*chef's kiss*
Timo Reitnauer of Wellington, NZ was, indeed, the co-founder of the
original, NZ-based firm. The 2019 buyout caused layoff of the entire
existing staff, and I'm pretty sure Timo has no involvement in the
CentralNic-puppeteered firm based on London.
Still, amusing.
https://www.linkedin.com/posts/timo-reitnauer-237a5b1ab_im-keen-to-try-some…
----- Forwarded message from iwantmyname <help.support.iwantmyname.com(a)getveromail.com> -----
Date: Mon, 03 Jun 2024 05:07:13 +0000
From: iwantmyname <help.support.iwantmyname.com(a)getveromail.com>
To: rick(a)linuxmafia.com
Subject: Need any help with your iwantmyname account?
Reply-To: help(a)support.iwantmyname.com
Hey there,
I noticed that you don't have any domains in your iwantmyname account yet so I wanted to quickly check in to see how you're getting along.
Do you need a hand in buying a new domain name or transferring one from your previous registrar? Just hit the reply button and let me know how I can help you get started.
Cheers,
Timo Reitnauer
Co-Founder
https://iwantmyname.com
----- End forwarded message -----
On Mastodon, I'm @unixmercenary@infosec.exchange.
As such, I just tooted this
(https://infosec.exchange/@unixmercenary/112534258603738688 ):
may be seeking a new #DNSregistrar. Once upon a time, there was a
highly clueful one named ideegeo Group, Ltd. d/b/a IWantMyName.com in
Wellington, NZ, technically a retail reseller for large German registrar
1API.
Early on, their staff efficiently and quickly fixed an odd problem,
where my two domains were suddenly private WHOIS against my wishes: The
tech found that 1API had unilaterally toggled everyone private to
quickly comply with GDPR rollout -- and intervened to revert that on my
domains.
Roll forward to 2019. British multinational CentralNic Group PLC
acquired ideegeo Group Ltd., and shut down the NZ operation.
Uh-oh.
About a year later, I saw that my domains were suddenly private WHOIS
again, saw still nothing in the customer WebUI to adjust that, and
opened another ticket, referencing the first one, speculating 1API might
have done it again, and asking the same fix.
A tech from the new lot immediately closed the ticket with the
explanation that the operator of the .com and .net TLDs had imposed
private WHOIS on all domains, and therefore IWantMyName was powerless to
help me.
I almost accepted this pile of bullhockey, but then thought to
cross-check, among others, domains 1API.net and IWantMyName.com -- whose
public WHOIS data immediately disproved the nonsense claim. I reopened
the ticket, pointing out their claim is provably wrong, and reiterating
my request.
The tech closed the ticket again with the comment that he'd repeated
what the technical staff told him -- not commenting on the fact that it
was provably false.
I escalated this matter to corporate staff in London, saying that
gaslighting customers is uncool, that I could easily take business
elsewhere, and that I'd be deciding that in a couple of days. A senior
tech in London reopened the case, told me he' fix things, did so,
explained that first-level techs had relied on bad information, and
observed (justly) that few customers wished to eschew private WHOIS. As
resolution occurred before my deadline, I stayed.
Yesterday, after verifying that IWantMyName.com's customer WebUI still
doesn't permit early renewal, I opened a new ticket saying "Please
manually extend by two years each of my domains linuxmafia.com and
unixmercenary.net, please charge my credit card of record number NNNN
for the US $95.26 entailed, and please do that now."
I got back a response saying:
"We currently only register and renew domains automatically for one year
at a time.
We've found that longer registration periods lead to a higher chance of
customers losing or forgetting their account details or missing
notifications and ultimately letting their domains expire due to
outdated contact information for expired credit card details.
The annual notifications serve as a reminder of sorts to keep everything
up to date. Or, if something unexpected happens and the domain is no
longer needed, it can be cancelled with no time/money lost.
If you have any other questions, just let us know."
I waited a day, then wrote back saying I'd seen no action on my request.
The tech referred me to the above statement.
I wrote back:
"That was not even anywhere near an answer to my request.
I didn't ask about automatic renewal policy. I requested manual
processing of two-year extension, now, for each of my two domains,
charging the appropriate fees totalling US $95.26 to my credit card of
record.
Please do that now.
I will continue to escalate this matter, if it is not addressed."
This is in "You had one job" territory, nicht wahr? Any fellow Ops
people with clueful-registrar suggestions? Needing to escalate routine
requests has gotten old.
For the record, for good and compelling reasons, I keep domains a long
way from expiration, run a weekly cron job executing d-check
(http://linuxmafia.com/pub/linux/network/) to watch whois for upcoming
renewal dates, and renew well in advance of need.
Likewise, I insist on public WHOIS so it can fulfil its design role of
permitting contact, by anyone observing a problem or other matter
needing attention, to the Administrative, Technical, and Registrant
contacts as appropriate.
"You'll be doxed", someone says says? Funny, that: Maybe they might
use the real street address, real telephone number, real e-mail address,
and "ICBM address" (latitude, longitude, and altitude of my favourite
chair) on my personal Web page, instead.
Michael, this is _not_ a complaint (as I just silenced these via
/etc/logcheck/ignore.d.server/local.rules), but why am I getting
a constant barrage of NOTIFYs about mpaoli.net from your 96.86.170.226
nameserver?
If you figure it out, and curb NOTIFY being sent at 90 second intervals,
please advise, and I'll remove those two "ignore" lines from local.rules .
----- Forwarded message from logcheck system account <logcheck(a)linuxmafia.com> -----
Date: Sun, 02 Jun 2024 18:02:01 -0700
From: logcheck system account <logcheck(a)linuxmafia.com>
To: root(a)linuxmafia.com
Subject: linuxmafia.com 2024-06-02 18:02 System Events
System Events
=-=-=-=-=-=-=
Jun 2 17:02:29 linuxmafia named[1093]: client 96.86.170.226#30759: received notify for zone 'mpaoli.net'
Jun 2 17:02:29 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#30759: zone is up to date
Jun 2 17:04:00 linuxmafia named[1093]: client 96.86.170.226#8181: received notify for zone 'mpaoli.net'
Jun 2 17:04:00 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#8181: zone is up to date
Jun 2 17:04:00 linuxmafia named[1093]: client 96.86.170.226#37529: received notify for zone 'mpaoli.net'
Jun 2 17:04:00 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#37529: zone is up to date
Jun 2 17:05:30 linuxmafia named[1093]: client 96.86.170.226#13482: received notify for zone 'mpaoli.net'
Jun 2 17:05:30 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#13482: zone is up to date
Jun 2 17:07:00 linuxmafia named[1093]: client 96.86.170.226#19217: received notify for zone 'mpaoli.net'
Jun 2 17:07:00 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#19217: zone is up to date
Jun 2 17:08:31 linuxmafia named[1093]: client 96.86.170.226#30329: received notify for zone 'mpaoli.net'
Jun 2 17:08:31 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#30329: zone is up to date
Jun 2 17:10:01 linuxmafia named[1093]: client 96.86.170.226#36447: received notify for zone 'mpaoli.net'
Jun 2 17:10:01 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#36447: zone is up to date
Jun 2 17:11:32 linuxmafia named[1093]: client 96.86.170.226#10624: received notify for zone 'mpaoli.net'
Jun 2 17:11:32 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#10624: zone is up to date
Jun 2 17:11:33 linuxmafia named[1093]: client 96.86.170.226#22179: received notify for zone 'mpaoli.net'
Jun 2 17:11:33 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#22179: zone is up to date
Jun 2 17:13:02 linuxmafia named[1093]: client 96.86.170.226#12961: received notify for zone 'mpaoli.net'
Jun 2 17:13:02 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#12961: zone is up to date
Jun 2 17:14:33 linuxmafia named[1093]: client 96.86.170.226#29402: received notify for zone 'mpaoli.net'
Jun 2 17:14:33 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#29402: zone is up to date
Jun 2 17:16:04 linuxmafia named[1093]: client 96.86.170.226#10227: received notify for zone 'mpaoli.net'
Jun 2 17:16:04 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#10227: zone is up to date
Jun 2 17:16:04 linuxmafia named[1093]: client 96.86.170.226#62072: received notify for zone 'mpaoli.net'
Jun 2 17:16:04 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#62072: zone is up to date
Jun 2 17:17:34 linuxmafia named[1093]: client 96.86.170.226#38200: received notify for zone 'mpaoli.net'
Jun 2 17:17:34 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#38200: zone is up to date
Jun 2 17:19:04 linuxmafia named[1093]: client 96.86.170.226#31395: received notify for zone 'mpaoli.net'
Jun 2 17:19:04 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#31395: zone is up to date
Jun 2 17:19:05 linuxmafia named[1093]: client 96.86.170.226#43946: received notify for zone 'mpaoli.net'
Jun 2 17:19:05 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#43946: zone is up to date
Jun 2 17:20:35 linuxmafia named[1093]: client 96.86.170.226#52576: received notify for zone 'mpaoli.net'
Jun 2 17:20:35 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#52576: zone is up to date
Jun 2 17:22:06 linuxmafia named[1093]: client 96.86.170.226#30061: received notify for zone 'mpaoli.net'
Jun 2 17:22:06 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#30061: zone is up to date
Jun 2 17:23:36 linuxmafia named[1093]: client 96.86.170.226#44444: received notify for zone 'mpaoli.net'
Jun 2 17:23:36 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#44444: zone is up to date
Jun 2 17:25:06 linuxmafia named[1093]: client 96.86.170.226#36944: received notify for zone 'mpaoli.net'
Jun 2 17:25:06 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#36944: zone is up to date
Jun 2 17:26:37 linuxmafia named[1093]: client 96.86.170.226#28976: received notify for zone 'mpaoli.net'
Jun 2 17:26:37 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#28976: zone is up to date
Jun 2 17:28:07 linuxmafia named[1093]: client 96.86.170.226#11125: received notify for zone 'mpaoli.net'
Jun 2 17:28:07 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#11125: zone is up to date
Jun 2 17:28:08 linuxmafia named[1093]: client 96.86.170.226#56348: received notify for zone 'mpaoli.net'
Jun 2 17:28:08 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#56348: zone is up to date
Jun 2 17:29:38 linuxmafia named[1093]: client 96.86.170.226#24066: received notify for zone 'mpaoli.net'
Jun 2 17:29:38 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#24066: zone is up to date
Jun 2 17:31:08 linuxmafia named[1093]: client 96.86.170.226#43222: received notify for zone 'mpaoli.net'
Jun 2 17:31:08 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#43222: zone is up to date
Jun 2 17:31:09 linuxmafia named[1093]: client 96.86.170.226#47912: received notify for zone 'mpaoli.net'
Jun 2 17:31:09 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#47912: zone is up to date
Jun 2 17:32:39 linuxmafia named[1093]: client 96.86.170.226#61955: received notify for zone 'mpaoli.net'
Jun 2 17:32:39 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#61955: zone is up to date
Jun 2 17:34:09 linuxmafia named[1093]: client 96.86.170.226#59555: received notify for zone 'mpaoli.net'
Jun 2 17:34:09 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#59555: zone is up to date
Jun 2 17:35:39 linuxmafia named[1093]: client 96.86.170.226#18134: received notify for zone 'mpaoli.net'
Jun 2 17:35:39 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#18134: zone is up to date
Jun 2 17:37:10 linuxmafia named[1093]: client 96.86.170.226#3483: received notify for zone 'mpaoli.net'
Jun 2 17:37:10 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#3483: zone is up to date
Jun 2 17:37:10 linuxmafia named[1093]: client 96.86.170.226#41816: received notify for zone 'mpaoli.net'
Jun 2 17:37:10 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#41816: zone is up to date
Jun 2 17:38:40 linuxmafia named[1093]: client 96.86.170.226#34917: received notify for zone 'mpaoli.net'
Jun 2 17:38:40 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#34917: zone is up to date
Jun 2 17:40:11 linuxmafia named[1093]: client 96.86.170.226#24244: received notify for zone 'mpaoli.net'
Jun 2 17:40:11 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#24244: zone is up to date
Jun 2 17:41:41 linuxmafia named[1093]: client 96.86.170.226#52424: received notify for zone 'mpaoli.net'
Jun 2 17:41:41 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#52424: zone is up to date
Jun 2 17:43:12 linuxmafia named[1093]: client 96.86.170.226#44240: received notify for zone 'mpaoli.net'
Jun 2 17:43:12 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#44240: zone is up to date
Jun 2 17:44:42 linuxmafia named[1093]: client 96.86.170.226#44982: received notify for zone 'mpaoli.net'
Jun 2 17:44:42 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#44982: zone is up to date
Jun 2 17:46:13 linuxmafia named[1093]: client 96.86.170.226#48398: received notify for zone 'mpaoli.net'
Jun 2 17:46:13 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#48398: zone is up to date
Jun 2 17:46:13 linuxmafia named[1093]: client 96.86.170.226#12034: received notify for zone 'mpaoli.net'
Jun 2 17:46:13 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#12034: zone is up to date
Jun 2 17:47:44 linuxmafia named[1093]: client 96.86.170.226#18028: received notify for zone 'mpaoli.net'
Jun 2 17:47:44 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#18028: zone is up to date
Jun 2 17:49:14 linuxmafia named[1093]: client 96.86.170.226#40531: received notify for zone 'mpaoli.net'
Jun 2 17:49:14 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#40531: zone is up to date
Jun 2 17:49:14 linuxmafia named[1093]: client 96.86.170.226#27099: received notify for zone 'mpaoli.net'
Jun 2 17:49:14 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#27099: zone is up to date
Jun 2 17:50:44 linuxmafia named[1093]: client 96.86.170.226#6762: received notify for zone 'mpaoli.net'
Jun 2 17:50:44 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#6762: zone is up to date
Jun 2 17:52:15 linuxmafia named[1093]: client 96.86.170.226#60085: received notify for zone 'mpaoli.net'
Jun 2 17:52:15 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#60085: zone is up to date
Jun 2 17:53:45 linuxmafia named[1093]: client 96.86.170.226#48793: received notify for zone 'mpaoli.net'
Jun 2 17:53:45 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#48793: zone is up to date
Jun 2 17:55:16 linuxmafia named[1093]: client 96.86.170.226#10334: received notify for zone 'mpaoli.net'
Jun 2 17:55:16 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#10334: zone is up to date
Jun 2 17:56:47 linuxmafia named[1093]: client 96.86.170.226#41121: received notify for zone 'mpaoli.net'
Jun 2 17:56:47 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#41121: zone is up to date
Jun 2 17:58:17 linuxmafia named[1093]: client 96.86.170.226#44158: received notify for zone 'mpaoli.net'
Jun 2 17:58:17 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#44158: zone is up to date
Jun 2 17:58:17 linuxmafia named[1093]: client 96.86.170.226#35535: received notify for zone 'mpaoli.net'
Jun 2 17:58:17 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#35535: zone is up to date
Jun 2 17:59:47 linuxmafia named[1093]: client 96.86.170.226#1727: received notify for zone 'mpaoli.net'
Jun 2 17:59:47 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#1727: zone is up to date
Jun 2 18:01:18 linuxmafia named[1093]: client 96.86.170.226#64910: received notify for zone 'mpaoli.net'
Jun 2 18:01:18 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#64910: zone is up to date
Jun 2 18:01:18 linuxmafia named[1093]: client 96.86.170.226#19593: received notify for zone 'mpaoli.net'
Jun 2 18:01:18 linuxmafia named[1093]: zone mpaoli.net/IN: notify from 96.86.170.226#19593: zone is up to date
----- End forwarded message -----
I note with no objection that you dropped offlist, but I'll move back
anyway.
Quoting Michael Paoli (michael.paoli(a)berkeley.edu):
> I'm thinking the option may also be generic,
> but whether or not it actually does anything may be
> TLD specific, so, e.g. may do nothing for com.,
> but may actually be usefully effective for some other
> TLDs. I.e. com. may not even use or accept "Billing Contact"
> into whois data, but some other TLDs may accept such.
FWIW, I also see that Billing Contact isn't shown in public WHOIS for
unixmercenary.net, either -- but that's consistent with your hypothesis,
since both com. and net. are operated by VeriSign, Inc. as
"authoritative registry", or, as VeriSign calls it, the firm's "naming
services division".
https://en.wikipedia.org/wiki/Verisign#Naming_services
That line of business it acquired by buying Network Solutions in 2000,
divesting the _regisrar_ portion in 2003 but keeping the registry
(wholesale & back-end) portion. They also, ugh, have the contract for
the root nameserver operation, operating two of them, "A" and "J",
directly. Plus maintaining the root zonefile.
NetSol, in turn, got the football in 1993 under contract from NSF. The
division between "registry" and "registrar" (within NetSol) followed in
1998 when ICANN got conjured into existence (at the invitation of Dept.
of Commerce, IIRC), and ICANN grandly pronounced that it required NetSol
to engineer an interface permitting competing registrars. (ICANN by
itself was a "Who the hell are you?" paper tiger, but they had the
blessing of US Dept. of Commerce Dept., which had legal and checkbook
power, and ISTR somehow the issuance of marching orders somehow went
from Commerce to ICANN to IATA (which is a nonprofit under Commerce
Dept. contract, hence checkbook power).
VeriSign Naming Services is now at 12061 Bluemont Way, Reston Town
Center development, Reston, VA.
Anyway, bottom line, I concur with your guess that "Billing Contact
doesn't go into WHOIS" is probably implemented at the VeriSign
com./net./etc. end of things, and is probably a legacy of NetSol 1990s
buildout that's still embedded into everything, there.
+balug-admin(a)lists.balug.org - don't send/cc/bcc to that email if
you're not on that list
Oh, and most of the timezones are UTC, unless indicated otherwise.
So ... first we look at full headers of the received. To make that
simpler, I first unfolded (any header lines starting with a space I
joined to line above), then removed all lines except those with a date
or timestamp or the like and also retaining those that might be
relatively usefully informative, and dropped the rest. Then for
readability I (re)folded those more than 72 characters wide, with a
space indent where folded. And I preserved ordering. That leaves us
with:
Received: by 2002:aa7:da18:0:b0:568:550c:e550 with SMTP id
r24csp203374eds; Thu, 14 Mar 2024 00:51:42 -0700 (PDT)
X-Received: by 2002:a05:6808:1285:b0:3c2:18fe:f810 with SMTP id
a5-20020a056808128500b003c218fef810mr1187019oiw.27.1710402702247; Thu,
14 Mar 2024 00:51:42 -0700 (PDT)
Return-Path: <balug-announce-bounces(a)lists.balug.org>
Received: from balug-sf-lug-v2.balug.org (balug.org.
[2001:470:1f05:19e::2]) by mx.google.com with ESMTPS id
e17-20020aca1311000000b003c365f41a1fsi65493oii.37.2024.03.14.00.51.41
for <michael.paoli(a)cal.berkeley.edu> (version=TLS1_3
cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Mar 2024 00:51:42
-0700 (PDT)
Received: from localhost ([127.0.0.1] helo=balug.org) by
balug-sf-lug-v2.balug.org with esmtp (Exim 4.92) (envelope-from
<balug-announce-bounces(a)lists.balug.org>) id 1rkfsB-0002wb-L7; Thu, 14
Mar 2024 07:51:31 +0000
Received: from shell1.rawbw.com ([198.144.192.42]) by
balug-sf-lug-v2.balug.org with esmtp (Exim 4.92) (envelope-from
<Michael.Paoli(a)cal.berkeley.edu>) id 1rcPqS-0002KU-Ko for
balug-announce(a)lists.balug.org; Tue, 20 Feb 2024 13:07:36 +0000
Received: from webmail.rawbw.com (mail0.rawbw.com [198.144.192.41]) by
shell1.rawbw.com (8.15.1/8.15.1) with ESMTP id 41KD7ZwB068218; Tue, 20
Feb 2024 05:07:35 -0800 (PST) (envelope-from
Michael.Paoli(a)cal.berkeley.edu)
Date: Tue, 20 Feb 2024 05:07:35 -0800
To: BALUG-Announce <balug-announce(a)lists.balug.org>
Message-ID: <94cc17d1e831608786fb59c3a4eb70a9(a)cal.berkeley.edu>
X-Sender: Michael.Paoli(a)cal.berkeley.edu
Received-SPF: none client-ip=198.144.192.42;
envelope-from=Michael.Paoli(a)cal.berkeley.edu; helo=shell1.rawbw.com
Subject: [BALUG-Announce] BALUG: meeting TODAY!: Tu 2024-02-20 & other
BALUG News
From: Michael Paoli via BALUG-Announce <balug-announce(a)lists.balug.org>
Reply-To: Michael Paoli <Michael.Paoli(a)cal.berkeley.edu>
Errors-To: balug-announce-bounces(a)lists.balug.org
Sender: BALUG-Announce <balug-announce-bounces(a)lists.balug.org>
So, we see the big time gap here:
Received: from localhost ([127.0.0.1] helo=balug.org) by
balug-sf-lug-v2.balug.org with esmtp (Exim 4.92) (envelope-from
<balug-announce-bounces(a)lists.balug.org>) id 1rkfsB-0002wb-L7; Thu, 14
Mar 2024 07:51:31 +0000
Received: from shell1.rawbw.com ([198.144.192.42]) by
balug-sf-lug-v2.balug.org with esmtp (Exim 4.92) (envelope-from
<Michael.Paoli(a)cal.berkeley.edu>) id 1rcPqS-0002KU-Ko for
balug-announce(a)lists.balug.org; Tue, 20 Feb 2024 13:07:36 +0000
Those Received: headers are read from bottom up in order of processing,
newer Received: headers are added atop any existing. That's not only
useful for tracing route of mail, but these also generally include
timestamps.
So, I sent it from one of my ISP's email to the list, and that was
received, then it took a long time for the next hop - which was entirely
local on the same host - so something went wrong there between MTA
and/or mailman. If I convert those timestamps to ISO
format, have:
2024-02-20T13:07:36+0000
2024-03-14T07:51:31+0000
$ who -r
run-level 5 Mar 14 06:51
So, between that and a presumed exponential back-off on retries on the
sending MTA, that would presumably account for when the MTA received
that, presuming for the period before that there was some reason it
couldn't or wouldn't. And looking at receiving MTA logs, no shortage
of logs between those timestamps, so ... what happened? We do have:
Message-ID: <94cc17d1e831608786fb59c3a4eb70a9(a)cal.berkeley.edu>
and that should be unique, so can be quite useful for, e.g. searching
in mail logs. What (if anything) can we find for that in the time range
in question?
MTA exim4 ... I don't have mainlog files going back that far, but I do
have rejectlog files going back that far. In chronological order by
mtime for files covering range:
2024-02-20T13:07:36+0000
2024-03-14T07:51:31+0000
have files matching these patterns:
rejectlog.{5{9,8,7,6,5,4,3,2,1,0},4{9,8,7,6,5,4,3,2,1,0},3{9,8,7,6,5,4,3,2,1,0},2{9,8,7}}.gz
paniclog
rejectlog.{2{6,5,4,3,2,1,0},1{9,8,7,6,5,4,3,2,1,0}}.gz
mainlog.10.gz
eval echo \{rejectlog,mainlog\}{.{9,8,7,6,5,4,3,2,1}.gz,}
checking for that Message-ID, have:
(
Message_ID='94cc17d1e831608786fb59c3a4eb70a9(a)cal.berkeley.edu'
eval set -- \
rejectlog.{5{9,8,7,6,5,4,3,2,1,0},4{9,8,7,6,5,4,3,2,1,0},3{9,8,7,6,5,4,3,2,1,0},2{9,8,7}}.gz
\
paniclog \
rejectlog.{2{6,5,4,3,2,1,0},1{9,8,7,6,5,4,3,2,1,0}}.gz \
mainlog.10.gz \
\{rejectlog,mainlog\}{.{9,8,7,6,5,4,3,2}.gz,.1,}
for f
do
case "$f" in
*.gz)
gzip -d < "$f" |
grep -F -q -e "$Message_ID" &&
{
echo "$f"
gzip -d < "$f" | grep -F -e "$Message_ID"
}
;;
*)
grep -F -l -e "$Message_ID" "$f" &&
grep -F -e "$Message_ID" "$f"
;;
esac
done
)
mainlog.5.gz
2024-03-14 07:51:31 1rkfsB-0002wb-L7 <=
balug-announce-bounces(a)lists.balug.org H=localhost (balug.org)
[127.0.0.1] P=esmtp S=7761
id=94cc17d1e831608786fb59c3a4eb70a9(a)cal.berkeley.edu
2024-03-14 07:51:31 1rkfsB-0002wb-Me <=
balug-announce-bounces(a)lists.balug.org H=localhost (balug.org)
[127.0.0.1] P=esmtp S=7761
id=94cc17d1e831608786fb59c3a4eb70a9(a)cal.berkeley.edu
2024-03-14 07:51:31 1rkfsB-0002wb-TW <=
balug-announce-bounces(a)lists.balug.org H=localhost (balug.org)
[127.0.0.1] P=esmtp S=7761
id=94cc17d1e831608786fb59c3a4eb70a9(a)cal.berkeley.edu
2024-03-14 07:51:31 1rkfsB-0002wb-UG <=
balug-announce-bounces(a)lists.balug.org H=localhost (balug.org)
[127.0.0.1] P=esmtp S=7761
id=94cc17d1e831608786fb59c3a4eb70a9(a)cal.berkeley.edu
2024-03-14 07:51:41 1rkfsB-0002wb-L7 => <REDACTED>
...
So, basically it comes in (apparently goes through multiple times in
processing), and then lots of sends out very shortly after that.
Unfortunately don't have the earlier mainlog files, so not sure what may
have happened then - at least as far as MTA goes.
Let's see about mailman. For log files in the relevant time frame, and
ignoring those which are compressed empty files (yeah, I should have
logrotate not compress empty files), these are the files in
chronological order (by mtime):
vette.4.gz
mischief.1
error.3.gz
error.2.gz
security
qrunner.5.gz
smtp-failure.5.gz
locks.5.gz
smtp.5.gz
qrunner.4.gz
bounce.1
subscribe
And going through those files, nothing relevant in the applicable
time frame.
So ... thus far best guess is something that was essentially somewhere
along that chain failed or wedged or died or crashed or the like,
didn't particularly log anything indicating the problem in the
meantime, and things went back to "normal" and got unjammed after host
rebooted.
Oh, mailman did also add it to the archives ... can we see when, that
may provide a clue.
>From Michael.Paoli(a)cal.berkeley.edu Tue Feb 20 13:07:36 2024
Received: from shell1.rawbw.com ([198.144.192.42]) by
balug-sf-lug-v2.balug.org with esmtp (Exim 4.92) (envelope-from
<Michael.Paoli(a)cal.berkeley.edu>) id 1rcPqS-0002KU-Ko for
balug-announce(a)lists.balug.org; Tue, 20 Feb 2024 13:07:36 +0000
Received: from webmail.rawbw.com (mail0.rawbw.com [198.144.192.41]) by
shell1.rawbw.com (8.15.1/8.15.1) with ESMTP id 41KD7ZwB068218; Tue, 20
Feb 2024 05:07:35 -0800 (PST) (envelope-from
Michael.Paoli(a)cal.berkeley.edu)
From: Michael Paoli <Michael.Paoli(a)cal.berkeley.edu>
To: BALUG-Announce <balug-announce(a)lists.balug.org>
Message-ID: <94cc17d1e831608786fb59c3a4eb70a9(a)cal.berkeley.edu>
X-Sender: Michael.Paoli(a)cal.berkeley.edu
Subject: [BALUG-Announce] BALUG: meeting TODAY!: Tu 2024-02-20 & other
BALUG News
X-BeenThere: balug-announce(a)lists.balug.org
Date: Tue, 20 Feb 2024 13:07:36 -0000
X-Original-Date: Tue, 20 Feb 2024 05:07:35 -0800
X-List-Received-Date: Tue, 20 Feb 2024 13:07:36 -0000
At least what shows in the archive (complete mbox file), from the full
headers, looks like it got it in timely manner. What about where
it processes those for showing on web?
# pwd -P && ls -ontr $(find * ! -mtime +30 -type f -print | fgrep Feb)
/var/lib/mailman/archives/private/balug-announce
-rw-rw-r-- 1 38 5689 Mar 14 06:51 2024-February.txt
-rw-rw-r-- 1 38 1729 Mar 14 06:51 2024-February/date.html
-rw-rw-r-- 1 38 1723 Mar 14 06:51 2024-February/subject.html
-rw-rw-r-- 1 38 1725 Mar 14 06:51 2024-February/author.html
-rw-rw-r-- 1 38 1752 Mar 14 06:51 2024-February/thread.html
-rw-rw-r-- 1 38 8276 Mar 14 06:51 2024-February/000340.html
-rw-rw---- 1 38 136 Mar 14 06:51 database/2024-February-thread
-rw-rw---- 1 38 183 Mar 14 06:51 database/2024-February-subject
-rw-rw---- 1 38 131 Mar 14 06:51 database/2024-February-date
-rw-rw---- 1 38 150 Mar 14 06:51 database/2024-February-author
-rw-rw---- 1 38 1259 Mar 14 06:51 database/2024-February-article
-rw-rw-r-- 1 38 2687 Mar 15 03:27 2024-February.txt.gz
#
Yeah, it would seem to implicate a problem within mailman.
Looks like our sequence went about like this:
2024-02-20T13:07:36+0000 email generated on sending MTA,
looks like it made it to receiving MTA and into mailman,
notably mailman show it in the mbox full archive with
corresponding timestamps, but then looks like it stuck at some point
after that, notably not even the archiving was fully processed,
as the web archive files didn't catch up until
2024-03-14T06:51+0000
we have a reboot
$ who -r
run-level 5 Mar 14 06:51
And the mailman web archive files catch up. Then, an hour later:
2024-03-14T07:51:31+0000
mail to list recipients is actually sent out (perhaps some retry logic
caused the hour's delay at that point).
Anyway, that's my best guestimation based on the evidence.
---------- Forwarded message ---------
From: Michael Paoli <michael.paoli(a)cal.berkeley.edu>
Date: Thu, Mar 14, 2024 at 8:26 PM
Subject: Re: [BALUG-Announce] BALUG: meeting TODAY!: Tu 2024-02-20 &
other BALUG News
To: aaronco36 <aaronco36(a)sdf.org>, <balug-admin(a)lists.balug.org>
Cc: Rick Moen <rick(a)linuxmafia.com>
+balug-admin(a)lists.balug.org - don't send/cc/bcc to that email if
you're not on that list
Yeah, ... I noticed that too - haven't dug down yet to figure out what happened,
but some list mail went out (or went out again?) very late - like weeks late.
And like I say, haven't dug down to the bottom of it to figure out what happened
yet. "Other than that" didn't notice anything unusual. But ... maybe
some queue
got stuck or some demon that was supposed to be running wasn't, and then
perhaps with some reboot or update or the like, somehow things got unjammed
and/or reprocessed? Still guessing a bit at this point - will need to review
logs and some full headers and other details to figure out what happened.
Anyway, maybe I get to it sometime this weekend(ish) or so. Shouldn't have
happened, but there isn't an "undo" for mail sent, so 'bout best can do with it
is figure out (hopefully) how it happened, and hopefully prevent a
repeat of that.
Possible some queue got stuck or daemon down or crashed or stuck, and I didn't
catch it earlier, and things just got inordinately delayed ... that'd
at least be my first
guess, though there are certainly other possibilities.
And it wasn't just that one BALUG-Announce mail, but a moderate spattering of
mailman and/or exim4 mail that was impacted - all came through at once.
I think I saw about 20 emails or so (most of which were for list admin
or the like)
all come through at or right around the same time.
Anyway, probably answers to be found in the full headers and/or other
log data and such.
On Thu, Mar 14, 2024 at 7:58 PM aaronco36 <aaronco36(a)sdf.org> wrote:
>
> Hello Rick and Michael,
>
> > Quoting aaronco36 (aaronco36(a)sdf.org):
> >
> >> ????
> >> Now ~12:15 PDT (UTC-07:00) on Thursday 2024-03-14.
> >>
> >> aaronco36(at)SDF.org
> >
> > I'm not sure what you're talking about Aaron. The most recent
> > balug-announce posting (this one, from Michael P.:)
> > https://lists.balug.org/pipermail/balug-announce/2024-February/000340.html)
> > really did go out on Tue Feb 20 13:07:36 UTC 2024, not today.
> >
> >
>
> Hmmmm, mystery to me as well :-\
> Perhaps very delayed transmission having something to do with the top pair
> of "Received:" sections dated this morning, below ??
>
> -A
>
> Contents of the Full Header of today's message:
> ~~~~~~~~~~~~~~~~ quoting in full ~~~~~~~~~~~~~~~~~~~~~
>
> Return-Path: <balug-announce-bounces(a)lists.balug.org>
> Received: from balug-sf-lug-v2.balug.org (balug.org [96.86.170.229])
> by mx.sdf.org (8.16.1/8.14.3) with ESMTPS id 42E8VA6p012184
> (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified
> NO)
> for <aaronco36(a)sdf.org>; Thu, 14 Mar 2024 08:31:10 GMT
> Received: from localhost ([127.0.0.1] helo=balug.org)
> by balug-sf-lug-v2.balug.org with esmtp (Exim 4.92)
> (envelope-from <balug-announce-bounces(a)lists.balug.org>)
> id 1rkfsB-0002wb-Me; Thu, 14 Mar 2024 07:51:31 +0000
> Received: from shell1.rawbw.com ([198.144.192.42])
> by balug-sf-lug-v2.balug.org with esmtp (Exim 4.92)
> (envelope-from <Michael.Paoli(a)cal.berkeley.edu>) id 1rcPqS-0002KU-Ko
> for balug-announce(a)lists.balug.org; Tue, 20 Feb 2024 13:07:36 +0000
> Received: from webmail.rawbw.com (mail0.rawbw.com [198.144.192.41])
> by shell1.rawbw.com (8.15.1/8.15.1) with ESMTP id 41KD7ZwB068218;
> Tue, 20 Feb 2024 05:07:35 -0800 (PST)
> (envelope-from Michael.Paoli(a)cal.berkeley.edu)
> X-Authentication-Warning: shell1.rawbw.com: Host mail0.rawbw.com
> [198.144.192.41] claimed to be webmail.rawbw.com
> MIME-Version: 1.0
> Date: Tue, 20 Feb 2024 05:07:35 -0800
> To: BALUG-Announce <balug-announce(a)lists.balug.org>
> Message-ID: <94cc17d1e831608786fb59c3a4eb70a9(a)cal.berkeley.edu>
> X-Sender: Michael.Paoli(a)cal.berkeley.edu
> Received-SPF: none client-ip=198.144.192.42;
> envelope-from=Michael.Paoli(a)cal.berkeley.edu; helo=shell1.rawbw.com
> Subject: [BALUG-Announce] BALUG: meeting TODAY!: Tu 2024-02-20 & other BALUG
> News
> X-BeenThere: balug-announce(a)lists.balug.org
> X-Mailman-Version: 2.1.29
> Precedence: list
> List-Id: Announcements for and by BALUG <balug-announce.lists.balug.org>
> List-Unsubscribe:
> <https://lists.balug.org/cgi-bin/mailman/options/balug-announce>,
> <mailto:balug-announce-request@lists.balug.org?subject=unsubscribe>
> List-Archive: <https://lists.balug.org/pipermail/balug-announce/>
> List-Post: <mailto:balug-announce@lists.balug.org>
> List-Help: <mailto:balug-announce-request@lists.balug.org?subject=help>
> List-Subscribe:
> <https://lists.balug.org/cgi-bin/mailman/listinfo/balug-announce>,
> <mailto:balug-announce-request@lists.balug.org?subject=subscribe>
> From: Michael Paoli via BALUG-Announce <balug-announce(a)lists.balug.org>
> Reply-To: Michael Paoli <Michael.Paoli(a)cal.berkeley.edu>
> Content-Transfer-Encoding: 7bit
> Content-Type: text/plain; charset="us-ascii"; Format="flowed"
> Errors-To: balug-announce-bounces(a)lists.balug.org
> Sender: "BALUG-Announce" <balug-announce-bounces(a)lists.balug.org>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
+balug-admin(a)lists.balug.org - don't send/cc/bcc to that email if
you're not on that list
Yeah, ... I noticed that too - haven't dug down yet to figure out what happened,
but some list mail went out (or went out again?) very late - like weeks late.
And like I say, haven't dug down to the bottom of it to figure out what happened
yet. "Other than that" didn't notice anything unusual. But ... maybe
some queue
got stuck or some demon that was supposed to be running wasn't, and then
perhaps with some reboot or update or the like, somehow things got unjammed
and/or reprocessed? Still guessing a bit at this point - will need to review
logs and some full headers and other details to figure out what happened.
Anyway, maybe I get to it sometime this weekend(ish) or so. Shouldn't have
happened, but there isn't an "undo" for mail sent, so 'bout best can do with it
is figure out (hopefully) how it happened, and hopefully prevent a
repeat of that.
Possible some queue got stuck or daemon down or crashed or stuck, and I didn't
catch it earlier, and things just got inordinately delayed ... that'd
at least be my first
guess, though there are certainly other possibilities.
And it wasn't just that one BALUG-Announce mail, but a moderate spattering of
mailman and/or exim4 mail that was impacted - all came through at once.
I think I saw about 20 emails or so (most of which were for list admin
or the like)
all come through at or right around the same time.
Anyway, probably answers to be found in the full headers and/or other
log data and such.
On Thu, Mar 14, 2024 at 7:58 PM aaronco36 <aaronco36(a)sdf.org> wrote:
>
> Hello Rick and Michael,
>
> > Quoting aaronco36 (aaronco36(a)sdf.org):
> >
> >> ????
> >> Now ~12:15 PDT (UTC-07:00) on Thursday 2024-03-14.
> >>
> >> aaronco36(at)SDF.org
> >
> > I'm not sure what you're talking about Aaron. The most recent
> > balug-announce posting (this one, from Michael P.:)
> > https://lists.balug.org/pipermail/balug-announce/2024-February/000340.html)
> > really did go out on Tue Feb 20 13:07:36 UTC 2024, not today.
> >
> >
>
> Hmmmm, mystery to me as well :-\
> Perhaps very delayed transmission having something to do with the top pair
> of "Received:" sections dated this morning, below ??
>
> -A
>
> Contents of the Full Header of today's message:
> ~~~~~~~~~~~~~~~~ quoting in full ~~~~~~~~~~~~~~~~~~~~~
>
> Return-Path: <balug-announce-bounces(a)lists.balug.org>
> Received: from balug-sf-lug-v2.balug.org (balug.org [96.86.170.229])
> by mx.sdf.org (8.16.1/8.14.3) with ESMTPS id 42E8VA6p012184
> (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified
> NO)
> for <aaronco36(a)sdf.org>; Thu, 14 Mar 2024 08:31:10 GMT
> Received: from localhost ([127.0.0.1] helo=balug.org)
> by balug-sf-lug-v2.balug.org with esmtp (Exim 4.92)
> (envelope-from <balug-announce-bounces(a)lists.balug.org>)
> id 1rkfsB-0002wb-Me; Thu, 14 Mar 2024 07:51:31 +0000
> Received: from shell1.rawbw.com ([198.144.192.42])
> by balug-sf-lug-v2.balug.org with esmtp (Exim 4.92)
> (envelope-from <Michael.Paoli(a)cal.berkeley.edu>) id 1rcPqS-0002KU-Ko
> for balug-announce(a)lists.balug.org; Tue, 20 Feb 2024 13:07:36 +0000
> Received: from webmail.rawbw.com (mail0.rawbw.com [198.144.192.41])
> by shell1.rawbw.com (8.15.1/8.15.1) with ESMTP id 41KD7ZwB068218;
> Tue, 20 Feb 2024 05:07:35 -0800 (PST)
> (envelope-from Michael.Paoli(a)cal.berkeley.edu)
> X-Authentication-Warning: shell1.rawbw.com: Host mail0.rawbw.com
> [198.144.192.41] claimed to be webmail.rawbw.com
> MIME-Version: 1.0
> Date: Tue, 20 Feb 2024 05:07:35 -0800
> To: BALUG-Announce <balug-announce(a)lists.balug.org>
> Message-ID: <94cc17d1e831608786fb59c3a4eb70a9(a)cal.berkeley.edu>
> X-Sender: Michael.Paoli(a)cal.berkeley.edu
> Received-SPF: none client-ip=198.144.192.42;
> envelope-from=Michael.Paoli(a)cal.berkeley.edu; helo=shell1.rawbw.com
> Subject: [BALUG-Announce] BALUG: meeting TODAY!: Tu 2024-02-20 & other BALUG
> News
> X-BeenThere: balug-announce(a)lists.balug.org
> X-Mailman-Version: 2.1.29
> Precedence: list
> List-Id: Announcements for and by BALUG <balug-announce.lists.balug.org>
> List-Unsubscribe:
> <https://lists.balug.org/cgi-bin/mailman/options/balug-announce>,
> <mailto:balug-announce-request@lists.balug.org?subject=unsubscribe>
> List-Archive: <https://lists.balug.org/pipermail/balug-announce/>
> List-Post: <mailto:balug-announce@lists.balug.org>
> List-Help: <mailto:balug-announce-request@lists.balug.org?subject=help>
> List-Subscribe:
> <https://lists.balug.org/cgi-bin/mailman/listinfo/balug-announce>,
> <mailto:balug-announce-request@lists.balug.org?subject=subscribe>
> From: Michael Paoli via BALUG-Announce <balug-announce(a)lists.balug.org>
> Reply-To: Michael Paoli <Michael.Paoli(a)cal.berkeley.edu>
> Content-Transfer-Encoding: 7bit
> Content-Type: text/plain; charset="us-ascii"; Format="flowed"
> Errors-To: balug-announce-bounces(a)lists.balug.org
> Sender: "BALUG-Announce" <balug-announce-bounces(a)lists.balug.org>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>