After months without a solid kook, we finally got a good one! This is a long read but a lot of fun.

From: Greg A. Woods (woods@weird.com)
To: jericho@attrition.org
Date: Thu, 29 Jan 2004 20:05:21 -0800
Subject: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org

The host 'mail.attrition.org' is being used as the target of one or more MX records,
including: 'attrition.org'

        $ host -t mx attrition.org
    attrition.org               MX      0 mail.attrition.org
     *** attrition.org MX host mail.attrition.org is not canonical

Unfortunately as you can see this host is a CNAME (an alias)
for the real host (attrition.org).

This is quite wrong and does cause problems for e-mail sent and received
using the domain attrition.org.

The target domain name of an MX record _MUST_ be a canonical host.
(i.e. a domain name that resolves directly to a valid A record)
(Note this is also true of the target names used in NS records.)

The target domain name of an MX record _MUST_NOT_ be a CNAME.

PLEASE correct this problem as soon as you possibly can!

Mail destined to this host really is bouncing now, or has recently,
bounced because of this problem.  No kidding.  Fix your DNS!

As the Men & Mice DNS servey report says:

    MX record refers to a CNAME record instead of an A record

    Effect:  This can cause mail delivery problems.  Some mail servers
    will understand this, but some will not.  In essence, some mail will
    arrive and some will not, and the zone administrator may never notice
    this fact.

Note that an SMTP mailer _MUST_ report invalid MX records as errors.

    If MX records are present, but none of them are usable, this
    situation MUST be reported as an error.

Please see RFC 2821 Sect. 5, RFC 1035 (3.3.9), and RFC 2181 (10.3)
for the full details.

Please note that it does not matter whether the errant MX in question is one
of secondary ones or not -- you can never predict when some remote client
may find it to be the only one it can reach.  Please also remember that an
SMTP mailer must report invalid MX records as errors -- i.e. bounce messages
that have addresses with domains with invalid MX records.

For the simple cases I suggest changing the mail.attrition.org record to be
an A record, and adding another new PTR for it in the appropriate
reverse zone too of course.

If you have any other invalid MX records in any other zones then I
strongly suggest you fix them as soon as possible as well!

Note:  This message has been sent to the following addresses:

    hostmaster@KaosOL.net
    hostmaster@[66.80.146.7]
    hostmaster@attrition.org
    hostmaster@mail.attrition.org
    jericho@kaosol.net
    postmaster@[66.80.146.7]
    postmaster@attrition.org
    postmaster@mail.attrition.org
    root@wkeys.com

Please verify that _all_ of these addresses work properly!

They have been derived from the related DNS and ARIN WHOIS records
for these domains, hosts, and their addresses, and as such they are
all _REQUIRED_ to work properly!  If you feel one or more of these
addresses should not have received this message then you need to update
your contact information to reflect this desire.

If you feel you got too many copies of this notice, especially to the
same mailbox, then please consider switching to a mailer (reader or
transport as appropriate) that suppresses multiple copies.

-- 
                                                Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack (woods@robohack.ca)
Planix, Inc. (woods@planix.com)          Secrets of the Weird (woods@weird.com)


Now at this point, most people may think we have a techie geek type who really is interested in helping other domains. Before I could reply to him, I was warned by Cancer Omega that he had gotten into a spat a few years ago with the very same Greg A. Woods over something like this. CO had written a utility that network admins could install that would monitor for Code Red and Nimda intrusion attempts. Old Greg apparently ran a network that had infected machines and he received an automatic notification from the tool warning him of this. Rather than clean the infected machine and move on, he decides to mail Jay and bitch about it, quote obscure RFCs that have nothing to do with the incident, and be an ass in general.

Cancer Omega indicated this mail was very likely sent as a form of low key harassment and nothing more. Since I know Comega and I don't know this jackhole, you can probably guess who I would believe. Add to that the fact his original mail is screaming of falling skies over the most trivial of issues, and that his mail is FULL of little inconsistancies which support Comega's comments.. and let the fun begin.

From: security curmudgeon (jericho@attrition.org)
To: Greg A. Woods (woods@weird.com), abuse@planix.com
Cc: Jon Klein (klein@wkeys.com), Jay Dyson (jdyson@treachery.net), andreas@planix.com, peter.0101@planix.com
Date: Fri, 30 Jan 2004 00:34:23 -0500 (EST)
Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org


Jon Klein: Could you verify if you received Mr. Woods' email sent to
           root@wkeys.com since he is concerned about our mail records?

Planix: One of your employees is sending us glorified form mail that
        indirectly suggests that your company are experts at DNS while we
        are not. This is essentially a commercial solicitation and not
        wanted. Based on Mr. Woods response (or lack their of), we may be
        reporting you to your upstream ISP and relevant parties that track
        UCE.

: The host 'mail.attrition.org' is being used as the target of one or more
: MX records, including: 'attrition.org'
:
:       $ host -t mx attrition.org
:     attrition.org             MX      0 mail.attrition.org
:      *** attrition.org MX host mail.attrition.org is not canonical
:
: Unfortunately as you can see this host is a CNAME (an alias) for the
: real host (attrition.org).
:
: This is quite wrong and does cause problems for e-mail sent and received
: using the domain attrition.org.

So far I don't notice any problems related to this. Since 07-Oct-1998 the
only mail problems we have had (which account for probably 0.001% of our
time) were due to other problems that we diagnosed after the fact. In over
five years, you are the first to experience problems with this and notify
us.

: The target domain name of an MX record _MUST_NOT_ be a CNAME.

This makes it sound very serious, but I have to wonder if five years of
basically no mail problems offers evidence that it is a nice
recommendation, but not a MUST HAVE?

: PLEASE correct this problem as soon as you possibly can!
:
: Mail destined to this host really is bouncing now, or has recently,
: bounced because of this problem.  No kidding.  Fix your DNS!

It has? Can you send me a copy of the bounce w/ headers so I can see?

:     Effect:  This can cause mail delivery problems.  Some mail servers
:     will understand this, but some will not.  In essence, some mail will
:     arrive and some will not, and the zone administrator may never notice
:     this fact.

This is interesting, but please let me jump ahead in your email. You sent
this to *NINE* e-mail addresses and then justify your actions with the
following:

  If you feel you got too many copies of this notice, especially to the
  same mailbox, then please consider switching to a mailer (reader or
  transport as appropriate) that suppresses multiple copies.

So if your solution to avoid reading the same mail 9 times is to "use a
reader that suppresses multiple copies", I submit to you that you may use
mail software that recognizes our DNS records since according to your own
citations, "some mail servers will understand this, but some will not".
Further, since my first hand experience tells me that over 99.9% of mail
servers handle this without a problem, I further submit to you that your
sending me nine copies and suggesting my mail reader be one that
"suppressess multiple copies" is much more troublesome. You certainly
wouldn't be very good on the anti-spam front.

: For the simple cases I suggest changing the mail.attrition.org record to
: be an A record, and adding another new PTR for it in the appropriate
: reverse zone too of course.

Since you already contacted both of my DNS servers, I will let them
determine the best course of action. One of them has already asked
me to relay an obscene message involving your tongue and his ass.
Hopefully the other replies too.

: Note:  This message has been sent to the following addresses:

Ok... before we get to that, let's refresh our memory here on what you
said above:

  Mail destined to this host really is bouncing now, or has recently,
  bounced because of this problem.  No kidding.  Fix your DNS!

So at least one of the following test addresses should bounce.

:     hostmaster@KaosOL.net

I'll have to ask the admin if he received the mail. Did you get a bounce?

:     hostmaster@[66.80.146.7]

Received: from fractal.kaosol.net (fractal.kaosol.net [66.151.160.11])
        by forced.attrition.org (8.11.6/3.8.9) with ESMTP id i0U4iZC18762
        for (hostmaster@[66.80.146.7]); Thu, 29 Jan 2004 23:44:35 -0500
Message-Id: (2YOKRPC0FBB664JD1QK05BRL31HDKI.4019ef46@smoof)
Subject: kook1-Fwd: NOTICE! VERY IMPORTANT DNS problem with attrition.org

:     hostmaster@attrition.org

Received: from fractal.kaosol.net (fractal.kaosol.net [66.151.160.11])
        by forced.attrition.org (8.11.6/3.8.9) with ESMTP id i0U4iwC18774
        for (hostmaster@attrition.org); Thu, 29 Jan 2004 23:44:58 -0500
Message-Id: (JEZTJDA7KGNK51PNCAMHRQA5KWU32HD.4019ef5c@smoof)
Subject: kook2-Fwd: NOTICE! VERY IMPORTANT DNS problem with attrition.org

