Re: [mailop] Paper on email delivery/standards adoption
Thanks, Tobias, fo sharing! All the best, -C. -- Von meiner Hängematte aus gesendet. -Original Message- From: Tobias Fiebig via mailop To: mailop@mailop.org Sent: Mo., 13 Juni 2022 22:35 Subject: [mailop] Paper on email delivery/standards adoption Heho, Quiet some time ago i asked the list for some help in an ongoing email measurement study; The paper is now finally out and accepted. An open-access preprint can be found here: https://pure.mpg.de/rest/items/item_3384330_2/component/file_3388008/content I guess the most interesting result on this list is that the 'Email Camel' (after the DNS Camel) is more complex than... well, DNS. Anyway, figured it might be interesting for some on the list. With best regards, Tobias ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Paper on email delivery/standards adoption
Heho, Quiet some time ago i asked the list for some help in an ongoing email measurement study; The paper is now finally out and accepted. An open-access preprint can be found here: https://pure.mpg.de/rest/items/item_3384330_2/component/file_3388008/content I guess the most interesting result on this list is that the 'Email Camel' (after the DNS Camel) is more complex than... well, DNS. Anyway, figured it might be interesting for some on the list. With best regards, Tobias ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Email System Testing Methodologies?
Ahoj, Dňa Mon, 13 Jun 2022 14:36:24 +0100 Matthew Richardson via mailop napísal: > Slavko:- > >D?a 13. júna 2022 11:19:08 UTC pouívate? Matthew Richardson via > >mailop napísal: > > > >>One item to be aware of is that the outgoing servers (which return > >>the messages) do DANE validation, and thus will not deliver to any > >>servers with failed DANE. > > > >pleaee, is no DANE considered as failed DANE? (Only to be sure...) > > No (as Kurt observed), it will not send to servers which fail DANE > but will send to servers without DANE. Thanks to both ;-) I just tried it. The ed25519 signature are not supported and wrongly reported as permfail. Along with lack of DMARC result and questionable DANE policy makes it not very useful. There is better tool from Vienna University, which reports SPF, DKIM (both rsa & ed), DMARC and ARC results in similar simple txt response: e...@univie.ac.at regards -- Slavko https://www.slavino.sk pgp0BTem2hdn5.pgp Description: Digitálny podpis OpenPGP ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Curious, any one seeing fake SpamCop reports over the weekend?
Yeah, but doesn't really look like a replay attack.. If it is.. it is a broken one.. eg.. Received: from we.love.servers.at.ioflood.net (HELO we.love.servers.at.ioflood.net) (162.213.210.2) by *** with (ECDHE-RSA-AES256-GCM-SHA384 encrypted) SMTP (35ef20ac-eacb-11ec-9fd6-fffb8188a5a9); Sun, 12 Jun 2022 20:45:05 -0700 Received: from [216.38.8.191] (port=57551 helo=veeble.org) by silverlode.awsdns-33.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1o0b0i-000FcN-4R; Sun, 12 Jun 2022 20:45:04 -0700 From: SpamCop - Sergey Fedyushkin To: Subject: [SpamCop Abuse Report 172.66.40.177) id: 451083686] Spam Only clue it might be, is the friendly name is the same for all of them, no matter what the source/sender address. On 2022-06-13 08:34, Richard W via mailop wrote: I suspect this is a virus that is pulling subject lines and email addresses from the infected computer and sending the spam to those. I've heard of quite a few receiving 'spamcop' related ones. I've been receiving a number from other various abuse and role addresses with different subjects for a few week. Usually has a attachment, I suspect trying to spread itself. And the report numbers in the links are so old I can't even look up when they were sent or to who. We only hang on for 90 days. Richard On 2022-06-13 9:10 a.m., Michael Peddemors via mailop wrote: Real strange, fake abuse addresses.. ab...@singlehop.com abuset...@veeble.org Spamcop links are to 404.. Just not sure how the content can be malicous, maybe it is just a broken system over the weekend? Reporting one of our addresses as the authenticated address, but shows it coming from a CloudFlare IP.. And looks to have forged information. Any one else notice it over the weekend? ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Curious, any one seeing fake SpamCop reports over the weekend?
I suspect this is a virus that is pulling subject lines and email addresses from the infected computer and sending the spam to those. I've heard of quite a few receiving 'spamcop' related ones. I've been receiving a number from other various abuse and role addresses with different subjects for a few week. Usually has a attachment, I suspect trying to spread itself. And the report numbers in the links are so old I can't even look up when they were sent or to who. We only hang on for 90 days. Richard On 2022-06-13 9:10 a.m., Michael Peddemors via mailop wrote: Real strange, fake abuse addresses.. ab...@singlehop.com abuset...@veeble.org Spamcop links are to 404.. Just not sure how the content can be malicous, maybe it is just a broken system over the weekend? Reporting one of our addresses as the authenticated address, but shows it coming from a CloudFlare IP.. And looks to have forged information. Any one else notice it over the weekend? ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Curious, any one seeing fake SpamCop reports over the weekend?
Real strange, fake abuse addresses.. ab...@singlehop.com abuset...@veeble.org Spamcop links are to 404.. Just not sure how the content can be malicous, maybe it is just a broken system over the weekend? Reporting one of our addresses as the authenticated address, but shows it coming from a CloudFlare IP.. And looks to have forged information. Any one else notice it over the weekend? -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Email System Testing Methodologies?
Slavko:- >D?a 13. júna 2022 11:19:08 UTC pouívate? Matthew Richardson via mailop > napísal: > >>One item to be aware of is that the outgoing servers (which return the >>messages) do DANE validation, and thus will not deliver to any servers with >>failed DANE. > >pleaee, is no DANE considered as failed DANE? (Only to be sure...) No (as Kurt observed), it will not send to servers which fail DANE but will send to servers without DANE. For anyone interested, the relevant Postfix setting is:- smtp_tls_security_level = dane Also, the inbound servers have TLSA records published. I have been wondering for a while whether a test server, running an address like p...@stamper.itconsult.co.uk, but with deliberately failing DANE would be useful for testing things. If it gives a reply, then the DANE is not being tested properly. -- Best wishes, Matthew ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Email System Testing Methodologies?
Hello, > >One item to be aware of is that the outgoing servers (which return the > >messages) do DANE validation, and thus will not deliver to any servers with > >failed DANE. > > pleaee, is no DANE considered as failed DANE? (Only to be sure...) No -- I just tested and I have no DANE on my mailserver 8-} -- p...@opsec.eu+49 171 3101372Now what ? ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Email System Testing Methodologies?
Hi, Dňa 13. júna 2022 11:19:08 UTC používateľ Matthew Richardson via mailop napísal: >One item to be aware of is that the outgoing servers (which return the >messages) do DANE validation, and thus will not deliver to any servers with >failed DANE. pleaee, is no DANE considered as failed DANE? (Only to be sure...) regards Slavko ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Barracuda DKIM checker reports invalid signature
Hi Sebastien > One common issue is Canonicalization. Try setting your to relaxed/relaxed and > it solves many issues. Many of these things "downconvert" the emails into > 7BITMIME and also munge certain whitespace characters, which can b0rk the > signatures. > > So try setting to relaxed/relaxed and see what happens. Thank you for that hint! Tested with an affected customer. Barracuda now also accepts the signature we generate as valid. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] OVH contact required - 54.38.34.203 - vps-28239cc9.vps.ovh.net
Did you tried https://www.ovh.com/abuse/#!/ ? Le lun. 13 juin 2022 à 13:31, Dima Gomonyk via mailop a écrit : > A VPS on 54.38.34.203 IP - vps-28239cc9.vps.ovh.net host is doing > something stupid and quite bad - spoofing a bunch of domains, including > some I'm overseeing. > > abuse@, postmaster@, hostmaster@ addresses of the OVH are not responding > over the last two weeks. Would be grateful for a contact, or ping me > directly if you're from OVH. > -- > *Dima Gomonyk* > > *Email Deliverability Specialist, SMTP * > > > This email, its contents and attachments contain information from Ziff > Davis, Inc. and/or its affiliates which may be privileged, confidential or > otherwise protected from disclosure. The information is intended to be for > the addressee(s) only. If you are not an addressee, any disclosure, copy, > distribution or use of the contents of this message is prohibited. If you > have received this email in error, please notify the sender by reply email > and delete the original message and any copies. > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Email System Testing Methodologies?
Jesse Hathaway:- >I am working on some architectural changes to our email systems at the >Wikimedia Foundation[1] and I am a bit befuddled as to the best way to >test changes to the current system. As you all are all aware email is a >distrubted system which encompases a wide variety of protocols. Ideally >I would like to know that our system behaves as expected with regards >to: mail routing, spam detection, and spam avoidance (SPF, DKIM, ARC). >Do folks have any suggestions on methods or systems to do this type of >whole system testing? Yours kindly, Jesse Hathaway > >[1]: https://wikitech.wikimedia.org/wiki/Email_System_Revamp Another gadget to test SPF/DKIM on outgoing messages is our p...@stamper.itconsult.co.uk. It replies with the headers it received, which will include our system's checks of the incoming SPF & DKIM. It will work (and report) if either or both fail. It does not (currently) do any DMARC checking. One item to be aware of is that the outgoing servers (which return the messages) do DANE validation, and thus will not deliver to any servers with failed DANE. -- Best wishes, Matthew ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] OVH contact required - 54.38.34.203 - vps-28239cc9.vps.ovh.net
A VPS on 54.38.34.203 IP - vps-28239cc9.vps.ovh.net host is doing something stupid and quite bad - spoofing a bunch of domains, including some I'm overseeing. abuse@, postmaster@, hostmaster@ addresses of the OVH are not responding over the last two weeks. Would be grateful for a contact, or ping me directly if you're from OVH. -- *Dima Gomonyk* /Email Deliverability Specialist, SMTP / -- This email, its contents and attachments contain information from Ziff Davis, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution or use of the contents of this message is prohibited. If you have received this email in error, please notify the sender by reply email and delete the original message and any copies. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Barracuda DKIM checker reports invalid signature
One common issue is Canonicalization. Try setting your to relaxed/relaxed and it solves many issues. Many of these things "downconvert" the emails into 7BITMIME and also munge certain whitespace characters, which can b0rk the signatures. So try setting to relaxed/relaxed and see what happens. -Ursprungligt meddelande- Från: Benoit Panizzon via mailop Skickat: den 13 juni 2022 11:00 Till: mailop Ämne: [mailop] Barracuda DKIM checker reports invalid signature Hi Gang Maybe I could ask for some help here... We have a DKIM issue with recipients which use Anti-Spam Products from Barracuda Networks. All tests we could find, confirm that we configured Domainkey correctly for the domain imp.ch and signatures are valid. Google is happy with our signatures. Still on recipients using Barracuda, our emails get tagged as 'spam' because: X-ASG-Block: DomainKeys (Invalid signature (imp.ch)) We asked a customer to open a case with Barracuda and all what they returned was, that our signature is invalid, which we know, is not the case. Does anyone know, what could cause Barracuda to fail checking our Domainkey signature? (this email should also be signed). Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Barracuda DKIM checker reports 'invalid signature'
Hi Gang Maybe I could ask for some help here... We have a DKIM issue with recipients which use Anti-Spam Products from Barracuda Networks. All tests we could find, confirm that we configured Domainkey correctly for the domain imp.ch and signatures are valid. Google is happy with our signatures. Still on recipients using Barracuda, our emails get tagged as 'spam' because: X-ASG-Block: DomainKeys (Invalid signature (imp.ch)) We asked a customer to open a case with Barracuda and all what they returned was, that our signature is invalid, which we know, is not the case. Does anyone know, what could cause Barracuda to fail checking our Domainkey signature? (this email should also be signed). Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop