INFO-VAX Thu, 08 May 2008 Volume 2008 : Issue 257 Contents: Ip address blocking by country Re: Ip address blocking by country Re: Ip address blocking by country Re: Ip address blocking by country Re: Ip address blocking by country Re: Ip address blocking by country Re: Ip address blocking by country Re: Ip address blocking by country Re: Ip address blocking by country Re: Ip address blocking by country Re: Ip address blocking by country Re: Ip address blocking by country Re: Maximum DIsk Size VMS 6.2? Re: Question: debugging a program run via CLD Re: Question: debugging a program run via CLD Scrolling wheel support on VMS VMS732_LAN-V0500 and LAN failover Re: VMS732_LAN-V0500 and LAN failover ---------------------------------------------------------------------- Date: Thu, 8 May 2008 08:17:35 -0400 From: "David Turner, Island Computers" Subject: Ip address blocking by country Message-ID: <5bCUj.488$Xv3.369@bignews4.bellsouth.net> Wrong NG? maybe but I know people here are well versed in this. IP blocking. Is this done on a regular basis? Thought someone here would be able to answer. If so, what are the prefix IP addresses we should block? Seems most of our spam is coming through chinese IP addresses ! We are using Spamassassin but it sometimes deletes good messages as do the blacklist servers. We are using 1 of the 4 blacklist servers on our mailserver but Brian here is making me nervous as yesterday after doing some work we got almost no emails. Comments?!?! DT -- David B Turner ============================================= Island Computers US Corp PO Box 86 Tybee GA 31328 Toll Free: 1-877 636 4332 x201, Mobile x251 Email: dturner@islandco.com International & Local: (001)- 404-806-7749 Fax: 912 786 8505 Web: www.islandco.com ============================================= ------------------------------ Date: Thu, 8 May 2008 13:30:01 +0100 From: "Richard Brodie" Subject: Re: Ip address blocking by country Message-ID: "David Turner, Island Computers" wrote in message news:5bCUj.488$Xv3.369@bignews4.bellsouth.net... > Seems most of our spam is coming through chinese IP addresses ! > We are using Spamassassin but it sometimes deletes good messages as do the blacklist > servers. No method is foolproof, and certainly not whole country blocking. If you want to do it though, the easiest way is probably to use a country DNSBL list e.g. http://countries.nerd.dk/ ------------------------------ Date: Thu, 8 May 2008 08:44:40 -0400 From: "David Turner, Island Computers" Subject: Re: Ip address blocking by country Message-ID: We use the DNSBL list, and it works quite well. BUT those Chinese companies don't seem to get hit that hard -- David B Turner ============================================= Island Computers US Corp PO Box 86 Tybee GA 31328 Toll Free: 1-877 636 4332 x201, Mobile x251 Email: dturner@islandco.com International & Local: (001)- 404-806-7749 Fax: 912 786 8505 Web: www.islandco.com ============================================= "Richard Brodie" wrote in message news:fvuroa$6lb$1@south.jnrs.ja.net... > > "David Turner, Island Computers" wrote in message > news:5bCUj.488$Xv3.369@bignews4.bellsouth.net... > >> Seems most of our spam is coming through chinese IP addresses ! >> We are using Spamassassin but it sometimes deletes good messages as do >> the blacklist servers. > > No method is foolproof, and certainly not whole country blocking. If you > want to do it though, the easiest way is probably to use a country DNSBL > list > e.g. http://countries.nerd.dk/ > ------------------------------ Date: Thu, 08 May 2008 14:35:19 +0100 From: Tom Wade Subject: Re: Ip address blocking by country Message-ID: Hi Dave, > IP blocking. > Is this done on a regular basis? Subscribing to RBL lists will certainly cut a huge amount of spam. Many off the shelf spam boxes use these lists directly. As for blocking by country, yes if you're sure you'll never need mail from anyone in that country you could get away with it, but I think using appropriate RBLs is better. > We are using Spamassassin but it sometimes deletes good messages as do the > blacklist servers. The key here is 'delete'. We use RBLs so that we return a reject (550) code to incoming messages whose IP is on the list. We do it after the MAIL FROM and RCPT TO exchange, so we can log the sender and recipient address, which helps us track it when somebody says they were expecting a message from so-and-so (we use PMDF to do this). Genuine messages caught up in this (which are fairly rare if you choose the right lists) get a non-delivery notification so the message isn't lost. What we do if the message is judged to be spam by the next stage is to quarantine it, and send a summary notice to the recipient thrice daily showing what has been quarantined. That way the message is never deleted, and false positives can be retrieved and the sender address whitelisted. There will *always* be false positives in any spam filtering, so silently trashing messages will lead to genuine lost mail. > We are using 1 of the 4 blacklist servers on our mailserver but Brian here > is making me nervous as yesterday after doing some work we got almost no > emails. We use four different blacklist providers. Ideally you should log what you are rejecting. Incidentally we sell precisely this kind of filtering service (run on VMS machines of course, many of which you have provided!). --------------------------------------------------------- Tom Wade | EMail: tee dot wade at eurokom dot ie EuroKom | Tel: +353 (1) 296-9696 A2, Nutgrove Office Park | Fax: +353 (1) 296-9697 Rathfarnham | Disclaimer: This is not a disclaimer Dublin 14 | Tip: "Friends don't let friends do Unix !" Ireland ------------------------------ Date: Thu, 8 May 2008 06:35:35 -0700 (PDT) From: sms.antinode@gmail.com Subject: Re: Ip address blocking by country Message-ID: <3e0a70b6-e925-418c-9452-3a0fc98e7f6e@34g2000hsf.googlegroups.com> David Turner, Island Computers wrote: > IP blocking. > Is this done on a regular basis? It can be, especially when you use the TCPIP SMTP stuff, which has rather limited filtering capability. > Seems most of our spam is coming through chinese IP addresses ! When I get junk e-mail, I usually put its source IP address into: http://ws.arin.net/whois/ which, for China, leads to: http://wq.apnic.net/apnic-bin/whois.pl A bit of exploration there can reveal some pretty large IP address ranges which are 100% Chinese. SMS. ------------------------------ Date: Thu, 8 May 2008 09:46:37 -0400 From: "David Turner, Island Computers" Subject: Re: Ip address blocking by country Message-ID: Thanks all ! We have done the same thing Tom Our "SPAM" message though says that if your email was "good" then to call us so that we can take you off the black list. Our questionnable messages go into a SPAM folder which can be read through an admin account. So far, it looks like the ICEWARP engine has been pretty good. Mostly Cialis Viagra and Chinese Porno sites have been rejected so it is doing its' job correctly. If anyone tries to send us a mail from COV and it gets rejected please call us and let us know though! David -- David B Turner ============================================= Island Computers US Corp PO Box 86 Tybee GA 31328 Toll Free: 1-877 636 4332 x201, Mobile x251 Email: dturner@islandco.com International & Local: (001)- 404-806-7749 Fax: 912 786 8505 Web: www.islandco.com ============================================= wrote in message news:3e0a70b6-e925-418c-9452-3a0fc98e7f6e@34g2000hsf.googlegroups.com... > David Turner, Island Computers wrote: > >> IP blocking. >> Is this done on a regular basis? > > It can be, especially when you use the TCPIP SMTP stuff, > which has rather limited filtering capability. > >> Seems most of our spam is coming through chinese IP addresses ! > > When I get junk e-mail, I usually put its source IP > address into: > > http://ws.arin.net/whois/ > > which, for China, leads to: > > http://wq.apnic.net/apnic-bin/whois.pl > > A bit of exploration there can reveal some pretty large IP > address ranges which are 100% Chinese. > > SMS. ------------------------------ Date: Thu, 08 May 2008 11:15:32 -0400 From: "Richard B. Gilbert" Subject: Re: Ip address blocking by country Message-ID: David Turner, Island Computers wrote: > Wrong NG? > maybe but I know people here are well versed in this. > > IP blocking. > Is this done on a regular basis? > Thought someone here would be able to answer. > > If so, what are the prefix IP addresses we should block? > Seems most of our spam is coming through chinese IP addresses ! > We are using Spamassassin but it sometimes deletes good messages as do the > blacklist servers. > We are using 1 of the 4 blacklist servers on our mailserver but Brian here > is making me nervous as yesterday after doing some work we got almost no > emails. > > Comments?!?! > > DT > A good place to start would be the 218.0.0.0 mask 255.0.0.0 address family but ONLY if you have no Chinese customers. Do you deal with anyone at NEBS? I used to work for a subsidiary. NEBS installed a filter that bocked 99.44% of the spam we used to get. Don't know where it came from or what it cost but someone at NEBS should know. They are IBM mainframe, AS-400, and Sun Solaris users. No DEC. If all else fail, the message header should show where the message originated and how it got to your address. Blocking traffic for the origin or intermediate hops should cut down on the volume. ------------------------------ Date: Thu, 8 May 2008 16:19:57 +0100 From: "Richard Brodie" Subject: Re: Ip address blocking by country Message-ID: "David Turner, Island Computers" wrote in message news:vACUj.498$Xv3.419@bignews4.bellsouth.net... > We use the DNSBL list, and it works quite well. I think you may have missed my point. If you really want to blacklist a whole country, there are DNSBL providers that will do the IP->country mapping for you. ------------------------------ Date: Thu, 08 May 2008 11:41:01 -0400 From: JF Mezei Subject: Re: Ip address blocking by country Message-ID: <48231f9e$0$7252$c3e8da3@news.astraweb.com> I don't have an extensive list, but: Bad-Clients: 220.144.0.0/16, 200.45.190.0/23 ! ! Chinanet Bad-Clients: 58.0.0.0/8, 59.0.0.0/8, 60.0.0.0/8, 218.66.0.0/15, 220.160.0.0/11, 220.192.0.0/10, 221.0.0.0/8, 222.0.0.0/8, 61.12.0.0/16, 61.206.0.0/16 as well as: RBLs: combined.njabl.org RBLs: zen.spamhaus.org About the only spam I get these days is in russian cyrillic characters. ------------------------------ Date: Thu, 8 May 2008 12:17:54 -0400 From: "David Turner, Island Computers" Subject: Re: Ip address blocking by country Message-ID: Well, whatever we have done now (blocked out specific IP addresses 221.3.*.*) seems to have done the trick, along with a few filters using DNSBL Seems 80% of the spam was coming from that prefix... In China of course... As we do almost no business in China, and the fact that most Chinese use gmail it won't be too much of an issue... Methinks most of China is Linux so... -- David B Turner ============================================= Island Computers US Corp PO Box 86 Tybee GA 31328 Toll Free: 1-877 636 4332 x201, Mobile x251 Email: dturner@islandco.com International & Local: (001)- 404-806-7749 Fax: 912 786 8505 Web: www.islandco.com ============================================= "Richard B. Gilbert" wrote in message news:XrqdnRfRUNLOhL7VnZ2dnUVZ_jqdnZ2d@comcast.com... > David Turner, Island Computers wrote: >> Wrong NG? >> maybe but I know people here are well versed in this. >> >> IP blocking. >> Is this done on a regular basis? >> Thought someone here would be able to answer. >> >> If so, what are the prefix IP addresses we should block? >> Seems most of our spam is coming through chinese IP addresses ! >> We are using Spamassassin but it sometimes deletes good messages as do >> the blacklist servers. >> We are using 1 of the 4 blacklist servers on our mailserver but Brian >> here is making me nervous as yesterday after doing some work we got >> almost no emails. >> >> Comments?!?! >> >> DT >> > > A good place to start would be the 218.0.0.0 mask 255.0.0.0 address family > but ONLY if you have no Chinese customers. > > Do you deal with anyone at NEBS? I used to work for a subsidiary. NEBS > installed a filter that bocked 99.44% of the spam we used to get. Don't > know where it came from or what it cost but someone at NEBS should know. > They are IBM mainframe, AS-400, and Sun Solaris users. No DEC. > > If all else fail, the message header should show where the message > originated and how it got to your address. Blocking traffic for the > origin or intermediate hops should cut down on the volume. ------------------------------ Date: Thu, 8 May 2008 12:18:59 -0400 From: "David Turner, Island Computers" Subject: Re: Ip address blocking by country Message-ID: Got the point and we are considering blocking the whole country but we'll wait and see how much spam we get from now on... Thanks ! To Everyone.. -- David B Turner ============================================= Island Computers US Corp PO Box 86 Tybee GA 31328 Toll Free: 1-877 636 4332 x201, Mobile x251 Email: dturner@islandco.com International & Local: (001)- 404-806-7749 Fax: 912 786 8505 Web: www.islandco.com ============================================= "Richard Brodie" wrote in message news:fvv5mt$9tf$1@south.jnrs.ja.net... > > "David Turner, Island Computers" wrote in message > news:vACUj.498$Xv3.419@bignews4.bellsouth.net... > >> We use the DNSBL list, and it works quite well. > > I think you may have missed my point. If you really want > to blacklist a whole country, there are DNSBL providers that > will do the IP->country mapping for you. > ------------------------------ Date: Thu, 08 May 2008 10:46:47 -0700 From: "Tom Linden" Subject: Re: Ip address blocking by country Message-ID: On Thu, 08 May 2008 09:18:59 -0700, David Turner, Island Computers wrote: > Got the point and we are considering blocking the whole country but we'll > wait and see how much spam we get from now on... > > Thanks ! To Everyone.. > I usually just block class B IPs -- PL/I for OpenVMS www.kednos.com ------------------------------ Date: Thu, 8 May 2008 05:24:19 -0700 (PDT) From: BaxterD@tessco.com Subject: Re: Maximum DIsk Size VMS 6.2? Message-ID: On May 8, 1:03=A0am, Kari Uusim=E4ki wrote: > David Turner, Island Computers wrote: > > > Can anyone enligthen me on this > > Customer needs to aechive using simple scsi up to 2TB > > He is stuck with VMS 6.2-1H3 > > > HELP ! > > This is a perfect case for HSM. With it he can store the daily or weekly > needed files on his current disks and let HSM move the older files to > another array with enough disk space (which can consist of lots of LUNs). > I recommend to read the HSM SPD. > > Btw. Tapes need regular (at least bi-yearly) rewinding to keep them from > degenerating. DLT tapes have a shelf life of 30 years if maintained > according to the manufacturers instructions. DDS tapes have a > significantly shorter life. > > Regards, > > Kari If the original posters' client is who I think it is, then Kari does not quite understand the situation. The data which is archived on the tapes is (I think) historical Medical data for patients who are still living. If often occurs that when one of these patients returns to their medical provider for treatment, it is necessary to "pull back" data from previous visits (sometimes years in the past). In a previous life I administered a system with the same requirements, however in those days the large capacity diskdrives were not available, and the "online" data was limited to 30 days, so history restores were quite frequent. Although the restore requests (statistically) tend to be in the more recent years/months, meeting restore deadlines (typically a couple of hours), preferably <15 minutes, is difficult even when the tapes are local. The ideal solution would be to have all of the data in online, or near online storage. This is obviously possible now that we have access to drives (either physical or virtual) with very large capacity. In fact, in most cases the limiting factor on volume size is now the Operating System. The next consideration should be "Is there any actual justification for movable media, i.e. CD, DVD, Tape, etc.). If you can set up an acceptable replication scheme which keeps an exact copy of the data at a remote site, then my answer would probably be no. Bear in mind that in this scenario, the archive data may grow by the addition of new archive files, but once archived, then the files are effectively Read-Only, so there is no real need for "point in time" copies. However, even if there is a (just to feel better) need for tape/CD/DVD copies, these can be made periodically at the remote site, using rotated media (to reduce the cost). IMHO, a replication solution (either Host-based (Shadowing), or Controller-based (CA?)) would provide a high level of both availability, redundancy, data protection and Disaster Recovery/ Tolerance, where as RAID, for all its qualities, really only provides availability and data protection. A RAID solution would however be acceptable providing that the client is fully aware of its limitations. This is doubly important if the data is (as I suspect) medical data. Dave ------------------------------ Date: Thu, 08 May 2008 07:53:20 +0200 From: Jur van der Burg <"lddriver at digiater dot nl"> Subject: Re: Question: debugging a program run via CLD Message-ID: <48229513$0$14342$e4fe514c@news.xs4all.nl> > I expect that something similar can be done on > Alpha but I never wanted to figure out the Sure you can. Cheers, Jur. $ if p1 .eqs. "" then inquire p1 "Filename" $ on error then goto end $ open/read/write file 'p1' $ read file data $ if f$cvsi(0,32,f$extract(112,4,data)) .ne. %x340 then goto move $ if f$cvsi(0,32,f$extract(116,4,data)) .eq. %xffffffff then goto update $! No previous entry for debugger in vector, insert one $move: $ data[8*132,32] = f$cvsi(0,32,f$extract(124,4,data)) $ data[8*128,32] = f$cvsi(0,32,f$extract(120,4,data)) $ data[8*124,32] = f$cvsi(0,32,f$extract(116,4,data)) $ data[8*120,32] = f$cvsi(0,32,f$extract(112,4,data)) $ data[8*116,32] = %xffffffff $ data[8*112,32] = %x340 $update: $ flags = f$cvsi(0,8,f$extract(80,1,data)) ! Get Link flags longword $ data[8*80,8] = (flags/2) * 2 + 1 ! Set the LNKDEBUG bit $ write/symbol/update file data $end: $ if f$logical("file") .nes. "" then close file $ exit Antonio Carlini wrote, On 7-5-2008 22:10: > koehler@eisner.nospam.encompasserve.org (Bob Koehler) wrote in > news:vjIuN7qa9Jlw@eisner.encompasserve.org: > >> In article >> , >> Rich Jordan writes: >>> I haven't had to do this before and haven't found the magic switch >>> yet. BASIC program designed to run with a CLD file defining two >>> mandatory parameters, no qualifiers. Compiled and linked /debug and >>> running it works as expected. But running it via the CLD (ie >>> >>> "$ program parameter1 parameter2" >>> >>> doesn't start the debugger. >> If you link the image /debug, the debugger will start. If you >> don't link the image /debug, there's nothing CLD can do about it. > > If it's VAX you can patch the image header! > > I expect that something similar can be done on > Alpha but I never wanted to figure out the > God-mode password on any games there, so I'm > not absolutely sure :-) > > Antonio ------------------------------ Date: Thu, 08 May 2008 12:16:58 -0400 From: John Reagan Subject: Re: Question: debugging a program run via CLD Message-ID: Jur van der Burg wrote: > > I expect that something similar can be done on > > Alpha but I never wanted to figure out the > > Sure you can. > > Cheers, > > Jur. > And for I64, there is the SET IMAGE DCL command. What we do for debugging compilers (which are started with a DCL command) is: - link them /DEBUG - patch off the debug flag (VAX & Alpha) or use SET IMAGE (I64) - we have an undocumented qualifier in our .CLD (/GEMDEBUG) which causes the compiler to do a LIB$SIGNAL(SS$_DEBUG) to bring up the debugger. This way, we can use the same image with or without debug. -- John Reagan OpenVMS Pascal/Macro-32/COBOL Project Leader Hewlett-Packard Company ------------------------------ Date: Thu, 08 May 2008 12:31:07 -0400 From: JF Mezei Subject: Scrolling wheel support on VMS Message-ID: <48232b5d$0$7268$c3e8da3@news.astraweb.com> For the "workstation" environment, I was provided some time ago with a nice patch which provided scrolling wheel support on VMS-Alpha-DECWindows. This essentially generated up/down arrow movements as seen from an application't point of view. However, having heeded the recommendations that VMS wasn't meant to be a workstation anymore, I have shutdown my alpha workstation and only have one alpha "server" still running (as well as a VAX). My desktop workstation has a nifty rodent device with 2 axis scroll wheel. (But in Xwindows, XEV only shows events for the up/down axis movements). When running VMS applications with displays on my non VMS workstation, the mouse scroll wheel events are not acted upon. Is there a way to change some definition *ON VMS* so that applications on VMS will see up/down arrow events when the foreign mouse wheel is used ? Or would this absolutely have to be done on the Mac to redefine the mouse events into up/down events (which would then affect all X applications displaying on the Mac, not just those coming from a VMS application) Does X windows on VMS have any native support for scroll wheels that could be enabled, or is the expectation that the mouse driver will just generate up/down events for the remainder of VMS' life ? ------------------------------ Date: Thu, 8 May 2008 05:28:07 -0700 (PDT) From: Jerry Eckert Subject: VMS732_LAN-V0500 and LAN failover Message-ID: <99c8d9c3-683f-41fa-a508-e81dee721b3b@i76g2000hsf.googlegroups.com> The documentation for the VMS732_LAN-V0500 patch is missing a crucial instruction: if you are using the LAN failover feature, the LANCP device database must be converted (MC LANCP CONVERT DEVICE) after installing the patch. If this isn't done, the LL devices will be configured but not active after the system is rebooted. LANCP does not generate any warnings that the database requires conversion unless you attempt to modify an entry; the SHOW DEV command functions normally. Also, be aware that the information about the state of the failover set (which physical devices are included and which is active) has been moved from SHOW DEV LLA/CHAR to SHOW DEV LLA/INT. A case has been opened with HP and escalated to Engineering. Jerry ------------------------------ Date: Thu, 8 May 2008 07:00:01 -0700 (PDT) From: DaveG Subject: Re: VMS732_LAN-V0500 and LAN failover Message-ID: On May 8, 7:28=A0am, Jerry Eckert wrote: > The documentation for the VMS732_LAN-V0500 patch is missing a crucial > instruction: if you are using the LAN failover feature, the LANCP > device database must be converted (MC LANCP CONVERT DEVICE) after > installing the patch. > > If this isn't done, the LL devices will be configured but not active > after the system is rebooted. LANCP does not generate any warnings > that the database requires conversion unless you attempt to modify an > entry; the SHOW DEV command functions normally. > > Also, be aware that the information about the state of the failover > set (which physical devices are included and which is active) has been > moved from SHOW DEV LLA/CHAR to SHOW DEV LLA/INT. > > A case has been opened with HP and escalated to Engineering. > > Jerry Thanks for the heads up Jerry. The LAN-v5 patch was re-issued on 5/6/08 after the original issue date of 5/5/08 and the reason given was a doc. fix. I just checked and the LANCP CONVERT DEVICE you mentioned was NOT in the 5/6/08 release notes. Good catch. No, very good catch. Dave... ------------------------------ End of INFO-VAX 2008.257 ************************