NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p11 was released on 27 February 2018. It addresses 2 low-/medium-, 1 informational-/medium-, and 2 low-severity security issues in ntpd, 1 medium-severity security issue in ntpq, and provides over 65 non-security bugfixes and other improvements over 4.2.8p10.

Please see the NTP Security Notice for vulnerability and mitigation details.

---

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

• Enforcing various SMTP RFC standards within our mail server
  • Including Greeting Delay
• IP address or domain-name based "black lists"
  • This includes dynamic DNS-based black lists as well as static black lists that we maintain internally
• greylisting
• Reverse DNS checks
• Rule-based filtering
• Statistical filtering
• And others

However, there are also certain anti-spam techniques we do not use, as we believe that they risk causing more harm than good. The harmful techniques we avoid include:

• SMTP Callback Verification
• Challenge/Response Systems
  • For example, we do not use TMDA
• Fake MX Records
  • Or any variants thereof, including nolisting
• Country-based Filtering
• SPF
• DKIM
• And others

See MailingLists for additional anti-spam measures that are applied for the mailing lists hosted at ntp.org.

Please contact the Postmaster Services Team if you have any questions about our anti-spam methods. In addition, if you have any suggestions for methods that are not shown above, please let us know.

-- BradKnowles - 21 Dec 2007