Re: [mailop] suggested max received headers/hop limit

[John Levine via mailop]

According to à ngel via mailop :
>On 2022-03-10 at 15:28 -0500, John Levine via mailop wrote:
>> If you really want to stop mail loops, use a Delivered-To header like
>> qmail, Postfix, and Courier do:
>> 
>> https://datatracker.ietf.org/doc/draft-duklev-deliveredto/
>
>You still need to stop at *some* hop-count. This approach stops
>delivery loops, but not all loops involve a delivery.

Oh, I completely agree.  My point is that Delivered-To catches most of
the loops, so the cost of a large received limit is low.

On my system, the SMTP daemon counts the Received headers with a
configurable limit that defaults to 100.  The main mail system does
the Delivered-To checks which break a loop on any duplicate.

In practice the latter always catches the loops and I don't ever recall
seeing anything fail the 100 received limit.

R's,
John
-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] suggested max received headers/hop limit

[Ángel via mailop]

On 2022-03-10 at 15:28 -0500, John Levine via mailop wrote:
> If you really want to stop mail loops, use a Delivered-To header like
> qmail, Postfix, and Courier do:
> 
> https://datatracker.ietf.org/doc/draft-duklev-deliveredto/

You still need to stop at *some* hop-count. This approach stops
delivery loops, but not all loops involve a delivery.

It's not a common occurrence, sure but perhaps 1-2 times a year I do
see one such loop from using email addresses that should have been
working.
E.g. your email arrives to the on-premises MTA, which not finding a
local user passes it to Office 365 who doesn't have that either so it
is sent again to on-pre

Regards


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sorbs DNS problems

[Luis E . Muñoz via mailop]

On 11 Mar 2022, at 19:09, Noel Butler via mailop wrote:

> Firslty yes, seen too many issues with SORBS, we removed them about 3 weeks 
> ago, the problems have been ongoing for months.

Just wrapping up a trial with them for a traffic sample. We saw no issues in 
processing north of 300 million messages. Care to share what issues did you see?

We configured a private secondary for this and experienced exactly zero issues.

Best regards

-lem
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sorbs DNS problems

[Noel Butler via mailop]

Firslty yes, seen too many issues with SORBS, we removed them about 3 
weeks ago, the problems have been ongoing for months.


Secondly, like most DNSBL's they probably use rbldnsd, this does not 
support TCP, only UDP


On 12/03/2022 06:17, Slavko via mailop wrote:


Ahoj,

Dňa Fri, 11 Mar 2022 11:20:24 -0800 Dan Mahoney via mailop
 napísal:


Why are you instead not doing a dig against these ips?  It's clear
you understand that ICMP may be blocked, so why not use a check
method that actually uses the protocol you'd use to query them?


(send only to Dan accidentally, resend to ML)

I did it manually previous, without results collected, i tried to
tcptraceroute too (expecting that they responds to TCP requests),
etc. I used ping output to demonstrate the problem.

I do not know what dig's return code 9 means:

ns0.sorbs.net. 113.52.8.11 dig fail 9
ns2.sorbs.net. 87.106.246.125 dig fail 9
ns4.sorbs.net. 78.153.202.24 dig OK
ns5.sorbs.net. 72.12.198.241 dig OK
ns1175.dns.dyn.com. 108.59.166.201 dig OK
ns2174.dns.dyn.com. 108.59.168.201 dig OK
ns3179.dns.dyn.com. 108.59.170.201 dig OK
ns4151.dns.dyn.com. 108.59.172.201 dig OK
ns9.sorbs.net. 169.48.121.207 dig OK
rbldns10.sorbs.net. 185.87.186.55 dig OK
rbldns7.sorbs.net. 88.208.216.85 dig OK
rbldns0.sorbs.net. 113.52.8.50 dig fail 9
rbldns17.sorbs.net. 210.50.3.173 dig fail 9
rbldns3.sorbs.net. 74.208.146.124 dig fail 9
rbldns16.sorbs.net. 74.53.186.252 dig fail 9
rbldns8.sorbs.net. 89.150.195.2 dig fail 9
rbldns4.sorbs.net. 78.153.202.22 dig OK
rbldns15.sorbs.net. 87.106.246.154 dig fail 9
rbldns2.sorbs.net. 72.12.198.247 dig OK
rbldns18.sorbs.net. 72.12.198.248 dig OK
rbldns14.sorbs.net. 194.134.35.168 dig fail 9
rbldns12.sorbs.net. 74.208.146.124 dig fail 9
rbldns13.sorbs.net. 113.52.8.157 dig fail 9
rbldns6.sorbs.net. 194.134.35.204 dig fail 9
rbldns1.sorbs.net. 78.153.202.21 dig OK
rbldns11.sorbs.net. 216.12.212.155 dig fail 9
rbldns9.sorbs.net. 169.48.121.206 dig OK

While i didn't compare it side by side with ping, it +- corresponds 
with

ping results, at least in mean, that some responds and some not.

Here is one example of result with code 9:

; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> @113.52.8.11
163.44.213.129.safe.dnsbl.sorbs.net ; (1 server found) ;; global
options: +cmd ;; connection timed out; no servers could be reached

regards

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged 
information, therefore at all times remains confidential and subject to 
copyright protected under international law. You may not disseminate 
this message without the authors express written authority to do so.   
If you are not the intended recipient, please notify the sender then 
delete all copies of this message including attachments immediately. 
Confidentiality, copyright, and legal privilege are not waived or lost 
by reason of the mistaken delivery of this message.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sorbs DNS problems

[Slavko via mailop]

Ahoj,

Dňa Fri, 11 Mar 2022 11:20:24 -0800 Dan Mahoney via mailop
 napísal:

> Why are you instead not doing a dig against these ips?  It's clear
> you understand that ICMP may be blocked, so why not use a check
> method that actually uses the protocol you'd use to query them?

(send only to Dan accidentally, resend to ML)

I did it manually previous, without results collected, i tried to
tcptraceroute too (expecting that they responds to TCP requests),
etc. I used ping output to demonstrate the problem.

I do not know what dig's return code 9 means:

ns0.sorbs.net. 113.52.8.11 dig fail 9
ns2.sorbs.net. 87.106.246.125 dig fail 9
ns4.sorbs.net. 78.153.202.24 dig OK
ns5.sorbs.net. 72.12.198.241 dig OK
ns1175.dns.dyn.com. 108.59.166.201 dig OK
ns2174.dns.dyn.com. 108.59.168.201 dig OK
ns3179.dns.dyn.com. 108.59.170.201 dig OK
ns4151.dns.dyn.com. 108.59.172.201 dig OK
ns9.sorbs.net. 169.48.121.207 dig OK
rbldns10.sorbs.net. 185.87.186.55 dig OK
rbldns7.sorbs.net. 88.208.216.85 dig OK
rbldns0.sorbs.net. 113.52.8.50 dig fail 9
rbldns17.sorbs.net. 210.50.3.173 dig fail 9
rbldns3.sorbs.net. 74.208.146.124 dig fail 9
rbldns16.sorbs.net. 74.53.186.252 dig fail 9
rbldns8.sorbs.net. 89.150.195.2 dig fail 9
rbldns4.sorbs.net. 78.153.202.22 dig OK
rbldns15.sorbs.net. 87.106.246.154 dig fail 9
rbldns2.sorbs.net. 72.12.198.247 dig OK
rbldns18.sorbs.net. 72.12.198.248 dig OK
rbldns14.sorbs.net. 194.134.35.168 dig fail 9
rbldns12.sorbs.net. 74.208.146.124 dig fail 9
rbldns13.sorbs.net. 113.52.8.157 dig fail 9
rbldns6.sorbs.net. 194.134.35.204 dig fail 9
rbldns1.sorbs.net. 78.153.202.21 dig OK
rbldns11.sorbs.net. 216.12.212.155 dig fail 9
rbldns9.sorbs.net. 169.48.121.206 dig OK

While i didn't compare it side by side with ping, it +- corresponds with
ping results, at least in mean, that some responds and some not.

Here is one example of result with code 9:

; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> @113.52.8.11
163.44.213.129.safe.dnsbl.sorbs.net ; (1 server found) ;; global
options: +cmd ;; connection timed out; no servers could be reached

regards


-- 
Slavko
https://www.slavino.sk


pgpZ2a9arNbcW.pgp
Description: Digitálny podpis OpenPGP
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sorbs DNS problems

[Slavko via mailop]

Ahoj,

Dňa Fri, 11 Mar 2022 13:41:27 -0600 Michael Rathbun via mailop
 napísal:

> They frequently fail the timeout setting on a DNSBL checker tool I
> use. Running the tool again pulls the records in cache that arrived
> after the timeout.  The resolver is a local instance of bind.  

I use local unbound, and yes i see responses later, but they are mostly
response about timeout from my unbound, which comes after my script's
DNS timeout, which is shorted.

The collected results was done via another forwarding DNS, which
forwards to ISP's DNS at my job's server (not mail). But, as i stated,
they corresponds with results from my unbound.

regards

-- 
Slavko
https://www.slavino.sk


pgpx0CRKTqWbh.pgp
Description: Digitálny podpis OpenPGP
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sorbs DNS problems

[Michael Rathbun via mailop]

On Fri, 11 Mar 2022 19:54:00 +0100, Slavko via mailop 
wrote:

>Please, encounter someone else this? Are here some problems on their
>side?

They frequently fail the timeout setting on a DNSBL checker tool I use.
Running the tool again pulls the records in cache that arrived after the
timeout.  The resolver is a local instance of bind.  

mdr

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sorbs DNS problems

[Dan Mahoney via mailop]

> I collect related NS records and try to ping them from another IP
> (different ISP), to be sure that they are not blocked by me nor by my
> ISP, and results corresponds with my experiences:
> 
>ns0.sorbs.net. 113.52.8.11 ping fail
>ns2.sorbs.net. 87.106.246.125 ping fail
>ns4.sorbs.net. 78.153.202.24 ping OK
>ns5.sorbs.net. 72.12.198.241 ping fail
>ns1175.dns.dyn.com. 108.59.166.201 ping fail
>ns2174.dns.dyn.com. 108.59.168.201 ping fail
>ns3179.dns.dyn.com. 108.59.170.201 ping fail
>ns4151.dns.dyn.com. 108.59.172.201 ping fail
>ns9.sorbs.net. 169.48.121.207 ping OK
>rbldns10.sorbs.net. 185.87.186.55 ping OK
>rbldns7.sorbs.net. 88.208.216.85 ping fail
>rbldns0.sorbs.net. 113.52.8.50 ping fail
>rbldns17.sorbs.net. 210.50.3.173 ping fail
>rbldns3.sorbs.net. 74.208.146.124 ping fail
>rbldns16.sorbs.net. 74.53.186.252 ping fail
>rbldns8.sorbs.net. 89.150.195.2 ping fail
>rbldns4.sorbs.net. 78.153.202.22 ping OK
>rbldns15.sorbs.net. 87.106.246.154 ping fail
>rbldns2.sorbs.net. 72.12.198.247 ping OK
>rbldns18.sorbs.net. 72.12.198.248 ping OK
>rbldns14.sorbs.net. 194.134.35.168 ping fail
>rbldns12.sorbs.net. 74.208.146.124 ping fail
>rbldns13.sorbs.net. 113.52.8.157 ping fail
>rbldns6.sorbs.net. 194.134.35.204 ping fail
>rbldns1.sorbs.net. 78.153.202.21 ping OK
>rbldns11.sorbs.net. 216.12.212.155 ping fail
>rbldns9.sorbs.net. 169.48.121.206 ping OK
> 
> As any can see, some responds, and some not...
> 
> I do not know, if they are not accessible or have ICMP blocked, but i
> will expect, that if they block ICMP, they will block all not only some
> hosts.

Why are you instead not doing a dig against these ips?  It's clear you 
understand that ICMP may be blocked, so why not use a check method that 
actually uses the protocol you'd use to query them?

-Dan


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] sorbs DNS problems

[Slavko via mailop]

Hi,

for relative long time (some weeks) i have troubles with SORBS RBL. I do
not use it at MTA nor rspamd level, but only in my script, which i run
only manually when i need to inspect some IP status in depth, thus i
cannot exceed any limits.

But queries to SORBS (concrete to safe.dnsbl.sorbs.net) are sometime
success (in mean no timeout), but mostly fails with timeout (message
from my script):

safe.dnsbl.sorbs.net: The DNS operation timed out after
5.105137348175049 seconds

I collect related NS records and try to ping them from another IP
(different ISP), to be sure that they are not blocked by me nor by my
ISP, and results corresponds with my experiences:

ns0.sorbs.net. 113.52.8.11 ping fail
ns2.sorbs.net. 87.106.246.125 ping fail
ns4.sorbs.net. 78.153.202.24 ping OK
ns5.sorbs.net. 72.12.198.241 ping fail
ns1175.dns.dyn.com. 108.59.166.201 ping fail
ns2174.dns.dyn.com. 108.59.168.201 ping fail
ns3179.dns.dyn.com. 108.59.170.201 ping fail
ns4151.dns.dyn.com. 108.59.172.201 ping fail
ns9.sorbs.net. 169.48.121.207 ping OK
rbldns10.sorbs.net. 185.87.186.55 ping OK
rbldns7.sorbs.net. 88.208.216.85 ping fail
rbldns0.sorbs.net. 113.52.8.50 ping fail
rbldns17.sorbs.net. 210.50.3.173 ping fail
rbldns3.sorbs.net. 74.208.146.124 ping fail
rbldns16.sorbs.net. 74.53.186.252 ping fail
rbldns8.sorbs.net. 89.150.195.2 ping fail
rbldns4.sorbs.net. 78.153.202.22 ping OK
rbldns15.sorbs.net. 87.106.246.154 ping fail
rbldns2.sorbs.net. 72.12.198.247 ping OK
rbldns18.sorbs.net. 72.12.198.248 ping OK
rbldns14.sorbs.net. 194.134.35.168 ping fail
rbldns12.sorbs.net. 74.208.146.124 ping fail
rbldns13.sorbs.net. 113.52.8.157 ping fail
rbldns6.sorbs.net. 194.134.35.204 ping fail
rbldns1.sorbs.net. 78.153.202.21 ping OK
rbldns11.sorbs.net. 216.12.212.155 ping fail
rbldns9.sorbs.net. 169.48.121.206 ping OK

As any can see, some responds, and some not...

I do not know, if they are not accessible or have ICMP blocked, but i
will expect, that if they block ICMP, they will block all not only some
hosts.

Please, encounter someone else this? Are here some problems on their
side?

thanks

-- 
Slavko
https://www.slavino.sk


pgpkXHhusWEoI.pgp
Description: Digitálny podpis OpenPGP
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Mass of Spam from Linode Networks associated with wewe.global

[Jim Ackley via mailop]

Thanks to everyone who submitted an abuse report for this so far. Our Trust & 
Safety team is aware of an uptick of spam reports associated with wewe.global 
domains. We’re investigating each report we receive, so please keep them coming.

- Jim

-- 

Director of Customer Support Operations | Linode 

> On Mar 9, 2022, at 5:23 AM, Konstantin Filtschew / Qameta via mailop 
>  wrote:
> 
> Am 6. März 2022 um 13:25:42, Hans-Martin Mosner via mailop (mailop@mailop.org 
> ) schrieb:
>> Am 06.03.22 um 12:55 schrieb Konstantin Filtschew / Qameta via mailop:
>>> Hello,
>>> 
>>> I see a lot of spam comming to our systems from this Linode Networks since 
>>> 24.02.2022:
>>> 
>>> - 45.79.0.0/16
>>> - 172.104.0.0/15
>>> - 45.79.0.0/16
>>> - 192.46.224.0/21
>>> 
>>> 
>>> They are all associated with this domain:  wewe.global
>>> 
>>> So the problems with Linode customers sending emails to other networks are 
>>> maybe associated with this.
>>> 
>>> I’m happy to provide more information
>>> 
>> I've already notified Linode two or three times, and the spam stopped for a 
>> while, but resurfaced again. Looks like it is difficult to identify the 
>> spamming customer and prevent them from signing up in the first place, but 
>> without knowing to what extent KYC rules are in effect I can only guess.
>> 
>> For now I've blocked their IP ranges, we never got any meaningful mails from 
>> their linodeusercontent.com  servers.
>> 
>> Cheers,
>> Hans-Martin
>> 
>> ___
>> mailop mailing list
>> mailop@mailop.org 
>> https://list.mailop.org/listinfo/mailop 
>> 
> 
> Hello,
> 
> Thank you for answering. I’ve already contacted ab...@linode.com 
>  and sent them header examples as requested.
> 
> It’s all from linodeusercontent.com  related 
> servers as you have already said.
> 
> Have a nice day
> 
> Konstantin
> 
> ___
> mailop mailing list
> mailop@mailop.org 
> https://list.mailop.org/listinfo/mailop 
> 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop