Re: [mailop] For the record, anyone tell me what specific Gmail email flows allows duplicate Return-Path as shown below?

2024-01-31 Thread 황병희 
Hellow Michael,

On Wed, 2024-01-31 at 09:08 -0800, Michael Peddemors via mailop wrote:
> X-Gm-Message-State:
> AOJu0Yygtd3O5YdS/rWj45vxya0hwrYa/BjQf5JxGSCWzAx9RXR9bryH
>   LpU0oZbfEz95pt1aYhcAMT1+ArGYrI6GtRLuJdtIEEHgVc36TLiys7kql09B
> 4icWlFB6/0HAW7R
>   L84tjrA==
> X-Google-Smtp-Source: 
> AGHT+IHJ80+WwCu4hMgvckgAPlSHw5qrXfLxQgaNiEfLv7pnjJvoeHyju4z8pvBZv1ELB
> kh6pusbJQ==
> X-Received: by 2002:a05:6a20:52a8:b0:19c:b3db:7aed with SMTP id 
> o40-20020a056a2052a800b0019cb3db7aedmr3266982pzg.46.1706675336094;
>  Tue, 30 Jan 2024 20:28:56 -0800 (PST)
> Return-Path:
> 
> Received: from iZ4csyme2vmqlcZ ([47.236.118.246])
>  by smtp.gmail.com with ESMTPSA id 
> g20-
> 20020a62e31400b006dacfab07b6sm8690666pfh.121.2024.01.30.20.28.54
>  for 
>  (version=TLS1 cipher=ECDHE-ECDSA-AES128-SHA bits=128/128);
>  Tue, 30 Jan 2024 20:28:55 -0800 (PST)
> Message-ID: <65b9cc87.620a0220.bdac.b...@mx.google.com>
> 
>   ...
> 
> This appears to be a normally authenticated ESMPTSA session, but from
> an 
> IP Address in the Alibaba cloud.. normally this would raise red flags
> alone, and the IP now has been added to other AUTH restriction RBL's,
> but of course headers MAY have been forged...
> 
> But it 'looks' like a case where the first Google MTA in the chain is
> adding it, even though the delivery will NOT be local.
> 
> Anyone shed more light on these?
> 

It is impossible to determine from the given data. Can you show us the
full headers?


Sincerely, Byunghee

-- 
^고맙습니다 _布德天下_ 감사합니다_^))//
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] OT re Munging was Re: Extortion spam from OVH-hosted *.sbs domains

2024-01-31 Thread Michael Wise via mailop 

Or just put a “ “ before each of the dots …

  mx .h .orku .sbs

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Kevin A. McGrail via 
mailop
Sent: Wednesday, January 31, 2024 9:44 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] OT re Munging was Re: Extortion spam from 
OVH-hosted *.sbs domains


Hi MailOp,

I thought I would send a note that emails about this topic with OVH and SBS 
domains have sometimes been going into spam because some emails mention URIs 
that are on blocklists.

At the Apache SpamAssassin project we typical discuss things with [] brackets 
or the word munge to avoid this issue.For example, mx.h.orku[.]sbs 
mx.h.orkumunge.sbs with the bolding added for extra emphasis.  This might help 
when people are discussing threat data.

Regards,
KAM
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] OT re Munging was Re: Extortion spam from OVH-hosted *.sbs domains

2024-01-31 Thread Kevin A. McGrail via mailop 

Hi MailOp,

I thought I would send a note that emails about this topic with OVH and 
SBS domains have sometimes been going into spam because some emails 
mention URIs that are on blocklists.


At the Apache SpamAssassin project we typical discuss things with [] 
brackets or the word munge to avoid this issue.For example, 
mx.h.orku*[.]*sbs mx.h.orku*munge*.sbs with the bolding added for extra 
emphasis.  This might help when people are discussing threat data.


Regards,
KAM
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] For the record, anyone tell me what specific Gmail email flows allows duplicate Return-Path as shown below?

2024-01-31 Thread Michael Peddemors via mailop 

X-Gm-Message-State: AOJu0Yygtd3O5YdS/rWj45vxya0hwrYa/BjQf5JxGSCWzAx9RXR9bryH

LpU0oZbfEz95pt1aYhcAMT1+ArGYrI6GtRLuJdtIEEHgVc36TLiys7kql09B4icWlFB6/0HAW7R
L84tjrA==
X-Google-Smtp-Source: 
AGHT+IHJ80+WwCu4hMgvckgAPlSHw5qrXfLxQgaNiEfLv7pnjJvoeHyju4z8pvBZv1ELBkh6pusbJQ==
X-Received: by 2002:a05:6a20:52a8:b0:19c:b3db:7aed with SMTP id 
o40-20020a056a2052a800b0019cb3db7aedmr3266982pzg.46.1706675336094;

Tue, 30 Jan 2024 20:28:56 -0800 (PST)
Return-Path: 
Received: from iZ4csyme2vmqlcZ ([47.236.118.246])
by smtp.gmail.com with ESMTPSA id 
g20-20020a62e31400b006dacfab07b6sm8690666pfh.121.2024.01.30.20.28.54

for 
(version=TLS1 cipher=ECDHE-ECDSA-AES128-SHA bits=128/128);
Tue, 30 Jan 2024 20:28:55 -0800 (PST)
Message-ID: <65b9cc87.620a0220.bdac.b...@mx.google.com>

 ...

This appears to be a normally authenticated ESMPTSA session, but from an 
IP Address in the Alibaba cloud.. normally this would raise red flags 
alone, and the IP now has been added to other AUTH restriction RBL's, 
but of course headers MAY have been forged...


But it 'looks' like a case where the first Google MTA in the chain is 
adding it, even though the delivery will NOT be local.


Anyone shed more light on these?



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Admin contact for Protonmail

2024-01-31 Thread Atro Tossavainen via mailop 
On Wed, Jan 31, 2024 at 02:03:33PM +, Tarun Singh via mailop wrote:
> Hello Folks, 
> 
> Is there anyone from Protonmail on this distro? Can you please reach out to 
> me offline?

Abuse and postmaster appear to work.

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, https://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Admin contact for Protonmail

2024-01-31 Thread Tarun Singh via mailop 
Hello Folks, 

Is there anyone from Protonmail on this distro? Can you please reach out to me 
offline?

-Tarun
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop