Re: [mailop] [EXTERNAL] Re: blocked by microsoft -- support procedure?

[Michael Wise via mailop]

Step 0: Read the error message in the NDR.



THEN...



If it's Office365 (aka, "Enterprise"), and you're not currently an Office365 
customer ... create a trial account (one mailbox, nothing special), send the 
email to that account, and when it bounces, open a support case. Also, if the 
error message told you to email delist@, and support tells you to use the 
portal ... that's not going to work, as the two lists are managed by separate 
processes.



Otherwise, if it's HotMail, Outlook.com, Live.com, etc... go to the Support 
link and request a delist.

This is required because last time I looked, the Consumer side of the house had 
several hundred million active accounts.

The link, in case it's not already committed to memory for some:



  https://go.microsoft.com/fwlink/?LinkID=614866



The first email you get back will be from a robot and give you the SRX #.

The second email will give you an automated response which may, or may not, be 
to your liking.



If the latter, *REPLY* to that email and make your case, as you will be 
speaking to a human, but it may take them a while to actually get to your case, 
but you should hear something within 24 hours. Also please understand that 
while you *ARE* talking to a human, they are required by policy to respond in 
boilerplate with minimal tweaking.

I hope this makes some of the foundational issues more clear.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Hetzner Blacklist via 
mailop
Sent: Monday, January 17, 2022 8:00 AM
To: mailop@mailop.org; Mark G Thomas 
Subject: [EXTERNAL] Re: [mailop] blocked by microsoft -- support procedure?



Am 11.01.2022 um 20:04 schrieb Mark G Thomas via mailop:

> I'm not generally involved in our support issues, but a coworker at

> my work (Linode) reached out to me about what looks to be a new problem

> involving hosting customers being blocked by by Microsoft.

It's nice to see another representative of a webhoster brave enough to

post on here, welcome :)



I've been dealing with blacklist issues at Hetzner for the past 6 years,

and I've posted on here multiple times with my experiences. My first

post was actually about Microsoft. If you check the archives you'll find

some posts over the past few months with general information on

Microsoft and blacklists, but I can repeat some of that here that nobody

has mentioned yet.



Since your issue is with Microsoft, it would be good to figure out which

of their blacklists your IPs are on. The error you posted is for the

Office365 blacklist, while the error one of your clients posted is for

the Outlook blacklist. Those are two separate blacklists with separate

processes for getting IPs delisted.



If you're mostly dealing with Office365 then I can only wish you all the

best. We've had very few issues with this blacklist, which I'm thankful

for since there doesn't appear to be much that can be done, other than

emailing delist@.



As for Outlook, delisting IPs is done through a form, and it works most

of the time, though often you will need to escalate the ticket. If you

haven't already done so, make sure you sign up your network in the

Microsoft SNDS. That will show you all of the IPs currently on the

Outlook blacklist. It also shows you (daily) all the IPs that sent over

100 emails to Microsoft accounts, including how many emails, the

complaint rate, and trap hits. Incredibly useful (and free!) information.



Some additional information on the Microsoft blacklists and services

they provide can be found in our docs:

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.hetzner.com%2Frobot%2Fdedicated-server%2Ftroubleshooting%2Fmicrosoft-blacklist%2Fdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cac376a9b5558452d969608d9d9d50a90%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637780331323426905%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000sdata=etg408dI%2FOFR4%2BhMVaQvcWvHJA3rMAi7zLGrEO8YybI%3Dreserved=0



As for the general issue with blacklistings, depending on how

constrained you are by management (trust me, I get it), there are a

number of things you can look into.



For example, Spamhaus has a list of IPs on their public SBL, some of

which go back a year:

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.spamhaus.org%2Fsbl%2Flistings%2Flinode.comdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cac376a9b5558452d969608d9d9d50a90%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637780331323426905%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000sdata=EfCpGRZ81rlE%2BeEf60Ev8A5s4%2FHEkkMdv0%2B1%2B6unW4s%3Dreserved=0



If you haven't already done so, you can sign up for their PBL account,

and that way you can 

Re: [mailop] [EXTERNAL] Re: Microsoft/Lindo - junked,not blocked

[Michael Wise via mailop]

That won't work for this kind of a block.

There are two kinds ... ones where you can go to the page mentioned in the 
error response, and others that must be handled manually by sending a request 
to delist@, also mentioned in the error response.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Alex Irimia via mailop
Sent: Monday, January 17, 2022 11:32 AM
To: John Gateley 
Cc: Hetzner Blacklist via mailop 
Subject: [EXTERNAL] Re: [mailop] Microsoft/Lindo - junked,not blocked

Hi John,

The error message you've referenced is related to Office365 domains, not 
Outlook.
You should be able to unblock your IP on this form: 
https://sender.office.com/

On Mon, Jan 17, 2022 at 7:56 PM John Gateley via mailop 
mailto:mailop@mailop.org>> wrote:
Hello,

Thanks to a helpful message from Hetzner, I signed up for Microsoft SNDS.

According to SNDS my IP address is not blocked, but is "Junked due to user 
complaints or other evidence of spamming"

I still get

550 5.7.511

Access denied, banned sender[50.116.29.164]


every time I send to a Microsoft Outlook address.
I forward the bounce, as instructed, get the "we will respond in 24 hours" 
response, but then nothing.

My server is very small, just my wife and I, and we do not spam ever. The 
"junked" is due to someone else in a close by IP address.

I don't have enough information to open a ticket, I think. Any suggestions for 
a next step?

Thanks!

John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


--
Regards,
Alex Irimia

[cid:image001.png@01D79A9F.36D07E30]
Postmastery
Email Infrastructure, Analytics, DMARC and Deliverability
Amsterdam, NL/Paris, FR
T: +31 20 261 0438
M: +40 757 192 953
SKYPE: alex-irimia
PS: If you are happy with our service, a review on 
Trustpilot
 would be greatly appreciated.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Microsoft/Lindo - junked,not blocked

[Michael Wise via mailop]

We check IP ranges.

Aloha, 
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Hans-Martin Mosner via 
mailop
Sent: Monday, January 17, 2022 11:08 PM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Microsoft/Lindo - junked,not blocked

Am 18.01.22 um 07:52 schrieb Camille - Clean Mailbox via mailop:
> Maybe your IP is not blocked (as they told you in form result) but what about 
> any IP range that includes your IP? If 
> it's an IP range ban, your IP is not explicitly blocked so form won't find it 
> in the list.

Not checking IP ranges would be incredibly stupid yet totally in character for 
MS.

Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cff2f3dce330a479c470f08d9da51acb1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637780866629227480%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=0YrdyDj17nM4Apu7Avlltx18FwEpFheivfW8YRanHOc%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Sendgrid or Twilio on this list?

[Luke via mailop]

Happy to chat offline about this. The mail they are attempting to send to
eastex.net is exclusively going to one address. This address returned *550
5.1.1 > is not a valid mailbox* on
December 23rd, 2021. After we receive a response like that, we add the
address to the sender's suppression list. This prevents future
attempts from ever leaving our system. So mail to eastex.net from this
sender *is *failing to deliver. But it is failing because mail to that
address bounced and the address is now on the user's suppression list. The
customer can simply remove the address from suppression, but if we receive
that response again, it will be re-added to the suppression list and future
attempts will be dropped.

Hope this helps. Ping me if offline if you have any questions.
Luke

On Thu, Jan 20, 2022 at 1:38 PM Atro Tossavainen via mailop <
mailop@mailop.org> wrote:

> > I’ve gotten the header from the successful test that our customer sent
> to his Yahoo account, but the IP Addresses gathered there didn’t appear in
> any of our servers logs either.
>
> Are they not either of the two you mentioned?
>
> --
> Atro Tossavainen, Chairman of the Board
> Infinite Mho Oy, Helsinki, Finland
> tel. +358-44-5000 600, http://www.infinitemho.fi/
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from United Airlines ?

[Glowfish Domainadministrator via mailop]

Thanks Bill for the clarification as well as the offered solution 

-Ursprüngliche Nachricht-
Von: mailop  Im Auftrag von Bill Cole via mailop
Gesendet: Donnerstag, 20. Januar 2022 21:17
An: Glowfish Domainadministrator via mailop 
Cc: Bill Cole 
Betreff: Re: [mailop] Anyone from United Airlines ?

On 2022-01-20 at 14:04:36 UTC-0500 (Thu, 20 Jan 2022 19:04:36 +) Glowfish 
Domainadministrator via mailop  is rumored to have said:

> Hi,
>
> Emails from united are getting rejected by our postfix mailserver. The mails 
> seem to be from United Airlines (Mileage Plus).
[...]
> Jan 20 19:16:47 mta01 postfix/smtpd[126747]: NOQUEUE: reject: RCPT 
> from unknown[50.31.61.242]: 450 4.7.1 
> : Helo command rejected: Host 
> not found; 
> from= o:bounces+6242581-cfae-recei...@domain.tld@em7341.united.com>> 
> to=mailto:recei...@domain.tld>> proto=ESMTP 
> helo=
> Jan 20 19:16:47 mta01 postfix/smtpd[126747]: disconnect from 
> unknown[50.31.61.242] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 
> commands=5/6
>
> Anyone here from united ? Or anyone has an idea what I can do to make them 
> pass without opening my mailserver to all other wrongly configured domains ?

That is probably better asked on the Postfix Users list, but the simplest 
answer is to stop requiring the HELO name to have symmetric DNS and/or 
requiring the client IP to have a PTR to a name that resolves back to the 
client IP. So: remove reject_unknown_helo_hostname, 
reject_unknown_reverse_client_hostname, and/or reject_unknown_client_hostname 
from your smtpd_helo_restrictions list. Note that reject_unknown_helo_hostname 
is a direct violation of RFC5321 
(https://datatracker.ietf.org/doc/html/rfc5321#page-45) and its predecessors, 
if RFC compliance means anything to you.

If you are determined to operate on a basis of an over-strict rule with 
exemptions for individual "good" transgressors, you can use a check_helo_access 
or check_client_access map before any instance of reject_unknown_*_hostname in 
any of your smtpd_*_restrictions lists and map the exempted client IPs and/or 
hostnames to "OK"


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Sendgrid or Twilio on this list?

[Atro Tossavainen via mailop]

> I’ve gotten the header from the successful test that our customer sent to his 
> Yahoo account, but the IP Addresses gathered there didn’t appear in any of 
> our servers logs either.

Are they not either of the two you mentioned?

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from United Airlines ?

[Bill Cole via mailop]

On 2022-01-20 at 14:04:36 UTC-0500 (Thu, 20 Jan 2022 19:04:36 +)
Glowfish Domainadministrator via mailop 
is rumored to have said:

> Hi,
>
> Emails from united are getting rejected by our postfix mailserver. The mails 
> seem to be from United Airlines (Mileage Plus).
[...]
> Jan 20 19:16:47 mta01 postfix/smtpd[126747]: NOQUEUE: reject: RCPT from 
> unknown[50.31.61.242]: 450 4.7.1 : 
> Helo command rejected: Host not found; 
> from=mailto:bounces+6242581-cfae-recei...@domain.tld@em7341.united.com>>
>  to=mailto:recei...@domain.tld>> proto=ESMTP 
> helo=
> Jan 20 19:16:47 mta01 postfix/smtpd[126747]: disconnect from 
> unknown[50.31.61.242] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6
>
> Anyone here from united ? Or anyone has an idea what I can do to make them 
> pass without opening my mailserver to all other wrongly configured domains ?

That is probably better asked on the Postfix Users list, but the simplest 
answer is to stop requiring the HELO name to have symmetric DNS and/or 
requiring the client IP to have a PTR to a name that resolves back to the 
client IP. So: remove reject_unknown_helo_hostname, 
reject_unknown_reverse_client_hostname, and/or reject_unknown_client_hostname 
from your smtpd_helo_restrictions list. Note that reject_unknown_helo_hostname 
is a direct violation of RFC5321 
(https://datatracker.ietf.org/doc/html/rfc5321#page-45) and its predecessors, 
if RFC compliance means anything to you.

If you are determined to operate on a basis of an over-strict rule with 
exemptions for individual "good" transgressors, you can use a check_helo_access 
or check_client_access map before any instance of reject_unknown_*_hostname in 
any of your smtpd_*_restrictions lists and map the exempted client IPs and/or 
hostnames to "OK"


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from United Airlines ?

[Michael Peddemors via mailop]

For the record, in practice it is TOO limiting to expect both forward 
and reverse match, and especially if your system doesn't look at 
multiple records correctly, eg ANY A <> ANY PTR should be enough.


But expect a lot of false positives if trying to get them to match in 
any case.  As long as the PTR record is sane, the A record is sane, 
domain in the PTR is sane, be happy with that ;)


PS, on another note.. don't SendGrid and Adobe and other big senders 
check their IP(s) on RBL listing services (HetrixTools, MXToolbox etc)


Had it just recently pointed out that a major airline had their sending 
IP on an RBL since 2019, and they never noticed or removed themselves?




On 2022-01-20 11:17 a.m., Faisal Misle via mailop wrote:

That looks like Sendgrid, so they may be able to ping United.

I have the contact of their CTO, but you may get quicker help from 
SendGrid.


On 1/20/22 2:04 PM, Glowfish Domainadministrator via mailop wrote:


Hi,

Emails from united are getting rejected by our postfix mailserver. The 
mails seem to be from United Airlines (Mileage Plus).


Jan 20 19:16:45 mta01 postfix/postscreen[126746]: CONNECT from 
[50.31.61.242]:47664 to [xxx.xxx.xxx.xxx]:25


Jan 20 19:16:45 mta01 postfix/postscreen[126746]: WHITELISTED 
[50.31.61.242]:47664


Jan 20 19:16:45 mta01 postfix/smtpd[126747]: warning: hostname 
o1.email.smallbusiness.mileageplus.com does not resolve to address 
50.31.61.242: Name or service not known


Jan 20 19:16:45 mta01 postfix/smtpd[126747]: connect from 
unknown[50.31.61.242]


Jan 20 19:16:46 mta01 postfix/smtpd[126747]: Anonymous TLS connection 
established from unknown[50.31.61.242]: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)


Jan 20 19:16:47 mta01 policyd-spf[126752]: prepend Received-SPF: Pass 
(mailfrom) identity=mailfrom; client-ip=50.31.61.242; 
helo=o1.email.smallbusiness.mileageplus.com; 
envelope-from=bounces+6242581-cfae-recei...@domain.tld@em7341.united.com; 
receiver=


Jan 20 19:16:47 mta01 postfix/smtpd[126747]: NOQUEUE: reject: RCPT 
from unknown[50.31.61.242]: 450 4.7.1 
: Helo command rejected: Host 
not found; 
from= 
to= proto=ESMTP 
helo=


Jan 20 19:16:47 mta01 postfix/smtpd[126747]: disconnect from 
unknown[50.31.61.242] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 
commands=5/6


Anyone here from united ? Or anyone has an idea what I can do to make 
them pass without opening my mailserver to all other wrongly 
configured domains ?


KR

Daniel


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Sendgrid or Twilio on this list?

[Hans-Martin Mosner via mailop]

Am 20.01.22 um 20:37 schrieb Mike McTee via mailop:
I’m getting a complaint from a customer that they aren’t receiving emails from their Moultrie game camera when sent to 
their Eastex.net  email address.  As a test, the customer switched it to send to their Yahoo 
account and they receive the messages without issues.  I’m fairly confident that the (final hop) sending server is 
likely on one of a few RBL’s in use by our servers, but I can’t seem to get anywhere in determining for certain that 
is the case.  If this is indeed a case where the final sending IP is on an RBL in use by our servers, our logs would 
only reflect the IP Address and which RBL it was on, so a search of those logs for anything other than an IP is a 
waste of time.  Moultrie advises our joint customer that the issue is on our end and that they have no method to 
troubleshoot from their end.  They did offer a couple of IP Addresses (168.245.68.203 & 149.72.92.45) that they advise 
are their sending email servers but neither IP appears in any of our servers log files as having contacted our server. 
 A lookup of those IP’s show they belong to Sendgrid & Twilio, hence my asking if anyone from either is on here.


I’ve gotten the header from the successful test that our customer sent to his Yahoo account, but the IP Addresses 
gathered there didn’t appear in any of our servers logs either.



Can you search your server logs for sender addresses? Sendgrid's are of the form

bounces+-<4 hex digits>-=@

That should be easily searchable with standard unix/linux tools, if your server is of that kind. If you use Microsoft 
server software, my condolences.


Cheers,
Hans-Martin
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft/O365 SPF failures

[Klaus Ethgen via mailop]

Hi,

thanks for the info.

Am Do den 20. Jan 2022 um 19:52 schrieb joemai...@nym.hush.com:
> That is intentional/by design.
>
> The source is inside 40.95.0.0/16 which is their "relay pool". It is 
> documented here - 
> https://docs.microsoft.com/microsoft-365/security/office-365-security/high-risk-delivery-pool-for-outbound-messages.
> Scroll down to the relay pool subheader and read up more about it.

That means, Microsoft ist intentional breaking mail.

> Hope this helps.

Well, as I am not the sender than the recipient, no, it does not.

When it is not part of SPF pool and they have '-all' in SPF record, then
the mail could not be delivered.

Only Microsoft is blamable for breaking it and only they can fix it.

Regards
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from United Airlines ?

[Faisal Misle via mailop]

That looks like Sendgrid, so they may be able to ping United.

I have the contact of their CTO, but you may get quicker help from 
SendGrid.


On 1/20/22 2:04 PM, Glowfish Domainadministrator via mailop wrote:


Hi,

Emails from united are getting rejected by our postfix mailserver. The 
mails seem to be from United Airlines (Mileage Plus).


Jan 20 19:16:45 mta01 postfix/postscreen[126746]: CONNECT from 
[50.31.61.242]:47664 to [xxx.xxx.xxx.xxx]:25


Jan 20 19:16:45 mta01 postfix/postscreen[126746]: WHITELISTED 
[50.31.61.242]:47664


Jan 20 19:16:45 mta01 postfix/smtpd[126747]: warning: hostname 
o1.email.smallbusiness.mileageplus.com does not resolve to address 
50.31.61.242: Name or service not known


Jan 20 19:16:45 mta01 postfix/smtpd[126747]: connect from 
unknown[50.31.61.242]


Jan 20 19:16:46 mta01 postfix/smtpd[126747]: Anonymous TLS connection 
established from unknown[50.31.61.242]: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)


Jan 20 19:16:47 mta01 policyd-spf[126752]: prepend Received-SPF: Pass 
(mailfrom) identity=mailfrom; client-ip=50.31.61.242; 
helo=o1.email.smallbusiness.mileageplus.com; 
envelope-from=bounces+6242581-cfae-recei...@domain.tld@em7341.united.com; 
receiver=


Jan 20 19:16:47 mta01 postfix/smtpd[126747]: NOQUEUE: reject: RCPT 
from unknown[50.31.61.242]: 450 4.7.1 
: Helo command rejected: Host 
not found; 
from= 
to= proto=ESMTP 
helo=


Jan 20 19:16:47 mta01 postfix/smtpd[126747]: disconnect from 
unknown[50.31.61.242] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 
commands=5/6


Anyone here from united ? Or anyone has an idea what I can do to make 
them pass without opening my mailserver to all other wrongly 
configured domains ?


KR

Daniel


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Anyone from United Airlines ?

[Glowfish Domainadministrator via mailop]

Hi,

Emails from united are getting rejected by our postfix mailserver. The mails 
seem to be from United Airlines (Mileage Plus).

Jan 20 19:16:45 mta01 postfix/postscreen[126746]: CONNECT from 
[50.31.61.242]:47664 to [xxx.xxx.xxx.xxx]:25
Jan 20 19:16:45 mta01 postfix/postscreen[126746]: WHITELISTED 
[50.31.61.242]:47664
Jan 20 19:16:45 mta01 postfix/smtpd[126747]: warning: hostname 
o1.email.smallbusiness.mileageplus.com does not resolve to address 
50.31.61.242: Name or service not known
Jan 20 19:16:45 mta01 postfix/smtpd[126747]: connect from unknown[50.31.61.242]
Jan 20 19:16:46 mta01 postfix/smtpd[126747]: Anonymous TLS connection 
established from unknown[50.31.61.242]: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jan 20 19:16:47 mta01 policyd-spf[126752]: prepend Received-SPF: Pass 
(mailfrom) identity=mailfrom; client-ip=50.31.61.242; 
helo=o1.email.smallbusiness.mileageplus.com; 
envelope-from=bounces+6242581-cfae-recei...@domain.tld@em7341.united.com; 
receiver=
Jan 20 19:16:47 mta01 postfix/smtpd[126747]: NOQUEUE: reject: RCPT from 
unknown[50.31.61.242]: 450 4.7.1 : Helo 
command rejected: Host not found; 
from= 
to= proto=ESMTP 
helo=
Jan 20 19:16:47 mta01 postfix/smtpd[126747]: disconnect from 
unknown[50.31.61.242] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

Anyone here from united ? Or anyone has an idea what I can do to make them pass 
without opening my mailserver to all other wrongly configured domains ?

KR
Daniel
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Anyone from United Airlines ?

[Glowfish Domainadministrator via mailop]

Hi,

Emails from united are getting rejected by our postfix mailserver. The mails 
seem to be from United Airlines (Mileage Plus).

Jan 20 19:16:45 mta01 postfix/postscreen[126746]: CONNECT from 
[50.31.61.242]:47664 to [xxx.xxx.xxx.xxx]:25
Jan 20 19:16:45 mta01 postfix/postscreen[126746]: WHITELISTED 
[50.31.61.242]:47664
Jan 20 19:16:45 mta01 postfix/smtpd[126747]: warning: hostname 
o1.email.smallbusiness.mileageplus.com does not resolve to address 
50.31.61.242: Name or service not known
Jan 20 19:16:45 mta01 postfix/smtpd[126747]: connect from unknown[50.31.61.242]
Jan 20 19:16:46 mta01 postfix/smtpd[126747]: Anonymous TLS connection 
established from unknown[50.31.61.242]: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jan 20 19:16:47 mta01 policyd-spf[126752]: prepend Received-SPF: Pass 
(mailfrom) identity=mailfrom; client-ip=50.31.61.242; 
helo=o1.email.smallbusiness.mileageplus.com; 
envelope-from=bounces+6242581-cfae-recei...@domain.tld@em7341.united.com;
 receiver=
Jan 20 19:16:47 mta01 postfix/smtpd[126747]: NOQUEUE: reject: RCPT from 
unknown[50.31.61.242]: 450 4.7.1 : Helo 
command rejected: Host not found; 
from=mailto:bounces+6242581-cfae-recei...@domain.tld@em7341.united.com>>
 to=mailto:recei...@domain.tld>> proto=ESMTP 
helo=
Jan 20 19:16:47 mta01 postfix/smtpd[126747]: disconnect from 
unknown[50.31.61.242] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 commands=5/6

Anyone here from united ? Or anyone has an idea what I can do to make them pass 
without opening my mailserver to all other wrongly configured domains ?

KR
Daniel

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft/O365 SPF failures

[joemailop--- via mailop]

That is intentional/by design.

The source is inside 40.95.0.0/16 which is their "relay pool". It is documented 
here - 
https://docs.microsoft.com/microsoft-365/security/office-365-security/high-risk-delivery-pool-for-outbound-messages.
 
Scroll down to the relay pool subheader and read up more about it. 

Hope this helps.


On 1/20/2022 at 11:32 AM, "Klaus Ethgen via mailop"  wrote:
>
>Hi,
>
>since several weeks I see more and more SPF-Errors for mails 
>coming from
>O365. It seems that when mails gets relayed, they use outbound mail
>servers that are not valid for sending from the (relaying, not 
>origin)
>mail address.
>
>My O365 account where I have relaying active is an academic 
>account.
>
>The last failure comes from IP 40.95.92.45 and is trying to deliver
>mails from klaus_eth...@stud.phzh.ch (my academic account).
>
>   > spfquery -ip 40.95.92.45 -sender klaus_eth...@stud.phzh.ch
>   fail
>   Please see 
>http://www.openspf.org/Why?id=klaus_ethgen%40stud.phzh.ch=40.95.
>92.45=spfquery : Reason: mechanism
>   spfquery: domain of stud.phzh.ch does not designate 40.95.92.45 
>as permitted sender
>   Received-SPF: fail (spfquery: domain of stud.phzh.ch does not 
>designate 40.95.92.45 as permitted sender) client-ip=40.95.92.45; 
>envelope-from=klaus_eth...@stud.phzh.ch;
>
>It is pretty impudent from microsoft to write in the deliver 
>failure:
>   It's likely that only the recipient's email admin can fix the
>   problem. Unfortunately, it's unlikely Office 365 Support will 
>be able
>   to help with these kinds of externally reported errors.
>
>No, it IS solely the fault of Microsoft not be able to manage SMTP
>correctly.
>
>Any ways to get them to correct their SMTP setup?
>
>Regards
>   Klaus
>
>Ps. Could it be, that http://www.openspf.org/Why is broken? I get
>connection refused.
>-- 
>Klaus Ethgen   
>http://www.ethgen.ch/
>pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
>
>Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Microsoft/O365 SPF failures

[Klaus Ethgen via mailop]

Hi,

since several weeks I see more and more SPF-Errors for mails coming from
O365. It seems that when mails gets relayed, they use outbound mail
servers that are not valid for sending from the (relaying, not origin)
mail address.

My O365 account where I have relaying active is an academic account.

The last failure comes from IP 40.95.92.45 and is trying to deliver
mails from klaus_eth...@stud.phzh.ch (my academic account).

   > spfquery -ip 40.95.92.45 -sender klaus_eth...@stud.phzh.ch
   fail
   Please see 
http://www.openspf.org/Why?id=klaus_ethgen%40stud.phzh.ch=40.95.92.45=spfquery
 : Reason: mechanism
   spfquery: domain of stud.phzh.ch does not designate 40.95.92.45 as permitted 
sender
   Received-SPF: fail (spfquery: domain of stud.phzh.ch does not designate 
40.95.92.45 as permitted sender) client-ip=40.95.92.45; 
envelope-from=klaus_eth...@stud.phzh.ch;

It is pretty impudent from microsoft to write in the deliver failure:
   It's likely that only the recipient's email admin can fix the
   problem. Unfortunately, it's unlikely Office 365 Support will be able
   to help with these kinds of externally reported errors.

No, it IS solely the fault of Microsoft not be able to manage SMTP
correctly.

Any ways to get them to correct their SMTP setup?

Regards
   Klaus

Ps. Could it be, that http://www.openspf.org/Why is broken? I get
connection refused.
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop