "relay" servers (smtprelay), that just forward the mails. By default, you can't use the relay(s), you have to go to a webpage and apply for using the relay... AFAIK, most of us here, that use t-online also use the relay ;) -- Dag° Hier bin Ich Kasper , hier darf Ich´s sein. [WoKo in dag°]
Hello, On Tue, 12 Jun 2001 at 23:16 +0200, David Haller wrote:
Btw, and that's the main reason for this mail, the IPs of the "smtprelay.t-online.de" servers, which probably most of us here use, are:
194.25.134.28 194.25.134.29 194.25.134.30 194.25.134.31 194.25.134.92 194.25.134.93 194.25.134.94 194.25.134.95
i.e. smtprelay has _different_ IPs that mailin.t-online.de (or whatever the normal smtp-servers are called)[1].
They are called mailto.t-online.de or smtp.t-online.de. The last is not official but the same. Yes, that's true what you said. But: If you write a mail to yourself (smtprelay -> GMX -> fetchmail e.g.), you'll see something like this: Received: from pop.gmx.net [194.221.183.20] by localhost with POP3 (fetchmail-5.8.3) for berwal@localhost (single-drop); Wed, 13 Jun 2001 11:38:09 +0200 (CEST) Received: (qmail 14824 invoked by uid 0); 13 Jun 2001 09:37:55 -0000 Received: from mailout02.sul.t-online.com (HELO mailout02.sul.t-online.de) (194.25.134.17) by mx0.gmx.net (mx10) with SMTP; 13 Jun 2001 09:37:55 -0000 Received: from fwd05.sul.t-online.de by mailout02.sul.t-online.de with smtp id 15A763-0005Lz-0C; Wed, 13 Jun 2001 11:37:55 +0200 Received: from hugo.local (320056352698-0001@[212.184.144.129]) by fmrl05.sul.t-online.com with esmtp id 15A75z-01Sk8eC; Wed, 13 Jun 2001 11:37:51 +0200 Received: (from berwal@localhost) by hugo.local (8.11.0/8.11.0/SuSE Linux 8.11.0-0.4) id f5D9bgE01087 for bernhard.walle@gmx.de; Wed, 13 Jun 2001 11:37:42 +0200 Look at the 3rd "received", which means that GMX gets the mail from mailout02.sul.t-online.com. And if GMX gets this mail from this server, SuSE gets it, too. A "nslookup" says: Name: mailout02.sul.t-online.com Address: 194.25.134.17 And that's exactly one of the IP adresses, which are blocked / were blocked. So it seems to be equal whether you use the normal server or the smtprelay server.
But I do think, it's a "Bad Idea"[tm], to block (any) mail-servers of the biggest ISP in DE (and there's a lot of us using it)...
ACK.
[1] t-online has "normal" smtp-swervers (mailin), which rewrite the From-Header, and it has "relay" servers (smtprelay), that just forward the mails. By default, you can't use the relay(s), you have to go to a webpage and apply for using the relay... AFAIK, most of us here, that use t-online also use the relay ;)
I don't think so. I guess that most of the persons who are using a @t-online.de email adress use the normal SMTP server. If you count the number of users and not the number of mails, more people use the normal server. But that's only a estimation by me. Gruß, Bernhard -- ----------------------------------------------------------------- -----> http://www.linuxfreunde.de <------- -----------------------------------------------------------------
Hello Mads, * Mads Martin Jørgensen schrieb am 12 Jun 2001:
* Bernhard Walle
[Jun 12. 2001 11:04]: Ich hoffe, dass das Problem noch gelöst werden kann. Kann mich einer der Sendmail-Experten mal (und alle anderen) darüber aufklären, was überhaupt das Problem ist. Nicht die Mail übersetzen, sondern
The problem is this:
A guy says his From: address is news@solar.phoenix.anet, which is a non-existant domain. He tries continuessly to connect to our mailserver to send mail to suse-linux from the 7 T-Online IPs in question. Our mailserver rejects all of them, because phoenix.anet is a non-existant domain.
Maybe you could put this into complaint form an add some lines or statistics from the logs. Then that could be a fine base from which to start making T-Online aware of this problem. Regards, Sebastian -- Do not meddle in the affairs of Wizards, for they are subtle and quick to anger. Sebastian Helms - http://www.helms.sh - mailto:mail@helms.sh (PGP welcome) SuSE-Linux-Mailinglisten-FAQ: http://www.helms.sh/faq/
* Sebastian Helms
A guy says his From: address is news@solar.phoenix.anet, which is a non-existant domain. He tries continuessly to connect to our mailserver to send mail to suse-linux from the 7 T-Online IPs in question. Our mailserver rejects all of them, because phoenix.anet is a non-existant domain.
Maybe you could put this into complaint form an add some lines or statistics from the logs. Then that could be a fine base from which to start making T-Online aware of this problem.
That's what I did twice. They have several examples from our logs. Trust me -- I did not *just* block them. I waited for several days before I even complained. Then I waited another week, and complained again. Then I complained and blocked. Complained and unblocked. And now you have the fifth attempt in complaining. Thanks, Mads Martin -- Mads Martin Joergensen, http://mmj.dk "Why make things difficult, when it is possible to make them cryptic and totally illogic, with just a little bit more effort." -- A. P. J.
----- Original Message -----
From: "Mads Martin Jørgensen"
* Sebastian Helms
[Jun 12. 2001 12:30]: A guy says his From: address is news@solar.phoenix.anet, which is a non-existant domain. He tries continuessly to connect to our mailserver to send mail to suse-linux from the 7 T-Online IPs in question. Our mailserver rejects all of them, because phoenix.anet is a non-existant domain.
Maybe you could put this into complaint form an add some lines or statistics from the logs. Then that could be a fine base from which to start making T-Online aware of this problem.
That's what I did twice. They have several examples from our logs.
Trust me -- I did not *just* block them. I waited for several days before I even complained. Then I waited another week, and complained again. Then I complained and blocked. Complained and unblocked. And now you have the fifth attempt in complaining.
Why don't you just look up the s***er who spammed the list via smtprelay*.t-online.de, go to his address and beat the heck out of him... Don't know how? Just lok at the headers. To use smtprelay*.t-online.de you have to 'come from' a t-online ip address. If so, you can relay any email to anywhere; if not, err550. AND: smtprelay*.t-online.de puts an additional line in the headers, which contains the account number of the sender, for he HAS to be a t-online customer ro use the relay... AND2: if you have this account number, you can find his homepage at home.t-online.de/home/${account-number}, and in in every $PUBLIC_DIR on that web server there is a hidden file called .impressum.html which just contains real name, address and phone number of the owner of that account.... BUT: this only works if the user actually HAS a homepage (that is, has uploaded some files to his webspace) But I think, someone who is so f***ing dumb to spam via the mail server of his ISP, is quite possibly also dumb enough to have the homepage activated without knowing the hidden impressum file :)
* Dienstag, 12. Juni 2001 um 11:08 (-0700) schrieb Mads Martin Jørgensen:
The problem is this:
A guy says his From: address is news@solar.phoenix.anet, which is a non-existant domain. He tries continuessly to connect to our mailserver to send mail to suse-linux from the 7 T-Online IPs in question. Our mailserver rejects all of them, because phoenix.anet is a non-existant domain.
AFAIK add the T-Online-Mailservers a Header-Line like
'X-Sender: <a-whole-bunch-of-numbers>@t-dialin.net', which can
identify the poster. Please post this Header-Line.
Greetings
Andreas
--
Andreas Könecke "Andreas Koenecke
* Mads Martin Jørgensen
Hey together,
Hey, you know the Guy named Ron Sommer, Mads?
Because of T-Online not listening to our requests,
Have patience, please. The T-Online-Team must translate your request from German to English whith 'Langenscheidts Taschenwoerterbuch English'.
and some T-Online user(s) continuesly spamming our servers, we've been forced into blocking all UDP and TCP/IP packets from the following IPs:
mailout00.sul.t-online.com 194.25.134.16 mailout02.sul.t-online.com 194.25.134.17 mailout04.sul.t-online.com 194.25.134.18 mailout06.sul.t-online.com 194.25.134.19 mailout01.sul.t-online.com 194.25.134.80 mailout03.sul.t-online.com 194.25.134.81 mailout05.sul.t-online.com 194.25.134.82
Bad idea, Mads. :-( There are *many* T-Online-User in this list. And if i see this mail not again in my Inbox is this my way:
Um die Liste abzubestellen, schicken Sie eine Mail an: suse-linux-unsubscribe@suse.com
Andreas -- Kneibs Notizen. Diese Woche: '243 Worte ueber den Tod' * http://www.kolumne.ixy.de * * http://www.wortwaal.de/kneibskolumne/ *
* Mads Martin Jørgensen
Hey together,
Because of T-Online not listening to our requests, and some T-Online user(s) continuesly spamming our servers, we've been forced into blocking all UDP and TCP/IP packets from the following IPs:
mailout00.sul.t-online.com 194.25.134.16 mailout02.sul.t-online.com 194.25.134.17 mailout04.sul.t-online.com 194.25.134.18 mailout06.sul.t-online.com 194.25.134.19 mailout01.sul.t-online.com 194.25.134.80 mailout03.sul.t-online.com 194.25.134.81 mailout05.sul.t-online.com 194.25.134.82
We just reopened for traffic from these IPs, and now the flood of connection attempts are back. Since a lot of people told me that we could not block these IPs, would these people please stand up and tell me what else we can do, when T-Online is not listening? *sigh* -- Mads Martin Joergensen, http://mmj.dk "Why make things difficult, when it is possible to make them cryptic and totally illogic, with just a little bit more effort." -- A. P. J.
On Tue, 12 Jun 2001 at 10:03 -0700, Mads Martin Jørgensen wrote:
* Mads Martin Jørgensen
[Jun 11. 2001 18:10]: Hey together,
Because of T-Online not listening to our requests, and some T-Online user(s) continuesly spamming our servers, we've been forced into blocking all UDP and TCP/IP packets from the following IPs:
mailout00.sul.t-online.com 194.25.134.16 mailout02.sul.t-online.com 194.25.134.17 mailout04.sul.t-online.com 194.25.134.18 mailout06.sul.t-online.com 194.25.134.19 mailout01.sul.t-online.com 194.25.134.80 mailout03.sul.t-online.com 194.25.134.81 mailout05.sul.t-online.com 194.25.134.82
We just reopened for traffic from these IPs, and now the flood of connection attempts are back. Since a lot of people told me that we could not block these IPs, would these people please stand up and tell me what else we can do, when T-Online is not listening?
Could you tell me, *when* this IPs were blocked? My first e-mail was about 09:00 GMT today and I used the server of T-Online? What you could do? See my other mail. Every T-Online customer who joined this mailing list complains (in German!). Maybe T-Online does something. But I don't really understand where the problem is exactly. I'm not a expert for mailservers. Gruß, Bernhard -- Bitte die Etikette der Liste beachten. Diese enthält nützliche Regeln für" den Umgang mit der Liste." http://home.t-online.de/~f.walle/etikette.html
* Bernhard Walle
mailout00.sul.t-online.com 194.25.134.16 mailout02.sul.t-online.com 194.25.134.17 mailout04.sul.t-online.com 194.25.134.18 mailout06.sul.t-online.com 194.25.134.19 mailout01.sul.t-online.com 194.25.134.80 mailout03.sul.t-online.com 194.25.134.81 mailout05.sul.t-online.com 194.25.134.82
We just reopened for traffic from these IPs, and now the flood of connection attempts are back. Since a lot of people told me that we could not block these IPs, would these people please stand up and tell me what else we can do, when T-Online is not listening?
Could you tell me, *when* this IPs were blocked? My first e-mail was about 09:00 GMT today and I used the server of T-Online?
They were blocked from the minute I send the mail (Mon Jun 11 2001 - 18:10:38 PDT) up until we opened again some minutes ago. And the abuse immediately started again.
What you could do? See my other mail. Every T-Online customer who joined this mailing list complains (in German!). Maybe T-Online does something.
Thanks! I think customer complains is the way to go. -- Mads Martin Joergensen, http://mmj.dk "Why make things difficult, when it is possible to make them cryptic and totally illogic, with just a little bit more effort." -- A. P. J.
Hello, On Tue, 12 Jun 2001 at 10:23 -0700, Mads Martin Jørgensen wrote:
* Bernhard Walle
[Jun 12. 2001 10:14]: mailout00.sul.t-online.com 194.25.134.16 mailout02.sul.t-online.com 194.25.134.17 mailout04.sul.t-online.com 194.25.134.18 mailout06.sul.t-online.com 194.25.134.19 mailout01.sul.t-online.com 194.25.134.80 mailout03.sul.t-online.com 194.25.134.81 mailout05.sul.t-online.com 194.25.134.82
We just reopened for traffic from these IPs, and now the flood of connection attempts are back. Since a lot of people told me that we could not block these IPs, would these people please stand up and tell me what else we can do, when T-Online is not listening?
Could you tell me, *when* this IPs were blocked? My first e-mail was about 09:00 GMT today and I used the server of T-Online?
They were blocked from the minute I send the mail (Mon Jun 11 2001 - 18:10:38 PDT) up until we opened again some minutes ago.
I don't know what "PDT" is. Because in your mail header I read "-0700" I guess that this is the difference between PDT an GMT. So that makes 03:10:38 CEST (01:10:38 GMT) up to now. Because I and Sebastian Helms sent (both are using the smtprelay) mails to this list, something couldn't be true.
What you could do? See my other mail. Every T-Online customer who joined this mailing list complains (in German!). Maybe T-Online does something.
Thanks! I think customer complains is the way to go.
To what e-mail adress should we complain? abuse@t-online.de. I'll look at the T-Online-Homepage if there is something suitable. Bernhard -- ----------------------------------------------------------------- -----> http://www.linuxfreunde.de <------- -----------------------------------------------------------------
On Die, 12 Jun 2001, Bernhard Walle wrote:
On Tue, 12 Jun 2001 at 10:23 -0700, Mads Martin Jørgensen wrote:
* Bernhard Walle
[Jun 12. 2001 10:14]: [Blocking of the hosts/IPs: mailout0{0,2,4,6,1,3,5}.sul.t-online.com 194.25.134.{16,17,18,19,80,81,82} ]
As I say in my other mail, the IPs used by smtprelay are different. (i.e.: 194.25.134.{[28-31],[92-95]})
I don't know what "PDT" is. Because in your mail header I read "-0700" I guess that this is the difference between PDT an GMT.
Pacific Daylight savings Time: root@slarty[0]:~ (0) # inode=`ls -li /usr/share/zoneinfo/PST8PDT | cut -d' ' -f2` root@slarty[0]:~ (0) # ls -lRi /usr/share/zoneinfo/ | grep $inode 502108 -rw-r--r-- 3 root root 1000 Mar 24 2000 PST8PDT 502108 -rw-r--r-- 3 root root 1000 Mar 24 2000 Los_Angeles 502108 -rw-r--r-- 3 root root 1000 Mar 24 2000 Pacific SCNR.
So that makes 03:10:38 CEST (01:10:38 GMT) up to now. Because I and Sebastian Helms sent (both are using the smtprelay) mails to this list, something couldn't be true.
See above.
What you could do? See my other mail. Every T-Online customer who joined this mailing list complains (in German!). Maybe T-Online does something.
Thanks! I think customer complains is the way to go.
Definitely. Question is, if you should forward a "sample" (header) of one of the spam-mails...
To what e-mail adress should we complain? abuse@t-online.de.
Probably ;) -dnh -- The probability of someone watching you is proportional to the stupidity of your action.
Definitely. Question is, if you should forward a "sample" (header) of one of the spam-mails...
We cannot, because the problem never gets that far. Our mailserver
rejects it like following: [1]
Jun 12 08:15:39 ns1 postfix/smtpd[8096]: reject: RCPT from mailout01.sul.t-online.com[194.25.134.80]: 450
Dear Mr. Jorgensen, why don?t you just add this domain to yours hosts file and set up a filter for all msg?s recieved from t-online.de to be mapped to a local account. This won?t do any more harm than blocking all msg?s from t-online.de. Then you do at least have a sample of the offending message ? --- Mit freundlichen Gru?en Kind regards Dirk Schultze Dima Consulting GmbH
-----Ursprungliche Nachricht----- Von: Mads Martin Jorgensen [mailto:mmj@suse.com] Gesendet: Mittwoch, 13. Juni 2001 00:50 An: suse-linux@suse.com Betreff: Re: T-Online and problems with this list
Definitely. Question is, if you should forward a "sample" (header) of one of the spam-mails...
We cannot, because the problem never gets that far. Our mailserver rejects it like following: [1]
Jun 12 08:15:39 ns1 postfix/smtpd[8096]: reject: RCPT from mailout01.sul.t-online.com[194.25.134.80]: 450
: Sender address rejected: Domain not found; from= to= So it never gets that far, it only causes a lot of work for our mailserver, which is exactly the point of a DoS-attack. Lets say he had 100 machines trying this. Then our mailserver would never do anything but reject these connections - hence Denial of Service.
Unless we of course started blocking these IPs ...
[1] And no -- it is not a possibility to let them through. -- Mads Martin Joergensen, http://mmj.dk "Why make things difficult, when it is possible to make them cryptic and totally illogic, with just a little bit more effort." -- A. P. J.
-- Um die Liste abzubestellen, schicken Sie eine Mail an: suse-linux-unsubscribe@suse.com Um eine Liste aller verf|gbaren Kommandos zu bekommen, schicken Sie eine Mail an: suse-linux-help@suse.com
On Die, 12 Jun 2001, Mads Martin Jørgensen wrote:
Definitely. Question is, if you should forward a "sample" (header) of one of the spam-mails...
We cannot, because the problem never gets that far. Our mailserver rejects it like following: [1]
Jun 12 08:15:39 ns1 postfix/smtpd[8096]: reject: RCPT from mailout01.sul.t-online.com[194.25.134.80]: 450
: Sender address rejected: Domain not found; from= to= [linebreaks by me]
Oh, I see... But I guess, you'd need at least some hops before mailout01...
So it never gets that far, it only causes a lot of work for our mailserver, which is exactly the point of a DoS-attack. Lets say he had 100 machines trying this. Then our mailserver would never do anything but reject these connections - hence Denial of Service.
Unless we of course started blocking these IPs ...
[1] And no -- it is not a possibility to let them through.
Hm. Why not let one (or two) through, to get to the Time and IP the spammer used? Maybe he's not even a t-online customer, but if, AFAIK t-online can and will relate IP and Time to an account and hence close that account. As far as I've read, T-Online is _not_ as ignorant about spamming as are, say, uunet *eg*... I myself get virtually _no_ spam from t-online users. So, I think, that letting a few mails through (e.g. by means of adding 'solar.phoenix.anet' to /etc/hosts for a few minutes (or so), as is also proposed in the parallel answer by Dirk), you'd get the data you need (and upon which t-online would react).
"Why make things difficult, when it is possible to make them cryptic and totally illogic, with just a little bit more effort." -- A. P. J.
Should I know, who apj is? ;) -dnh -- Since attendees must wear their name tags, they must also wear shirts or blouses. Pants or skirts are also highly recommended. -- RFC 1391
Hi Mads, * Mads Martin Jørgensen schrieb am 12 Jun 2001:
* Mads Martin Jørgensen
[Jun 11. 2001 18:10]: Because of T-Online not listening to our requests, and some T-Online user(s) continuesly spamming our servers, we've been forced into blocking all UDP and TCP/IP packets from the following IPs:
[...]
We just reopened for traffic from these IPs, and now the flood of connection attempts are back. Since a lot of people told me that we could not block these IPs, would these people please stand up and tell me what else we can do, when T-Online is not listening?
