On Wed, Oct 18, 2023 at 10:17:52PM +0200, Markus Ueberall wrote:
> On 18.10.23, 22:11 Markus Ueberall wrote via Postfix-users:
> > I just tried an explicit "_25._tcp" CNAME as suggested above (using the
> > shared RRset) /alongside/ the existing "*._tcp" CNAME which I did not
> > want to
On 18.10.23, 22:11 Markus Ueberall wrote via Postfix-users:
I just tried an explicit "_25._tcp" CNAME as suggested above (using
the shared RRset) /alongside/ the existing "*._tcp" CNAME which I did
not want to remove/replace for one domain ("D1") while keeping my
aforementioned setup for a
On 17.10.23, 18:42 Viktor Dukhovni wrote via Postfix-users:
On Tue, Oct 17, 2023 at 05:47:11PM +0200, Markus Ueberall via Postfix-users
wrote:
For the record: I stumbled across this a couple of days ago when I received
a message on LinkedIn telling me that a number of e-mails sent via
On Tue, Oct 17, 2023 at 12:42:39PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> > [...] it took a while to realize that the above "STARTTLS,QUIT"
> > behaviour is due to the fact that said outbound systems do not like to come
> > across non-matching TLSA entries (for other certificates used
On Tue, Oct 17, 2023 at 05:47:11PM +0200, Markus Ueberall via Postfix-users
wrote:
> On 17.08.23, 01:48 Viktor Dukhovni wrote via Postfix-users:
> > So far, the pattern of Microsoft's outbound systems disconnecting
> > immediately after a completed TLS handshake strongly correlates with a
> >
On 17.08.23, 01:48 Viktor Dukhovni wrote via Postfix-users:
So far, the pattern of Microsoft's outbound systems disconnecting
immediately after a completed TLS handshake strongly correlates with a
broken TLSA setup.
For the record: I stumbled across this a couple of days ago when I
received a
On Wed, Aug 16, 2023 at 06:22:28PM -0400, pgnd via Postfix-users wrote:
> not exactly the same issue to my read, but there may be more to it?
As suspected, the OP has an incomplete DANE TLSA RRset that fails to
match the system's RSA certificate (the additional ECDSA certifcate does
match, but
There is currently a similar thread on "mailop" mailing list about
connections from MS to *submission* ports, that connect, do valid AUTH
(using proper credentials!) and then hang up.
People in that thread suspect that this behavior might be associated with
connections from Outlook mobile app
Dnia 15.08.2023 o godz. 16:14:58 pgnd via Postfix-users pisze:
> they come in frequent waves of ~5-10 from countless different outlook.com
> hosts -- but, so far, these waves (and totals) are ONLY from outlook.com
> -- getting by postscreen cache after expire with "PASS NEW".
>
> i never receive
On Wed, Aug 16, 2023 at 02:07:39PM +, Serg wrote:
> Thanks for pointing this out, I forgot to update it when migrating from RSA
> to ECC certificate.
It seems you don't have monitoring in place that checks the correctness
of your TLSA records vis-à-vis your certificate chain. Monitoring is
On 8/16/23 13:55, Viktor Dukhovni via Postfix-users wrote:
There's good reason for that, your MX host has DANE TLSA records that
don't match its certificate chain:
Thanks for pointing this out, I forgot to update it when migrating from RSA to
ECC certificate.
On 8/16/23 13:55, Viktor
On Wed, Aug 16, 2023 at 10:56:07AM +, Serg via Postfix-users wrote:
> I have checked email server of mine and can confirm I am seeing that too
> (logs are since Aug 13 03:50:38 EEST):
>
> > admin@flopster ~ $ sudo grep -e .outbound.protection.outlook.com
> > /var/log/mail.log | grep 'ehlo=1
On Wed, Aug 16, 2023 at 09:12:44AM -0400, pgnd via Postfix-users wrote:
> 4 0.321516 192.0.2.25 → 52.101.62.16 SMTP 121 S: 220
> mx1.example.net ESMTP .
Your server's hostname and served domains continue to be hidden. Are
you perhaps willing and able to post those details?
BTW I explicitly allow mail from their IP ranges at postscreen level:
...
#outlook.com
40.92.0.0/15permit
40.107.0.0/16 permit
52.100.0.0/14 permit
104.47.0.0/17 permit
they published some more ranges but when I checked, I haven't noticed mail from
I have checked email server of mine and can confirm I am seeing that too (logs
are since Aug 13 03:50:38 EEST):
admin@flopster ~ $ sudo grep -e .outbound.protection.outlook.com
/var/log/mail.log | grep 'ehlo=1 starttls=1 quit=1 commands=3' | tail
Aug 16 13:47:34 flopster postfix/smtpd[23237]:
Le 15/08/2023 à 23:12, Viktor Dukhovni via Postfix-users a écrit :
On Tue, Aug 15, 2023 at 04:14:58PM -0400, pgnd via Postfix-users wrote:
2023-08-14T13:11:53.782611-04:00 svr01 postfix/postscreen[27910]: CONNECT from
[52.101.56.17]:32607 to [209.123.234.54]:25
On Tue, Aug 15, 2023 at 04:14:58PM -0400, pgnd via Postfix-users wrote:
2023-08-14T13:11:53.782611-04:00 svr01 postfix/postscreen[27910]: CONNECT from
[52.101.56.17]:32607 to [209.123.234.54]:25
2023-08-14T13:11:59.860098-04:00 svr01 postfix/postscreen[27910]: PASS NEW
[52.101.56.17]:32607
On Tue, Aug 15, 2023 at 05:12:53PM -0400, Viktor Dukhovni via Postfix-users
wrote:
> > 2023-08-14T13:12:00.131049-04:00 svr01
> > postfix/postscreen-internal/smtpd[27907]: disconnect from
> > mail-eastus2azon11020017.outbound.protection.outlook.com[52.101.56.17]
> > ehlo=1 starttls=1 quit=1
OK mail from outlook does make it's way thru; e.g., since Monday,
xzegrep "250 2.0.0 Queued as.*outbound.protection.outlook.com"
/var/log/postfix/postfix.log | wc -l
4343
Isn't that outbound mail*to* Microsoft-hosted domains? I wouldn't
expect that to appear in logs of incoming
There is no protection you can add to prevent this
fair enuf
other than firewalling them completely.
the wishful-thinking of fw'ing MS's entire ASN has crossed my mind more than
once ;-)
Why do they do this? Only they know.
if they do, they certainly don't respond to @support/etc
On Tue, Aug 15, 2023 at 04:14:58PM -0400, pgnd via Postfix-users wrote:
> 2023-08-14T13:11:53.782611-04:00 svr01 postfix/postscreen[27910]: CONNECT
> from [52.101.56.17]:32607 to [209.123.234.54]:25
> 2023-08-14T13:11:59.860098-04:00 svr01 postfix/postscreen[27910]: PASS NEW
>
On 8/15/2023 3:14 PM, pgnd via Postfix-users wrote:
my "BFFs" @ M$'s *.outlook.com have decided over the last month or
so to send many 10K's of these
2023-08-14T13:11:53.782611-04:00 svr01
postfix/postscreen[27910]: CONNECT from [52.101.56.17]:32607 to
[209.123.234.54]:25
22 matches
Mail list logo