> From: "L. Mark Stone"
> FWIW, for a while now we have been outright blocking all email from any
> subdomain of onmicrosoft.com
> If anyone has an example of how what we are doing would lead to a false
> positive, I would be grateful to know please.
One of my 3500 customers uses email address
> From: Slavko
I'm curious: do you get many legitimate connections to tls_on_connect port 465
(instead of STARTTLS 587)?
Do you tell your users how to use 587, 465 or both?
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailo
> You will still run into a fair number of systems that still see % as
> an attempt to do source routing and reject the message.
Including default Exim config:
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_default_configuration_file.html
denydomains = !+local_domains
> From: Cyril - ImprovMX
> It turns out that one of their link in the email is broken into multiple
> line (following the RFC on that)
Solution: don't follow the RFC on that, don't break into multiple lines.
If you use Exim then in transports
driver = smtp
.ifdef _OPT_TRANSPORT_SMTP_MESSAGE_LI
> I don't know where
> to buy the brand of LSD that they did at UC Berkeley when they wrote this,
> in order to make m4 make sense.
They chose incomprehensible m4 in order to coerce you to buy support from them.
___
mailop mailing list
mailop@mailop.or
> That (sub)domain is not DNSSEC signed, thus it will work with
> (many) recursive resolvers for some time. DNSSEC mandates
> NoDATA for empty non terminals, thus there can be problem
> once it become signed (and SW and/or admin will not be
> upgraded).
Okay, I created a TXT record for the parent
> If the DNS name xxx._domainkey.example.com exists, then
> _domainkey.example.com exists too.
dig 3._domainkey.lena.kiev.ua txt
3._domainkey.lena.kiev.ua. 66633 IN TXT "v=DKIM1; p=MIGfMA0GCSqGSIb...
dig _domainkey.lena.kiev.ua txt
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5741
> > > They have SPF, but no DKIM (NXDOMAIN for the _domainkey.bsi.de)
> > > Or did I miss something?
> >
> > The DKIM keys would be at ._domainkey.bsi.de
>
> Yes, but as long as the parent of *any* selector does not exist, there
> is a very good chance, that not any selector exists.
>
> If the q
I emailed abuse()hetzner.com:
=
Your user at 136.243.150.82 hosts malware to exploit vulnerability in
mail (SMTP) servers. In the log of my Exim:
2023-01-17 00:33:40 +0200 SMTP call from newcloud.thevinylspectrum.com (x)
[104.200.146.132] dropped: too many syntax or protocol errors (last co
> Just ban *.top, *.xyz, *.club, *.shop, *.buzz, *.work
>
> Ban it in both rDNS, MFROM and Mime From.
I communicated with 6 honest people with email addresses *.xyz
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
> From: Kai 'wusel' Siering
> > Then a different check:
>
> I don't speak smail3^Hexim anymore, but I assume it's somewhat similar to
>
> telnet $mx 25
> if 2xx send quit
> if 5xx set fuckem=1 && send quit || ignore errors
> if $fuckem<1 die in_peace else wreck havoc
>
> ?
I don't know why, b
> T-Online clearly states in their terms and conditions that they will
> block servers who perform sender verfication towards them.
Then a different check:
deny condition = ${if or{\
{eqi{$sender_address_domain}{t-online.de}}\
.ifdef _HAVE_LOOKUP_DNSDB
{forany{${lookup dnsdb{>: defer_nev
Kai Siering wrote on [mailop]:
> how about starting internal discussions within that community
> to include a default rejection of any mail from @t-online.de
> in Exim's default configuration?
> As nearly no-one who is deploying Exim
> (or Postfix, Sendmail for that matter)
> will be able to *sen
> The good folks at SecurityTrails figured out a few months ago that the
> presence of the RoundCube webmail product counts as "phishing against
> the generic brand of email" (I shit you not)
By default RoundCube doesn't include originating-IP into headers
of outgoing emails. Default means vast ma
> From: "Sebastian Nielsen"
> for example *.xyz is a big spam hole... Don't know why spammers love
> that TLD, but 99.99 % from that TLD is spam. Would want to see *.xyz
> eradicated from the whole internet...
I communicated with 6 honest people with email addresses *.xyz
__
> From: Marcel Becker
> We only send FBL/CFL reports if the user actually hits the "Report as Spam"
> button in our apps.
In the past yahoo sent FBL when the user deletes a message from Spam folder,
including "delete everything". May be even when messages expire.
I'd not be surprised if this beh
> From: Jaroslaw Rafa
> "low reputation of the sending domain"
I'm afraid that it'll be the same for any free domain name
(because of abuse by spammers). Unfair, yes.
But possibly content of your emails causes Gmail users to click "Spam"
more often than caused by average user stupidity.
Or you
> From: Alessio Cecchi
> we are an email hosting provider, and as you know many users use weak
> passwords, or have trojan on their PC that stolen their password that
> are used to sent spam or doing some kinds of fraud.
>
> We already have a "script" that checks, from log files, the country o
> My guess is that the solution is to have your mailing list software
> (groups.io) use the mailing list address in the 5322.From
> (like how this list works)
No, I'll tell list members to ditch mail.ru
and use Gmail or @yandex.ru instead (with more reasonable policies).
Unless the mail.ru admin
According to Юлия П. in Abuse Team Mail.ru,
they'll not change their new unannounced policy:
messages from mailing lists (at groups.io) from authors @yandex.ru
are rejected by mail.ru though DMARC for yandex.ru is p=none.
Thus, mail.ru became unusable for all people who participate
in discussion m
> I have searched a few emails, but fail to see why they would be a
> target. Maybe only a few of them are the real targets, with other
> addresses being added in order to conceal those?
I suspect that the bot is spamming random web-forms
like various bots try to spam my guestbook with ads with li
> Either links to existing material or specific stuff written for pages
> on would be welcome.
Blocking of compromised mail accounts (for Exim):
https://github.com/Exim/exim/wiki/BlockCracking
___
mailop mailing list
mailop@mailop.org
https://chilli.no
Russian government blocked ProtonMail and SmartMail -
not only web-interfaces, but port 25 too.
[root@lena ~]# telnet mail.protonmail.ch 25
Trying 185.70.40.103...
telnet: connect to address 185.70.40.103: Connection refused
I'm moving my VPS outside Russia.
Talks about fake bomb threats are a l
Two examples:
co.uk
bk.ru
Looks similar, right? But there are multiple domains under .co.uk
belonging to multiple different corporaions, like under .com
bk.ru belongs to single corporation (it owns also mail.ru).
If a mailbox provider wants to spam-filter by domain, they have to use
a list of su
> Another issue in that is the choice to send mail over IPv6. This has
> well-known risks of running into more draconian filtering than sticking
> with IPv4, and the operators of the mailing lists system have clearly
> NOT considered those risks or their mitigation.
> Mailing list managers should
25 matches
Mail list logo