Re: [mailop] Bellsouth.net contact?

[Mark Fletcher via mailop]

On Tue, Jul 21, 2020 at 2:47 PM Lyle Giese via mailop 
wrote:

> ATT doesn't like Linode.  I know I have a server there and have not been
> able to get ATT to clear their inhouse rbl entry.
>
>
> Fair enough, but according to the abuse response I got from them, we're
not on their RBL. And they're not sending back error messages, they're just
timing out either on connect or after we've sent the message body. And it's
not all the time, and can happen concurrently with a successful delivery
(and to the same IP address). This has been going on a week or so now.

Throttling? Maybe? My guess is that they have a couple stuck
machines/processes. I've bumped up our max current connections to them, and
now the queue is draining, albeit slowly.

Thanks,
Mark
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Bellsouth.net contact?

[Chris Boyd via mailop]

> On Jul 21, 2020, at 1:16 PM, Lyle Giese via mailop  wrote:
> 
> ATT doesn't like Linode.  I know I have a server there and have not been able 
> to get ATT to clear their inhouse rbl entry.

I know. I just sent an unblock request in today. Again.

—Chris
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Bellsouth.net contact?

[John Levine via mailop]

In article <8d8fe8d8-afa4-73f6-91af-f34af167c...@lcrcomputer.net> you write:
>
>ATT doesn't like Linode.  I know I have a server there and have not been 
>able to get ATT to clear their inhouse rbl entry.

I can't blame them. Linode responds to spam reports but is hopeless at
keeping spammers off in the first place.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] It there an "official" test domain for testing zrd.dql.spamhaus.com?

[Chris via mailop]

dbltest.com does work for dbl.  Does it not work for zrd?

I think you meant ..zrd.dqs.spamhaus.net, right?

On 2020-07-20 10:57, Heiko Schlittermann via mailop wrote:

Hi,

I think, that queries for theses (A, TXT) records can be used to
find if the blacklist is working:

   2.0.0.127..zen.dqs.spamhaus.net
 dbltest.com..dbl.dqs.spamhaus.net

Is anybody aware of a domain that can be used for
zrd..dbl.dqs.spamhaus.com?

Thank you.

 Best regards from Dresden/Germany
 Viele Grüße aus Dresden
 Heiko Schlittermann
--
  SCHLITTERMANN.de  internet & unix support -
  Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
  gnupg encrypted messages are welcome --- key ID: F69376CE -


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] It there an "official" test domain for testing zrd.dql.spamhaus.com?

[Atro Tossavainen via mailop]

On Mon, Jul 20, 2020 at 04:57:05PM +0200, Heiko Schlittermann via mailop wrote:
> Hi,
> 
> I think, that queries for theses (A, TXT) records can be used to
> find if the blacklist is working:
> 
>   2.0.0.127..zen.dqs.spamhaus.net
> dbltest.com..dbl.dqs.spamhaus.net
> 
> Is anybody aware of a domain that can be used for
> zrd..dbl.dqs.spamhaus.com?

RFC 5782 suggests that all domain name DNSBLs should have an entry
for "test".

$ host -t txt test..zrd.dqs.spamhaus.net
test..zrd.dqs.spamhaus.net descriptive text "test first seen around 
21-Jul-2020 21:00 UTC"

Following your logic, I also tried out "zrdtest.com" and it seems to do
the same.

> 
> Thank you.
> 
> Best regards from Dresden/Germany
> Viele Grüße aus Dresden
> Heiko Schlittermann
> --
>  SCHLITTERMANN.de  internet & unix support -
>  Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
>  gnupg encrypted messages are welcome --- key ID: F69376CE -



> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone from Yahoo?

[Hagop Khatchoian via mailop]

Hello,One of my clients is experiencing some issues with sending emails to Yahoo/AOL -Their outgoing emails are headed via unifiedlayer servers (which I know, is the worst), but need further to debug this issue.Here's the bounce/ coming directly from UnifiedLayer:This is the mail system at host gateway13.unifiedlayer.com... bla bla...: delivery temporarily suspended: lost connection with   mta5.am0.yahoodns.net[67.195.204.77] while sending RCPT TOI've tried to contact Yahoo and filled the form, but just getting automated emails, etc. Even tried the manual Telnet setup - But no reply from Yahoo itself. Cheers,Hagop KhatchoyanEmail Deliverability and Security EngineerMob(Whatsapp/Telegram/Viber): +374 98 028628  

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Bellsouth.net contact?

[Lyle Giese via mailop]

ATT doesn't like Linode.  I know I have a server there and have not been 
able to get ATT to clear their inhouse rbl entry.



Lyle Giese

LCR Computer Services, inc.


On 2020-07-20 14:22, Mark Fletcher via mailop wrote:

Hi All,

I think bellsouth.net  is throttling the 
groups.io  server at 66.175.222.12 (timeouts either 
on connect or after we've sent the message, but not always). I've gone 
through the normal channels, but there's been no response. Is there 
anyone here with them?


Thanks,
Mark

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] CutWail infections growing again, all China based..

[Bill Cole via mailop]

On 19 Jul 2020, at 22:38, Chris via mailop wrote:

It is particularly bizarre that it infests one ISP like this.  I'm 
wondering if someone managed to force the infection to do IP 
reallocations frequently to IP-hop.  Cutwail normally has thousands of 
infected IPs per campaign spread across ISPs.


I have noticed something Cutwail-like (fast-talking starting with bogus 
HELO name (e.g. ymlf-pc) ) clustering in single-ISP ranges, as if it 
spread via probing nearby IPs with whatever its infection vector is. No 
2020 cases of that which I've noticed, but there's been a general 
decline in the phylum of fast-talkers from my vantage points this year.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SendInBlue Contact?

[Bressier Simon via mailop]

Hi Anne,

I answered you this morning on Linkedin, we can continue offlist here.

Simon

Le mar. 21 juil. 2020 à 16:33, Anne P. Mitchell, Esq. via mailop <
mailop@mailop.org> a écrit :

> Does anyone have a contact at Send in Blue?
>
> Anne
>
> --
> Anne P. Mitchell, Attorney at Law.
> Dean of Cyberlaw & Cybersecurity, Lincoln Law School
> CEO, SuretyMail Email Reputation Certification
> Advisor, Governor's Innovation Response Team Task Force
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Board of Directors, Denver Internet Exchange
> Chair Emeritus, Asilomar Microcomputer Workshop
> Former Counsel: Mail Abuse Prevention System (MAPS)
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] 126.com Contact

[Chris Truitt via mailop]

Are there any 163.com admins on this list?
Thanks in advance,

Chris Truitt
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Outbound from M365 to relay off our SMTP with SMTPAUTH

[Stefan Bauer via mailop]

Hi,



my last info is, that office365 does not support authentication with external 
connectors. However you can authenticate O365 with your smtp relay.




I run some mixed authentication. We check the source ip's¹ from microsofts 
range, check the O365 client cert and check the mail-from addresses.



https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7



Make sure, you monitor microsofts list of pub-ips so you keep up with new 
ranges.



Stefan



-Ursprüngliche Nachricht-
Von: Kevin A. McGrail via mailop 
Gesendet: Samstag 18 Juli 2020 21:19
An: mailop 
Betreff: [mailop] Outbound from M365 to relay off our SMTP with SMTPAUTH


Hi All,

I've got a long outstanding Anyone out there know what I'm missing in trying to 
have M365 relay all outgoing mail through our on-premise SMTP servers?

I've opened support tickets but they went to evolveip.net with no response.

Here's what I used to do:

  - Admin | Exchange -> Mail Flow | Connectors -> create new connector
  - from 365 to partner
  - use when email sent to these domains
  - list domain names
  - route email through smart hosts
  - set to smtp.pccc.com

Has that setting been moved?  Does it not work with SMTP AUTH anymore?

Happy to share more info.

Regards,

KAM
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone from Yahoo! on the line?

[Sidsel Jensen via mailop]

Hey

Anyone from Yahoo! on the line who could help me with a deliverability issue?
Pls reply off list :-)

Kind Regards,
Sidsel Jensen
Team manager Mail & Abuse, Systems Engineer @ One.com 
s...@one.com 









signature.asc
Description: Message signed with OpenPGP
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Bellsouth.net contact?

[Mark Fletcher via mailop]

Hi All,

I think bellsouth.net is throttling the groups.io server at 66.175.222.12
(timeouts either on connect or after we've sent the message, but not
always). I've gone through the normal channels, but there's been no
response. Is there anyone here with them?

Thanks,
Mark
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] It there an "official" test domain for testing zrd.dql.spamhaus.com?

[Heiko Schlittermann via mailop]

Hi,

I think, that queries for theses (A, TXT) records can be used to
find if the blacklist is working:

  2.0.0.127..zen.dqs.spamhaus.net
dbltest.com..dbl.dqs.spamhaus.net

Is anybody aware of a domain that can be used for
zrd..dbl.dqs.spamhaus.com?

Thank you.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] boing - bounces going to the wrong place

[Christian Mack via mailop]

Hello

Am 09.07.20 um 01:32 schrieb Al Iverson via mailop:
> Hey, I've got a situation where Microsoft Office 365 email for a
> customer's domain is sending me a bounce (NDR) back. This is expected,
> the address in question is indeed now dead and user unknown seems like
> a perfectly reasonable response. However, the bounce is being sent to
> the reply-to address and not the return-path address. I vaguely recall
> this being an issue once upon a time in the olden days. Anybody know
> of any way to address this? The errors-to header no longer seems to be
> a thing.
> 
> I know how to add headers to try to suppress OOO replies and other fun
> stuff, but I'm stumped by this one. Any suggestions?
> 


This is Microsoft Exchange behaviour, nothing you can do about.


Kind regards,
Christian  Mack

-- 
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung IT-Dienste Forschung und Lehre
78457 Konstanz
+49 7531 88-4416



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] CutWail infections growing again, all China based..

[Chris via mailop]

I can confirm that this is cutwail.  I'm showing 100% agreement in spot 
checking of your list of IPs.


This particular cutwail variant, unlike the others, has been percolating 
at low volumes for a long time.  The other more sophisticated versions 
have all pretty much gone away.


It is particularly bizarre that it infests one ISP like this.  I'm 
wondering if someone managed to force the infection to do IP 
reallocations frequently to IP-hop.  Cutwail normally has thousands of 
infected IPs per campaign spread across ISPs.


The other possibility is that someone stole the SMTP emission part and 
reused it in something less bot-like.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] SendInBlue Contact?

[Anne P. Mitchell, Esq. via mailop]

Does anyone have a contact at Send in Blue?

Anne

--
Anne P. Mitchell, Attorney at Law.
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop