Teksavvy considers blocking port 25
JF Mezei
port 25 for non static-IP customers.
I guess that is the cost of growth. They won't be able to "advertise" that
they don't block any ports anymore if they go ahead with this.
At the ISP level, are there ways to spot customers whose PC has become a
spambot ? It would be interesting to see if it truly is a problem with
Teksavvy or if this is just a preventive measure.
(are spambots related to the fembots pictured in Austin Powers documentaries ?)
Since spambots tend to get their orders from some controlling node, how
quickly do the IPs of such nodes become known ? And if all ISps blocked
port 25, wouldn't the spambots be written to make use of that ISP's SMTP
server which would make those emails appear even more legitimate ?
Teksavvy said that they might provide an "opt out" option. Wouldn't that
become rather unweildy from a manager point of view ? Those router tables
might becomes quite large.
I can understand vanilla ISPs blocking port 25. Heck, vanilla ISPs prohibit
you from running servers. But Teksavvy is an ISP that built its reputation
on not blocking ports, allowing servers etc. So it would be sad to see them
buckle under the pressure of growth and start blocking port 25.
Personally, it wouldn't affect me since I have a static IP and I wouldn't
see port 25 blocked for me. And it *might* actually be to my advantage if
blocking port 25 from vanilla customers reduces the chances that the whole
teksavvy IP range would be placed in some RBL.
But I'd rather see a solution where Teksavvy would catch infected
customers and stop the problem at the source instead of inconveniencing all
customers. But I am not sure that you can do that in an ISP that has grown
to a point where this becomes a problem.
Some Guy
> Over in dslreports, teksavvy announce that they are "considering"
> blocking port 25 for non static-IP customers.
All ISP's should do this for dynamic-assigned customers.
If someone wants out-bound port-25 access, then provide an e-mail
mechanism to allow it on a per-customer basis.
At the same time, all ISP's should operate an out-bound server and
allow (or force) all customers to use it. Put no restrictions on it
(size of message, number of messages, header construction, etc).
Our small company hosts our own SMTP server for receiving mail on
Sympatico's network (with static IP). Our server is not blocked from
sending e-mail, but many external clients reject it because of what
they see in the rDNS of our server (Sympatico does not allow static-IP
customers to submit their rDNS data for their IP).
So we use Sympatico's out-bound server, and you wouldn't know it if
you received an e-mail from us unless you were looking at the full
headers.
> At the ISP level, are there ways to spot customers whose PC has
> become a spambot ?
I guess they could block MX-lookups from their dynamic-IP space.
> wouldn't the spambots be written to make use of that ISP's SMTP
> server which would make those emails appear even more
> legitimate ?
As someone who has operated an SMTP server for the better part of 10
years, I see very little evidence that spam engines or trojans are
being written with either pre-knowledge or with the ability to
discover the out-bound SMTP server for the host they have infected.
> So it would be sad to see them buckle under the pressure of
> growth and start blocking port 25.
They simply can't afford to have their IP space become black-listed.
As their customer base grows, it's inevitable that some customers will
be lax or ignorant enough to allow their systems to become infected
with a spam trojan.
Besides, there are alternative ports that are usually used by
third-party hosts anyways.
Malcolm Ferguson
problem with this. Come on: it's $4/month for a static IP address, on
top of already great rates. If you're planning to run your own mail
server, it's a small fee to pay, and it has the added benefit that the
PTR record can be set correctly. It would certainly make
admin/management easier from Teksavvy's perspective - if there's a
problem they can look up somebody's IP address quickly without delving
through logs.
Perhaps incoming port 25 should remain open, but outgoing for dynamic
IPs should be forced through Teksavvy's SMTP server. They can enforce
rate limits and put alarms in place at that point. Anybody spewing spam
should be cut-off and only reconnected to the internet when they've
fixed the problem.
Malc
Marc Bissonnette
disgorging news:b127c$4569eed8$cef8887a$18...@TEKSAVVY.COM:
> Over in dslreports, teksavvy announce that they are "considering"
> blocking port 25 for non static-IP customers.
>
> I guess that is the cost of growth.
Sure, but it's smart growth: Better to block it now, proactively, than as
a reactive change due to being RBL'ed.
> They won't be able to "advertise"
> that they don't block any ports anymore if they go ahead with this.
Sure they can:
"Teksavvy, $X/month, no port blocking for static IP customers!"
Ta-daah!
> Teksavvy said that they might provide an "opt out" option. Wouldn't
> that become rather unweildy from a manager point of view ? Those
> router tables might becomes quite large.
Pah - As others have said: Automate it.
> I can understand vanilla ISPs blocking port 25. Heck, vanilla ISPs
> prohibit you from running servers. But Teksavvy is an ISP that built
> its reputation on not blocking ports, allowing servers etc. So it
> would be sad to see them buckle under the pressure of growth and start
> blocking port 25.
Teksavvy built it's reputation on being a solid ISP who is geek and
regular Joe-Blo friendly: The geeks are going to have a static IP and
will not be affected. The Joe-Blo's probably won't notice a difference at
all, since most of them are probably already using TS's SMTP for
outbound.
> But I'd rather see a solution where Teksavvy would catch infected
> customers and stop the problem at the source instead of
> inconveniencing all customers. But I am not sure that you can do that
> in an ISP that has grown to a point where this becomes a problem.
Sure they can: Scan all mail for content, as well as volume: Imagine what
*that* announcement would do to their rep.
--
Marc Bissonnette
Looking for a new ISP? http://www.canadianisp.com
Largest ISP comparison site across Canada.
JF Mezei
> problem with this. Come on: it's $4/month for a static IP address, on
> top of already great rates. If you're planning to run your own mail
> server, it's a small fee to pay, and it has the added benefit that the
> PTR record can be set correctly.
Actually, the PRT record thing may be the big ticket that justifies
blocking port 25. Since smart SMTP receivers will discard messages coming
from an IP without reverse translation , and some even block if there is a
reverse lookup that contains keywords such as "dial" or "dsl" or "cable", I
guess that anyone seriously considering sending email from his own SMTP
server should really get a real IP with a real reverse lookup.
Blocking port 25 may be the logical thing to do. But not sure it is the
human thing to do. Teksavvy has an image of Istop done right. So you'd
expect its customer base to be nothing but geeks (except a few who can
sneek thorugh and pretend to be geeks). But if it is actually growing with
lots of windows ordinary customers (non geeks), then perhaps they are being
forced to transform themselves into an ordinary ISP and keep the geeks as a
side show.
Whe I can see problems is some guy paying $29.95 being told that from now
on, he must pay $4.00 more because some windows customers have infected
machines.
Tony
remain open forever. Some people can't learn anything no matter how simple it is.
I'm not saying that is a great use of bandwidth but they're using the bandwidth the
way they see fit. Caps are caps.
Sid Knee
> Better to block it now, proactively, than as
> a reactive change due to being RBL'ed.
Are you so sure that it isn't?
Yugo
> Teksavvy has an image of Istop done right.
Or, more precisely, of Istop done honestly.
Do you remember how you and all the geeks here nodded when Ralph Doncaster
pretended that he saved so much money using Linux and had to charge extra when
people requested Windows services? Well, it now seems that all the geeks here
have now understood the common knowledge of the typical dummy at Sympatico:
with Windows, the total cost of ownership is down.
Of course, Teksavvy's owners -- you know, ThisGuy and his brother -- have
stressed the point that they also use Linux... as a print server to their $79
Brother printer, I suppose. But, as a http server where Linux-Apache has built
a reputation, they use Windows servers.
And that's the bottom line: when you use Windows server, they're so easy to
maintain that you're not on a tight budget like most ISPs and there's so much
money left that this is where real geeks gather. So, now, Ballmer's Gospel is
spreading and you have truth at both end of the specter: Sympatico and Teksavvy.
That's what Teksavvy is all about: honesty.
Mike
"Yugo" <yu...@noemailaddress.com> wrote in message
news:11645939...@www.vif.com...
windows because customers want windows hosting. BFD.
gbuchana(a)teksavvy(dot)com
> I guess that anyone seriously considering sending email from
> his own SMTP server should really get a real IP with a real
> reverse lookup.
>
Is that an option with Teksavvy? How's it work?
____________________________________________________________________
Gardner Buchanan gbuchana(a)teksavvy(dot)com
FreeBSD: Where you want to go. Today.
Yugo
Sorry, *all* their web servers run Microsoft-IIS:
http://toolbar.netcraft.com/site_report?url=http://teksavvy.com
tsiguy
No they don't.... You only see what is tied to specific/known domain
names.
We use a combination of both worlds... it is on a needs basis.....
Rocky
tsiguy
No matter the way we decide to go... It will be that will be as fair as
possible and as risk free as possible. In the end we want to be good
netizens so as to not risk our IPs and the stability but by the same
token, we don't want to mess with a good thing... It's a difficult
situation... this is why we've put it out there... to talk about.
Rocky
JF Mezei
> Do you remember how you and all the geeks here nodded when Ralph
> Doncaster pretended that he saved so much money using Linux and had to
> charge extra when people requested Windows services?