:     hostmaster@mail.attrition.org

Received: from fractal.kaosol.net (fractal.kaosol.net [66.151.160.11])
        by forced.attrition.org (8.11.6/3.8.9) with ESMTP id i0U4jOC18870
        for (hostmaster@attrition.org); Thu, 29 Jan 2004 23:45:29 -0500
Received: from smoof (p130.atm.dyn.kaosol.net [66.151.161.130])
        by fractal.kaosol.net (8.12.8/8.12.7) with SMTP id i0U4j9Ih022154
        for (hostmaster@mail.attrition.org); Thu, 29 Jan 2004 21:45:09 -0700 (MST)
Message-Id: (ICXWIFVRUPRPVPQKOM8B71WQJICAWQ.4019ef77@smoof)
Subject: kook3-Fwd: NOTICE! VERY IMPORTANT DNS problem with attrition.org

:     jericho@kaosol.net

Received:
from proven.weird.com (proven.weird.com [204.92.254.15]) by
fractal.kaosol.net (8.12.8/8.12.7) with ESMTP id i0TKNVIh024180; Thu, 29
Jan 2004 13:23:32 -0700 (MST)

:     postmaster@[66.80.146.7]

Received: from fractal.kaosol.net (fractal.kaosol.net [66.151.160.11])
        by forced.attrition.org (8.11.6/3.8.9) with ESMTP id i0U4jdC18887
        for (postmaster@[66.80.146.7]); Thu, 29 Jan 2004 23:45:40 -0500
Message-Id: (Q3VC0A5JFNIWQPHFPLSQS05EBW2Z.4019ef86@smoof)
Subject: kook4-Fwd: NOTICE! VERY IMPORTANT DNS problem with attrition.org

:     postmaster@attrition.org

Received: from fractal.kaosol.net (fractal.kaosol.net [66.151.160.11])
        by forced.attrition.org (8.11.6/3.8.9) with ESMTP id i0U4k3C18907
        for (postmaster@attrition.org); Thu, 29 Jan 2004 23:46:03 -0500
Message-Id: (P4264WSLIKHGEC072JFMKC04ZEDEA84.4019ef9d@smoof)
Subject: kook5-Fwd: NOTICE! VERY IMPORTANT DNS problem with attrition.org

:     postmaster@mail.attrition.org

Received: from fractal.kaosol.net (fractal.kaosol.net [66.151.160.11])
        by forced.attrition.org (8.11.6/3.8.9) with ESMTP id i0U4kGC18927
        for (postmaster@attrition.org); Thu, 29 Jan 2004 23:46:16 -0500
Received: from smoof (p130.atm.dyn.kaosol.net [66.151.161.130])
        by fractal.kaosol.net (8.12.8/8.12.7) with SMTP id i0U4k0Ih022204
        for (postmaster@mail.attrition.org); Thu, 29 Jan 2004 21:46:00 -0700 (MST)
Message-Id: (3ZK43F0JFXWSQLGURPORPVQLGOKXS.4019efaa@smoof)
Subject: kook6-Fwd: NOTICE! VERY IMPORTANT DNS problem with attrition.org

:     root@wkeys.com

I'll definitely ask if the Wkeys staff got it as well.

: Please verify that _all_ of these addresses work properly!

Well, that was an interesting test. Pine only displayed two of the
messages you sent to the six related addresses. I'm guessing our MTA
suppressed multiple copies since when I altered the subject line a tad,
all six copies came through without a problem. All of the addresses seem
to be working just fine.

I am curious however, why you mailed hostmaster@kaosol.net and not
root@treachery.net about these problems. Any explanation why you missed an
important address related to our DNS records? KaosOL only provides NIC
record service for us, while treachery is actually a DNS server
controlling our DNS records.

: They have been derived from the related DNS and ARIN WHOIS records for
: these domains, hosts, and their addresses, and as such they are all
: _REQUIRED_ to work properly!  If you feel one or more of these addresses
: should not have received this message then you need to update your
: contact information to reflect this desire.

This is sounding a lot like a form letter. Further, your signature
includes a company name. Checking your web page (which doesn't work
unless i put in "www.") it says:

 The Company

 Planix is a partnership specializing in networking and Unix system
 administration

This leads me to believe that you are spamming various domains with DNS
records that don't match certain RFC standards, counting on them to
consult with you to fix them. In short, this is UCE (Unsolicited
Commercial E-mail, aka spam). Since you mailed multiple addresses by your
own admission, you include a company name and web site, suggest that we
are doing something wrong and you are qualified to fix it, and don't
provide an opt-out link, this mail violates the recent CAN-SPAM act and
subjects you to criminal penalties if you live in the US. However, since
you appear to be based in Canada, i'd have to research the SPAM laws of
Canada and see how they apply to you. If there is any doubt about this, we
can read the last line of your mail:

: If you feel you got too many copies of this notice, especially to the
: same mailbox, then please consider switching to a mailer (reader or
: transport as appropriate) that suppresses multiple copies.

This is a standard type of pre-emptive warning spammers use to justify
sending so many copies of their mail. I'd imagine that like most spammers,
you are new to this whole "internet thing" since you opted to mail this to
nine addresses, instead of following a fairly accepted chain of command
for such problems, thta begin with one or two addresses on the offending
site. When that doesn't work, you send it to a few others and CC any
related addresses such as the upstream ISP or in this case, the
administrators of the DNS servers (which you should have pulled out of
whois records).

In the mean time, i'll go ahead and send over the copies of your mail to
the egate.net and nac.net abuse admins and let them know they are
providing services to clever spammers.

--

Cliff notes: Answer the following questions or I will consider this e-mail
nothing but clever spam.

1. Why didn't you contact treachery.net (since you contacted wkeys.com)?

2. Where is a copy of mail (with headers) showing these DNS records caused
   a bounce (since you clearly said it IS causing problems)?

If you opt not include all of the details I have been made aware of
regarding issue #1, or if you can not provide a copy of bounced mail
showing this problem is legitimate, this will guarantee my suspicions that
this is nothing but cleverly worded spam.

Brian


From: Mail Delivery Subsystem (MAILER-DAEMON)
To: jericho@attrition.org
Date: Fri, 30 Jan 2004 00:37:30 -0500
Subject: Returned mail: see transcript for details

The original message was received at Fri, 30 Jan 2004 00:34:23 -0500
from jericho@localhost

   ----- The following addresses had permanent fatal errors -----
(woods@weird.com)
    (reason: 501-fatal error while validating 'HELO' host name 'forced.attrition.org'.)

   ----- Transcript of session follows -----
... while talking to mail.weird.com.:
>>> HELO forced.attrition.org
<<< 501-fatal error while validating 'HELO' host name 'forced.attrition.org'.
<<< 501-connection rejected from forced.attrition.org remote address [66.80.146.7].
<<< 501-Reason given was:
<<< 501   there are no DNS A records for the hostname 'forced.attrition.org'
554 5.0.0 Service unavailable


From: security curmudgeon (jericho@kaosol.net)
To: Greg A. Woods (woods@weird.com)
Date: Thu, 29 Jan 2004 23:17:31 -0800
Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org

Since weird.com is the only system in the world that has ever bounced
mail due to this issue.. since mail to other planix.com addresses
happily accepted my mail.. I assume this is some personal crusade or
some techno geeklust for the most strict of RFC compliant systems. Anyway,
since you made it a point to bounce mail from horrible broken evil systems
like attrition.org, figured i'd give you a chance to reply by mailing from
here to explain your spam before I forward it on.

[copy of last mail]


From: Greg A. Woods (woods@weird.com)
To: security curmudgeon (jericho@attrition.org)
Date: Fri, 30 Jan 2004 16:19:55 -0500 (EST)
Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org

I just knew you'd be one of those types who responded with such a poorly
considered complaint as you have.  I could just see it coming when I
first send that message to you.  :-)

[ On Thursday, January 29, 2004 at 23:17:31 (-0800), security curmudgeon wrote: ]
: Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org
:
: Since weird.com is the only system in the world that has ever bounced
: mail due to this issue.

Actually it wasn't weird.com that bounced the mail.  I monitor mailer
logs for many of my clients and I help them (sometimes proactively, as
in this case) to deal with errors and other issues.

: So far I don't notice any problems related to this.

Well, how could you -- it can't affect you directly.  You're only on the
end of a communications link that never gets established in the first
place because of this problem.

: It has? Can you send me a copy of the bounce w/ headers so I can see?

Sorry, I can't do that.  I only monitor mailer logs to find errors such
as this.

: So if your solution to avoid reading the same mail 9 times is to "use a
: reader that suppresses multiple copies",

Well, that's part of it -- but the other part is that I'm intelligent in
how I arrange various contact addresses to be configured.

: So at least one of the following test addresses should bounce.
: 
: :     hostmaster@KaosOL.net
: 
: I'll have to ask the admin if he received the mail. Did you get a bounce?

Damned if I know -- I've processed many thousands of bounces over the
past few days.  I could try to find it in my incoming logs, but what's
the point?

: Well, that was an interesting test. Pine only displayed two of the
: messages you sent to the six related addresses. I'm guessing our MTA
: suppressed multiple copies

You're "guessing"!?!?!?!  You mean you don't know?  HAH HAH HAH!  ROTFL!

: since when I altered the subject line a tad,
: all six copies came through without a problem.

That's probably got more to do with your MUA than your MTA.  Of course
if you read your mailer logs as you should have in the first place then
you'd already know that.

: I am curious however, why you mailed hostmaster@kaosol.net and not
: root@treachery.net about these problems. Any explanation why you missed an
: important address related to our DNS records? KaosOL only provides NIC
: record service for us, while treachery is actually a DNS server
: controlling our DNS records.

I send mail to the SOA contact address (root@wkeys.com), and to the
hostmaster and postmaster of the domain involved and its MX target host
(er, CNAME), using both the proper domain form as well as the domain
literal IP address form.  For domains which have reasonably
easy-to-parse WHOIS records, such as .org and .ca, I also send mail to
the addresses given in those records, thus (jericho@kaosol.net) and
(hostmaster@KaosOL.net)

You might be surprised at how many domains don't have a working
"hostmaster" alias, and I was surprised by how many mailers don't know
their own hostnames.  I wasn't so surprised by how many mailers refuse
domain literals, though this has exacerbated my efforts somewhat.

: In the mean time, i'll go ahead and send over the copies of your mail to
: the egate.net and nac.net abuse admins and let them know they are
: providing services to clever spammers.

You obviously don't know very much about tracing the source of an
e-mail.  ;-)

paul@egate.net will get a good chuckle, especially since he has nothing
to do with weird.com, but I doubt anyone at nac.net will even bother to
read your message.

(and I don't think there's anyone at whiznet to even read your mail, if
you ever do figure out that's where you should have sent your whining.
They have some automated accounting system that manages to take my money
every month, but they've still been bleeding support staff like there's
no tomorrow -- and there very well may not be, for them ;-)

: 1. Why didn't you contact treachery..net (since you contacted wkeys.com)?

Why would I contact a secondary nameserver?  They're not responsible for
your DNS -- _you_ are.  :-)

: 2. Where is a copy of mail (with headers) showing these DNS records caused
:    a bounce (since you clearly said it IS causing problems)?

Sorry, my client's mailer logs are their private information.  Since
you've been so bloody-minded about this I'm not even going to give you a
hint about their domain name.

(of course this particular incident was no doubt sparked off by some
lame luser with a worm-infested PC, but never the less....)

-- 
                                                Greg A. Woods


From: security curmudgeon (jericho@attrition.org)
To: Greg A. Woods (woods@weird.com)
Date: Fri, 30 Jan 2004 23:53:50 -0500 (EST)
Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org

: I just knew you'd be one of those types who responded with such a poorly
: considered complaint as you have.  I could just see it coming when I
: first send that message to you.  :-)

Which confirms suspicion that you mailed only to provoke, not help. Given
your first mail to me, I really don't understand how you imagine yourself
somehow better than me when it comes to this thread. The only thing that
made it more interesting than the usual "CANCEL MY A0L ACCOUNT" message
was you could spell words correctly.

: : So far I don't notice any problems related to this.
:
: Well, how could you -- it can't affect you directly.  You're only on the
: end of a communications link that never gets established in the first
: place because of this problem.

Are you really this dense? I might notice when someone mails me from an
alternate network to complain about not being able to mail from the first
place they tried. Or, presumably the same type of situation that lead you
to mail me. Oh wait, technical and DNS issues had nothing to do with you
mailing us.

: : It has? Can you send me a copy of the bounce w/ headers so I can see?
:
: Sorry, I can't do that.  I only monitor mailer logs to find errors such
: as this.

Great, send me some logs so I can get a feel for how often this is
happening. Oh wait, those are going to be private aren't they?

: : I'll have to ask the admin if he received the mail. Did you get a
: : bounce?
:
: Damned if I know -- I've processed many thousands of bounces over the
: past few days.  I could try to find it in my incoming logs, but what's
: the point?

Exactly, the point is you had no intention of trying to help us in any
way. You were more focused on a poor attempt at harassment.

: : Well, that was an interesting test. Pine only displayed two of the
: : messages you sent to the six related addresses. I'm guessing our MTA
: : suppressed multiple copies
:
: You're "guessing"!?!?!?!  You mean you don't know?  HAH HAH HAH!  ROTFL!

I'll try to make the sarcasm a tad more obvious next time.

: : since when I altered the subject line a tad,
: : all six copies came through without a problem.
:
: That's probably got more to do with your MUA than your MTA.  Of course
: if you read your mailer logs as you should have in the first place then
: you'd already know that.

Duck and cover! Evade! Point is, the mail worked fine.

: You might be surprised at how many domains don't have a working
: "hostmaster" alias, and I was surprised by how many mailers don't know
: their own hostnames.  I wasn't so surprised by how many mailers refuse
: domain literals, though this has exacerbated my efforts somewhat.

Want to tell me the real reason you didn't mail treachery.net?

: : 1. Why didn't you contact treachery..net (since you contacted
: : wkeys.com)?
:
: Why would I contact a secondary nameserver?  They're not responsible for
: your DNS -- _you_ are.  :-)

By that logic, you shouldn't have contacted wkeys.com then. And if
wkeys.com disappears, doesn't treachery kick in? If not, what's the
purpose of a secondary DNS server?

Evade! Dodge!

: : 2. Where is a copy of mail (with headers) showing these DNS records caused
: :    a bounce (since you clearly said it IS causing problems)?
:
: Sorry, my client's mailer logs are their private information.  Since
: you've been so bloody-minded about this I'm not even going to give you a
: hint about their domain name.

Wow, didn't see that one coming. (That's sarcasm)

: (of course this particular incident was no doubt sparked off by some
: lame luser with a worm-infested PC, but never the less....)

From our perspective, this whole incident was sparked by a luser, that is
for sure.


From: Greg A. Woods (woods@weird.com)
To: security curmudgeon (jericho@attrition.org)
Date: Sat, 31 Jan 2004 13:03:57 -0500 (EST)
Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org

[ On Friday, January 30, 2004 at 23:53:50 (-0500), security curmudgeon wrote: ]
: Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org
:
: Which confirms suspicion that you mailed only to provoke, not help.

You obviously don't want any help.

I was guessing that would be the case given what prior knowledge I had
of you and your domain, but it's been worth the entertainment anyway.  :-)

: : : 1. Why didn't you contact treachery..net (since you contacted
: : : wkeys.com)?
: :
: : Why would I contact a secondary nameserver?  They're not responsible for
: : your DNS -- _you_ are.  :-)
: 
: By that logic, you shouldn't have contacted wkeys.com then.

You really aren't able to pay attention, are you?

If you had wanted me to contact (hostmaster@treachery.net) then you
would have arranged to have that address listed as one of your domain
contacts.  I only did what you told me to do, even though you clearly
didn't understand what you were telling me, nor that you were in fact
telling me (and everyone else), and apparently still don't.

-- 
                                                Greg A. Woods


He obviously forgets that attrition.org whois records don't mention or list any address at wkeys.com either. They list both wkeys.com and treachery.net as DNS servers, nothing more.

From: security curmudgeon (jericho@attrition.org)
To: Greg A. Woods (woods@weird.com)
Date: Sat, 31 Jan 2004 14:22:56 -0500 (EST)
Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org


: : Which confirms suspicion that you mailed only to provoke, not help.
:
: You obviously don't want any help.

From someone branded a net kook, who only mailed us for harassment and
entertainment? No, we don't want that "help".

Too bad you still won't come clean about why you really mailed. Do you
think there is no communication between treachery.net and us or something?

: I was guessing that would be the case given what prior knowledge I had
: of you and your domain, but it's been worth the entertainment anyway.
: :-)

I guess we were both warned.

: You really aren't able to pay attention, are you?

You really aren't able to follow simple logic, are you?


From: Greg A. Woods (woods@weird.com)
To: security curmudgeon (jericho@attrition.org)
Date: Sat, 31 Jan 2004 22:43:18 -0500 (EST)
Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org

[ On Saturday, January 31, 2004 at 14:22:56 (-0500), security curmudgeon wrote: ]
: Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org
:
: Too bad you still won't come clean about why you really mailed.

Well you fixed your DNS so I guess you must actually know why I sent you
that notice.  BTW, Thanks!  ;-)

: Do you
: think there is no communication between treachery.net and us or something?

You've been extremely predictable (which unfortunately has detracted
somewhat from your entertainment value), but this is one thing I don't
quite get.

Why do you think I should have contacted anyone at treachery.net?

What do you think your previously broken MX record, or your primary DNS,
or your WHOIS information, has to do with treachery.net?

Nothing in any of that suggested treachery.net would be even remotely
able to make the fixes I suggested.

Ah, I know!  You're just trying (now unsuccessfully) to goad me on!

-- 
                                                Greg A. Woods


From: security curmudgeon (jericho@attrition.org)
To: Greg A. Woods (woods@weird.com)
Date: Sat, 31 Jan 2004 23:41:10 -0500 (EST)
Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org

: Well you fixed your DNS so I guess you must actually know why I sent you
: that notice.  BTW, Thanks!  ;-)

Oh you are most welcome. I am sure this will help you in your daily e-mail
and dealing with attrition.org! And of course I didn't fix it, the people
who handle my DNS did.

: You've been extremely predictable (which unfortunately has detracted
: somewhat from your entertainment value), but this is one thing I don't
: quite get.

Ok simple logic.. read the above..

: Ah, I know!  You're just trying (now unsuccessfully) to goad me on!

.. and this.

If you predicted I would keep asking about treachery.net, then you clearly
know why I am asking, else it would be completely arbitrary to keep
mentioning that specific site and I would never insist on you coming clean
about your real intentions. You are so entirely transparent here.

--

I'm not trying to goad you. I'm trying to get you to admit a very basic
truth to all of this, but you are apparently too dense to realize that I
was warned about you and informed of your past "conflict" with certain
people at treachery.net. Since you never mail us, I can't imagine you
would have any interest in our MX records unless you thought that pointing
it out (due to our connection to treachery.net) was some way to get back
at him, attempt to give us grief indirectly, or some other childish
notion. Your first mail was written like those junior admins who found a
little quirk in a system and were jerking off furiosly while typing a mail
to the senior admin to prove they were indeed "Alpha" material. GOOD JOB
GREG! YOU SUCH A GOOD BOY! SO PROUD OF YOU!!

It's ok though Greg, you are just as predictable as me it seems. And since
I am so predictable, what will I do next? Put all of this up on Postal,
block mail from weird.com, or 'all of the above'? I know, let's cut out
the back and forth games since your intentions were clear, you likely got
showed up by Dyson (and others), and are still holding a now 2 year grudge
(or is it 3?) Either way it's pretty pathetic.


From: Greg A. Woods (woods@weird.com)
To: security curmudgeon (jericho@attrition.org)
Date: Sun, 1 Feb 2004 13:29:11 -0500 (EST)
Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org

You are _way_ too paranoid.  You should get that looked at.  It'll be
the end of you some day.

-- 
                                                Greg A. Woods

From: security curmudgeon (jericho@attrition.org)
To: Greg A. Woods (woods@weird.com)
Date: Sun, 1 Feb 2004 14:32:56 -0500 (EST)
Subject: Re: NOTICE! VERY IMPORTANT DNS problem with attrition.org and mail.attrition.org

: You are _way_ too paranoid.  You should get that looked at.  It'll be
: the end of you some day.

Denial. Look it up.


Feb  2 14:07:28 forced sendmail[3711]: i12J7MC03711: ruleset=check_relay,
arg1=proven.weird.com, arg2=204.92.254.15,
relay=IDENT:0FB6s70478qdpZEbH6c+z33RlTa1zRcFiNw4OkebrCCBmM+ipWormwdZ7dQW
+atdCVMMEQmaeQNm6K9tkda7wg@proven.weird.com
[204.92.254.15], reject=553 5.3.0 - 550 NOTICE VERY IMPORTANT if you are
reading this,you predicted wrong

Feb  2 17:00:19 forced sendmail[12733]: i12M0JC12733: ruleset=check_relay,
arg1=most.weird.com, arg2=204.92.254.2,
relay=IDENT:QMsaebD+YFAOezevfeqVdYJ2zP+mCGhbLlLYBYB8QCM2QiKTbuHn433KMkfSJz
LF80pvUDDNvdnrzLRm48C8ew@most.weird.com
[204.92.254.2], reject=553 5.3.0 - 550 NOTICE VERY IMPORTANT if you are
reading this,you predicted wrong

Guess I wasn't as predicatable as he thought.


main page ATTRITION feedback