Categories
Announcements Changes

Cloudmark Authority Testing

We’re currently testing out the Cloudmark Authority system on our mail servers to see how it performs with our system. The fastest way to do this was by using their SpamAssassin plugin under the new rule “CMAE_1” in our SpamAssassin configuration.

If you have issues with scoring you can change the score for CMAE_1 (default is 10) in the SpamAssassin preferences. If you have issues with false positives or spam that wasn’t caught please send us a copy of the X-Spam-CMAE-Analysis header.

UPDATE: The CMAE_1 rule has been disabled. We never received pricing from Cloudmark to continue post-trial and we have other projects that need attention at the moment. We may revisit this in the future.

Categories
Announcements Changes

Mail: Blocked Attachment Types

This has long been on the feature request list: attachment types. We’ve implemented some code to start this off with checking a static list of attachment extensions to reject. In addition to this list we’ll also be rejecting double extensions (like .exe.zip) and extensions with non-alphanumeric characters. Right now we’ve just deployed this as logging only to observe the results before switching on the rejecting portion of the code.

The rejected list of extensions will be:

chm, ade, adp, app, asp, bas, bat, cab, cer, chm, cmd, com, cpl, crt, csh, der, exe, fxp, gadget, hlp, hta, inf, ins, isp, its, js, jse, ksh, lib, lnk, mad, maf, mag, mam, maq, mar, mas, mat, mau, mav, maw, mda, mdb, mde, mdt, mdw, mdz, msc, msh, msh1, msh2, mshxml, msh1xml, msh2xml, msi, msp, mst, ops, pcd, pif, plg, prf, prg, pst, reg, scf, scr, sct, shb, shs, sys, ps1, ps1xml, ps2, ps2xml, psc1, psc2, tmp, url, vb, vbe, vbs, vsmacros, vsw, vxd, ws, wsc, wsf, wsh, xnk

In the future we will expand this in the account control center by allowing this feature to be disabled, add custom extensions to the list, and an inverse option of reject all extensions except a list of approved ones (as defined by the user). For now, contact support to request deactivation of this feature if you don’t want it applied to your domains.

UPDATE: Attachment extension name blocking is now live.

UPDATE July 7, 2016: We’ve added “docm”, “xlsm”, and “pptm” to the list.

Categories
Announcements IPv6

L-Root Instance now in Reno

We’re pleased to announce we’re now providing an L-Root instance in Reno, NV to our customers and peers, including TahoeIX peers.

Categories
Fun Stuff TahoeIX

On The Map with J Root

We’re on the map with J Root. Yep, that’s us in Reno.

j-root

Access to J root is available through peering at TahoeIX and automatically to Roller Network customers since Rollernet already peers.

Categories
Announcements Fun Stuff

Improvements Through IX Peering

Roller Network is one of the first participants of the Tahoe Internet Exchange, or TahoeIX. We announce our routes and our customer’s routes to the exchange, and accept all routes from the exchange. This morning TahoeIX welcomed Packet Clearing House to the peering fabric. While we’re still working turning up some direct peering sessions with PCH, their peering with the TahoeIX IPv4 route server is already up. We’ll receive routes directly and through the common route server.

Why peering? Here’s a perfect example of an improvement.

Traffic to a peered DNS root now looks like this:

$ mtr e.root-servers.net -4 -c 2 -r
HOST: whiskers                    Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- office-gw.rollernet.net    0.0%     2    0.7   0.6   0.6   0.7   0.1
  2.|-- as42.tahoeix.net           0.0%     2    0.6   0.6   0.5   0.6   0.1
  3.|-- e.root-servers.net         0.0%     2    0.9   0.8   0.7   0.9   0.1

While traffic to a DNS root without peering takes the long, scenic route:

$ mtr b.root-servers.net -4 -c 2 -r
HOST: whiskers                    Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- office-gw.rollernet.net    0.0%     2    0.4   0.4   0.4   0.5   0.1
  2.|-- core1-gi3-3.rollernet.net  0.0%     2    0.6   0.6   0.6   0.6   0.0
  3.|-- border0-gi0-1.rollernet.n  0.0%     2    1.2   1.2   1.2   1.2   0.0
  4.|-- 12.116.94.237              0.0%     2   15.1  31.5  15.1  47.9  23.2
  5.|-- 12.122.160.30              0.0%     2   12.4  12.2  12.0  12.4   0.3
  6.|-- cr2.sffca.ip.att.net       0.0%     2   11.7  12.6  11.7  13.4   1.1
  7.|-- 12.122.149.137             0.0%     2   13.7  13.7  13.6  13.7   0.1
  8.|-- 192.205.37.58              0.0%     2   12.0  12.1  12.0  12.3   0.3
  9.|-- ae-9.r22.snjsca04.us.bb.g  0.0%     2   12.2  11.9  11.6  12.2   0.4
 10.|-- ae-7.r21.lsanca03.us.bb.g  0.0%     2   23.2  23.4  23.2  23.6   0.3
 11.|-- ae-2.r05.lsanca03.us.bb.g  0.0%     2   24.4  23.7  23.0  24.4   1.0
 12.|-- ntt-los-nettos-usc.ln.net  0.0%     2   23.9  23.6  23.3  23.9   0.4
 13.|-- isi-vlan2009.ln.net        0.0%     2   24.0  23.9  23.8  24.0   0.1
 14.|-- b.root-servers.net         0.0%     2   24.4  25.7  24.4  27.0   1.9

The improvement should be quite obvious.

UPDATE: More prefixes from Afilias were added this morning.

$ mtr -c 1 -r b2.org.afilias-nst.org -6
HOST: whiskers                    Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 2607:fe70:0:beef::1        0.0%     1    0.5   0.5   0.5   0.5   0.0
  2.|-- as42.tahoeix.net           0.0%     1    0.8   0.8   0.8   0.8   0.0
  3.|-- b2.org.afilias-nst.org     0.0%     1    0.7   0.7   0.7   0.7   0.0

$ mtr -c 1 -r b2.org.afilias-nst.org -4
HOST: whiskers                    Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- office-gw.rollernet.net    0.0%     1    0.4   0.4   0.4   0.4   0.0
  2.|-- as42.tahoeix.net           0.0%     1    0.6   0.6   0.6   0.6   0.0
  3.|-- b2.org.afilias-nst.org     0.0%     1    1.0   1.0   1.0   1.0   0.0