Ralph charged more for providing co-located space for customer owned
servers running windows since those require more TLC to do reboots etc.
Ralph provided 2 tiers of support. The lower cost was "self support" where
Ralph didn't provide support for your own machines, only for the TCPIP link
and you were expected to do your own pings and traceroutes etc.
The higher lever was for more "normal" users (whom Ralph might consider
undesirable).
Teksavvy does not discriminate and charges the same price as Istop's "no
support" price but provides full support and no threaths of cutting you off
if you dare call the support folks.
And with regards to your pointing out that Teksavvy still has some windows
servers. In this particular case, this is not relevant because we are
talking about customer owned equipment that becomes infected and sends out
spam without touching any of teksavvy's own servers.
JF Mezei
> Is that an option with Teksavvy? How's it work?
You call them up, asked to get a fixed IP. They charge you an extra $4.00
per month and you also get full access to newsgroups. And you can then tell
them what you want your "own" IP to reverse translate to. It doesn't have
to reverse translate to something.teksavvy.com, it can reverse translate to
anything you want.
Yugo
Indeed! We see what is tied to Teksavvy. Now you might host a few people on
Linux, just as Doncaster was hosting a few on Windows. This would make sense
since most people who use your address block use Linux:
<http://toolbar.netcraft.com/netblock?q=TEKSAVVY,206.248.128.0,206.248.191.255>
But YOU use Windows all the way for web servers. There can't be any doubt
about it.
Isn't it strange that most people/companies who use your address block use
Linux whereas you chose Windows... to provide more efficient service?
> We use a combination of both worlds... it is on a needs basis.....
And it just so happens that you badly need Windows. Talk about tech savvy
people! But I'm sure Microsoft is learning from the experience and, who knows,
someday, you might end up with something that almost works. How it will become
as cheap as Linux and the BSDs to offer better service is another matter, though.
Yugo
> Teksavvy does not discriminate and charges the same price as Istop's "no
> support" price but provides full support and no threaths of cutting you
> off if you dare call the support folks.
That's what I said: they prove how Ballmer is right about Total Cost of
Ownership. Unless you think they're /subsidized/? Because you certainly know
as well as me how tight the margins are in providing internet services.
> And with regards to your pointing out that Teksavvy still has some
> windows servers. In this particular case, this is not relevant because
> we are talking about customer owned equipment that becomes infected and
> sends out spam without touching any of teksavvy's own servers.
I wasn't refering to the spam problems.
Mike
JF Mezei
> And it just so happens that you badly need Windows. Talk about tech savvy
> people!
When I signed up, I had no idea they were a microsoft shop. And apart for a
few idiosyncracies, I have been impressed with their reliability. I have
little respect for people who choose Microsoft because "others choose it",
or "to be compatible" (especially on the net where Microsoft takes extra
steps to ensure it os NOT compatible).
But if some shop manages to get some MS servers running reliably, then
kudos to them. Whether Teksavvy will be able to scale some of their MS
infrastructure (notably POP/SMTP servers) as they grow remains to be seen,
and I expect them to shift to more serious operating system as they grow.
Real ISP's wouldn't be running mail servers on Windows. The big email
solutions run on Sun for instance. However, their ironport mail filtering
on on a turnkey box based on linux if I remember correctly.
I suspect Teksavvy will grow out of Windows in its own time. You don't give
a kid adult clothes, you wait until he grows enough. They will certaintly
keep some windows stuff around, especially some web servers since some
customers will demand they be hosted on Widnows because of some proprietary
microsoft applications.
But since their service has been reliable, I prefer that they grow out of
windows at their own pace instead of risking instability by imposing some
"real" solution on them before they are ready.
Malcolm Ferguson
> Yugo wrote:
>> And it just so happens that you badly need Windows. Talk about tech
>> savvy people!
>
> When I signed up, I had no idea they were a microsoft shop. And apart
> for a few idiosyncracies, I have been impressed with their reliability.
> I have little respect for people who choose Microsoft because "others
> choose it", or "to be compatible" (especially on the net where Microsoft
> takes extra steps to ensure it os NOT compatible).
I have little respect for people who choose UNIX because "other geeks
choose it" or because that's what the sheep on /. say is "the true way".
Come on now, it's not religion. You have to pick the right tools for
the job, which where you are might be Windows.
> But if some shop manages to get some MS servers running reliably, then
> kudos to them.
I've helped manage and maintain a colocation facility that required high
availability. It's been running multiple IIS web servers and databases
very reliably for years. NT4 required a little patience, but since we
migrated to Win2K it's been generally rock-solid. We haven't even had a
dedicated admin on it for three years, and I haven't been called in to
help out in it for years either.
> I suspect Teksavvy will grow out of Windows in its own time. You don't
> give a kid adult clothes, you wait until he grows enough. They will
> certaintly keep some windows stuff around, especially some web servers
> since some customers will demand they be hosted on Widnows because of
> some proprietary microsoft applications.
>
> But since their service has been reliable, I prefer that they grow out
> of windows at their own pace instead of risking instability by imposing
> some "real" solution on them before they are ready.
If Windows works for them, why would they switch to something else?
It's more costly to switch platforms than evolve what you already have.
I can guarantee that learning to provide what they do today on a new
platform will introduce teething problems and potentially unreliability.
Malc
Marc Bissonnette
news:456a1b2e$0$32582$c3e...@news.astraweb.com:
No, I'm not, but I haven't heard any rumblings about TS being a source of
spam; I'm a regular lurker/occasional contributor in
news.admin.net-abuse.email and I haven't seen complaints about TS in there.
Of course, your inference is correct: Never say never :)
tsiguy
As mentioned above/below from a few people... We use different boxes
for different needs. We've got something between 40 to 60 servers....
To give you an idea that we don't only use MS.... See
http://uptime.netcraft.com/up/graph?site=jethro.teksavvy.com
This particular server is a LINUX server and hosts about 500
domains.....
We started nearly 10 years ago and have developed various applications
to which we've grown them for our own purposes... The MS server that
we have for ourselves has a specific task and has specific scripts that
we need and to convert them would be a huge undertaking and might very
well, as someone else mentioned, cause more instabilities than good.
Making changes to remove MS from the mix out of spite (as this is what
this seems like) doesn't make sense to/for us at this point. We have a
pretty stable mix and, at least for the time being, we don't see
ourselves changing what works!
... if it isn't broken, don't fix it! ;-)
Rocky
Malcolm Ferguson
>
> JF Mezei wrote:
>
>> Over in dslreports, teksavvy announce that they are "considering" blocking
>> port 25 for non static-IP customers.
>>
> As long as there's caps then if the infected computers are capped
port 25 should
> remain open forever. Some people can't learn anything no matter how
simple it is.
> I'm not saying that is a great use of bandwidth but they're using the
bandwidth the
> way they see fit. Caps are caps.
That seems a bit harsh. Trouble with zombie machines spewing spam is
that the owners don't know it... until they get the first bill. Sure,
they'll learn fast, but they'll probably be so pissed off with Teksavvy
for the bill that they'll switch to another ISP. Better to just block
them, even if that means they'll go longer before they'll discover their
machine has been compromised.
The question is: how many/what proportion of Teksavvy's customers
actually run their own mail servers? Just because something's possible,
doesn't mean it's being taken advantage of.
Malc
Sid Knee
> Sid Knee <meva...@gmail.com> altered the spacetime fabric by disgorging
> news:456a1b2e$0$32582$c3e...@news.astraweb.com:
>
>> Marc Bissonnette wrote:
>>
>>> Better to block it now, proactively, than as
>>> a reactive change due to being RBL'ed.
>> Are you so sure that it isn't?
>
> No, I'm not, but I haven't heard any rumblings about TS being a source of
> spam; I'm a regular lurker/occasional contributor in
> news.admin.net-abuse.email and I haven't seen complaints about TS in there.
>
> Of course, your inference is correct: Never say never :)
The reason I mentioned it, Marc, was because I ran into a problem with
teksavvy being blacklisted at uceprotect which I mentioned in an earlier
message.
I was trying to contact relatives who use aei.ca but messages were being
bounced because teksavvy was on uceprotect's list - presumably for spam
related reasons. So the change may be reactive after all.
I still haven't figured out whether it's been cleared up yet.
Marc Bissonnette
Looks like they have a pretty clean rep in the RBL world:
http://openrbl.org/client/#206.248.154.253
or
http://openrbl.org/client/#teksavvy.com
Not bad at all for a consumer level ISP (Or rather, an ISP that caters to
consumers, along with their other business targets)
Senex
It happens from time to time. It's even happened to big guys like
Sympatico. 'Uceprotect' only one of many services that create
blacklists based on reports from other ISPs. Sometimes the
blacklisting is valid sometimes not.
Blocking port 25 is normally an easy solution for affected ISPs.
Yugo
Unfortumately, Netcraft doesn't know about them:
<http://uptime.netcraft.com/up/hosted?netname=PEER1-TEKSAV-02,69.28.224.0,69.28.225.255>
> We started nearly 10 years ago and have developed various applications
> to which we've grown them for our own purposes... The MS server that
> we have for ourselves has a specific task and has specific scripts that
> we need and to convert them would be a huge undertaking and might very
> well, as someone else mentioned, cause more instabilities than good.
That's why it's important to start from the right foot. Tech savvy people know
that. Maybe we should ask Marc Bissonette the percentage of small ISPs in
Canada that use IIS... I would say no more than 1%, the reason being it's
money thrown down the drain. Linux/BSD is better fit and cost nothing. Given
the ferociously competitive market small ISPs are in, in "normal
circumstances", Linux/BSD is just unavoidable.
tsiguy
We weren't blacklisted... their list either wasn't up to date or
something but we'd verified all the RBL's and we weren't listed....
They were blocking us for some reason, but it wasn't due to being
RBL'd....
Yugo
> Yugo wrote:
>
>> And it just so happens that you badly need Windows. Talk about tech
>> savvy people!
>
>
> When I signed up, I had no idea they were a microsoft shop. And apart
> for a few idiosyncracies, I have been impressed with their reliability.
Have Microsoft back an ISP using Windows to prove Ballmer's theories, it's
going to be utmostly reliable.
> I have little respect for people who choose Microsoft because "others
> choose it", or "to be compatible" (especially on the net where Microsoft
> takes extra steps to ensure it os NOT compatible).
That's just another reason why people who make sense stay away from Microsoft.
Real tech savvy are aware of the stakes.
> But if some shop manages to get some MS servers running reliably, then
> kudos to them. Whether Teksavvy will be able to scale some of their MS
> infrastructure (notably POP/SMTP servers) as they grow remains to be
> seen, and I expect them to shift to more serious operating system as
> they grow.
What about all those scripts that have been written? They're growing by the
day. And what an interesting experience it would be for Microsoft to see if
they finally can make it!
> I suspect Teksavvy will grow out of Windows in its own time.
Who says?
> You don't
> give a kid adult clothes, you wait until he grows enough. They will
> certaintly keep some windows stuff around, especially some web servers
> since some customers will demand they be hosted on Widnows because of
> some proprietary microsoft applications.
That's not what we're talking about. We're talking about Teksanny's own servers.
> But since their service has been reliable, I prefer that they grow out
> of windows at their own pace instead of risking instability by imposing
> some "real" solution on them before they are ready.
If you want to grow out of any OS, the sooner is the better but it already
seems too complicated... even for tech savvy people.
DevilsPGD
<jfmezei...@teksavvy.com> wrote:
>Yugo wrote:
>> Do you remember how you and all the geeks here nodded when Ralph
>> Doncaster pretended that he saved so much money using Linux and had to
>> charge extra when people requested Windows services?
>
>Ralph charged more for providing co-located space for customer owned
>servers running windows since those require more TLC to do reboots etc.
Then he had stupid customers. I'm coming up on the close of my third
year running one or more (At least one, sometimes two or three) Windows
boxes at a remote facility.
I have needed a hard reboot exactly once, the box failed to come back up
and it turned out to be bad RAM.
It's not the operating system, it's the way it's operated and
maintained.
--
Sticks and stones may break my bones, but
improperly spelled insults merely amuse me.
Marc Bissonnette
news:mn.dad97d6bc...@senex.nil:
Actually, it happens far more often to the 'big guys like Sympatico'
because their abuse departments often don't do squat to nuke sources of
spam (Yes, I am sensing the irony here in me making the post a few weeks
ago about a "big guy" nuking an account for having a trojan on board) -
The smaller to medium scale ISPs tend to pay a lot more attention to
their RBL status and take care of the problems more quickly (though often
in a more customer-friendly manner)
> Blocking port 25 is normally an easy solution for affected ISPs.
Agreed: For the masses, port 25 should be blocked by default; Make it a
case-by-case basis for individual customers, as there are often very
legitimate reasons for running your own mail servers.
tsiguy
10 Years ago MS was pretty much the only game around... LINUX was all
but a fart in the wind at that point. It's evolved quite a bit in the
last 5 years or so but if implemented well MS has a place. You may not
like it but I can pretty well guarantee you that your number is higher
than 1%. MS products can be up and going within a day and with very
little tweaking afterwards, while LINUX variations will run you just
about a week or more before running the kinks out enough to go public
with, and you better know what you're doing in a big way, otherwise you
can make a major mess of things... specially when trying to migrate
things.
In any case, we're crossing a bunch of topics here and we keep reliving
a dispute that will go on forever (MS vs 'NIX).... you hate MS, that's
fine and your perogative (I respect that), but in the end, we're solid
with what various products we use, so why the heat when things work
well? There's no need, but go ahead and say I told you so when MS/IIS
craps out on us, we'll deserve it! ;-)
Rocky
Yugo
> 10 Years ago MS was pretty much the only game around... LINUX was all
> but a fart in the wind at that point. It's evolved quite a bit in the
> last 5 years or so
You mean that would have been a nice tim efor a change? You bet!
> but if implemented well MS has a place.
Sure! Who cares about all their dirty little tricks to get hold of the net?
> You may not
> like it
I love them! I mean, if we start hating Microsoft, how will Billy, Stevee and
Paul get their yearly billions? I mean what an honest endeavor Microsoft is! I
hope the state and the CBC all go for the Microsoft proprietary formats so
that our friends can bring in even more money. Look at this poor Billy's
earnings for the first half of November 2006:
http://finance.yahoo.com/q/it?s=MSFT
That's barely more than half a billion shares sold! Small change! Probably
only the equivalent of his stock options for the month.
I mean this is only normal. If Billy wants to buy or "subsidize" ISPs all over
the world, he's got to make some bread, right? Down with communists like LT
and RMS who make hard to configure, unreliable software!
> but I can pretty well guarantee you that your number is higher
> than 1%.
Marc?
> In any case, we're crossing a bunch of topics here
Are we?
> and we keep reliving
> a dispute that will go on forever (MS vs 'NIX)....
For most ISPs, there's no dispute here. Marc?
JE
I really can't figure out if you are a seriously confused loon who beleives
all that BS, or an MS fanboi trying to make linux users look bad. I'm leaning
towards the Microsoft fanboi.
Cheers.
JE
Marc Bissonnette
news:1164651535.4...@n67g2000cwd.googlegroups.com:
Well... I strongly disagree with that :)
Ten years ago, I was working for a couple of ISPs over the span of a
couple of years: The common platform for webserving back then was
Solaris: MS was the fart in the wind. Come to think of it, I can
remember, about 11 years ago, MS was _paying_ ISPs to run their server
software on their production machines, just to say they were out "in the
wild" - Couldn't get em to stay up more than a few days without falling
down and puking all over the place. The Solaris boxen, on the other hand,
had uptimes measured in *years* :)
To be perfectly fair, *back then*, MS servers would stay up for a dozen
hosts or so, but anything with dozens or even hundreds of hosts, MS
servers didn't stand a chance.
Mind you, they (MS) have also evolved quite a bit since then :)
> LINUX was all
> but a fart in the wind at that point. It's evolved quite a bit in the
> last 5 years or so but if implemented well MS has a place. You may
> not like it but I can pretty well guarantee you that your number is
> higher than 1%.
s/pretty well/absolutely/
I'm running a script right now, using IO::Socket::INET to query all the
mainurls of ISPs registered on CanadianISP to see what server software
they're running (I was curious :) ) - It's definitely higher than 1%,
though, from what I've seen spit out so far. (grr point: Some ISP's
webservers are S-L-O-W to respond even to header requests - this thing is
taking forever to run!)
> MS products can be up and going within a day and with
> very little tweaking afterwards, while LINUX variations will run you
> just about a week or more before running the kinks out enough to go
> public with, and you better know what you're doing in a big way,
> otherwise you can make a major mess of things... specially when trying
> to migrate things.
Respecfully disagree with this, though with a caveat: If you *really*
know what you're doing with *nix, you can be up and running in a day or
so. Of course, the same thing with Windows, but with Windows, you'd
better be darned sure you've got all the security patches, tweaks and
fixes installed (which means it's definitely not a default install)
before you go public, or you've just ended up creating a zombie cloning
farm :)
> In any case, we're crossing a bunch of topics here and we keep
> reliving a dispute that will go on forever (MS vs 'NIX).... you hate
> MS, that's fine and your perogative (I respect that), but in the end,
> we're solid with what various products we use, so why the heat when
> things work well?
Agreed totally: I am most definitely *not* an MS fan, would not use it
myself for any online solutions, but that's out of my preference: If it
works for you and your customers, so much the better: Besides, TS offers
*both* MS and *nix solutions, so there really isn't an issue :)
Yugo
I would rather go for the confused loon who believes NASDAQ's bullshit.
Marc Bissonnette
disgorging news:1g9mm25r6vpr0r307...@4ax.com:
> In message <d26b5$456a7625$cef8887a$63...@TEKSAVVY.COM> JF Mezei
> <jfmezei...@teksavvy.com> wrote:
>
>>Yugo wrote:
>>> Do you remember how you and all the geeks here nodded when Ralph
>>> Doncaster pretended that he saved so much money using Linux and had to
>>> charge extra when people requested Windows services?
>>
>>Ralph charged more for providing co-located space for customer owned
>>servers running windows since those require more TLC to do reboots etc.
>
> Then he had stupid customers. I'm coming up on the close of my third
> year running one or more (At least one, sometimes two or three) Windows
> boxes at a remote facility.
Yeah, but it was funny as all hell to see on Ralph's pricing page:
"Windows Headache Fee: $10/month"
:) :) :)
>
> I have needed a hard reboot exactly once, the box failed to come back up
> and it turned out to be bad RAM.
>
> It's not the operating system, it's the way it's operated and
> maintained.
Very true.
Yugo
>>10 Years ago MS was pretty much the only game around...
>
>
> Well... I strongly disagree with that :)
>
> Ten years ago, I was working for a couple of ISPs over the span of a
> couple of years: The common platform for webserving back then was
> Solaris: MS was the fart in the wind. Come to think of it, I can
> remember, about 11 years ago, MS was _paying_ ISPs to run their server
> software on their production machines,
Who knows, they might still be doing it! But now, of course, MS has serious
studies to prove their point. They're very strong at GoDaddy:
Windows Server 2003 Case Study: GoDaddy.com
http://www.devx.com/MicrosoftSC/Door/33006
They're managing lots of empty sites.
> To be perfectly fair, *back then*, MS servers would stay up for a dozen
> hosts or so, but anything with dozens or even hundreds of hosts, MS
> servers didn't stand a chance.
Well, it depends, I suppose. You should be aware that TekSavvy has very savvy
experts.
> Mind you, they (MS) have also evolved quite a bit since then :)
Of course, but teksavvy was using it THEN!!!
>>LINUX was all
>>but a fart in the wind at that point. It's evolved quite a bit in the
>>last 5 years or so but if implemented well MS has a place. You may
>>not like it but I can pretty well guarantee you that your number is
>>higher than 1%.
> s/pretty well/absolutely/
>
> I'm running a script right now, using IO::Socket::INET to query all the
> mainurls of ISPs registered on CanadianISP to see what server software
> they're running (I was curious :) ) - It's definitely higher than 1%,
> though, from what I've seen spit out so far.
Let's wait and see, and see what kind of savvy ISPs they are. It's going to be
interesting.
> Respecfully disagree with this, though with a caveat: If you *really*
> know what you're doing with *nix, you can be up and running in a day or
> so.
And if you know nothing, you can set up your server with Webmin and do all the
same silly things that many Windows administrators do.
> Agreed totally: I am most definitely *not* an MS fan, would not use it
> myself for any online solutions, but that's out of my preference: If it
> works for you and your customers, so much the better
Mainly that, as Microsoft sponsored studies show, the TCO is so much cheaper.
When you want to offer for free services that Doncaster couldn't afford with
Linux, Windows is what you really need.
Senex
I stand corrected.
>
>> Blocking port 25 is normally an easy solution for affected ISPs.
>
> Agreed: For the masses, port 25 should be blocked by default; Make it a
> case-by-case basis for individual customers, as there are often very
> legitimate reasons for running your own mail servers.
Quite a viable option for the "customer-friendly" small/medium sized
ISP. Unfortunately, a lot of us, out in the backwater areas of this
great land, only have access to the "big-boys". Hence, we do as we're
told or put up with *no* service at all.
ie: Where I live there are only Sympatico and Rogers. *Nobody* else
except ye olde dialup and who wants that? :-)
Yugo
> ie: Where I live there are only Sympatico and Rogers. *Nobody* else
> except ye olde dialup and who wants that? :-)
If Sympatico gets to you, you should be able to get DSL service from smaller
providers.
DevilsPGD
Bissonnette <dragnet\_@_/internalysis.com> wrote:
>DevilsPGD <spam_na...@crazyhat.net> altered the spacetime fabric by
>disgorging news:1g9mm25r6vpr0r307...@4ax.com:
>
>> In message <d26b5$456a7625$cef8887a$63...@TEKSAVVY.COM> JF Mezei
>> <jfmezei...@teksavvy.com> wrote:
>>
>>>Yugo wrote:
>>>> Do you remember how you and all the geeks here nodded when Ralph
>>>> Doncaster pretended that he saved so much money using Linux and had to
>>>> charge extra when people requested Windows services?
>>>
>>>Ralph charged more for providing co-located space for customer owned
>>>servers running windows since those require more TLC to do reboots etc.
>>
>> Then he had stupid customers. I'm coming up on the close of my third
>> year running one or more (At least one, sometimes two or three) Windows
>> boxes at a remote facility.
>
>Yeah, but it was funny as all hell to see on Ralph's pricing page:
>
>"Windows Headache Fee: $10/month"
>
>:) :) :)
No doubt.
--
The following was seen at a car dealership,
announcing new seat belt legislation:
"Belt your family. It's the law."
JF Mezei
> If Windows works for them, why would they switch to something else?
growth/scalability issues. As well as multi-node services that allow you to
spread the load as well as bring down one machine for maintenance while
the other continues to provide services to customers.
You can be a 7/24 small shop running on small machines. But when you grow,
in order to maintain the 7/24 nature, you need more comprehensive
infrastructure.
Also, management of the systems becomes an issue, especially when you have
multiple services (accounting, PPPoE authentication, POP authentication,
personal web pages (FTP authentication to your directory), customer access
to their profile, customer access to spam filtering etc.
If you need to maintain disparate databases on various systems to keep it
all running, then it is far harder to let a customer start changing his
password for instance because propagating the change isn't a simple task as
your organisation grows.
Sid Knee
> We weren't blacklisted... their list either wasn't up to date or
> something but we'd verified all the RBL's and we weren't listed....
> They were blocking us for some reason, but it wasn't due to being
> RBL'd....
Then I stand corrected but that was how I interpreted the reply I got
when I reported it to teksavvy support i.e.:
"It does appear that our mailserver has been listed on that website".
If I misinterpreted that, my apologies.
JF Mezei
> 10 Years ago MS was pretty much the only game around... LINUX was all
> but a fart in the wind at that point.
Excuse me ????? The internet was running on Unix right from the get go. The
first servers appeared on Unix and even VMS. (much of usenet had been
developped on VMS originally).
And this is where Yugo has a point. Before Linux became trendy, there were
two classes of people: those who knew Windows only because they only knew
what they read in trade rags and those who knew the serious systems outside
of the limelight.
Where Windows made large inroads was its ability to undercut the initial
purchase price compared to the serious systems because at the time, those
serious systems were larger scale, cisted more and the licences were
expensive. But Total cost of ownership was often lower with the seirous
systems because they included many things that didn't come with Windows
(like a working/trustable backup utility).
Lots of people jumbed blindly into windows because they wanted to be
"compatible" and without *relaly* looking at the other options.
> MS products can be up and going within a day and with very
> little tweaking afterwards,
Sorry, that is false. You need to be on a constant lookout for
vulnerabilities and what patches are available for what MS product. That
takes time. And when you have a whole fleet of servers, applying those
patches (and testing them before) is extremely time consuming.
Consider Dell that at one point, had 150 servers as the front end of its
web site. They had problems managing this and it required a whole army of
geeks to keep each server up-to-date with the latest web software/content
and MS patches. But that was the cost of being a wintel-only company since
they needed to be windows on te visible part of the company.
gbuchana(a)teksavvy(dot)com
> gbuchana(a)teksavvy(dot)com wrote:
>
>> Is that an option with Teksavvy? How's it work?
>
> You call them up, asked to get a fixed IP. They charge you an extra
> $4.00 per month and you also get full access to newsgroups. And you can
> then tell them what you want your "own" IP to reverse translate to. It
> doesn't have to reverse translate to something.teksavvy.com, it can
> reverse translate to anything you want.
I should have been clearer. I know about subscribing to a static
IP with Teksavvy -- I'm using one to post this -- but I am not clear
that Teksavvy has an option to "reverse translate" my IP address
to anything in particular. Is this a normal part of the $4 static
address, or is it an up-charge or special request? Have you
actually done this?
____________________________________________________________________
Gardner Buchanan gbuchana(a)teksavvy(dot)com
FreeBSD: Where you want to go. Today.
tsiguy
Nahh... it's all good... we thought we were by the way it was acting up
but when we looked further into it, we weren't ... Nothing
misrepresented from your end but it was definitely something strange.
tsiguy
Call in to the office as you should be able to do this without a
problem... The only thing I could see is if one of our newbies weren't
sure and gave the wrong information.
Rocky
John Dough
wrote:
>Sure! Who cares about all their dirty little tricks to get hold of the net?
They like to do things their own way. If you don't agree, then
develop your own operating system, build up a large enough base, and
then dictate the "tricks" on your own terms.
>I love them! I mean, if we start hating Microsoft, how will Billy, Stevee and
>Paul get their yearly billions?
It seems your hatred of Microsoft is based purely on the fact that
they make more money than you. In other words, boo hoo.
When you're done whining, let's see if you can come up with some REAL
reasons as to why Linux is better than Jesus, because so far, all your
arguments have had the merit of a 14-year old fanboy.
tsiguy
Marc Bissonnette wrote:
> Ten years ago, I was working for a couple of ISPs over the span of a
> couple of years: The common platform for webserving back then was
> Solaris: MS was the fart in the wind.
I knew you'd call me on the MS stuff with Solaris.... :-p
Was infering to LINUX in specific as this is the argument on the free
stuff as Solaris was all but free, specially at that time.... $$$
> Respecfully disagree with this, though with a caveat: If you *really*
> know what you're doing with *nix, you can be up and running in a day or
> so. Of course, the same thing with Windows, but with Windows, you'd
> better be darned sure you've got all the security patches, tweaks and
> fixes installed (which means it's definitely not a default install)
> before you go public, or you've just ended up creating a zombie cloning
> farm :)
Agreed, with the caveat you said.... The thing to consider is that the
MS OS dwarfs in volume the LINUX OS and MS is continually under attack
due to this market share... You don't see a whole lot of LINUX or Mac
issues as the hacker world have a very small target to attack... so
they go after the easier target.... Microsoft.... they're everywhere.
>
> > In any case, we're crossing a bunch of topics here and we keep
> > reliving a dispute that will go on forever (MS vs 'NIX).... you hate
> > MS, that's fine and your perogative (I respect that), but in the end,
> > we're solid with what various products we use, so why the heat when
> > things work well?
>
> Agreed totally: I am most definitely *not* an MS fan, would not use it
> myself for any online solutions, but that's out of my preference: If it
> works for you and your customers, so much the better: Besides, TS offers
> *both* MS and *nix solutions, so there really isn't an issue :)
Agreed.... I'm defending something that I don't really care for myself
as I'm not big on the licensing thing that we're faced with on a
continual basis but in the end when dealing with clients who mainly use
Microsoft on their desktops and having to deal with, develop
applications (for web and office) for them.... to develop something
they want/need is key and for the greater majority of business clients,
Microsoft is all they know (and in many cases, want to know)!
... it's just not sane for us to bite both our legs off to spite the
1,000lb gorilla. The same argument can be made with Bell Canada.... We
have to give them approx. 2/3 of each of the DSL connection costs but
it's a necessary evil that we take in in order to provide guys, like JF
for instance, with a non-Bell, service oriented option! I don't hear
too many people saying "what the heck are you doing using Bell Canada
for your DSL!?" because they know, we have to do it in order to
accomodate the greater portions of the population and get the needed
volume to make it financially viable to keep our $30ish rates... There
simply is no choice in the matter, otherwise, we'd be out of business
(or at least, much smaller with higher rates)!
...blah blah blah... I'm done! ;-)
Rocky
John Dough
<dragnet\_@_/internalysis.com> wrote:
>Agreed: For the masses, port 25 should be blocked by default; Make it a
>case-by-case basis for individual customers, as there are often very
>legitimate reasons for running your own mail servers.
It's not just about mail servers.
You guys seem to be overlooking the fact that many people (myself
included) use POP3 from a third-party provider, such as myrealbox.com
or gmail.com
I've never sent a single spam message in my life, so why should I
suddenly lose my ability (or be required to pay extra) to access and
send mail from my preferred POP accounts?
Sid Knee
> Nahh... it's all good... we thought we were by the way it was acting up
> but when we looked further into it, we weren't ... Nothing
> misrepresented from your end but it was definitely something strange.
Ok, great ..... is it fixed now? (I've sent some test messages today but
it took 3 days before it finally timed out on previous messages).
tsiguy
Hmm... maybe call in to our office again so that they can make sure
everything's fixed...
Yugo
>>LINUX was all
>>but a fart in the wind at that point. It's evolved quite a bit in the
>>last 5 years or so but if implemented well MS has a place. You may
>>not like it but I can pretty well guarantee you that your number is
>>higher than 1%.
>
>
> s/pretty well/absolutely/
>
> I'm running a script right now,
Script must have died, I suppose. Or Tsisavvy called before it ended :)
Henry Wong
> Is this a normal part of the $4 static
> address, or is it an up-charge or special request? Have you
> actually done this?
>
> ____________________________________________________________________
> Gardner Buchanan gbuchana(a)teksavvy(dot)com
> FreeBSD: Where you want to go. Today.
I've done this, and there was no charge. I just emailed support@...
...Although Teksavvy doesn't seem to be willing to delegate the record
unless I pay for an entire subnet. Oh well, I'll just have to bug them
every time I want to change the mapping (which is ~never :).
Marc Bissonnette
news:11646768...@www.vif.com:
Nah, I was running into problems with it: If you take a gander over in
comp.lang.perl.misc, I posted my code, asking for help in the timeouts:
Before I left for fire hall, I was running it in 10 ISP loops, so the
timeouts were manageable; Trying to figure out IO::Select, then installed
LWP:Parallel to try and use it to loop through everything; If I don't
have the list for you guys tonight, it'll definitely be tomorrow.
Here's the teaser, though: Out of the 105 ISPs manually queried:
31 of em replied with a variant of Microsoft IIS,
71 of em replied with a variant of Apache
1 replied with NCSA/1.3
1 replied with Zeus/4.3
15 had no server header response and 5 of em turned out to be dead ISPs,
so I removed them from CanadianISP :)
That's about a quarter of all the ISPs registered on the site: I'll have
more data later, since I'm also interested for curiosity's sake about the
final numbers (And what the heck, I've learned a few new perl tricks, to
boot :)
JF Mezei
> IP with Teksavvy -- I'm using one to post this -- but I am not clear
> that Teksavvy has an option to "reverse translate" my IP address
> to anything in particular.
When you reverse transalte an IP, the top level root domain points to the
authrity that is responsible for that IP range ( ARIN for north american IP
address space). ARIN then passes that IP over to teksavvy's DNS server. It
then responds with a string that representes the fully qualified host name
associated with that IP. That string doesn't have to be "teksavvy.com".
Mine points to my own domain name.
JF Mezei
> It's not just about mail servers.
> You guys seem to be overlooking the fact that many people (myself
> included) use POP3 from a third-party provider, such as myrealbox.com
> or gmail.com
POP3 uses port 110 and cannot be used to send mail. However you do have a
point that there are many legitimate uses for sending mail via a 3rd party
SMTP server.
Consider people travelling. They will want to be using their home SMTP
server with some authentication instead of using the local ISP's SMTP
server. (or people working at home using the corporate SMTP server).
But if an individual can call in to get port 25 opened, then it would be
OK. However, customers should be warned well in advance so there are no
unpleasant surprises and they can call in early before the policy is put in
place to exclude themselves from that policy.
Yugo
> If I don't
> have the list for you guys tonight, it'll definitely be tomorrow.
Fair enough, mainlt that I gather from you script that it will be a nice list
with names and URLs.
> That's about a quarter of all the ISPs registered on the site (using IIs)
If find this surprising. I'm eager to see the list.
DevilsPGD
<nob...@thisaddress.com> wrote:
The problem is that you're using the MTA (Mail transfer agent) port when
you really should be using the MSA (Mail submission agent) port when
sending mail.
In other words, switch to port 587 (Assuming your provider keeps up) and
you're laughing.
--
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
John Dough
<jfmezei...@teksavvy.com> wrote:
>POP3 uses port 110 and cannot be used to send mail.
You know what I meant...
Send/Receive go hand-in-hand.
What good is receiving on 110 if I can't reply on 25?
>However you do have a
>point that there are many legitimate uses for sending mail via a 3rd party
>SMTP server.
>
>Consider people travelling. They will want to be using their home SMTP
>server with some authentication instead of using the local ISP's SMTP
>server. (or people working at home using the corporate SMTP server).
Exactly.
That's something I didn't even bring up in my earlier post. Not only
would people be denied access to send mail through their third party
POP accounts, but they would also be denied access to any work-related
mail accounts as well.
In my particular case, I access multiple mailboxes for various clients
using different mail personalities. When my mail client loads, it
checks 14 different accounts through POP, and if I have to send
replies, they would go back out using the respective accounts on port
25.
So all of a sudden, I would be denied access to sending legitimate
mail to my business clients, and I've never sent a single spam message
in my life. Does that make sense? Not to me.
>But if an individual can call in to get port 25 opened, then it would be
>OK. However, customers should be warned well in advance so there are no
>unpleasant surprises and they can call in early before the policy is put in
>place to exclude themselves from that policy.
I don't agree with this approach. Why should people have to call in
to request a continuation of a service that they're already getting?
If the ISP wants to overhaul their internal workings, then the onus
should be on THEM to accomodate their users. And I'm willing to bet
that if there was some kind of "opt-in" policy, their phone lines
would be flooded with customers who want to keep their port 25 open.
So the only thing they'd be doing is opening themselves up to a slew
of unncessary phone calls which would tie up customer service for who
knows how long.
I'm assuming that TekSavvy doesn't consider ALL their customers to be
spammers, so why would they shut off port 25 for everybody? Why not
simply shut it off ONLY for the spammers, or ONLY for those who are
too stupid to keep their systems clean of malware? My guess is that
no more than 1 or 2% of their customers actually engage in sending
volumes of spam, so why not punish the 1 or 2% and leave the other 98%
of us alone?
I can understand Rogers or Bell wanting to just completely shut off
port 25 across the board -- that's a no-brainer for them because in
their case, the numbers would probably be reversed, whereby 98% of
their clueless customers have infected machines, while 1 or 2% know
how to keep them clean. But TekSavvy's customer base surely wouldn't
be comparable to Bell's or Rogers'in this regard, so why would they
want to punish everybody for the actions of a few?
tsiguy
> spammers, so why would they shut off port 25 for everybody? Why not
> simply shut it off ONLY for the spammers, or ONLY for those who are
> too stupid to keep their systems clean of malware? My guess is that
> no more than 1 or 2% of their customers actually engage in sending
> volumes of spam, so why not punish the 1 or 2% and leave the other 98%
> of us alone?
Not sure if this is a doable on a case-by-case but I'll investigate as
this is a good idea....
Marc Bissonnette
Aha! Finally finished! Okay, I obsessed on this one; The code was
finicky, to say the very least, found a ton of ISPs (okay, well, 33 of
em) who had no functioning web servers anymore, which made my automated
query-script hang (Couldn't figure out how to get a response time out in
IO::Socket::INET - It's built-in timeout function applies only to the
handshake portion), but it's DONE!
I posted a new thread about this, since it's of general interest, but
here's the body of that new thread again:
Hey all;
Earlier today, there was a discussion about server types (*nix vs MS IIS)
- I thought I'd take a crack at finding the actual answer: This little
project turned somewhat into an obsession, trying to get the code to
work, given I've never used IO::Socket::INET or LWP::Parallel before -
All in all, it ended up with me learning some new perl, cleaning out 33
ISPs from CanadianISP who are no longer in business (or, at least, do not
have responding web servers) and the answer to the question: Which web
server platform is being used by the most ISPs for their own web sites.
The quick summary:
ISPs queried: 355
ISPs who's servers responded: 322 (resulting in 33 ISPs being removed
from CanadianISP.com)
ISPs who's servers responded, but with no Server: information: 14
Server Responses:
Apache 212 66% (We have a winner!)
Microsoft IIS 78 24%
Zeus 5 2%
Netscape Enterprise 2 0.6%
NCSA 1 0.3%
Sun ONE Webserver 1 0.3%
WebSTAR 1 0.3%
Zope 1 0.3%
The detailed info: (Too long to include here: I've put it in a table
format here:
http://www.canadianisp.com/isp_server_types.html
Of course, it must be pointed out that these are the server responses to
the ISP's home pages *only*: It does _NOT_ indicate that these ISPs only
offer hosting in the given platform.
Still, an interesting excercise - Now we know :)
For those curious, the following ISPs were no-shows during the queries:
ISP mainurl Last Updated (mm/dd/yy)
Aquatel Communications Inc. www.aquatel.ca 10/15/04
CAM Internet www.cam.org 11/16/03
Canquest Communications (Online) Inc www.gocanquest.com 01/10/06
CCAP www.ccapcable.com 05/29/06
Creativity Plus www.creativityplus.com 05/08/03
DVG SYSTEMS www.dvgsystems.com 08/08/04
Entirety Communications www.entirety.ca 02/26/03
ETSX.net www.etsx.net 11/28/06
Execulink www.execulink.com 06/05/06
Groupe Sig-Net Plus inc www.gsig-net.ca 07/29/03
Husky Computers and Electronics Limited www.huskyce.net 11/29/04
Inherent Systems www.inherentsys.ca 09/01/04
IVWNET www.ivwnet.com 02/26/03
Lillonet Communications Inc www.lillonet.ca 08/22/03
Montreal DSL www.montreal-dsl.com 08/16/06
Mountaintop Wireless Inc. www.mountaintopwireless.com 07/29/03
NPI Internet Services www.npinet.ca/ 07/13/05
Onlinetx Internet www.onlinetx.net 08/06/04
SBA Internet sbai.ca 02/11/04
The Higher Technology www.tht.net 12/12/03
Trimaxium Internet & 100 Mile Wireless www.trimaxium.com 11/09/03
Unix DataComm Inc. www.unixdatacomm.com 07/30/03
UTOPIENET.COM www.utopienet.com 12/06/03
WirelessWaves Broadband www.wirelesswaves.ca 10/15/04
Marc Bissonnette
news:1164675501.1...@45g2000cws.googlegroups.com:
>
> Marc Bissonnette wrote:
>
>> Ten years ago, I was working for a couple of ISPs over the span of a
>> couple of years: The common platform for webserving back then was
>> Solaris: MS was the fart in the wind.
>
> I knew you'd call me on the MS stuff with Solaris.... :-p
Neener :)
If Linux is the unshakable rock compared to MS when talking server
stability, then Solaris was the planet from which that rock was carved
:) You pretty much had to drop a small tactical nuke on those machines
to make them fail :)
> Was infering to LINUX in specific as this is the argument on the free
> stuff as Solaris was all but free, specially at that time.... $$$
Well, yeah, that's why ISP owners were all childless: Their first born
were all sold for the Solaris licences :)
>> Respecfully disagree with this, though with a caveat: If you *really*
>> know what you're doing with *nix, you can be up and running in a day
>> or so. Of course, the same thing with Windows, but with Windows,
>> you'd better be darned sure you've got all the security patches,
>> tweaks and fixes installed (which means it's definitely not a default
>> install) before you go public, or you've just ended up creating a
>> zombie cloning farm :)
>
> Agreed, with the caveat you said.... The thing to consider is that the
> MS OS dwarfs in volume the LINUX OS and MS is continually under
> attack due to this market share... You don't see a whole lot of LINUX
> or Mac issues as the hacker world have a very small target to
> attack... so they go after the easier target.... Microsoft.... they're
> everywhere.
Very true. And to be perfectly fair, I *do* remember reading an article
on El Reg a while ago stating that Linux boxen were coming under
increasing numbers of attacks as the wanna be h4xx0rz were learning more
(Mind you, with the gazillion flavours of linux, it's probably about as
bad as it's going to get right now...)
>> > In any case, we're crossing a bunch of topics here and we keep
>> > reliving a dispute that will go on forever (MS vs 'NIX).... you
>> > hate MS, that's fine and your perogative (I respect that), but in
>> > the end, we're solid with what various products we use, so why the
>> > heat when things work well?
>>
>> Agreed totally: I am most definitely *not* an MS fan, would not use
>> it myself for any online solutions, but that's out of my preference:
>> If it works for you and your customers, so much the better: Besides,
>> TS offers *both* MS and *nix solutions, so there really isn't an
>> issue :)
>
> Agreed.... I'm defending something that I don't really care for myself
> as I'm not big on the licensing thing that we're faced with on a
> continual basis but in the end when dealing with clients who mainly
> use Microsoft on their desktops and having to deal with, develop
> applications (for web and office) for them.... to develop something
> they want/need is key and for the greater majority of business
> clients, Microsoft is all they know (and in many cases, want to know)!
Ugh, yeah, I know what you mean. From the developer's side, there's
nothing more frustrating than explaining to the client that you can
*easily* create a solution for them, well within their budget *and*
meeting all their specifications, only to have them turn you down
because the file extensions are .cgi and not .asp (Hrm... I wonder if
one could use the apache rewrite engine to map .asp to .cgi...
BWAahHAhahAHaAhaAhaa!)
> ... it's just not sane for us to bite both our legs off to spite the
> 1,000lb gorilla. The same argument can be made with Bell Canada....
> We have to give them approx. 2/3 of each of the DSL connection costs
> but it's a necessary evil that we take in in order to provide guys,
> like JF for instance, with a non-Bell, service oriented option! I
> don't hear too many people saying "what the heck are you doing using
> Bell Canada for your DSL!?" because they know, we have to do it in
> order to accomodate the greater portions of the population and get the
> needed volume to make it financially viable to keep our $30ish
> rates... There simply is no choice in the matter, otherwise, we'd be
> out of business (or at least, much smaller with higher rates)!
WHAT ?!?!?! You use Bell Canada for your DSL ???
I'm telling everyone!
};-)>
Warren Oates
John Dough <nob...@thisaddress.com> wrote:
> That's something I didn't even bring up in my earlier post. Not only
> would people be denied access to send mail through their third party
> POP accounts, but they would also be denied access to any work-related
> mail accounts as well.
Not to be overly pedantic, but, as has been pointed out, John, YOU DON'T
SEND MAIL THROUGH A POP ACCOUNT. You retrieve your mail via POP3 (it
stands for Post Office Protocol, and that's not a bad way of looking at
it); your outbound mail is sent via a different protocol on a different
port (usually SMTP on port 25).
--
W. Oates
Sid Knee
> I'm assuming that TekSavvy doesn't consider ALL their customers to be
> spammers, so why would they shut off port 25 for everybody? Why not
> simply shut it off ONLY for the spammers, or ONLY for those who are
> too stupid to keep their systems clean of malware? My guess is that
> no more than 1 or 2% of their customers actually engage in sending
> volumes of spam, so why not punish the 1 or 2% and leave the other 98%
> of us alone?
If you shut it off only for the spammers, it implies that you wait until
after the spam-event to do so. By that time you may have landed on
someone's blocking list thereby punishing the 98% because of the actions
of the 1 or 2%.
tsiguy
...that's the exact problem we're trying to address/prevent.
Marc Bissonnette
fabric by disgorging
news:Xns988925A8BAC62dr...@216.196.97.131:
> Mountaintop Wireless Inc. www.mountaintopwireless.com 07/29/03
> NPI Internet Services www.npinet.ca/ 07/13/05
> Onlinetx Internet www.onlinetx.net 08/06/04
> SBA Internet sbai.ca 02/11/04
> The Higher Technology www.tht.net 12/12/03
> Trimaxium Internet & 100 Mile Wireless www.trimaxium.com
> 11/09/03 Unix DataComm Inc. www.unixdatacomm.com 07/30/03
> UTOPIENET.COM www.utopienet.com 12/06/03
> WirelessWaves Broadband www.wirelesswaves.ca 10/15/04
Just a quick follow-up to this: Got a note from Dan Talos over at
Montreal-DSL, saying that my report of their demise was very much
premature: Was probably a routing problem on my end, but www.montreal-
dsl.com is very much up and alive - and added back into the server list
(And canadianisp.com! :) )
John Dough
wrote:
>If you shut it off only for the spammers, it implies that you wait until
>after the spam-event to do so. By that time you may have landed on
>someone's blocking list thereby punishing the 98% because of the actions
>of the 1 or 2%.
Nonsense.
If you're on top of things, then you can easily detect when one of
your customers suddenly begins sending a flood of spam. You don't
even need to have someone sitting around watching the ports -- it can
all be automated with software to monitor which of your customers have
more than x-number of outgoing messages per day. The minute you
detect somebody sending out more than the pre-defined limit, you
immediately shut off their port 25 until they can prove to you that
they're not spamming.
The only way you'll get blacklisted is if you let the spammer continue
to operate for extended periods of time (long enough for someone to be
bothered by it...long enough for someone to complain about it...long
enough for someone to investigate it....etc.)
John Dough
<warren...@gmail.com> wrote:
>Not to be overly pedantic, but, as has been pointed out, John, YOU DON'T
>SEND MAIL THROUGH A POP ACCOUNT.
You ARE being overly pedantic..
I've already explained that I fully understand that POP3 and SMTP are
different protocols that operate on two different ports.
But what you (for some reason) fail to understand is that there's
nothing wrong with referring to your external mail account as a "POP
account". It gets the point across perfectly, and everybody knows
what you mean (unless they want to be anal retentive and pretend that
they don't).
You have web-based mail accounts, you have IMAP accounts, and you have
POP accounts.
Plain and simple.
I don't have a separate POP account and separate SMTP account at
Gmail. I have ONE account, not two. That one account lets me receive
AND send, therefore it's a POP mail account. All the mail comes/goes
to/from the exact same account.
Chris F.A. Johnson
> On Tue, 28 Nov 2006 07:53:35 -0500, Warren Oates
><warren...@gmail.com> wrote:
>
>
>>Not to be overly pedantic, but, as has been pointed out, John, YOU DON'T
>>SEND MAIL THROUGH A POP ACCOUNT.
>
> You ARE being overly pedantic..
"Pedantic is a word used to describe those who believe in
accuracy by those who don't"
> I've already explained that I fully understand that POP3 and SMTP are
> different protocols that operate on two different ports.
>
> But what you (for some reason) fail to understand is that there's
> nothing wrong with referring to your external mail account as a "POP
> account".
If you want to be accurate, there is.
> It gets the point across perfectly, and everybody knows what you
> mean (unless they want to be anal retentive and pretend that they
> don't).
It's not that hard to be get the point across while still being
accurate.
> You have web-based mail accounts, you have IMAP accounts, and you have
> POP accounts.
> Plain and simple.
And incomplete.
> I don't have a separate POP account and separate SMTP account at
> Gmail. I have ONE account, not two. That one account lets me receive
> AND send, therefore it's a POP mail account. All the mail comes/goes
> to/from the exact same account.
No, it's not a POP account. It's an e-mail account that offers web
mail as well as POP, etc....
--
Chris F.A. Johnson <http://cfaj.freeshell.org>
===================================================================
Author:
Shell Scripting Recipes: A Problem-Solution Approach (2005, Apress)
Marc Bissonnette
by disgorging news:153644-...@xword.teksavvy.com:
I've always differentiated between the two, as well: I offer POP
accounts, but I do _not_ offer SMTP accounts; I make this difference
clear to customers, as well, otherwise they think they can send mail
through my servers, which they can not.
Hell, even my own setups are two POPs through Verio/NTT and NRTCO and two
SMTP accounts through NRTCO and Vanquish :)
Sylvain Robitaille
John Dough wrote:
> You know what I meant...
> Send/Receive go hand-in-hand.
> What good is receiving on 110 if I can't reply on 25?
What no one seems to have reminded you of, so far, is that although
"Send/Receive go hand-in-hand" they needn't be done by the same server.
In fact, in most places they *aren't* done by the same server.
You receive via POP from one system (say Gmail's POP server), and you
send responses via an SMTP server, though preferably your ISP's own SMTP
server. There's really no need for you to use Gmail's SMTP server in
this case.
JF wrote:
>>Consider people travelling. They will want to be using their home SMTP
>>server with some authentication instead of using the local ISP's SMTP
>>server.
There really isn't any reason for them not to use the local ISP's SMTP
server. In fact, if I were ${local_isp}, I'd prefer it that way.
>> (or people working at home using the corporate SMTP server).
VPN, or use your ISP's SMTP server to send mail.
John Dough continued:
> So all of a sudden, I would be denied access to sending legitimate
> mail to my business clients, ...
Of course not. If you're a TekSavvy client, their SMTP server will
dutifully relay your outbound mail to your business clients, no
questions asked. The benefit to them, though is that if another of
their clients is compromised and spamming, they're in a perfect position
to detect the problem (perhaps even at the time it starts, given
suitable configuration) and stop it in its tracks, rather than find out
about it after the fact by complaints.
> Why should people have to call in to request a continuation of a
> service that they're already getting?
Terms of service can and do change over time, as the "environmental
conditions" change.
> I'm assuming that TekSavvy doesn't consider ALL their customers to be
> spammers, so why would they shut off port 25 for everybody?
Thos customers that are sufficiently knowledgeable that TekSavvy would
not need to close port 25 to them, are (perhaps ironically)
knowledgeable enough to simply reconfigure their mail software so
outbound mail goes through TekSavvy's mail servers.
--
----------------------------------------------------------------------
Sylvain Robitaille s...@alcor.concordia.ca
Systems and Network analyst / Postmaster Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
JF Mezei
> send responses via an SMTP server, though preferably your ISP's own SMTP
> server. There's really no need for you to use Gmail's SMTP server in
> this case.
The problem with this is that it may cause problems when your "From:" is a
gmail address, but it is being treated by a machine that is not related in
anyway with GMAIL. (think SPF). Your emails may be considered spam.
Sylvain Robitaille
just plain not true ...
tsiguy wrote:
> 10 Years ago MS was pretty much the only game around... LINUX was all
> but a fart in the wind at that point.
10 years ago I was (and several of my colleagues were) using Linux
exclusively as a desktop workstation OS, and in a few positions for
admittedly not mission-critical services. A few that I'm thinking of
that weren't using Linux were using NetBSD. Some of those have since
switched to Linux, and some have stayed with NetBSD. Nevertheless,
among the people I'm referring to, MS-Windows was not taken any more
seriously 10 years ago than it is today.
> MS products can be up and going within a day and with very little
> tweaking afterwards, while LINUX variations will run you just about a
> week or more before running the kinks out enough to go public with,
> ...
Then you clearly do not have anyone on staff who is an experienced
Unix/Linux systems analyst. I can have a system installed and ready to
put on the network in 30 minutes from boot time (assuming a particular
hardware configuration for which I've written a custom installation
script), though additional time required still to setup "local" software
(system monitoring, backups, performance, web servers if the system is
to be used for that, or mail server, DNS server, etc. I don't generally
use distribution-supplied packages for these services).
Now, with all that said, it really has nothing to do with how you choose
to run your business, which I gather is quite successful at providing
reliable service. :-)
--
----------------------------------------------------------------------
Sylvain Robitaille s...@alcor.concordia.ca
Systems and Network analyst Concordia University
Sylvain Robitaille
> The problem with this is that it may cause problems when your "From:"
> is a gmail address, but it is being treated by a machine that is not
> related in anyway with GMAIL. (think SPF). Your emails may be
> considered spam.
Well, "envelope sender", not "From:". "From:" is merely there for us
humans. There's no guarantee that both are the same, and no guarantee
that either is true.
That said, SPF is acknowledged to be broken for exactly this reason (and
perhaps a small number of others). It's SPF that's broken in this case,
not SMTP. The ISP's mail server *should* relay mail for its clients' IP
address. SPF is a naive implementation of what might have seemed like a
good idea at the time, and all discussion surrounding it is based on
exactly that point.
Incidentally, since envelope sender need not match "From:", the
solution to this situation is very simple:
(mail client connects to smtp.isp.com)
helo foo
mail from:<us...@isp.com>
rcpt to:<f...@bar.com>
data
...
From: Gu...@Gmail.com
To: Foo Bar <f...@bar.com>
Subject: ...
yadda yadda yadda ...
...
.
quit
Your message will get to bar.com's mail server with an envelope sender
of "us...@isp.com", which the ISP's mail server can be listed as an
authoritative mail server for, in SPF records, if the ISP chooses to
publish those, and the recipient will see the message as being "from"
"Gu...@Gmail.com". Any bounce would be sent to us...@isp.com, but that's
usually correct too, for a message that was accepted for delivery by
smtp.isp.com. Any reply from the recipient will go to Gu...@Gmail.com,
which is likely what you intended.
Sylvain Robitaille
> Come to think of it, I can remember, about 11 years ago, MS was
> _paying_ ISPs to run their server software on their production
> machines, just to say they were out "in the wild" ...
Around that same time, if you queried Microsoft's own DNS servers for
the software version (and used different techniques to identify the OS; I
simply used telnet myself), you would have found BIND running on Solaris.
That should give you an idea of how well Microsoft thought of their
own systems for mission-critical applications 10, 11, 12 years ago.
They did switch away from those a short time later, though.
--
----------------------------------------------------------------------
Sylvain Robitaille s...@alcor.concordia.ca
Systems and Network analyst Concordia University
tsiguy
Hi Sylvain,
Appreciate your input... thinking you may have missed a few things
discussed in the past and partially in other threads about our using
multiple OSs depending on the need. Give me a call and I'll fill you
in on things.
Regards,
Rocky
Sylvain Robitaille
> You don't see a whole lot of LINUX or Mac issues as the hacker world
> have a very small target to attack...
I can't speak for Mac, but some of us see attacks against Linux systems
on a daily basis. My experience (admittedly very limitted with Windows)
is that with Linux the sysadmin is almost always in a better position to
more easily defend against attacks than with Windows. Compromises
happen on both systems, usually for very similar reasons (insecure
configuration, weak passwords, patches not up to date, etc ...)
Ten years ago, the main problem of running a network was that some
people would "discover" RedHat Linux, setup a machine to "test" it with,
forget the machine was there, and have no idea how to properly configure
or manage a Linux (or Unix) system. Over the course of the past ten
years, the shift has been that the Linux systems are now rarely a
problem, but the problems have moved over to much more widely deployed
Windows desktop (and laptop) systems.
> ... in the end when dealing with clients who mainly use Microsoft on
> their desktops and having to deal with, develop applications (for web
> and office) for them.... to develop something they want/need is key
> and for the greater majority of business clients, Microsoft is all
> they know (and in many cases, want to know)!
This isn't going to help much, but your clients are misinformed: (it
sounds like) they come to you because you offer expertise, then they
reject your expertise because what you propose isn't what they had
already decided they want. I'm obviously not a businessman, but in a
similar situation I would refer the client to a competitor who
specializes in what they already decided they want, but let them know
that when they realize that what I proposed was indeed a better solution
for them, they should feel free to call me back.
Something like "Oh, no, I'm sorry, but I don't have the expertise to
develop that for a Windows platform. Let me refer you to ${competitor},
who are very good at what you're suggesting. However, I strongly urge
you to reconsider my proposal, which I'm very sure is a better fit for
your problem. If you do change your mind, please do call us back". I
admit that I wouldn't be in it for the money (and that's likely a good
thing). Still, that's perhaps just me ... (in my case, I really
*don't* have expertise to develop anything for a Windows platform,
except perhaps a mostly simple batch script.)
Marc Bissonnette
by disgorging news:slrnenf8c...@alcor.concordia.ca:
> tsiguy wrote:
>
[snip]
>> ... in the end when dealing with clients who mainly use Microsoft on
>> their desktops and having to deal with, develop applications (for web
>> and office) for them.... to develop something they want/need is key
>> and for the greater majority of business clients, Microsoft is all
>> they know (and in many cases, want to know)!
>
> This isn't going to help much, but your clients are misinformed: (it
> sounds like) they come to you because you offer expertise, then they
> reject your expertise because what you propose isn't what they had
> already decided they want. I'm obviously not a businessman, but in a
> similar situation I would refer the client to a competitor who
> specializes in what they already decided they want, but let them know
> that when they realize that what I proposed was indeed a better
> solution for them, they should feel free to call me back.
>
> Something like "Oh, no, I'm sorry, but I don't have the expertise to
> develop that for a Windows platform. Let me refer you to
> ${competitor}, who are very good at what you're suggesting. However,
> I strongly urge you to reconsider my proposal, which I'm very sure is
> a better fit for your problem. If you do change your mind, please do
> call us back". I admit that I wouldn't be in it for the money (and
> that's likely a good thing). Still, that's perhaps just me ... (in
> my case, I really *don't* have expertise to develop anything for a
> Windows platform, except perhaps a mostly simple batch script.)
I've done the identical thing: I try to sell the solution, not the tools
that build the solution. Every now and then, though, someone asks about
my development environment (LAMP) - They insist on MS all the way, so
it's a recommendation for $competitor, here, as well.
Like you, I suspect, I've had a few (by no means all) of them come back
within a year to take me up on the project (The best one was within
eight weeks, but to be perfectly fair, the MS developer - that they
chose - not that I recommended) flaked out on them :)
At the end of the day, it's the solution that matters. I like to think
I'm a pretty decent perl guy: Ask me to make your solution in .net, C#
or asp and you're going to get a high school level solution - Ask a
decent MS programmer, though, who's got a decent rep and the chances are
that you're going to get what you need, simply by a different route.
Sylvain Robitaille
> Appreciate your input... thinking you may have missed a few things
> discussed in the past and partially in other threads about our using
> multiple OSs depending on the need. Give me a call and I'll fill you
> in on things.
I haven't missed any of it, and I certainly don't question your decision
to run whatever services you choose on whichever platform you choose, but
I felt an urge to respond to your comment that 10 years ago MS was the way
to go and Linux was a "fart in the wind" (I hope I'm not misquoting you).
My further comment about whether or not you have experienced Unix/Linux
systems analyst was based in whole on your estimate that it takes "about
a week" to get a Linux system production-ready. That doesn't need to be
the case, if you have suitably experienced people (who aren't juggling
preparing that system along with a multitude of other tasks, but if they
are, presumably their Windows sysadmin counterparts are doing the same,
so it takes them about a week also to get a system production-ready).
JF Mezei
> Incidentally, since envelope sender need not match "From:", the
> solution to this situation is very simple:
>
> (mail client connects to smtp.isp.com)
> helo foo
> mail from:<us...@isp.com>
> rcpt to:<f...@bar.com>
> data
> ...
> From: Gu...@Gmail.com
> To: Foo Bar <f...@bar.com>
> Subject: ...
A few issues with this: any non-delivery notifications will be send to
us...@isp.com instead of your gmail account. You you need to have an active
ISP email address that you check regularly.
Secondly, your arriving message will have a reply-path line with a
"isp.com" émail address whilst the From: will be Gmail.com. While not
illegal, it is "suspect" in terms of many spam detection tools.
Sylvain Robitaille
> A few issues with this: any non-delivery notifications will be send to
> us...@isp.com instead of your gmail account.
Yes, of course. I don't see a problem here. It's as it should be: you
sent the message as a customer of isp.com, and their mail server accepted
to deliver it. It should be able to send any bounces locally, rather
than have to send bounces to a remote address. Whether you intended
for replies to be sent to a different address, or even for the message
to _appear_ to be from another address is not relevant to this.
> You you need to have an active ISP email address that you check
> regularly.
That's right (how difficult is that?), or at least have forwarding
enabled from your email address at the ISP to an email address you check
regularly. Again, I don't see a problem here.
> Secondly, your arriving message will have a reply-path line with a
> "isp.com" émail address whilst the From: will be Gmail.com.
That's right, and it's correct, given the path the message will have
taken.
> While not illegal, it is "suspect" in terms of many spam detection
> tools.
Perhaps naively designed spam-detection tools, yes. Most people
(especially those designing spam-detection tools) already know that
envelope sender and the "From:" header need not match in a legitimate
message, and that these can't be counted on at all in a spam message.
poper...@yahoo.com
(just submit a formal request and you will be given a fixed) most people dont need a fixed anyway even geeks.
im not really ok with blocking ports but if you do, dont charge people for wanting static to run small servers.
unfortunatly this is a bisness then its only natural that it would try to line their pockets.
Usenet Account
Most large ISPs have blocked Port:25 (SMTP) for over a decade or more.
It's a non issue.
--
David Ritz
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message
On Thursday, 01 October 2015 10:56 -0400,
in article <mujhfk$ntr$1...@nanae.eternal-september.org>,
was replying to an article posted Sun, 26 Nov 2006 14:45:55 -0500.
<http://al.howardknight.net/msgid.cgi?ID=144371734000>
What were you expecting?
--
David Ritz <dr...@mindspring.com>
Be kind to animals; kiss a shark.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlYNYdsACgkQUrwpmRoS3utn8ACgkId51o0dJKypDbxxIgejF6Y2
UUUAoOi5TCDd0v/+FnouV3rQR8Dt6Mtf
=qf0L
-----END PGP SIGNATURE-----
Tony
>