Re: [mailop] [EXT] - Re: [EXT] - Dkim fails, success on same email?

[Salvatore Jr Walter P via mailop]

Well I have been speaking to 2 different vendors on this so hopefully they can 
get this straightened out. It sucks having no control and having to wait on 
vendors, who where supposed to have already done this.

From: mailop  On Behalf Of Mark Alley via mailop
Sent: Tuesday, June 20, 2023 1:05 PM
To: mailop@mailop.org
Subject: [EXT] - Re: [mailop] [EXT] - Dkim fails, success on same email?



You'll need to add the DKIM selector (and key) Sophos generated for you to your 
external DNS provider so that other receivers can resolve the key, which 
enables them to validate messages signed by your email filter.

- Mark Alley
On 6/20/2023 11:53 AM, Salvatore Jr Walter P via mailop wrote:
OK, we are still having issues with this.
We are using Sophos as an email gateway.
They generated a DKIM record and are telling us we need to send that to our 
domain registrar to add it to our DNS records?
Is this correct? I understood DKIM was server side only?

From: mailop  On 
Behalf Of Salvatore Jr Walter P via mailop
Sent: Friday, June 16, 2023 2:06 PM
To: 'mailop@mailop.org' 

Subject: [EXT] - [mailop] Dkim fails, success on same email?

Getting reports back from several ISPs like the one below. It shows dkim 
failing for the IP, but successful for the domain? The domain 
“mail-dkim-us-west-2.prod.hydra.sophos.com” uses multiple IPs, On
sophospsmartbannerend
Getting reports back from several ISPs like the one below.
It shows dkim failing for the IP, but successful for the domain?
The domain “mail-dkim-us-west-2.prod.hydra.sophos.com” uses multiple IPs,
One of which is “198.154.181.72”. We do receive failures on all other IPs as 
well.
Is this an actual issue or something we can ignore?



198.154.181.72
1

none
fail
pass



warwickri.gov



mail-dkim-us-west-2.prod.hydra.sophos.com
v1
pass


warwickri.gov
pass







___

mailop mailing list

mailop@mailop.org

https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Twitter DKIM/DMARC Fails

[Tom Bartel via mailop]

Interesting find, thanks!

On Tue, Jun 20, 2023 at 10:35 AM Mark Alley via mailop 
wrote:

> Looks specific to several of their NS' in the "u06" subdomain. Everything
> returned from the "r06" servers resolves correctly.
>
> a.u06.twtrdns.net
>
> b.u06.twtrdns.net
>
> c.u06.twtrdns.net
>
> d.u06.twtrdns.net
> On 6/20/2023 11:17 AM, Tom Bartel via mailop wrote:
>
> Twitter seems to have copy/pasted quoted string into "some" of the DNS
> servers such that were logging copious errors. Anyone else seeing this?
> Bad record:
>
> dig dkim-201406._domainkey.twitter.com txt
>
> ; <<>> DiG 9.10.6 <<>> dkim-201406._domainkey.twitter.com txt
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1956
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4000
> ;; QUESTION SECTION:
> ;dkim-201406._domainkey.twitter.com. IN   TXT
>
> ;; ANSWER SECTION:
> dkim-201406._domainkey.twitter.com. 60 IN TXT "\"v=DKIM1; 
> p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe34ubzrMzM9sT0XVkcc3UXd7W+EHCyHoqn70l2AxXox52lAZzH/UnKwAoO+5qsuP7T9QOifIJ9ddNH9lEQ95Y/GdHBsPLGdgSJIs95mXNxscD6MSyejpenMGL9TPQAcxfqY5xPViZ+1wA1qcr\"
>  \"yjdZKRqf1f4fpMY+x3b8k7H5Qyf/Smz0sv4xFsx1r+THNIz0rz" 
> "k2LO3GvE0f1ybp6P+5eAelYU4mGeZQqsKw/eB20I3jHWEyGrXuvzB67nt6ddI+N2eD5K38wg/aSytOsb5O+bUSEe7P0zx9ebRRVknCD6uuqG3gSmQmttlD5OrMWSXzrPIXe8eTBaaPd+e/jfxwIDAQAB\""
>
> ;; Query time: 170 msec
> ;; SERVER: 10.1.5.4#53(10.1.5.4)
> ;; WHEN: Tue Jun 20 12:08:03 -03 2023
> ;; MSG SIZE  rcvd: 485
>
> Bad record:
>
> dig dkim-201406._domainkey.twitter.com txt +short
> "\"v=DKIM1; 
> p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe34ubzrMzM9sT0XVkcc3UXd7W+EHCyHoqn70l2AxXox52lAZzH/UnKwAoO+5qsuP7T9QOifIJ9ddNH9lEQ95Y/GdHBsPLGdgSJIs95mXNxscD6MSyejpenMGL9TPQAcxfqY5xPViZ+1wA1qcr\"
>  \"yjdZKRqf1f4fpMY+x3b8k7H5Qyf/Smz0sv4xFsx1r+THNIz0rz" 
> "k2LO3GvE0f1ybp6P+5eAelYU4mGeZQqsKw/eB20I3jHWEyGrXuvzB67nt6ddI+N2eD5K38wg/aSytOsb5O+bUSEe7P0zx9ebRRVknCD6uuqG3gSmQmttlD5OrMWSXzrPIXe8eTBaaPd+e/jfxwIDAQAB\""
>
> Good record:
>
> dig dkim-201406._domainkey.twitter.com txt
>
> ; <<>> DiG 9.10.6 <<>> dkim-201406._domainkey.twitter.com txt
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25524
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4000
> ;; QUESTION SECTION:
> ;dkim-201406._domainkey.twitter.com. IN   TXT
>
> ;; ANSWER SECTION:
> dkim-201406._domainkey.twitter.com. 6 IN TXT  "v=DKIM1; 
> p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe34ubzrMzM9sT0XVkcc3UXd7W+EHCyHoqn70l2AxXox52lAZzH/UnKwAoO+5qsuP7T9QOifIJ9ddNH9lEQ95Y/GdHBsPLGdgSJIs95mXNxscD6MSyejpenMGL9TPQAcxfqY5xPViZ+1wA1qcr"
>  
> "yjdZKRqf1f4fpMY+x3b8k7H5Qyf/Smz0sv4xFsx1r+THNIz0rzk2LO3GvE0f1ybp6P+5eAelYU4mGeZQqsKw/eB20I3jHWEyGrXuvzB67nt6ddI+N2eD5K38wg/aSytOsb5O+bUSEe7P0zx9ebRRVknCD6uuqG3gSmQmttlD5OrMWSXzrPIXe8eTBaaPd+e/jfxwIDAQAB"
>
> ;; Query time: 191 msec
> ;; SERVER: 10.1.5.4#53(10.1.5.4)
> ;; WHEN: Tue Jun 20 12:03:30 -03 2023
> ;; MSG SIZE  rcvd: 480
>
> Good record:
>
> dig scph0618._domainkey.i.drop.com txt +short
> "v=DKIM1; k=rsa; h=sha256; 
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsj4i57bbiuDFupkAlTYX3E/DD6eq+kcr3KQ5MnbdIXIUYTC1cJ0AhMCv2HHJxztIsFt6HlQUF2GOVrxKX3UUibf9Gmum7GHVqms5/Ok+2m1/sRqOcqYwR4Xt67N5cyiTViURMuWcUOK5bTp3+WQR8/FjlUXPvTdhma7Rvs4qznwIDAQAB"
>
>
> --
> Phone: 303.517.9655
> Instagram: https://instagram.com/bartel_photo
>
> "Life's most persistent and urgent question is, 'What are you doing for
> others?'" - Martin Luther King Jr.
>
> ___
> mailop mailing listmailop@mailop.orghttps://list.mailop.org/listinfo/mailop
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>


-- 
Phone: 303.517.9655
Instagram: https://instagram.com/bartel_photo

"Life's most persistent and urgent question is, 'What are you doing for
others?'" - Martin Luther King Jr.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Strange mail delivery from microsoft

[John Levine via mailop]

It appears that Klaus Ethgen via mailop  said:
>Well, it is for a reason. Microsoft is one of the most prominent spam
>sender. I don't want that they try to deliver mar...@ethgen.ch or
>k...@ethgen.ch, they do not exist as well as all that other spammers.

Well, yeah, they send me almost as much spam as Gmail does.  I'm not sure
what point you are making.

I hope you are aware that MS, like Google, provides mail hosting for
vast numbers of companies.  There is way more mail coming from MS
servers than hotmail.com or outlook.com, just like there is way more
coming from Gmail than from gmail.com.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXT] - Dkim fails, success on same email?

[Mark Alley via mailop]

On 6/20/2023 12:20 PM, Benny Pedersen via mailop wrote:

Mark Alley via mailop skrev den 2023-06-20 19:05:

You'll need to add the DKIM selector (and key) Sophos generated for
you to your external DNS provider so that other receivers can resolve
the key, which enables them to validate messages signed by your email
filter.


if sophos like to change custommers dns, then sophos is loosing


How does one expect another (external) mail server to resolve your 
public key if by not adding it to external DNS? Key-telepathy?
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXT] - Dkim fails, success on same email?

[Benny Pedersen via mailop]

Mark Alley via mailop skrev den 2023-06-20 19:05:

You'll need to add the DKIM selector (and key) Sophos generated for
you to your external DNS provider so that other receivers can resolve
the key, which enables them to validate messages signed by your email
filter.


if sophos like to change custommers dns, then sophos is loosing

all that is required for another forward host is to ARC-Sign/ARC-Seal 
before breaking dkim if valid dkim cant be preserved otherwize


or start another way, do ATPS signing, if sophos is pro that should not 
be a problem


proff is this maillist here breaks dkim, so mailop also fails



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXT] - Dkim fails, success on same email?

[Mark Alley via mailop]

You'll need to add the DKIM selector (and key) Sophos generated for you 
to your external DNS provider so that other receivers can resolve the 
key, which enables them to validate messages signed by your email filter.


- Mark Alley

On 6/20/2023 11:53 AM, Salvatore Jr Walter P via mailop wrote:


OK, we are still having issues with this.

We are using Sophos as an email gateway.

They generated a DKIM record and are telling us we need to send that 
to our domain registrar to add it to our DNS records?


Is this correct? I understood DKIM was server side only?

*From:* mailop  *On Behalf Of *Salvatore Jr 
Walter P via mailop

*Sent:* Friday, June 16, 2023 2:06 PM
*To:* 'mailop@mailop.org' 
*Subject:* [EXT] - [mailop] Dkim fails, success on same email?

Getting reports back from several ISPs like the one below. It shows 
dkim failing for the IP, but successful for the domain? The domain 
“mail-dkim-us-west-2.prod.hydra.sophos.com” uses multiple IPs, On


sophospsmartbannerend

Getting reports back from several ISPs like the one below.

It shows dkim failing for the IP, but successful for the domain?

The domain “mail-dkim-us-west-2.prod.hydra.sophos.com” uses multiple IPs,

One of which is “198.154.181.72”. We do receive failures on all other 
IPs as well.


Is this an actual issue or something we can ignore?





198.154.181.72

1



none

fail

pass







warwickri.gov







mail-dkim-us-west-2.prod.hydra.sophos.com

v1

pass





warwickri.gov

pass








___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXT] - Dkim fails, success on same email?

[Salvatore Jr Walter P via mailop]

OK, we are still having issues with this.
We are using Sophos as an email gateway.
They generated a DKIM record and are telling us we need to send that to our 
domain registrar to add it to our DNS records?
Is this correct? I understood DKIM was server side only?

From: mailop  On Behalf Of Salvatore Jr Walter P via 
mailop
Sent: Friday, June 16, 2023 2:06 PM
To: 'mailop@mailop.org' 
Subject: [EXT] - [mailop] Dkim fails, success on same email?


Getting reports back from several ISPs like the one below.
It shows dkim failing for the IP, but successful for the domain?
The domain "mail-dkim-us-west-2.prod.hydra.sophos.com" uses multiple IPs,
One of which is "198.154.181.72". We do receive failures on all other IPs as 
well.
Is this an actual issue or something we can ignore?



198.154.181.72
1

none
fail
pass



warwickri.gov



mail-dkim-us-west-2.prod.hydra.sophos.com
v1
pass


warwickri.gov
pass




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Twitter DKIM/DMARC Fails

[Mark Alley via mailop]

Looks specific to several of their NS' in the "u06" subdomain. 
Everything returned from the "r06" servers resolves correctly.


a.u06.twtrdns.net

b.u06.twtrdns.net

c.u06.twtrdns.net

d.u06.twtrdns.net

On 6/20/2023 11:17 AM, Tom Bartel via mailop wrote:
Twitter seems to have copy/pasted quoted string into "some" of the DNS 
servers such that were logging copious errors. Anyone else seeing this?

Bad record:
dig dkim-201406._domainkey.twitter.com    txt

; <<>> DiG 9.10.6 <<>> dkim-201406._domainkey.twitter.com  
  txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1956
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;dkim-201406._domainkey.twitter.com  . IN   TXT

;; ANSWER SECTION:
dkim-201406._domainkey.twitter.com  . 60 IN TXT "\"v=DKIM1; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe34ubzrMzM9sT0XVkcc3UXd7W+EHCyHoqn70l2AxXox52lAZzH/UnKwAoO+5qsuP7T9QOifIJ9ddNH9lEQ95Y/GdHBsPLGdgSJIs95mXNxscD6MSyejpenMGL9TPQAcxfqY5xPViZ+1wA1qcr\"
 \"yjdZKRqf1f4fpMY+x3b8k7H5Qyf/Smz0sv4xFsx1r+THNIz0rz" 
"k2LO3GvE0f1ybp6P+5eAelYU4mGeZQqsKw/eB20I3jHWEyGrXuvzB67nt6ddI+N2eD5K38wg/aSytOsb5O+bUSEe7P0zx9ebRRVknCD6uuqG3gSmQmttlD5OrMWSXzrPIXe8eTBaaPd+e/jfxwIDAQAB\""

;; Query time: 170 msec
;; SERVER: 10.1.5.4#53(10.1.5.4)
;; WHEN: Tue Jun 20 12:08:03 -03 2023
;; MSG SIZE  rcvd: 485
Bad record:
dig dkim-201406._domainkey.twitter.com    txt 
+short
"\"v=DKIM1; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe34ubzrMzM9sT0XVkcc3UXd7W+EHCyHoqn70l2AxXox52lAZzH/UnKwAoO+5qsuP7T9QOifIJ9ddNH9lEQ95Y/GdHBsPLGdgSJIs95mXNxscD6MSyejpenMGL9TPQAcxfqY5xPViZ+1wA1qcr\"
 \"yjdZKRqf1f4fpMY+x3b8k7H5Qyf/Smz0sv4xFsx1r+THNIz0rz" 
"k2LO3GvE0f1ybp6P+5eAelYU4mGeZQqsKw/eB20I3jHWEyGrXuvzB67nt6ddI+N2eD5K38wg/aSytOsb5O+bUSEe7P0zx9ebRRVknCD6uuqG3gSmQmttlD5OrMWSXzrPIXe8eTBaaPd+e/jfxwIDAQAB\""
Good record:
dig dkim-201406._domainkey.twitter.com    txt

; <<>> DiG 9.10.6 <<>> dkim-201406._domainkey.twitter.com  
  txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25524
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;dkim-201406._domainkey.twitter.com  . IN   TXT

;; ANSWER SECTION:
dkim-201406._domainkey.twitter.com  . 6 IN TXT  "v=DKIM1; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe34ubzrMzM9sT0XVkcc3UXd7W+EHCyHoqn70l2AxXox52lAZzH/UnKwAoO+5qsuP7T9QOifIJ9ddNH9lEQ95Y/GdHBsPLGdgSJIs95mXNxscD6MSyejpenMGL9TPQAcxfqY5xPViZ+1wA1qcr"
 
"yjdZKRqf1f4fpMY+x3b8k7H5Qyf/Smz0sv4xFsx1r+THNIz0rzk2LO3GvE0f1ybp6P+5eAelYU4mGeZQqsKw/eB20I3jHWEyGrXuvzB67nt6ddI+N2eD5K38wg/aSytOsb5O+bUSEe7P0zx9ebRRVknCD6uuqG3gSmQmttlD5OrMWSXzrPIXe8eTBaaPd+e/jfxwIDAQAB"

;; Query time: 191 msec
;; SERVER: 10.1.5.4#53(10.1.5.4)
;; WHEN: Tue Jun 20 12:03:30 -03 2023
;; MSG SIZE  rcvd: 480
Good record:
dig scph0618._domainkey.i.drop.com    txt +short
"v=DKIM1; k=rsa; h=sha256; 
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsj4i57bbiuDFupkAlTYX3E/DD6eq+kcr3KQ5MnbdIXIUYTC1cJ0AhMCv2HHJxztIsFt6HlQUF2GOVrxKX3UUibf9Gmum7GHVqms5/Ok+2m1/sRqOcqYwR4Xt67N5cyiTViURMuWcUOK5bTp3+WQR8/FjlUXPvTdhma7Rvs4qznwIDAQAB"

--
Phone: 303.517.9655
Instagram: https://instagram.com/bartel_photo

"Life's most persistent and urgent question is, 'What are you doing 
for others?'" - Martin Luther King Jr.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Twitter DKIM/DMARC Fails

[Tom Bartel via mailop]

Twitter seems to have copy/pasted quoted string into "some" of the DNS
servers such that were logging copious errors. Anyone else seeing this?
Bad record:

dig dkim-201406._domainkey.twitter.com txt

; <<>> DiG 9.10.6 <<>> dkim-201406._domainkey.twitter.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1956
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;dkim-201406._domainkey.twitter.com. IN TXT

;; ANSWER SECTION:
dkim-201406._domainkey.twitter.com. 60 IN TXT   "\"v=DKIM1;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe34ubzrMzM9sT0XVkcc3UXd7W+EHCyHoqn70l2AxXox52lAZzH/UnKwAoO+5qsuP7T9QOifIJ9ddNH9lEQ95Y/GdHBsPLGdgSJIs95mXNxscD6MSyejpenMGL9TPQAcxfqY5xPViZ+1wA1qcr\"
\"yjdZKRqf1f4fpMY+x3b8k7H5Qyf/Smz0sv4xFsx1r+THNIz0rz"
"k2LO3GvE0f1ybp6P+5eAelYU4mGeZQqsKw/eB20I3jHWEyGrXuvzB67nt6ddI+N2eD5K38wg/aSytOsb5O+bUSEe7P0zx9ebRRVknCD6uuqG3gSmQmttlD5OrMWSXzrPIXe8eTBaaPd+e/jfxwIDAQAB\""

;; Query time: 170 msec
;; SERVER: 10.1.5.4#53(10.1.5.4)
;; WHEN: Tue Jun 20 12:08:03 -03 2023
;; MSG SIZE  rcvd: 485

Bad record:

dig dkim-201406._domainkey.twitter.com txt +short
"\"v=DKIM1; 
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe34ubzrMzM9sT0XVkcc3UXd7W+EHCyHoqn70l2AxXox52lAZzH/UnKwAoO+5qsuP7T9QOifIJ9ddNH9lEQ95Y/GdHBsPLGdgSJIs95mXNxscD6MSyejpenMGL9TPQAcxfqY5xPViZ+1wA1qcr\"
\"yjdZKRqf1f4fpMY+x3b8k7H5Qyf/Smz0sv4xFsx1r+THNIz0rz"
"k2LO3GvE0f1ybp6P+5eAelYU4mGeZQqsKw/eB20I3jHWEyGrXuvzB67nt6ddI+N2eD5K38wg/aSytOsb5O+bUSEe7P0zx9ebRRVknCD6uuqG3gSmQmttlD5OrMWSXzrPIXe8eTBaaPd+e/jfxwIDAQAB\""

Good record:

dig dkim-201406._domainkey.twitter.com txt

; <<>> DiG 9.10.6 <<>> dkim-201406._domainkey.twitter.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25524
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;dkim-201406._domainkey.twitter.com. IN TXT

;; ANSWER SECTION:
dkim-201406._domainkey.twitter.com. 6 IN TXT"v=DKIM1;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe34ubzrMzM9sT0XVkcc3UXd7W+EHCyHoqn70l2AxXox52lAZzH/UnKwAoO+5qsuP7T9QOifIJ9ddNH9lEQ95Y/GdHBsPLGdgSJIs95mXNxscD6MSyejpenMGL9TPQAcxfqY5xPViZ+1wA1qcr"
"yjdZKRqf1f4fpMY+x3b8k7H5Qyf/Smz0sv4xFsx1r+THNIz0rzk2LO3GvE0f1ybp6P+5eAelYU4mGeZQqsKw/eB20I3jHWEyGrXuvzB67nt6ddI+N2eD5K38wg/aSytOsb5O+bUSEe7P0zx9ebRRVknCD6uuqG3gSmQmttlD5OrMWSXzrPIXe8eTBaaPd+e/jfxwIDAQAB"

;; Query time: 191 msec
;; SERVER: 10.1.5.4#53(10.1.5.4)
;; WHEN: Tue Jun 20 12:03:30 -03 2023
;; MSG SIZE  rcvd: 480

Good record:

dig scph0618._domainkey.i.drop.com txt +short
"v=DKIM1; k=rsa; h=sha256;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsj4i57bbiuDFupkAlTYX3E/DD6eq+kcr3KQ5MnbdIXIUYTC1cJ0AhMCv2HHJxztIsFt6HlQUF2GOVrxKX3UUibf9Gmum7GHVqms5/Ok+2m1/sRqOcqYwR4Xt67N5cyiTViURMuWcUOK5bTp3+WQR8/FjlUXPvTdhma7Rvs4qznwIDAQAB"


-- 
Phone: 303.517.9655
Instagram: https://instagram.com/bartel_photo

"Life's most persistent and urgent question is, 'What are you doing for
others?'" - Martin Luther King Jr.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

[John Levine via mailop]

It appears that Mike Hillyer via mailop  said:
>There is nothing broken about it, any large-scale sending environment has 
>pools of IP addresses for deliveries, and when a message comes
>out of the delayed queue it is typically loaded back into the pool, where it 
>is randomly assigned to an IP for its delivery attempt.

Right.  In my greylister I accept any retry from the same /24 which seems to 
work well enough.

Anyone who expects retries from the identical IP doesn't have a very
clear idea about how large mail systems work.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

[Benny Pedersen via mailop]

Jay Hennigan via mailop skrev den 2023-06-20 17:46:

On 6/19/23 13:55, Michael Wise via mailop wrote:
If you're using GreyListing, know that a given email will not be 
coming from the same IP address twice.


The outgoing IP address is randomized for ... reasons.


Because if you reuse the same IP address, your legs will sink through
the snow past your knees?


later users will create a iglo :)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

[Jay Hennigan via mailop]

On 6/19/23 13:55, Michael Wise via mailop wrote:
If you're using GreyListing, know that a given email will not be coming 
from the same IP address twice.


The outgoing IP address is randomized for ... reasons.


Because if you reuse the same IP address, your legs will sink through 
the snow past your knees?


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

[Michael Rathbun via mailop]

On Tue, 20 Jun 2023 10:26:22 -0400, Bill Cole via mailop 
wrote:

>> That is absolutely ignorant to tell the people that you do mail in a
>> broken way and tell them it is for a reason, you don't want to tell.
>
>Sharing an outbound queue amongst many different machines is not 
>"broken" in any way. There may or may not be rock-solid simple 
>explanations for *WHY* that approach was chosen, but it is entirely a 
>local issue of purely local concern. There is no RFC asserting that 
>retries after a transient rejection should come from the same cliuent 
>IP.

One rock-solid simple explanation is that, for a multi-IP sending instance,
random IP selection in the routing rule delivers more reliably than binding a
particular message to the VMTA that first attempted to send it.  Sometimes
quirky things happen, and we will see that the customer delivers to Y! or
Hotmail et al. on three of their four IPs without incident, and sees zero
complaints and an open rate varying between 35% and 55%.  The remaining IP
enjoys complete blockage for $REASONS.

The brokenness is introduced by giving a false response at the first knock.

mdr
-- 
 "There are no laws here, only agreements."  
-- Masahiko

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

[Mike Hillyer via mailop]

There is nothing broken about it, any large-scale sending environment has pools 
of IP addresses for deliveries, and when a message comes out of the delayed 
queue it is typically loaded back into the pool, where it is randomly assigned 
to an IP for its delivery attempt.

The only time you should be seeing the same IP from a large-scale sending 
environment is if the tenant is using a single dedicated IP. If that tenant has 
multiple dedicated IPs, they will likely be used in a pool again.

And biggest spam provider? The reason most global statistics are done on a 
per-capita basis is because otherwise a large country like China would be the 
top in every category. What matters is what percentage of the population is in 
a certain demographic, so of course Microsoft has a non-trivial amount of 
malicious messages, they send an extremely large amount of mail. The more 
important question is what percentage of it is spam, and what they are doing 
about it.

Microsoft isn't some deceptive organization with a target market of spammers, 
it's a collection of people acting in good faith and doing their best to deal 
with a significant challenge, show a little empathy rather than treat them like 
the spam reaching your network is some kind of malicious plot.

Mike

-Original Message-
From: mailop  On Behalf Of Klaus Ethgen via mailop
Sent: Tuesday, June 20, 2023 2:45 AM
To: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

Am Mo den 19. Jun 2023 um 21:55 schrieb Michael Wise via mailop:
> If you're using GreyListing, know that a given email will not be coming from 
> the same IP address twice.
> 
> The outgoing IP address is randomized for ... reasons.

I substitute "no".

That is absolutely ignorant to tell the people that you do mail in a broken way 
and tell them it is for a reason, you don't want to tell.

On the same time being one of the biggest spam provider.

Gruß
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Port 25 Pingback?

[John Possidente via mailop]

Thanks everyone. This has both clarified the question and answered it
(them).

Mike: Yes, 'host' is the term I should have used.

Denny: That very well might be what the mailer was referring to. I'll read
up on it before answering them

John




On Mon, Jun 19, 2023 at 8:46 AM Denny Watson via mailop 
wrote:

> On 6/16/2023, John Possidente via mailop wrote:
> > A sender of legally mandated bulk mail who are very conscious of making
> > sure they're dotting every i and crossing every t (because they're
> > required to) asked me today whether port 25 pingback is still necessary.
> > I immediately thought, "Of course not," but on second thought (before
> > speaking, yay) realized that maybe I'm wrong.
> >
> > Does anyplace still reject mail from sources that don't answer on port
> 25?
>
> Do you mean this?  https://en.wikipedia.org/wiki/Callback_verification
> .. or something else?
>
> --
> Denny Watson
> Lead Investigator
> The Spamhaus Project
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

[Bill Cole via mailop]

On 2023-06-20 at 02:45:04 UTC-0400 (Tue, 20 Jun 2023 07:45:04 +0100)
Klaus Ethgen via mailop 
is rumored to have said:


Am Mo den 19. Jun 2023 um 21:55 schrieb Michael Wise via mailop:
If you're using GreyListing, know that a given email will not be 
coming from the same IP address twice.


The outgoing IP address is randomized for ... reasons.


I substitute "no".

That is absolutely ignorant to tell the people that you do mail in a
broken way and tell them it is for a reason, you don't want to tell.


Sharing an outbound queue amongst many different machines is not 
"broken" in any way. There may or may not be rock-solid simple 
explanations for *WHY* that approach was chosen, but it is entirely a 
local issue of purely local concern. There is no RFC asserting that 
retries after a transient rejection should come from the same cliuent 
IP.


Greylisting, in contrast, is designed as breakage. It is breakage that 
is handled well by the most common behaviors of small to medium sized 
sending systems, but those behaviors are purely a matter of convenience. 
Greylisting is an intrinsically heuristic practice, because you need to 
adapt it to what works rather than having some standard spec that you 
can count on interoperating.



On the same time being one of the biggest spam provider.


Which is a direct consequence of what they've done to become the biggest 
commercial mailbox provider.


Microsoft has no history of doing what non-paying non-customers think 
they should do, especially if it possible for them to perceive such 
deadbeats to be competitors. If you run a mail server, Microsoft will at 
some point treat you as a competitor rather than as a partner. Do not 
expect anything else.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Liberomail back to normal

[Mathieu Girol via mailop]

Hi Mailop community,

You may have noticed that libero and virgilio suffered an incident last week 
that have raised bounces and latency when trying to deliver emails at their 
domains.

The situation is now back to normal, you can send normally.

Mathieu on behalf of the Italiaonline team

Disclaimer

The information contained in this communication from the sender is 
confidential. It is intended solely for use by the recipient and others 
authorized to receive it. If you are not the recipient, you are hereby notified 
that any disclosure, copying, distribution or taking action in relation of the 
contents of this information is strictly prohibited and may be unlawful.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Strange mail delivery from microsoft

[Klaus Ethgen via mailop]

Am Di den 20. Jun 2023 um  3:21 schrieb Ángel via mailop:
> I blame them by using a big amount of IPs to deliver mails even for
> > the same mail and for giving a host for malicious hosts that try to
> > get spam out. I blame them also for doing connections that are
> > absolute not needed and a wast of bandwidth.
> 
> Microsoft spreading their connection attempts through a large amount of
> IP addresses seems precisely suited for someone limiting the number of
> connections/mails by IP, as you are doing.

Well, it is for a reason. Microsoft is one of the most prominent spam
sender. I don't want that they try to deliver mar...@ethgen.ch or
k...@ethgen.ch, they do not exist as well as all that other spammers.

Unfortunately there are few people still have their main mail on
hotmail. Otherwise I would block them completely as I do with
digitalocean.

> > Moreover, the mail server is a low trafic server so 10/hour should be
> > ok for the most delivery systems.
> 
> I get 2-4 mails from 40.92.*  **per day**

I even less. But have major connections from them trying to deliver
spam.

Gruß
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

[Klaus Ethgen via mailop]

Am Mo den 19. Jun 2023 um 21:55 schrieb Michael Wise via mailop:
> If you're using GreyListing, know that a given email will not be coming from 
> the same IP address twice.
> 
> The outgoing IP address is randomized for ... reasons.

I substitute "no".

That is absolutely ignorant to tell the people that you do mail in a
broken way and tell them it is for a reason, you don't want to tell.

On the same time being one of the biggest spam provider.

Gruß
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop