[176458] in North American Network Operators' Group
Re: Transparent hijacking of SMTP submission...
daemon@ATHENA.MIT.EDU (joel jaeggli)
Sat Nov 29 22:29:34 2014
X-Original-To: nanog@nanog.org
Date: Sat, 29 Nov 2014 19:27:06 -0800
From: joel jaeggli <joelja@bogus.com>
To: Christopher Morrow <morrowc.lists@gmail.com>, John Levine <johnl@iecc.com>
In-Reply-To: <CAL9jLaYZ8507wcc64c832Jkpq-YjA6Ds0pyOvFQpbpLQOAfdOg@mail.gmail.com>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--6GF8Tqs0RrTjdHWNuRITbNWk6DmWSkdKt
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
On 11/29/14 6:32 PM, Christopher Morrow wrote:
> On Sat, Nov 29, 2014 at 3:09 PM, John Levine <johnl@iecc.com> wrote:
>> In article <CAL9jLaY1q_RBkyB6kczKZUiFR5b1r3kuVz8WivWR0Rjj_oaGTg@mail.g=
mail.com> you write:
>>> backing up a bit in the conversation, perhaps this is just in some
>>> regions of comcastlandia? I don't see this in Northern Virginia...
>>
>> I don't see it in New Jersey, either.
>>
>> Is this a direct connection, or a coffee shop sharing a cable connecti=
on or
>> something like that?
>=20
> my test was a home consumer cable link, not business grade and not
> shared (more than cable is).
The phenomena I reported was observed on a consumer cable service (not
my own). it is now no-longer in evidence with that same source ip. In
answer an intermediate observation, the cpe and the devices on it are
sufficiently well understood now to rule them out.
from the mail servers vantage point...
Nov 27 xxxxx nagasaki sm-mta[5698]: NOQUEUE: tcpwrappers
((reverse).wa.comcast.net, (ip) ) rejection
given that the client gives up because it can't startssl and therefore
won't attempt to auth.
whereas a successful attempt with the same source ip is:
Nov 26 xxxxx nagasaki sm-mta[397]: STARTTLS=3Dserver,
relay=3Dc-(reverse).wa.comcast.net [(ip)], version=3DTLSv1/SSLv3,
verify=3DNOT, cipher=3DDHE-RSA-AES128-SHA, bits=3D128/128
--6GF8Tqs0RrTjdHWNuRITbNWk6DmWSkdKt
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlR6josACgkQ8AA1q7Z/VrJljwCfVHoIpLtWIjEShN1tzKeQvZac
PRcAoIuGSMDbDuGDYzuRevLQl/lxrAXy
=+N65
-----END PGP SIGNATURE-----
--6GF8Tqs0RrTjdHWNuRITbNWk6DmWSkdKt--
