Your comment reminded me how great that there is Supermicro, who let me completely build even the most advanced x86 server if I want so.
My super micro servers kept overheating. The aircon that was good enough for countless other brands of low end to high end servers just didn't seem to work with supermicro servers.
Congratulations, you just advocated breaking ISP mail relay.
Yes.
Why should I trust my ISP to handle my outgoing mail when I can do it myself? I want my mail logs, they prove that my mail got to the destination mail server. Proof like that can come in very useful.
I only want an internet connection from my ISP, not a mail relaying service, not DNS, not web hosting.
This. If an admin like the GP is so high and mighty about DNS records meeting RFC compliance (You do listen for DNS on both UDP and TCP right? And you've signed your domain with DNSSEC?), you can at least do your SMTP services correctly too. Asking for an authed SMTP submission session for each domain is now the correct best practice. Unauthed SMTP relays are a dying breed.
You can also allow relaying by source IP. It might make sense in some setups. Given the choice SMTP AUTH is the right way to go though.
So if I am working from home, how do you propose I send mail using my corporate address? With strict SPF, the old Best Practice, handing it over to my ISP relay, breaks.
If your answer is to set up a VPN to work, I say fuck that shit. SPF is a broken solution searching for a problem.
The 'right' way is to VPN to work or send it though your works mail server in some other way. Otherwise it's just mail with a faked sender that could be from anybody.
Or you could add your home IP to your work's SPF record but that's pretty ugly.
There's absolutely no reason not to refuse mail if the SPF check fails.
Yes there is. As other people have pointed out bad admins set it incorrectly every once in a while. Companies change their ISP and forget to update DNS, or alter their internal setup so the mail hits the internet from a different IP.
And meanwhile in the real world where nailing some important email because the sender was sending all his email through a local MTA because his ISP doesn't have an externally accessible MTA, your boss is right now handing you your walking papers.
Or you are handing your boss walking papers because that business you just missed out on was the difference between profit and going bust.
The only sane way to use SPF is to drop a spam score of an email. Outright filtering on bad or missing SPF records is just a recipe for a large number of false positives.
That's what I've said twice already in this thread. I don't think its a large number of false positives but there certainly are some.
Yes. Yes, they very much do. And if they don't take that function seriously enough to make sure their audience can hear them, do you really want to do business with them?
Yes. Because my company NEEDS that money. I can't turn down customers just because they are inept at one thing they should be getting right, I only care that they can pay the bill.
That works fine until the CEO misses an email from a prospective client.
Unless you plan to profit from stupidity, that prospective client is worthless if they can't even set up a functional SPF record. Either you're too stupid to know about SPF or you do it right. Everything else is dumb beyond reason.
Lots of people are dumb as a brick when it comes to IT. Some of these people manage mail servers and DNS servers. Some of them want to buy stuff from your company. This makes their stupid misconfiguration your problem. Much though I'd enjoy burning these morons at the stake you can't burn your customers alive and expect them to keep buying from you. ( Unless you are Microsoft. )
Don't block on SPF - Use it as part of a spam scoring system.
If they are too stupid to set it up correctly then they don't deserve to work with you.
100% right but still missing the point.
There are people running mail servers who should not be, they don't know what they are doing or they don't spend enough time getting it right. As a company you can't reject these mails because they could be worth real money. There are jokers in the world and us hard working people have to make allowances for them.
Just use SPF as part of a spam scoring system, but never to outright block mails.
They shouldn't have fixed it. anyone using Windows XP should have upgraded years ago. Perhaps this would be encouragement to move to Windows 7....or Linux:D
Some applications still need Windows XP. Yes the applications should have been designed better.
Hell, just legalise them all. If they cause massive brain damage, so what? Think of it as evolution in action and let Darwin take the terminally stupid. A couple generations of that will solve the problem.
There is a limited correlation between reproductive success and intelligence.
Sounds familiar. He should try to work something out with Odd Todd.
Whoever writes that Odd Todd blog has something wrong with him. Reading that is like staying late without overtime at a job you hate to finish a task you hate for a boss you hate so you can look forward to more jobs you hate the next day.
Sitting around all holiday watching lost - What a loser.
If the President of the United States of America wants his phone unlocked, I don't see AT&T telling him no.
Why not? You don't have royalty or nobility in the USA, remember. Not like us in backward, Old World Britain.
The President has a personal army paid for by the state, he can pardon convicts based on nothing but his word. The only difference between the President and old world royalty is that presidents get changed every few years.
What you are describing is slurry ice storage cooling. Cool the coolant at night when the electricity is cheap and blow air though it to cool your building in the daytime. It can save a fortune in cooling costs compared to conventional air-con.
No, they're not. I've said it before here on Slashdot, but many UK councils have turned them off as a cost-cutting measure in the current climate of pseudo-austerity (i.e. austerity for the poor and not the rich).
They turned them off because central government took the profits. Central government also forced the councils to end their practice of hiding these things in places where they could not be seen and to make them bright orange so they are clearly visible.
If speed cameras are not about making money then why do they impose fines for speeders? How about a system where speeders lose their license after getting caught a few times? Or a day of community service? Or send speeders to a driving awareness course? Or a few days of jail? If you take money as absolution for a crime it's another tax, not a punishment.
Clearly there is a certain level of speeding that's insanely dangerous but if I'm driving down a school road at 29MPH and staring at my speedometer out of fear of being hit with yet another tax I'm not a safe driver either.
Your "Stalin type leader" is pretty well in place already. And he's going to have to derive new revenue streams soon to bribe the electorate pending the Independence Referendum.
Lucky you getting bribes!
The UK will bias the question to fool the dumbest 51% of the voters into voting the way they want.
We went on a short self-guided car tour of Scotland this summer and were blown away at the number of cameras on the roadway. Many of the main roads had one or more speed camera covering all lanes of traffic every mile for tens of miles. I had no intention of doing any wrong, but all the 'invasion of privacy' bells were going off in my head.
Speed camera's are just there to collect money. If you are not speeding by 10mph+ they should not bother you. These now have to be bright orange and clearly visible following various local councils attempts to hide them behind signs and trees so they collect more money.
Half of the other cameras are just traffic monitoring cameras, they are run by people who only really care about keeping the traffic moving along.
The rest are run by the police who are vindictive abusers of terrorism law and really are out of screw over everyone for any reason. But there are few of them and very many cars. They only bother a tiny number of people.
You are quite right that the police could single out any person and jail that person under anti-terror law forever with absolutely no evidence. However a normal street cop can't do that, it would take someone very senior in the police. Yes it's technically a police state with massive surveillance.
Slashdot Mirror
Your comment reminded me how great that there is Supermicro, who let me completely build even the most advanced x86 server if I want so.
My super micro servers kept overheating. The aircon that was good enough for countless other brands of low end to high end servers just didn't seem to work with supermicro servers.
Name the companies, they screwed you over.
I never do firmware or bios upgrades unless there is a very, very good reason. These things have a habit of bricking equipment.
Congratulations, you just advocated breaking ISP mail relay.
Yes.
Why should I trust my ISP to handle my outgoing mail when I can do it myself? I want my mail logs, they prove that my mail got to the destination mail server. Proof like that can come in very useful.
I only want an internet connection from my ISP, not a mail relaying service, not DNS, not web hosting.
This. If an admin like the GP is so high and mighty about DNS records meeting RFC compliance (You do listen for DNS on both UDP and TCP right? And you've signed your domain with DNSSEC?), you can at least do your SMTP services correctly too. Asking for an authed SMTP submission session for each domain is now the correct best practice. Unauthed SMTP relays are a dying breed.
You can also allow relaying by source IP. It might make sense in some setups. Given the choice SMTP AUTH is the right way to go though.
So if I am working from home, how do you propose I send mail using my corporate address? With strict SPF, the old Best Practice, handing it over to my ISP relay, breaks.
If your answer is to set up a VPN to work, I say fuck that shit. SPF is a broken solution searching for a problem.
The 'right' way is to VPN to work or send it though your works mail server in some other way. Otherwise it's just mail with a faked sender that could be from anybody.
Or you could add your home IP to your work's SPF record but that's pretty ugly.
There's absolutely no reason not to refuse mail if the SPF check fails.
Yes there is. As other people have pointed out bad admins set it incorrectly every once in a while. Companies change their ISP and forget to update DNS, or alter their internal setup so the mail hits the internet from a different IP.
And meanwhile in the real world where nailing some important email because the sender was sending all his email through a local MTA because his ISP doesn't have an externally accessible MTA, your boss is right now handing you your walking papers.
Or you are handing your boss walking papers because that business you just missed out on was the difference between profit and going bust.
The only sane way to use SPF is to drop a spam score of an email. Outright filtering on bad or missing SPF records is just a recipe for a large number of false positives.
That's what I've said twice already in this thread. I don't think its a large number of false positives but there certainly are some.
Yes. Yes, they very much do. And if they don't take that function seriously enough to make sure their audience can hear them, do you really want to do business with them?
Yes. Because my company NEEDS that money. I can't turn down customers just because they are inept at one thing they should be getting right, I only care that they can pay the bill.
That works fine until the CEO misses an email from a prospective client.
Unless you plan to profit from stupidity, that prospective client is worthless if they can't even set up a functional SPF record. Either you're too stupid to know about SPF or you do it right. Everything else is dumb beyond reason.
Lots of people are dumb as a brick when it comes to IT. Some of these people manage mail servers and DNS servers. Some of them want to buy stuff from your company. This makes their stupid misconfiguration your problem. Much though I'd enjoy burning these morons at the stake you can't burn your customers alive and expect them to keep buying from you. ( Unless you are Microsoft. )
Don't block on SPF - Use it as part of a spam scoring system.
If they are too stupid to set it up correctly then they don't deserve to work with you.
100% right but still missing the point.
There are people running mail servers who should not be, they don't know what they are doing or they don't spend enough time getting it right. As a company you can't reject these mails because they could be worth real money. There are jokers in the world and us hard working people have to make allowances for them.
Just use SPF as part of a spam scoring system, but never to outright block mails.
They shouldn't have fixed it. anyone using Windows XP should have upgraded years ago. Perhaps this would be encouragement to move to Windows 7....or Linux :D
Some applications still need Windows XP. Yes the applications should have been designed better.
Because Kaspersky catches a lot more nasties than Microsoft Security Essentials. And I mean a LOT more.
Kaspersky - I need this probably as much as I need another hole in the head.
Thanks,
Your customer
Hell, just legalise them all. If they cause massive brain damage, so what? Think of it as evolution in action and let Darwin take the terminally stupid. A couple generations of that will solve the problem.
There is a limited correlation between reproductive success and intelligence.
cue obligatory self-congratulatory "any other country is better" in 3...2...1...
No, many are worse. Also many are better.
It depends on what you want out of life to decide on how you measure better.
Sounds familiar. He should try to work something out with Odd Todd.
Whoever writes that Odd Todd blog has something wrong with him. Reading that is like staying late without overtime at a job you hate to finish a task you hate for a boss you hate so you can look forward to more jobs you hate the next day.
Sitting around all holiday watching lost - What a loser.
In Russia, power is money.
In USA, money is power.
There should be a great amount of money and power to be gained by moving between Russian and the US often.
If the President of the United States of America wants his phone unlocked, I don't see AT&T telling him no.
Why not? You don't have royalty or nobility in the USA, remember. Not like us in backward, Old World Britain.
The President has a personal army paid for by the state, he can pardon convicts based on nothing but his word. The only difference between the President and old world royalty is that presidents get changed every few years.
it wont hold a beer
I'm working on a compatible funnel to pour beer into a coffee cup. Just $50.
I thoughtful post. Thank You!
What you are describing is slurry ice storage cooling. Cool the coolant at night when the electricity is cheap and blow air though it to cool your building in the daytime. It can save a fortune in cooling costs compared to conventional air-con.
It's depressing because it's true.
Speed camera's are just there to collect money.
No, they're not. I've said it before here on Slashdot, but many UK councils have turned them off as a cost-cutting measure in the current climate of pseudo-austerity (i.e. austerity for the poor and not the rich).
They turned them off because central government took the profits. Central government also forced the councils to end their practice of hiding these things in places where they could not be seen and to make them bright orange so they are clearly visible.
If speed cameras are not about making money then why do they impose fines for speeders? How about a system where speeders lose their license after getting caught a few times? Or a day of community service? Or send speeders to a driving awareness course? Or a few days of jail? If you take money as absolution for a crime it's another tax, not a punishment.
Clearly there is a certain level of speeding that's insanely dangerous but if I'm driving down a school road at 29MPH and staring at my speedometer out of fear of being hit with yet another tax I'm not a safe driver either.
Yes, such a money sink that the loony right wing government in the UK is *desperate* to stop Scotland becoming independant,
The UK government includes Scottish MPs. So are they desperate to stop Scotland from becoming independent too?
They are MPs. They do whatever makes them the most money and lie about it.
Your "Stalin type leader" is pretty well in place already. And he's going to have to derive new revenue streams soon to bribe the electorate pending the Independence Referendum.
Lucky you getting bribes!
The UK will bias the question to fool the dumbest 51% of the voters into voting the way they want.
We went on a short self-guided car tour of Scotland this summer and were blown away at the number of cameras on the roadway. Many of the main roads had one or more speed camera covering all lanes of traffic every mile for tens of miles. I had no intention of doing any wrong, but all the 'invasion of privacy' bells were going off in my head.
Speed camera's are just there to collect money. If you are not speeding by 10mph+ they should not bother you. These now have to be bright orange and clearly visible following various local councils attempts to hide them behind signs and trees so they collect more money.
Half of the other cameras are just traffic monitoring cameras, they are run by people who only really care about keeping the traffic moving along.
The rest are run by the police who are vindictive abusers of terrorism law and really are out of screw over everyone for any reason. But there are few of them and very many cars. They only bother a tiny number of people.
You are quite right that the police could single out any person and jail that person under anti-terror law forever with absolutely no evidence. However a normal street cop can't do that, it would take someone very senior in the police. Yes it's technically a police state with massive surveillance.