Hello all,
Wondering if any of you have experience with this.
I have two domains, wiggly.org (A) and alertferret.com (B).
A has been registered since 1994.
B was registered very recently, within 6 months.
I run email for both of these domains on the same server,
otter.wiggly.org using Exim.
I have the exact same MX and SPF records for both domains;
@ 3600 IN MX 10 mail.wiggly.org.
@ 3600 IN SPF "v=spf1 mx -all"
@ 3600 IN TXT "v=spf1 mx -all"
Sending email from domain A to gmail/hotmail appears in the main inbox.
Sending email from domain B end up in the spam folder for both.
Now, I am wondering why this would be seeing as there has been
practically no email from domain B and therefore I find it unlikely that
the domain itself has been flagged.
All I can see is that domain A is a lot older but I have only recently
added SPF and have never really had problems with my emails from domain
A being consumed by spam folders.
Checking a couple of blacklist checkers I cannot find my domain or my MX
on any of them.
Does anyone have an idea as to why domain B would be getting caught in
spam traps whilst A does not?
I have had someone suggest using mandrill or other external hosted
solution but quite frankly if the mail is being blocked because it is
being sent from domain B then that surely wouldn't give me any improvement?
Any help, ideas, thoughts or further resources would be greatly appreciated.
Regards,
Nigel
Hi,
At approximately 0530Z on Saturday 28th September an alert was
received regarding anomalous bandwidth usage. On further
investigation a customer's VPS was found emitting around
80-100Mbit/s of small UDP packets destined for port 80 of three
different remote hosts.
There being no likely legitimate reason for this activity, the
customer's networking was disabled and they were contacted.
The customer discovered that their (not updated) install of Tomcat
was running a instance of JSPSpy¹ that they had not put there
themselves, so a root-level compromise was indicated.
Unfortunately the exact means of initial compromise is not known
for certain but is thought to be Tomcat. A reinstall of the
customer's VPS is now required.
The three target IPs have no reverse DNS so it is difficult to
speculate what they may host. Two of them are in China and one in
Korea, if WHOIS records are to be trusted.
About this email:
https://tools.bitfolk.com/wiki/Security_incident_postings
Cheers,
Andy
¹ http://www.malos-ojos.com/?p=672
--
http://bitfolk.com/ -- No-nonsense VPS hosting
> I'd be interested to hear any (even two word) reviews of their sofas…
Provides seating.
— Andy Davidson
Hi,
sol.bitfolk.com just stopped responding, and being unable to get any
response from serial console I had to power cycle it. It has now
booted and I am having a look around for any ideas as to why it
locked up, before attempting to restart any customer VPSes.
Thanks for your patience.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
Snowden hasn't said anything about sudo as far as I know. I just got
thinking after I heard the news about SSL. If a backdoor could be
planted in OpenBSD and SSL without anyone noticing for all these years
then why not with sudo too? I heard some people weren't happy with its
introduction when it was first released - a bit before my time though!
Hello,
I heard a rumour that Google is tightening up checks on the reverse
DNS of IPv6 addresses:
http://list.waikato.ac.nz/pipermail/nznog/2013-September/020066.html
I've no idea if that is the case, but given that BitFolk VPSes do
have IPv6 connectivity by default but do *not* have reverse DNS by
default, it may be worth checking your setup.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
Does any one have any opiniated and /or useful thoughts on the Snowden
leak stating/claiming/suggesting hat NSA has injected their own code
into a bunch of SSL implementations?
Or are we not allowed to talk about that. ;-)
If it is as suggested, by limiting the random number generator to not
be so random, it has big similarities with what was discovered in the
Debian Linux distribution some time ago and got a fair amount of
(bad) press at the time.
Based on that, one would expect security organisations to scan a huge
amount of generated keys for "randomness". Or am I missing something
here? Sure, the NSA are clever, but are tehy more clever than the collective of
all security geeks and expert all over the world? Or is this a US only
insertion? They do have quite some funny laws with regards to
export of security implementations in the US...
Cheers,
__
/ony
Hi,
A request was made for Arch Linux so I had a go at installing it via
the rescue VPS, and was apparently successful. Here is a write-up of
it:
https://tools.bitfolk.com/wiki/Arch
I have never in my life used Arch Linux before so this might not be
the best way and it might suffer from bit-rot over time.
If there are any Arch enthusiasts interested in maintaining that
article then we can perhaps come to some discount arrangement.
In any case, corrections are welcome.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