I greatly favor the method Bernhard Walle has just proposed: you post a mail with your complaint to T-Online (maybe your first complaint to them?) here on the list and everyone willing to show his/her appreciation of this problem forwards this mail to T-Online Service. Ich finde die Idee von Bernhard sehr gut: Mads postet seine ursprüngliche Beschwerde an T-Online bzw. eine Mail mit der Problembeschreibung hier auf die Liste, und alle, die sich der Thematik annehmen wollen, leiten diese Mail an T-Online weiter. Dabei sollte jeder T-Online Kunde (natürlich) mitmachen und bitte noch einmal extra seine T-Online-Nr o.ä. in der Mail mit angeben, damit die Leute bei T-Online sehen, daß es ihren Kunden ernst ist. Gruß, Sebastian -- Do not meddle in the affairs of Wizards, for they are subtle and quick to anger. Sebastian Helms - http://www.helms.sh - mailto:mail@helms.sh (PGP welcome) SuSE-Linux-Mailinglisten-FAQ: http://www.helms.sh/faq/
Hi, Sebastian
* Sebastian Helms
Ich finde die Idee von Bernhard sehr gut: Mads postet seine ursprüngliche Beschwerde an T-Online bzw. eine Mail mit der Problembeschreibung hier auf die Liste, und alle, die sich der Thematik annehmen wollen, leiten diese Mail an T-Online weiter.
Jepp, Mail ist raus. ====================================================================== Sehr geehrte Damen und Herren des abuse@t-online-Teams, Anbei eine Mail des Administrators der grossen technischen Mailing-liste suse-linux@suse.com mit der entsprechenden deutschen Uebersetzung. Da die Mailingliste von vielen T-Online-Kunden genutzt wird und eine wichtige Hilfe bei der Administrierung eines Linux-Systems darstellt, bitte ich um Kenntnisnahme und ein kurzes Feedback Ihrerseits. Mit freundlichen Gruessen, Andreas Kneib ====================================================================== Oder war das jetzt zu hoeflich? Mit besten Gruessen, Andreas -- Kneibs Notizen. Diese Woche: 'Maskulinum, Femininum, Neutrum' * http://www.kolumne.ixy.de * * http://www.wortwaal.de/kneibskolumne/ *
On Tue, 12 Jun 2001 at 21:22 +0200, Andreas Kneib wrote:
Hi, Sebastian
* Sebastian Helms
[12/06/01 19:21]: Ich finde die Idee von Bernhard sehr gut: Mads postet seine ursprüngliche Beschwerde an T-Online bzw. eine Mail mit der Problembeschreibung hier auf die Liste, und alle, die sich der Thematik annehmen wollen, leiten diese Mail an T-Online weiter.
Jepp, Mail ist raus.
====================================================================== Sehr geehrte Damen und Herren des abuse@t-online-Teams,
Anbei eine Mail des Administrators der grossen technischen Mailing-liste suse-linux@suse.com mit der entsprechenden deutschen Uebersetzung.
Da die Mailingliste von vielen T-Online-Kunden genutzt wird und eine wichtige Hilfe bei der Administrierung eines Linux-Systems darstellt, bitte ich um Kenntnisnahme und ein kurzes Feedback Ihrerseits.
Mit freundlichen Gruessen, Andreas Kneib
======================================================================
Oder war das jetzt zu hoeflich?
Nein. Ich habe die Mail noch an hotline@t-online.de geschickt, schließlich handelt es sich ja um "technische Probleme" (zwar nicht ganz wie sie es verstehen ;-)). Bin schon gespannt, ob ich eine Antwort erhalte. Vor allem bin ich aber gespannt, ob was unternommen wird. Gruß, Bernhard -- -------------------------------------------------------------------- ------------> http://www.links2linux.de <----------- --------------------------------------------------------------------
* Bernhard Walle
Ich habe die Mail noch an hotline@t-online.de geschickt, schließlich handelt es sich ja um "technische Probleme" (zwar nicht ganz wie sie es verstehen ;-)). Bin schon gespannt, ob ich eine Antwort erhalte.
So, nun ist eine zweite Mail raus, ebenfalls an hotline@t-online.de :-) Ich verstehe wirklich nicht, wieso die sich bisher so oft haben bitten lassen und noch immer ihre Ruhe pflegen... Das erinnert mich leidlich an diverse Anrufe bei der T-Online-Telefon-Hotline, an die ich lieber nicht mehr denken moechte...
Vor allem bin ich aber gespannt, ob was unternommen wird.
Das gesunde Eigeninteresse sollte T-Online eigentlich ein Motiv sein, sich zu regen, denke ich. Mit besten Gruessen, Andreas -- Es gibt eine Sorte ungemein ueberlegener Menschen, die gern versichern, alles sei relativ. Das ist natuerlich Unsinn, denn wenn _alles_ relativ waere, gaebe es nichts, wozu es relativ sein koennte. [Russell]
Also ich hab mich auch angeschlossen - allerdings an abuse@t-online.de Im Zweifelsfall schlagen wir Sie einfach mit den eigenen Waffen (soso keine nslookup beim Mailempfang... - schnell mal die IP gespooft und ein paar Mails ab an hotline@t-online.de - hehe - stellt doch nicht wirklich ein Problem dar - oder ?) --- Mit freundlichen Grüßen Dirk Schultze
-----Ursprüngliche Nachricht----- Von: Andreas Kneib [mailto:aporia@web.de] Gesendet: Dienstag, 12. Juni 2001 23:46 An: suse-linux@suse.com Betreff: Re: T-Online and problems with this list
* Bernhard Walle
[12/06/01 22:33]: Ich habe die Mail noch an hotline@t-online.de geschickt, schließlich handelt es sich ja um "technische Probleme" (zwar nicht ganz wie sie es verstehen ;-)). Bin schon gespannt, ob ich eine Antwort erhalte.
So, nun ist eine zweite Mail raus, ebenfalls an hotline@t-online.de :-) Ich verstehe wirklich nicht, wieso die sich bisher so oft haben bitten lassen und noch immer ihre Ruhe pflegen... Das erinnert mich leidlich an diverse Anrufe bei der T-Online-Telefon-Hotline, an die ich lieber nicht mehr denken moechte...
Vor allem bin ich aber gespannt, ob was unternommen wird.
Das gesunde Eigeninteresse sollte T-Online eigentlich ein Motiv sein, sich zu regen, denke ich.
Mit besten Gruessen, Andreas
-- Es gibt eine Sorte ungemein ueberlegener Menschen, die gern versichern, alles sei relativ. Das ist natuerlich Unsinn, denn wenn _alles_ relativ waere, gaebe es nichts, wozu es relativ sein koennte. [Russell]
-- Um die Liste abzubestellen, schicken Sie eine Mail an: suse-linux-unsubscribe@suse.com Um eine Liste aller verfügbaren Kommandos zu bekommen, schicken Sie eine Mail an: suse-linux-help@suse.com
Hallo Sebastian, Am Dienstag, 12. Juni 2001 19:21 schrieb Sebastian Helms:
Hi Mads,
* Mads Martin Jørgensen schrieb am 12 Jun 2001:
* Mads Martin Jørgensen
[Jun 11. 2001 18:10]: Because of T-Online not listening to our requests, and some T-Online user(s) continuesly spamming our servers, we've been forced into blocking all UDP and TCP/IP packets from the following IPs:
[...]
We just reopened for traffic from these IPs, and now the flood of connection attempts are back. Since a lot of people told me that we could not block these IPs, would these people please stand up and tell me what else we can do, when T-Online is not listening?
I greatly favor the method Bernhard Walle has just proposed: you post a mail with your complaint to T-Online (maybe your first complaint to them?) here on the list and everyone willing to show his/her appreciation of this problem forwards this mail to T-Online Service.
Ich finde die Idee von Bernhard sehr gut: Mads postet seine ursprüngliche Beschwerde an T-Online bzw. eine Mail mit der Problembeschreibung hier auf die Liste, und alle, die sich der Thematik annehmen wollen, leiten diese Mail an T-Online weiter.
Dabei sollte jeder T-Online Kunde (natürlich) mitmachen und bitte noch einmal extra seine T-Online-Nr o.ä. in der Mail mit angeben, damit die Leute bei T-Online sehen, daß es ihren Kunden ernst ist.
Vorschlag ist soeben zur Tat geworden. Mail ist raus.
Gruß,
Sebastian
Gruss Bernd
participants (12)
-
Andreas Kneib
-
Andreas Koenecke
-
Andreas Kyek
-
BerndSchwab@t-online.de
-
Bernhard Walle
-
David Haller
-
Dirk Schultze
-
Mads Martin Jørgensen
-
Mathias Homann
-
Oliver Kiehl
-
Sebastian Helms
-
Stefan Troeger