Testing

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Testing

Turritopsis Dohrnii Teo En Ming-2


--
-----BEGIN EMAIL SIGNATURE-----

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

********************************************************************************************

Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-----END EMAIL SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

RE: Testing

Marc Roos

Why don't you block the whole compute cloud of amazon?
ec2-3-21-30-127.us-east-2.compute.amazonaws.com


-----Original Message-----

To: [hidden email]
Subject: Testing



--
-----BEGIN EMAIL SIGNATURE-----

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S.
Embassy Workers

Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

************************************************************************
********************

Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-----END EMAIL SIGNATURE-----


Reply | Threaded
Open this post in threaded view
|

Re: Testing

OpenSSL - User mailing list
On 2020-08-31 16:28, Marc Roos wrote:
> Why don't you block the whole compute cloud of amazon?
> ec2-3-21-30-127.us-east-2.compute.amazonaws.com
Please note, that at least our company hosts a secondary MX in the EC2
cloud, with the option to direct my posts to the list through that
server.  However proper PTR record, SPF, DKIM and DMARC checks should
all pass for such posts.

Thus rather than blindly blacklisting the Amazon hosting service, maybe
make the OpenSSL mail server check those things to catch erroneous
transmissions from web servers.


>
> -----Original Message-----
>
> To: [hidden email]
> Subject: Testing
>
>
>
> --
> -----BEGIN EMAIL SIGNATURE-----
>
> The Gospel for all Targeted Individuals (TIs):
>
> [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S.
> Embassy Workers
>
> Link:
> https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
>
> ************************************************************************
> ********************
>
> Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
> Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
> United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
> 2019) and Australia (25 Dec 2019 to 9 Jan 2020):
>
> [1] https://tdtemcerts.wordpress.com/
>
> [2] https://tdtemcerts.blogspot.sg/
>
> [3] https://www.scribd.com/user/270125049/Teo-En-Ming
>
> -----END EMAIL SIGNATURE-----
>
>


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

Reply | Threaded
Open this post in threaded view
|

RE: Testing

Marc Roos

PTR record, SPF, DKIM and DMARC are also set by spammers, and sometimes
even just before a spam run. It is either choosing to do amazons work or
not having any work. If more and more are blocking the amazon cloud it
would make their clients leave and this finally migth have them spend
more on their abuse department.




-----Original Message-----
To: [hidden email]
Subject: Re: Testing

On 2020-08-31 16:28, Marc Roos wrote:
> Why don't you block the whole compute cloud of amazon?
> ec2-3-21-30-127.us-east-2.compute.amazonaws.com
Please note, that at least our company hosts a secondary MX in the EC2
cloud, with the option to direct my posts to the list through that
server.  However proper PTR record, SPF, DKIM and DMARC checks should
all pass for such posts.

Thus rather than blindly blacklisting the Amazon hosting service, maybe
make the OpenSSL mail server check those things to catch erroneous
transmissions from web servers.


>
> -----Original Message-----
>
> To: [hidden email]
> Subject: Testing
>
>
>
> --
> -----BEGIN EMAIL SIGNATURE-----
>
> The Gospel for all Targeted Individuals (TIs):
>
> [The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S.

> Embassy Workers
>
> Link:
> https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave
> .html
>
> **********************************************************************
> **
> ********************
>
> Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
> Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
> United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
> 2019) and Australia (25 Dec 2019 to 9 Jan 2020):
>
> [1] https://tdtemcerts.wordpress.com/
>
> [2] https://tdtemcerts.blogspot.sg/
>
> [3] https://www.scribd.com/user/270125049/Teo-En-Ming
>
> -----END EMAIL SIGNATURE-----
>
>


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com 
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10 This
public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



Reply | Threaded
Open this post in threaded view
|

Re: Testing

Richard Levitte - VMS Whacker-2
In reply to this post by Marc Roos
For a rogue test message?

However, a quick search through the mail log shows that indeed, there
are messages coming from random Amazon AWS hosts that are...  "interesting"
I smirk a bit when I see this in our mail logs:

    Sep  2 10:36:06 mta postfix/smtpd[1091]: warning: non-SMTP command from ec2-184-72-79-140.compute-1.amazonaws.com[184.72.79.140]: GET / HTTP/1.1

As for blocking, we rely quite a bit on available spam-hauses, such as
zen.spamhaus.org, and they do catch the occasional individual Amazon
AWS machine (seen in our logs), so it seems that they do get reports
on misbehaving machinery.

Apart from hightened emotions (I understand them, believe you me), are
there tangible reasons for applying the kind of arbitrary
sledge-hammer that you propose?
I would rather not, unless I really must.

Cheers,
Richard

On Mon, 31 Aug 2020 16:28:53 +0200,
Marc Roos wrote:

>
>
> Why don't you block the whole compute cloud of amazon?
> ec2-3-21-30-127.us-east-2.compute.amazonaws.com
>
>
> -----Original Message-----
>
> To: [hidden email]
> Subject: Testing
>
>
>
> --
> -----BEGIN EMAIL SIGNATURE-----
>
> The Gospel for all Targeted Individuals (TIs):
>
> [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S.
> Embassy Workers
>
> Link:
> https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
>
> ************************************************************************
> ********************
>
> Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
> Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
> United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
> 2019) and Australia (25 Dec 2019 to 9 Jan 2020):
>
> [1] https://tdtemcerts.wordpress.com/
>
> [2] https://tdtemcerts.blogspot.sg/
>
> [3] https://www.scribd.com/user/270125049/Teo-En-Ming
>
> -----END EMAIL SIGNATURE-----
>
>
--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/
Reply | Threaded
Open this post in threaded view
|

Re: Testing

OpenSSL - User mailing list
In reply to this post by Marc Roos
On 2020-09-03 09:42, Marc Roos wrote:
>
> PTR record, SPF, DKIM and DMARC are also set by spammers, and sometimes
> even just before a spam run. It is either choosing to do amazons work or
> not having any work. If more and more are blocking the amazon cloud it
> would make their clients leave and this finally migth have them spend
> more on their abuse department.
>
>

For your information, AWS apparently blocks TCP port 25 unless the
customer (not someone hacking an AWS instance) explicitly requests a
custom PTR record using a form where the customer promises not to Spam.
Custom PTR records don't look like
ec2-184-72-79-140.compute-1.amazonaws.com .

I am unsure how Richard's example that obviously tricked a server to
send a HTTP request to the OpenSSL mail server got past the port 25
block (this appears to be a common form of server side request forgery).


>
>
> -----Original Message-----
> To: [hidden email]
> Subject: Re: Testing
>
> On 2020-08-31 16:28, Marc Roos wrote:
>> Why don't you block the whole compute cloud of amazon?
>> ec2-3-21-30-127.us-east-2.compute.amazonaws.com
> Please note, that at least our company hosts a secondary MX in the EC2
> cloud, with the option to direct my posts to the list through that
> server.  However proper PTR record, SPF, DKIM and DMARC checks should
> all pass for such posts.
>
> Thus rather than blindly blacklisting the Amazon hosting service, maybe
> make the OpenSSL mail server check those things to catch erroneous
> transmissions from web servers.
>
>
>>
>> -----Original Message-----
>>
>> To: [hidden email]
>> Subject: Testing
>>
>>
>>
>> --
>> -----BEGIN EMAIL SIGNATURE-----
>>
>> The Gospel for all Targeted Individuals (TIs):
>>
>> [The New York Times] Microwave Weapons Are Prime Suspect in Ills of
> U.S.
>> Embassy Workers
>>
>> Link:
>> https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave
>> .html
>>
>> **********************************************************************
>> **
>> ********************
>>
>> Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
>> Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
>> United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
>> 2019) and Australia (25 Dec 2019 to 9 Jan 2020):
>>
>> [1] https://tdtemcerts.wordpress.com/
>>
>> [2] https://tdtemcerts.blogspot.sg/
>>
>> [3] https://www.scribd.com/user/270125049/Teo-En-Ming
>>
>> -----END EMAIL SIGNATURE-----
>>
>>
>
>
>



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
Reply | Threaded
Open this post in threaded view
|

RE: Testing

Marc Roos

Why are you defending amazon? Everyone processing significant mail and
http traffic is complaining about them. They were even listed in
spamhaus's top 10 abuse networks (until they started contributing to
them?)

Reply | Threaded
Open this post in threaded view
|

Re: Testing

OpenSSL - User mailing list
On 2020-09-03 12:25, Marc Roos wrote:
>
> Why are you defending amazon? Everyone processing significant mail and
> http traffic is complaining about them. They were even listed in
> spamhaus's top 10 abuse networks (until they started contributing to
> them?)
>

Because we are sending non-spam mail from an AWS hosted server, and
would be seriously inconvenienced if they got generally banned by mail
recipients.

And we did check that they were not in bad standing at spamhaus.org
before choosing them to host that server.  Some of their competitors
failed those checks.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
Reply | Threaded
Open this post in threaded view
|

RE: Testing

Marc Roos

As if amazon is the only provider you can host an mta. As I wrote before
your laziness to find a proper provider solution, causes work at other
providers. The only advantage that your type of customer has, is that
your brains all work the same going for cheap and easy. So if I do block
such a network, I block of useless traffic.

I think amazon is expanding/changing strategy. Now they are even routing
to dubious ip ranges.

traceroute -n 185.187.119.175
traceroute to 185.187.119.175 (185.187.119.175), 30 hops max, 60 byte
packets

 4  92.63.170.153  0.516 ms  0.522 ms  0.534 ms
 5  193.239.116.110  1.779 ms  1.154 ms  1.748 ms
 6  52.93.112.28  4.971 ms 52.93.112.24  2.019 ms 52.93.112.28  4.677 ms
 7  54.239.114.149  1.292 ms 54.239.114.103  1.629 ms 54.239.114.155  
1.095 ms
 8  * * *
 9  * * *

185.187.119.2   mta119-2.msgfocus.com.
185.187.119.3   mta119-3.msgfocus.com.
185.187.119.4   mta119-4.msgfocus.com.
185.187.119.5   mta119-5.msgfocus.com.
185.187.119.6   mta119-6.msgfocus.com.
185.187.119.7   mta119-7.msgfocus.com.
185.187.119.8   mta119-8.msgfocus.com.
185.187.119.9   mta119-9.msgfocus.com.
185.187.119.10  mta119-10.msgfocus.com.
185.187.119.11  mta119-11.msgfocus.com.
185.187.119.12  mta119-12.msgfocus.com.
185.187.119.13  mta119-13.msgfocus.com.
185.187.119.14  mta119-14.msgfocus.com.
185.187.119.15  mta119-15.msgfocus.com.
185.187.119.16  mta119-16.msgfocus.com.
185.187.119.17  mta119-17.msgfocus.com.
185.187.119.18  mta119-18.msgfocus.com.
185.187.119.19  mta119-19.msgfocus.com.
185.187.119.20  mta119-20.msgfocus.com.
185.187.119.21  mta119-21.msgfocus.com.
185.187.119.22  mta119-22.msgfocus.com.
185.187.119.23  mta119-23.msgfocus.com.
185.187.119.24  mta119-24.msgfocus.com.
185.187.119.25  mta119-25.msgfocus.com.
185.187.119.26  mta119-26.msgfocus.com.
185.187.119.27  mta119-27.msgfocus.com.
185.187.119.28  mta119-28.msgfocus.com
..
..
185.187.119.223 mta119-223.msgfocus.com.
185.187.119.224 mta119-224.msgfocus.com.
185.187.119.225 mta119-225.msgfocus.com.
185.187.119.226 mta119-226.msgfocus.com.
185.187.119.227 mta119-227.msgfocus.com.
185.187.119.228 mta119-228.msgfocus.com.
185.187.119.229 mta119-229.msgfocus.com.
185.187.119.230 mta119-230.msgfocus.com.
185.187.119.231 mta119-231.msgfocus.com.
185.187.119.232 mta119-232.msgfocus.com.
185.187.119.233 mta119-233.msgfocus.com.
185.187.119.234 mta119-234.msgfocus.com.
185.187.119.235 mta119-235.msgfocus.com.
185.187.119.236 mta119-236.msgfocus.com.
185.187.119.237 mta119-237.msgfocus.com.
185.187.119.238 mta119-238.msgfocus.com.
185.187.119.239 mta119-239.msgfocus.com.
185.187.119.240 mta119-240.msgfocus.com.
185.187.119.241 mta119-241.msgfocus.com.
185.187.119.242 mta119-242.msgfocus.com.
185.187.119.243 mta119-243.msgfocus.com.
185.187.119.244 mta119-244.msgfocus.com.
185.187.119.245 mta119-245.msgfocus.com.
185.187.119.246 mta119-246.msgfocus.com.
185.187.119.247 mta119-247.msgfocus.com.
185.187.119.248 mta119-248.msgfocus.com.
185.187.119.249 mta119-249.msgfocus.com.
185.187.119.250 mta119-250.msgfocus.com.
185.187.119.251 mta119-251.msgfocus.com.
185.187.119.252 mta119-252.msgfocus.com.
185.187.119.253 mta119-253.msgfocus.com.
185.187.119.254 mta119-254.msgfocus.com.