Re: [mailop] Off-Topic - VMWare ESXI 7.0

[Eric Tykwinski via mailop]

I know this is totally off topic now, but how are you feeling about their 
support contracts. (ProxMox)  I’m honestly playing around with the OS, as we 
are running VMWare 8.x perpetual now, and slated to migrate off.  I barely used 
TAC on VMWare maybe 3 times in 12 years, but having that option on production 
is required.

> On Apr 15, 2024, at 5:18 PM, Barnabas Toth via mailop  
> wrote:
> 
> Proxmox has 'New Import Wizard Available for Migrating VMware ESXi Based 
> Virtual Machines' see 
> https://forum.proxmox.com/threads/new-import-wizard-available-for-migrating-vmware-esxi-based-virtual-machines.144023/.
> 
> Best Regards,
> 
> Barnabas Toth | webmas...@speckz.com 
> Bio, Portfolio, Resume, and Services @ https://speckz.com
>  Pronouns: he/him/his
>  
> 
> On Mon, Apr 15, 2024 at 5:10 PM Richard Laager via mailop  > wrote:
>> On 2024-04-15 15:40, Kevin A. McGrail via mailop wrote:
>>> We have four servers where we can't retrieve our free ESXi VMWare license 
>>> after Broadcom shut things down and they are in evaluation mode for about 
>>> 30 more days. 
>>> 
>>> Does any one have any advice?  Is there a product we can buy?  Is there an 
>>> alternative you've been switching over to using?  Anyone have a spare 
>>> license we can use?
>> 
>> Install Linux on the bare metal. Then:
>> 
>> Proxmox is popular. I believe it has a web interface.
>> 
>> or
>> 
>> libvirt + virt-manager (assuming your management computer runs Linux with a 
>> GUI). I use this in production.
>> 
>> The transition might be a bit tricky depending on where the data is stored. 
>> Assuming it's local, you're going to need to copy the VM disk images off in 
>> some fashion before you reformat. If you have the resources, the safest 
>> would be to move VMs off one server to the other three to free up one 
>> server, then reformat that server, then move VMs from one of the other three 
>> to it, then repeat. Note that the emulated hardware will be slightly 
>> different too, which will take some tweaking. If the guests are Linux, 
>> that's probably pretty straightforward. If they are Windows, it might be 
>> more unhappy (e.g. triggering a need for re-activation).
>> 
>> -- 
>> Richard
>> ___
>> mailop mailing list
>> mailop@mailop.org 
>> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] One click unsubscribe in mailing list messages

[Eric Tykwinski via mailop]

IMHO, and I’m not a lawyer like Anne, but I think in common language what she 
is trying to explain.
Like in GDPR which makes it so you can decline cookie data, that link is just 
one cookie, and they give us the option to decline other cookies but necessary 
or leave the site all together.  Is this the gist of the current legal 
framework in the US?



> On Feb 24, 2024, at 3:19 PM, Anne P. Mitchell, Esq. via mailop 
>  wrote:
> 
> 
> 
>> On Feb 24, 2024, at 12:41 PM, Andrew C Aitchison  
>> wrote:
>> 
>> Do you read "visiting a single Internet Web page"
>> as excluding interaction with that page ?
>> 
>> If so, how do I provide my opt-out preferences by ...
>> "visiting a single Internet Web page" ?
> 
> A strict construction of that language would suggest to me that yes, that's 
> what it says - *however*, I also don't think that's what was intended, and it 
> is on these ambiguous (regardless of how slightly) turns of phrase that 
> entire cases are decided.  
> 
> If I were brought in on a case that turned on deciding what this language 
> meant, I could argue either side, and convincingly so, I believe.
> 
> Anne
> 
> --- 
> Anne P. Mitchell, Esq.
> Email Law & Policy Attorney
> CEO Institute for Social Internet Public Policy (ISIPP)
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing 
> law)
> Creator of the term 'deliverability' and founder of the deliverability 
> industry
> Author: The Email Deliverability Handbook
> Board of Directors, Denver Internet Exchange
> Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
> Prof. Emeritus, Lincoln Law School
> Chair Emeritus, Asilomar Microcomputer Workshop
> Counsel Emeritus, eMail Abuse Prevention System (MAPS)
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Help With a Sudden AOL/Yahoo Issue

[Eric Tykwinski via mailop]

My spool is already starting to slowly go down, so I think it was probably just 
a temporary blip.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Aug 9, 2023, at 4:58 PM, Alex Burch via mailop  wrote:
> 
> Yes I think this is widespread. I am 90% sure Yahoo is looking into it right 
> now
> 
> Thanks,
> Alex
> 
> 
> --
> 
>   
> Alexander Burch
> ActiveCampaign / Senior Deliverability Engineer
> abu...@activecampaign.com <mailto:abu...@activecampaign.com>
> 1 North Dearborn St Suite 500, Chicago IL, 60602
>  <https://www.facebook.com/activecampaign>  
> <http://www.twitter.com/activecampaign>  
> <https://www.linkedin.com/company/activecampaign-inc->  
> <https://plus.google.com/107063868317743606466>
>  <https://www.activecampaign.com/sig/?u=aburch=1>
> 
> 
> On Wed, Aug 9, 2023 at 1:53 PM Michael E. Weisel via mailop 
> mailto:mailop@mailop.org>> wrote:
> Hi Mailop community.  We have experienced a sudden Yahoo/AOL/Verizon block 
> for one of our clients that we are trying to figure out.  We saw no 
> indication of any issues until we started seeing TSS04 messages in the logs 
> around 3:00pm today.  It would be greatly appreciated if someone on the list 
> from the AOL/Yahoo/Verizon team could please reach out to me.
> 
>  
> 
>  
> 
> Thanks,
> 
>  
> 
> Michael
> 
>  
> 
> Michael E. Weisel
> 
> CTO / Deliverability Lead
> 
> Gold Lasso
> 
> (301) 990-9857 Corporate
> 
> (240) 813-0174 Direct Dial
> 
>  
> 
> ___
> mailop mailing list
> mailop@mailop.org <mailto:mailop@mailop.org>
> https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!JIZ-LZtDGnv5HBqN_A!JVXDOEALHhOUVaL-yoRNYvDIIiuZ7sh9uF1FrSCdqtetQVoUam2HFY_MmgguigQcL0Gq2kvRE6tokrLOQM0$
>  
> <https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!JIZ-LZtDGnv5HBqN_A!JVXDOEALHhOUVaL-yoRNYvDIIiuZ7sh9uF1FrSCdqtetQVoUam2HFY_MmgguigQcL0Gq2kvRE6tokrLOQM0$>
>  
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] If possible can I get a email back from someone either at Google Workspaces or Google Domains

[Eric Tykwinski via mailop]

 

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Google Abuse?

[Eric Tykwinski via mailop]

This is just more of a question on why they wouldn’t acknowledge a receipt of 
the abuse report posted to their web form?

Here’s the response I got back:
Thank you for submitting a report. We take our users' privacy and security very 
seriously, so we appreciate your concern. We will use the information you 
provide to conduct an investigation. We will contact you if we need more 
details; however, you will not receive a response or email acknowledgment of 
your submission.

Details, in case you’re interested: It was a domain squatter using a customer’s 
domain to try and gain access to their bank account.  I do believe the attempt 
was unsuccessful, but wanted to report anyways just in case they can find a 
pattern.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] IngramMicro spam

[Eric Tykwinski via mailop]

Just a heads up…  Seems I’m getting IngramMicro spam phishing attempts passing 
DKIM/SPF so probably a hacked account there sending email:
[2022.10.21] 18:40:35.911 [37157707] [148.163.152.203] Valid reverse DNS entry 
found: mx0b-0021cb01.pphosted.com
[2022.10.21] 18:40:36.536 [37157707] Running SPF check
[2022.10.21] 18:40:36.536 [37157707] Finished SPF check; result = Pass
[2022.10.21] 18:40:36.536 [37157707] [DKIM] Performing DKIM check...
[2022.10.21] 18:40:36.552 [37157707] [DKIM] Result: Good. 
[2022.10.21] 18:40:38.083 [37157707] Spam Checks took 2161 ms
[2022.10.21] 18:40:38.083 [37157707] Spam Checks completed.

Headers:
Return-Path: 
Received: from mx0b-0021cb01.pphosted.com (mx0b-0021cb01.pphosted.com 
[148.163.152.203]) by smartermail.truenet.com with SMTP
(version=TLS\Tls12
cipher=Aes256 bits=256);
Fri, 21 Oct 2022 18:40:30 -0400
Received: from pps.filterd (m0096139.ppops.net [127.0.0.1])
by mx0b-0021cb01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 29LLW5Dl031862;
Fri, 21 Oct 2022 15:38:15 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ingrammicro.com; 
h=message-id :
reply-to : from : to : subject : date : mime-version : content-type;
s=PPS-Aug2020; bh=KMWrk6rOSKKUSW/SA9MDwca6MwSSasYRpvGaeP5JQZE=;
b=OmsimosZ9NIqdbr59AnmGipXTQVyuwCmSS7glFFIUFrCAqzATh0djj5ZJE1aSywsblsR
LUBj/rRC2x6hNivvxONfpnFnIUGanVmFEmFr7EwTG7YNlT+xaU9qqYynlW4ZnI4CbrGm
5J83FuQecT26/LxWAbmDcI6lnYpLxvz/wfENDueoEaMyrWy6ApH6gv7jEZlnx/i6/dGl
bG99ccz0fxe73QlVO5Ng3Gvfx//dUUujLZ5sTxF+dLz+h50yd/1A7gOK8f8dPu5/Xuz1
9vm7uyZpwzWoB7JVhWd1dCvvPk7lDhVBTW8gbOApA6JEpD6tZNkjrhbvjVAnRephy+UM jg== 
Received: from mailrelay.ingrammicro.com (smtp1202.ingrammicro.com 
[64.40.229.202])
by mx0b-0021cb01.pphosted.com (PPS) with ESMTPS id 3kbyv9sdyp-20
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
Fri, 21 Oct 2022 15:38:15 -0700
Received: from USCHIZWXCH1203.corporate.ingrammicro.com (10.22.120.203) by
USCHIZWXCH1202.corporate.ingrammicro.com (10.22.120.202) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.1.2507.9; Fri, 21 Oct 2022 15:38:13 -0700
Received: from lsmtp33.ingrammicro.com (10.133.22.108) by
uschizrelay.corporate.ingrammicro.com (10.22.120.203) with Microsoft SMTP
Server id 15.1.2507.9 via Frontend Transport; Fri, 21 Oct 2022 15:38:08 -0700
Message-ID: 
Reply-To: AEX 
From: AEX 
To: 
Subject: American Express Alert: Card Dispute Notice
Date: Fri, 21 Oct 2022 18:38:40 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="0a0c45ee1adef4fb08a2eb445095ba0223e9"
X-Proofpoint-ORIG-GUID: theT2AhoXJXb9CDUOt1sYWwZM47wrZCp
X-Proofpoint-GUID: theT2AhoXJXb9CDUOt1sYWwZM47wrZCp
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy 
score=25 mlxlogscore=47
priorityscore=1501 bulkscore=0 malwarescore=0 suspectscore=0 spamscore=25
adultscore=0 phishscore=34 clxscore=1011 lowpriorityscore=0
impostorscore=0 mlxscore=25 classifier=spam adjust=0 reason=mlx
scancount=1 engine=8.12.0-220913 definitions=main-2210210131

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Google Workspace support? Off-list...

[Eric Tykwinski via mailop]

I have a common customer that doesn't know who the domain administrator is
for their domain.

The domain curransisk.com and as of right now they are just trying to find
the admin email or a way to contact support.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Debugging MTA-STS sending

[Eric Tykwinski via mailop]

Tobias,

No starttls definitely works for me at least:  MailCow with 
postfix-mta-sts-resolver.

__
This is the mail system at host mail.virtcolo.com.

I'm sorry to have to inform you that your message could not be delivered to one 
or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can delete your own text 
from the attached returned message.

   The mail system

: TLS is
required, but was not offered by host
plaintext.measurement.email-security-scans.org[195.191.197.83]
__


Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Debugging MTA-STS sending

[Eric Tykwinski via mailop]

Tobias,

I'm actually sort of interested now as well.

I just ran this through postfix-mta-sts-resolver 
(https://github.com/Snawoot/postfix-mta-sts-resolver)

Log for test:
2022-08-09 08:52:32 DEBUGSTS: len(self._children) = 1
2022-08-09 08:52:32 DEBUGSTS: Read: b'56:postfix 
mail-mtasts.measurement.email-security-scans.org,'
2022-08-09 08:52:32 DEBUGSTS: Enq request: b'postfix 
mail-mtasts.measurement.email-security-scans.org'
2022-08-09 08:52:32 DEBUGSTS: Got new future from queue
2022-08-09 08:52:32 DEBUGSTS: Lookup PERFORMED: domain = 
mail-mtasts.measurement.email-security-scans.org
2022-08-09 08:52:32 DEBUGRES: Got STS resolve request: 
sts_txt_domain=_mta-sts.mail-mtasts.measurement.email-security-scans.org, 
known_id=None
2022-08-09 08:52:32 DEBUGRES: Parsed STS record for domain 
'mail-mtasts.measurement.email-security-scans.org': {'v': 'STSv1', 'id': 
'2022080901'}
2022-08-09 08:52:33 DEBUGRES: Parsed policy for domain 
mail-mtasts.measurement.email-security-scans.org: {'mx': 
['tls-invalid.measurement.email-security-scans.org'], 'version': 'STSv1', 
'mode': 'enforce', 'max_age': '86400'}
2022-08-09 08:52:33 DEBUGSTS: Future await complete: data=b'84:OK secure 
match=tls-invalid.measurement.email-security-scans.org servername=hostname,'
2022-08-09 08:52:33 DEBUGSTS: Wrote: b'84:OK secure 
match=tls-invalid.measurement.email-security-scans.org servername=hostname,'
2022-08-09 08:52:33 DEBUGSTS: Client disconnected

Log for my server which is valid:
2022-08-09 08:54:09 DEBUGSTS: len(self._children) = 1
2022-08-09 08:54:09 DEBUGSTS: Read: b'20:postfix virtcolo.com,'
2022-08-09 08:54:09 DEBUGSTS: Enq request: b'postfix virtcolo.com'
2022-08-09 08:54:09 DEBUGSTS: Got new future from queue
2022-08-09 08:54:09 DEBUGSTS: Lookup PERFORMED: domain = virtcolo.com
2022-08-09 08:54:09 DEBUGRES: Got STS resolve request: 
sts_txt_domain=_mta-sts.virtcolo.com, known_id=None
2022-08-09 08:54:09 DEBUGRES: Parsed STS record for domain 'virtcolo.com': 
{'v': 'STSv1', 'id': '20220309085700'}
2022-08-09 08:54:09 DEBUGRES: Parsed policy for domain virtcolo.com: {'mx': 
['mail.virtcolo.com', '*.virtcolo.com'], 'version': 'STSv1', 'mode': 'enforce', 
'max_age': '604800'}
2022-08-09 08:54:09 DEBUGSTS: Future await complete: data=b'67:OK secure 
match=mail.virtcolo.com:.virtcolo.com servername=hostname,'
2022-08-09 08:54:09 DEBUGSTS: Wrote: b'67:OK secure 
match=mail.virtcolo.com:.virtcolo.com servername=hostname,'
2022-08-09 08:54:09 DEBUGSTS: Client disconnected

Both seem to work fine.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

-Original Message-
From: mailop  On Behalf Of Tobias Fiebig via mailop
Sent: Tuesday, August 9, 2022 6:24 AM
To: mailop@mailop.org
Subject: [mailop] Debugging MTA-STS sending

Heho,
I am currently trying to debug a test for MTA-STS sending; The setup is a 
domain with an MX with an invalid certificate to test whether MTA-STS policies 
are honord (if they are, no mail should be received). I tested this last night 
with an ESP I know should be honoring MTA-STS; However, while the policy was 
retrieved from the webserver, the email got ultimately delivered. I also did 
not get an MTA-STS TLS-RPT, even though other domains got them from the same 
ESP today.

Could some of you who are on a setup that validates MTA-STS please try to send 
me an email to, and if it (hopefully) fails share the NDR?:

measurem...@mail-mtasts.measurement.email-security-scans.org

(Alternatively, if you see something wrong in the config, please let me know.)

With best regards,
Tobias

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Google's Request to the FEC about Allowing Political Email to Bypass Spam Filtering

[Eric Tykwinski via mailop]

Honestly, if you asked me, I think it’s probably stupid.  I remember getting a 
22 dollar bill from Dr. Love Joy down in Key West, and I’m sure he can probably 
register with the FEC without any issues.  This is probably going to be a great 
Last Week Tonight with John Oliver episode at the end of things.  IMHO, I 
really don’t want to destroy my reputation by hosting crap because I followed 
the rules and let someone with a FEC approval to literally send a bunch of spam 
on my ip addresses.  I have literally dealt with this before, but they had 
received a DDOS attack greater than the spam problem before we asked them 
politely to change providers.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Jul 14, 2022, at 6:42 PM, Brandon Long via mailop  
> wrote:
> 
> 
> 
> On Sun, Jul 10, 2022 at 10:28 AM Andrew C Aitchison via mailop 
> mailto:mailop@mailop.org>> wrote:
> 
> On Sun, 10 Jul 2022, Anne Mitchell via mailop wrote:
> >> On Jul 9, 2022, at 8:15 PM, Brett Schenker via mailop  >> <mailto:mailop@mailop.org>> wrote:
> >>
> >> Just put it all in quarantine. It only requires reporting on how much is 
> >> going to spam. Reporting 0 would technically be correct since quarantine 
> >> is different.
> >
> > Or a 'Political' tab, just like the 'Promotions' tab.
> 
> Wouldn't that be labelling, which would mean they need explict
> permission before enabling it for each user ?
> 
> The labeling she mentioned is from a proposed law, not one that has passed.  
> It is interesting that the proposed law uses the term labeling and not spam 
> label or spam folder... it also talks about "primary inbox"...
> 
> Brandon 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Troubleshooting MTA-STS reports

[Eric Tykwinski via mailop]

Jesse,

Everything looks fine to me, have you tried sending an email to a another 
google account.
They are the one company I know sends MTA-STS reports, others sadly don’t.

My guess is that Google might not be sending inter-domain reports since your 
hosted there.
Doesn’t make sense to me, but I’m sure if that’s the case Brandon or someone 
else from Google will tell you.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Apr 26, 2022, at 4:56 PM, Jesse Hathaway  wrote:
> 
> On Tue, Apr 26, 2022 at 3:48 PM Eric Tykwinski  wrote:
>> You need a place to send the emails to:
>> _smtp._tls.virtcolo.com. TXT Default v=TLSRPTv1; 
>> rua=mailto:postmas...@virtcolo.com
> 
> Thanks  Eric, I forgot to include the TLSRPT piece, this is what I
> currently have:
> 
> $ dig +short txt _smtp._tls.mbuki-mvuki.org
> "v=TLSRPTv1; rua=mailto:postmas...@mbuki-mvuki.org;

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] expected bounces from Russia?

[Eric Tykwinski via mailop]

> From: mailop  On Behalf Of Michael Wise via mailop
> Sent: Thursday, March 10, 2022 4:04 PM
> To: 'mailop@mailop.org' 
> Subject: Re: [mailop] [EXTERNAL] expected bounces from Russia?
>
>
> I would think if the sending user was unaware of the issue, the sooner they 
> got the bounces the better?
> Suppression might not be doing anyone any favors … unless it turns into a 
> mailbomb.
>

My first guess would be failures due to the new root CA that RU just 
implemented.
https://bugzilla.mozilla.org/show_bug.cgi?id=1758773

I'm sure most will consider it self-signed and either reject right away or 
allow based on policy.

> Aloha, 
> Michael.
> -- 
> Michael J Wise
> Microsoft Corporation| Spam Analysis
> "Your Spam Specimen Has Been Processed."
> Open a ticket for http://go.microsoft.com/fwlink/?LinkID=614866 ?

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Getting 'Access Denied' on Microsoft supportrequestform

[Eric Tykwinski via mailop]

I just submitted a ticket, so I know it's working.
Hopefully, someone here can check to see if your IP is blocked on the website 
for some reason.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

-Original Message-
From: mailop  On Behalf Of Axel Rau via mailop
Sent: Friday, February 4, 2022 8:42 AM
To: mailop@mailop.org
Subject: Re: [mailop] Getting 'Access Denied' on Microsoft supportrequestform

Has anybody another channel to MS postmasters?

Thanks, Axel

Am 04.02.22 um 00:43 schrieb Axel Rau via mailop:
> Hi all,
> 
> My new mailinglist server is blocked by Microsoft (S3150).
> I have a SNDS account and my IP range has status 'normal'.
> 
> Sumitting a support request here
>  https://support.microsoft.com/supportrequestform
> results in:
> - - -
> Access Denied
> You don't have permission to access 
> "http://support.microsoft.com/supportrequestform/8ad563e3-288e-2a61-8122-...; 
> on this server.
> Reference #18.89a02417.1643930344
> - - -

-- 
PGP-Key: CDE74120  ☀  computing @ chaos claudius


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google here?

[Eric Tykwinski via mailop]

Al,

Not bulk emails at all, just normal back and forth from our users.

Here's the response from my test:
[2021.07.16] 12:05:59.622 [51075407] RSP: 421-4.7.0 [66.252.96.10  15] Our 
system has detected that this message is
[2021.07.16] 12:05:59.622 [51075407] RSP: 421-4.7.0 suspicious due to the 
nature of the content and/or the links within.
[2021.07.16] 12:05:59.622 [51075407] RSP: 421-4.7.0 To best protect our users 
from spam, the message has been blocked.
[2021.07.16] 12:05:59.622 [51075407] RSP: 421-4.7.0 Please visit
[2021.07.16] 12:05:59.622 [51075407] RSP: 421 4.7.0  
https://support.google.com/mail/answer/188131 for more information. 
g5si7683436qtg.247 - gsmtp

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

-Original Message-
From: Al Iverson  
Sent: Friday, July 16, 2021 12:24 PM
To: eric-l...@truenet.com
Cc: mailop 
Subject: Re: [mailop] Anyone from Google here?

What's the error message? Some 4xx version of this? 5.7.1 (delivery not 
authorized) [999.999.999.999 7] Our system has detected that this message is 
likely unsolicited mail. To reduce the amount of spam sent to Gmail, this 
message has been blocked. Please visit 
https://support.google.com/mail/?p=UnsolicitedMessageError for more 
information. xxx.557 - gsmtp

Though it's not a fast/perfect process, be sure also to submit info here - 
https://support.google.com/mail/contact/bulk_send_new
So it gets into their system via their desired ticketing system.
I always do this, even if I also feel forced to try alternate channels.

Cheers,
Al

On Fri, Jul 16, 2021 at 11:17 AM Eric Tykwinski via mailop  
wrote:
>
> Just a heads up, I noticed some emails piling up in our spool.
>
> Common part is McAfee’s ad in the signature.
>
>
>
> “
>
> Scanned by McAfee and confirmed virus-free. Find out more here: 
> https://bit.ly/2zCJMrO
>
> “
>
>
>
> Sincerely,
>
>
>
> Eric Tykwinski
>
> TrueNet, Inc.
>
> P: 610-429-8300
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop



--
Al Iverson // Wombatmail // Chicago
Deliverability: https://spamresource.com DNS Tools: https://xnnd.com


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Anyone from Google here?

[Eric Tykwinski via mailop]

Just a heads up, I noticed some emails piling up in our spool.

Common part is McAfee's ad in the signature.

 

"

Scanned by McAfee and confirmed virus-free. Find
out more here: https://bit.ly/2zCJMrO

"

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Malware waves from hotmail.com

[Eric Tykwinski via mailop]

> -Original Message-
> From: mailop  On Behalf Of Michael Peddemors via 
> mailop
> Sent: Friday, June 4, 2021 2:24 PM
> To: mailop@mailop.org
> Subject: Re: [mailop] Malware waves from hotmail.com
>
> With apache, you can use modsecurity quite easily, and you can block all 
> azure (and other cloud providers ranges) from certain services like 
> wordpress, or contact forms etc.. (you can even do dns based checks or
rbldnsd) ..
>
> Unless desktop in the cloud becomes more prevalent, you should make sure that 
> resources designed to be accessed by end users only, dont accept connections 
> from potentially compromised servers, or the bad actors throwing up relays..
>
> and yes, Azure, Googlecloud, Amazon threat activity is severely on the rise

I would just add, that if possible block access to xmlrpc.php
I think there is a rule included in modsec, but I just disable it outright if 
not needed.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Microsoft Abuse contact info?

[Eric Tykwinski via mailop]

Looking for abuse contact information for Microsoft Office 365..

A common customer of ours had a phishing attempt made from what looks like
another Office365 client with a domain spelling.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] +addressing ... any reason to NOT use it?

[Eric Tykwinski via mailop]

That had me laughing, sounded like the geekiest thing I’ve heard in awhile, but 
I definitely agree.
+ addressing is useful as hell for most people.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Feb 3, 2021, at 8:31 PM, Michael Wise via mailop  wrote:
> 
>  
> It seems I missed the announcement, but …
>  
>   Plus Addressing in Exchange Online | Microsoft Docs
>  
> So … Achievement Unlocked!
> It’s now supported in Office365 as well as, “HotMail”!
> Is there anyone else who does NOT support it at this point?
> Are there any major senders who don’t like a “+” in the username of an email 
> address?
> And if so, why?
>  
> Valuable tool, to say the least.
>  
> Aloha,
> Michael.
> --
> Michael J Wise
> Microsoft Corporation| Spam Analysis
> "Your Spam Specimen Has Been Processed."
> Open a ticket for Hotmail ?
>  
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] openssl on Ubuntu 20.04 - implications for email

[Eric Tykwinski via mailop]

I think this goes back to Jon Postel’s theory of accepting liberally, but 
sending strictly.
I.E.  If you users or other MTAs and sending you bad or no encryption try to 
accept it to get the job done.
If you are sending to other MTAs, try and send with the best possible 
encryption at least until you see it’s backfiring on you.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Jan 8, 2021, at 8:12 PM, Ángel via mailop  wrote:
> 
> SMTP uses _opportunistic_ encryption. It fails open.*
> This has the unfortunate consequence that strengthening the encryption
> often means to actually use no encryption at all. ☹
> The client mta attempts to negotiate TLS1.2, is unable to and ends up
> sending the email in plaintext, when it could have been sent using
> TLS1.0 with a weaker algorithm, vulnerable to some advanced
> cryptographic attacks, or in some cases with an active MITM (which it
> wouldn't detect anyway, since client's don't bother verify the
> certificate*).
> 
> It would have been preferable to let that go through even with a weaker
> encryption. Of course, it could still be marked to the user as not
> (properly) encrypted, a broken lock or whatever way you may convey that
> to your users. If you do that, most providers don't report that in any
> way, and users stay in their blissful ignorance (in which they are
> probably happier, too).
> 
> 
> Happy and safe 2021 to everyone
> 
> 
> * I'm ignoring the population forcing encryption or implementing MTA-
> STS.
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Gosh, I love sendgrid

[Eric Tykwinski via mailop]

Seriously, this is probably political…  Not saying I agree, but unless it’s 
spam, i.e. unwanted by your recipients, then you just have a bunch of wack jobs 
as clients and keep it at that.
If it helps ease your conscience, think of it this way: 
https://www.aclu.org/issues/free-speech/rights-protesters/skokie-case-how-i-came-represent-free-speech-rights-nazis
 
<https://www.aclu.org/issues/free-speech/rights-protesters/skokie-case-how-i-came-represent-free-speech-rights-nazis>
Honestly, half of my family is jewish and I had relatives in concentration 
camps, but I would like to think by keeping that vitriol in memory we can 
remember to denounce it.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Dec 21, 2020, at 8:35 PM, Jay Hennigan via mailop  
> wrote:
> 
> On 12/21/20 17:21, John Levine via mailop wrote:
>> Now they're sending antivax spam from the pseudoscientific Weston A. Price 
>> foundation.
> 
> As long as the checks don't bounce, I don't think Sendgrid really cares if 
> the mail does.
> 
> -- 
> Jay Hennigan - j...@west.net
> Network Engineering - CCIE #7880
> 503 897-8550 - WB6RDV
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Anyone from BlueHost on this list?

[Eric Tykwinski via mailop]

Just a heads up:

v=spf1 include:spf2.bluehost.com include:_spf.qualtrics.com
include:_spf.google.com include:_spf.salesforce.com
include:sparkpostmail.com include:spf.mailjet.com -all 

evaluating...
Results - PermError SPF Permanent Error: Too many DNS lookups

 

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Test software for ARC?

[Eric Tykwinski via mailop]

Andris,

> From: andris.rein...@gmail.com  
> Sent: Tuesday, December 1, 2020 12:01 PM
> To: eric-l...@truenet.com
> Cc: mailop@mailop.org
> Subject: Re: [mailop] Test software for ARC?
>
> You can validate DKIM and ARC of an email message with mailauth 
> https://github.com/andris9/mailauth#command-line-usage (developed by myself)
>
> Regards,
> Andris Reinman

Worked great, thanks for the hard work.
I'll keep this in my toolbox.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Test software for ARC?

[Eric Tykwinski via mailop]

Andris,

> From: andris.rein...@gmail.com  
> Sent: Tuesday, December 1, 2020 12:01 PM
> To: eric-l...@truenet.com
> Cc: mailop@mailop.org
> Subject: Re: [mailop] Test software for ARC?
>
> You can validate DKIM and ARC of an email message with mailauth 
> https://github.com/andris9/mailauth#command-line-usage (developed by myself)
>
> Regards,
> Andris Reinman

Thank you... I’ll test it out now.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Test software for ARC?

[Eric Tykwinski via mailop]

I'm trying to troubleshoot a DKIM issue which is also ARC signed, so I'm not
positive if alignment is an issue or not.

 

Basically, routing is a mess.

Office365 -> Office365 -> Office365 -> Barracuda filter -> Onsite Exchange
-> Our server.

 

Hoping there is a program to throw in raw emails and let me know, but I
didn't really see anything.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone know the abuse contact over at SendGrid?

[Eric Tykwinski via mailop]

Apologies,

You are correct, I had the wrong message id on that one.
We are pre-filtering for this domain, so I messed up matching them together.

They are both just from bounces+7456750-0096-, so glad you already have it
filtered.

PS.  Just sending an email to ab...@sendgrid.net gave me an automated
response, so hopefully they will at least do something locally with it.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

-Original Message-
From: Atro Tossavainen  
Sent: Wednesday, November 4, 2020 10:37 AM
To: eric-l...@truenet.com
Cc: mailop@mailop.org
Subject: Re: [mailop] Anyone know the abuse contact over at SendGrid?

Hey Eric,

> bounces+7456750-0096-

https://www.spamhaus.org/sbl/listings/sendgrid.com shows SBL500803 and
SBL500804 for this customer, so it's clearly been interesting and high-
volume enough for somebody else to notice too.

> bounces+28313-9769-

This is Bullhornmail.com, a recruiting company. I do see some mail from them
in our spamtraps but it's related to recruitment, so while it might be spam,
it doesn't look like phishing to me.

--
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635) Tallinn, Estonia tel.
+372-5883-4269, http://www.koliloks.eu/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Anyone know the abuse contact over at SendGrid?

[Eric Tykwinski via mailop]

Got a customer receiving a few phishing emails from them, and I can forward
off the complete emails.

If you are still writing the filters on MAIL FROM:

 

bounces+28313-9769-

bounces+7456750-0096-

 

I just want to report them as well for others.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Maximum message size

[Eric Tykwinski via mailop]

Exactly what I was thinking:

150MB for Microsoft Online
https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-onli
ne-service-description/exchange-online-limits#message-limits-1

50 MB for GSuite: https://support.google.com/a/answer/175121?hl=en

 

If you can upsell to something like NextCloud/GDrive/OneDrive et al..

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

From: mailop  On Behalf Of Suresh Ramasubramanian
via mailop
Sent: Friday, October 23, 2020 1:39 PM
To: Adam Moffett ; mailop@mailop.org
Subject: Re: [mailop] Maximum message size

 

How many providers are going to accept 200 mb emails if you enable this and
someone then tries to send one out?

 

--srs

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone else noticing comcast.net backing up....

[Eric Tykwinski via mailop]

One of the techs at Comcast got back to me directly, so they know about it.

I’m sure it’s a shitty day for them, so good luck, we’ve all been there.

 

Sadly, as you all probably know once it gets fixed, they’ll probably be slammed 
with incoming emails leading to longer delays.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

From: mailop  On Behalf Of Matt Gilbert via mailop
Sent: Wednesday, October 21, 2020 2:54 PM
To: mailop 
Subject: Re: [mailop] Anyone else noticing comcast.net backing up

 

We're seeing issues as well for both mx1 and mx2:

 

*   delivery temporarily suspended: lost connection with mx2.comcast.net 
<http://mx2.comcast.net> [68.87.20.5] while receiving the initial server 
greeting
*   delivery temporarily suspended: connect to mx1.comcast.net 
<http://mx1.comcast.net> [96.114.157.80]:25: Connection timed out

 

 

Thanks,

 

Matt Gilbert

Deliverability Engineer III, Mailchimp





On Oct 21, 2020, at 2:07 PM, Russell Clemings via mailop mailto:mailop@mailop.org> > wrote:

 

Seeing a lot of this:

 

Connecting to mx1.comcast.net <http://mx1.comcast.net/>  [96.114.157.80]:25 ... 
 failed: Connection timed out (timeout=5m)
Connecting to mx2.comcast.net <http://mx2.comcast.net/>  [68.87.20.5]:25 ...  
connected

H=mx2.comcast.net <http://mx2.comcast.net/>  [68.87.20.5]: Remote host closed 
connection in response to initial connection

 

My guess is that mx1 is down and mx2 is struggling to pick up the extra load. 
Mail does seem to get through after a couple of tries. I think there's a 
Comcast person on the list so maybe we will hear something more definitive soon.

 

 

 

 

 

On Wed, Oct 21, 2020 at 10:39 AM David Landers via mailop mailto:mailop@mailop.org> > wrote:

Yes, seeing a lot of timeouts and delayed mail for Comcast traffic in the last 
few hours.

 

On Wed, Oct 21, 2020 at 12:34 PM Eric Tykwinski via mailop mailto:mailop@mailop.org> > wrote:

Seems like they are having some smtp issues, lots of timeouts on a few servers 
I’ve checked.

Philadelphia, Montreal, and Paris so doesn’t seem regional.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org <mailto:mailop@mailop.org> 
https://list.mailop.org/listinfo/mailop




 

-- 

David Landers
Deliverability Operations Specialist | GROUPON



dland...@groupon.com <mailto:dland...@groupon.com> 

___
mailop mailing list
mailop@mailop.org <mailto:mailop@mailop.org> 
https://list.mailop.org/listinfo/mailop




 

-- 

===
Russell Clemings

mailto:russ...@clemings.com> >
===

___
mailop mailing list
mailop@mailop.org <mailto:mailop@mailop.org> 
https://list.mailop.org/listinfo/mailop

 

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Anyone else noticing comcast.net backing up....

[Eric Tykwinski via mailop]

Seems like they are having some smtp issues, lots of timeouts on a few
servers I've checked.

Philadelphia, Montreal, and Paris so doesn't seem regional.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sendgrid.net

[Eric Tykwinski via mailop]

Jesse,

> On Oct 5, 2020, at 4:37 PM, Jesse Thompson via mailop  
> wrote:
> 
> On 9/25/20 11:26 AM, Jay Hennigan via mailop wrote:
>> Even before the phishing became overwhelming they were a significant source 
>> of spam, primarily "targeted" via purchased lists. For at least the past six 
>> months the phishing has been overwhelming. While they claim to be working on 
>> the problem the evidence shows otherwise.
> 
> That's because, IMO, it's a fallacy to assume that compromised accounts are 
> mostly due to phishing.  Password reuse combined with automation by 
> credential stuffers is the main culprit.  
> 
> Organizations need to diversify their focus a little away from inbound 
> threats and towards (1) multi-factor/higher-trust authentication and (2) 
> aggressively resetting passwords based on suspicious login activity.
> 
> I would bet that Sendgrid knows this, but they are challenged with both, 
> given the type of users they deal with.
> 

I’m not sure about SendGrid per say, but Twilio is mainly an API provider, so 
full OAUTH, private keys, et al, as I’m a customer of their SMS, phone service, 
et al.
As far as I know SendGrid is the same, but not saying that hacked websites, 
floating private keys, and the such are not common.  
We saw a huge amount of traffic when Mandrill first got bought out by 
MailChimp, but that was fixed pretty quickly from what I remember.  ( Good job  
on that one ;) )

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Any new malware on iOS?

[Eric Tykwinski via mailop]

Michael,

> On Oct 2, 2020, at 4:44 PM, Michael Peddemors via mailop  
> wrote:
> 
> Your iPhone should be connecting to port 587/465 and don't block 
> localhost.localdomain there.. clients should be able to send almost any EHLO, 
> just block localhost.localdomain on port 25.  IMHO

Thanks for that, I didn’t think I could tweak on this server…  Not your typical 
exim/postfix, but got it to work.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Any new malware on iOS?

[Eric Tykwinski via mailop]

Just had a client try to send emails from an iPhone using "EHLO
localhost.localdomain" which we have blocked.

I've never seen this before ever, so just checking if there is something new
out there.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] IP rental

[Eric Tykwinski via mailop]

Blake,

I've pretty much seemed the same, and of course the people listed on SpamHaus' 
ROSKO asking for Dedicated servers always comes up.

> -Original Message-
> From: mailop  On Behalf Of Blake Hudson via mailop
> Sent: Friday, August 28, 2020 9:32 AM
> To: mailop@mailop.org
> Subject: Re: [mailop] IP rental
>
> I've been receiving (and ignoring) these requests for years. I pity the folks 
> that fall victim.

If you are looking for a lease type of service like this, the only one I've 
heard about that seems might be legitime is DiviNetworks.
I've never contacted them or dealt with them at all, just heard of them through 
NANOG.
Follow the thread here to judge for yourself: 
https://mailman.nanog.org/pipermail/nanog/2020-February/205528.html

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300







___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Eric Tykwinski via mailop]

> 
> Oh, there's your problem. Hetzner's network spews garbage. I don't
> accept any mail from it at all.

I'm willing to bet that almost all large cheaper providers have issues, at 
least from what I've seen myself.  This nice tool was just on the FrontPage of 
Hacker News: https://github.com/freeCodeCamp/mail-for-good/tree/heroku/stable, 
so I'm expecting a new wave of spam from AWS probably shortly.
Sadly, when people try to do good, it usually gets followed by bad actors 
sooner than later.

> R's,
> John

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

[Eric Tykwinski via mailop]

Yeah, I agree on the split domain, we’ve had enough trouble with customers 
getting fooled with off domains.  
IE F1SERV.COM <http://f1serv.com/> instead of fiserv.com <http://fiserv.com/>, 
et al…  There’s enough there in the font specification that I know most coders 
still trying to find their own font of choice.

PS. I use Bespin coloring, and Dejavu font.
https://www.fontsquirrel.com/fonts/dejavu-sans-mono 
<https://www.fontsquirrel.com/fonts/dejavu-sans-mono>
https://wiki.mozilla.org/Labs/Bespin/UserGuide 
<https://wiki.mozilla.org/Labs/Bespin/UserGuide>

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Jun 4, 2020, at 6:36 PM, Brandon Long via mailop  wrote:
> 
> 
> 
> On Thu, Jun 4, 2020 at 8:28 AM Ralph Seichter via mailop  <mailto:mailop@mailop.org>> wrote:
> * John Levine via mailop:
> 
> > Mailing lists have only been adding subject tags since the 1980s.
> 
> I do not wish to delve into whether these tags are useful or not, but
> rewriting subjects or bodies invalidate existing DKIM signatures.
> 
> I recommend using separate domains, or subdomains, for regular business
> and for mailing lists, combined with separate DMARC policies, e.g.
> 'quarantine' for example.org <http://example.org/> and 'none' for 
> mlists.example.org <http://mlists.example.org/>.
> 
> Why? 
> 
> For one, I'm not sure what you're recommending, either:
> 1) Host mailing lists on a separate domain
> 2) Send mail to mailing lists on a separate domain 
> 
> If you're recommending #1, sure, there are benefits to that, though it's 
> clearly not strictly necessary.  Having a different DMARC policy
> for the mailing list domain isn't that useful since the mailing list sends 
> very few messages "from" the mailing list (slightly more in the case of 
> 5322.From header rewriting, of course).  It's also usually a fairly 
> controlled domain only used for the mailing list software, so making sure the 
> SPF and DKIM are correct is pretty trivial, so the looser DMARC setting 
> doesn't seem to make much sense.
> 
> If you're talking about #2, I probably wouldn't recommend that breakdown, but 
> I do know folks who have split domains for the "product" and the employees, 
> ie yahoo.com <http://yahoo.com/> vs yahoo-corp.com <http://yahoo-corp.com/>, 
> foo.net <http://foo.net/> vs foo.com <http://foo.com/>, etc.  We played with 
> that a bit when we were first rolling out DMARC predecessor, adding a 
> googlers.com <http://googlers.com/> domain.  Ultimately, we decided that 
> leaving a domain open that can be spoofed defeats the purpose of DMARC.  I 
> mean, it also points to the ultimate problem with DMARC, which is people fall 
> for phishing even from non-exact or even completely wrong domains, so all of 
> this is just about moving the needle and not SOLVING THE PROBLEM ONCE AND FOR 
> ALL, so everything is a continuum and everyone needs to understand and make 
> the right choices for them.
> 
> Brandon
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Proofpoint having issues?

[Eric Tykwinski via mailop]

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Eric Tykwinski
via mailop
Sent: Tuesday, April 14, 2020 1:15 PM
To: mailop@mailop.org
Subject: [mailop] Proofpoint having issues?

I’m seeing my servers not able to resolve some MX records.
mxa-0012cb01.gslb.pphosted.com
mxb-0012cb01.gslb.pphosted.com
mxa-001f1301.gslb.pphosted.com
mxb-001f1301.gslb.pphosted.com

dig +trace all lead to no response.
/*
gslb.pphosted.com.      500 IN  NS  ns-sc4.proofpoint.us.
gslb.pphosted.com.  500 IN  NS  ns-at1.proofpoint.us.
;; Received 142 bytes from 208.84.66.208#53(ns3.proofpoint.com) in 82 ms

;; connection timed out; no servers could be reached
*/
__

If someone from ProofPoint is here, it's DNSSEC:
https://dnsviz.net/d/gslb.pphosted.com/dnssec/




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Proofpoint having issues?

[Eric Tykwinski via mailop]

I'm seeing my servers not able to resolve some MX records.

mxa-0012cb01.gslb.pphosted.com

mxb-0012cb01.gslb.pphosted.com

mxa-001f1301.gslb.pphosted.com

mxb-001f1301.gslb.pphosted.com

 

dig +trace all lead to no response.

/*

gslb.pphosted.com.  500 IN  NS  ns-sc4.proofpoint.us.

gslb.pphosted.com.  500 IN  NS  ns-at1.proofpoint.us.

;; Received 142 bytes from 208.84.66.208#53(ns3.proofpoint.com) in 82 ms

 

;; connection timed out; no servers could be reached

*/

 

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Quick question on Yahoo warning messages...

[Eric Tykwinski via mailop]

Everyone disregard that last email.  His email name was listed as "Yahoo 
Warning" on their server.  Probably from not ever typing one in.
I ran over and fixed it in 2 seconds…

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Apr 6, 2020, at 9:15 PM, Michael Wise via mailop  wrote:
> 
>  
> Can you get a set of full headers of the email as received and little-r it to 
> me?
>  
> Aloha,
> Michael.
> --
> Michael J Wise
> Microsoft Corporation| Spam Analysis
> "Your Spam Specimen Has Been Processed."
> Open a ticket for Hotmail <http://go.microsoft.com/fwlink/?LinkID=614866> ?
>  
> From: mailop  On Behalf Of Eric Tykwinski via 
> mailop
> Sent: Monday, April 6, 2020 6:03 PM
> To: mailop 
> Subject: [EXTERNAL] [mailop] Quick question on Yahoo warning messages...
>  
> My next door neighbor, a doctor, is emailing through his MS Surface.  No clue 
> what version, but every time he sends an email through it, it’s set’s a 
> warning message on Yahoo.  My guess is that MS is using some app to download 
> and send emails like Mail.ru 
> <https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.ru%2F=02%7C01%7Cmichael.wise%40microsoft.com%7Ca8a57f8cdde94ac1840f08d7da900670%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637218184437638971=n9ekTx4%2BESEmOZ888DGw1CbiILyt8OhD635CDEm7KWI%3D=0>
>  and others, ie breaking DMARC.  Perhaps someone from Oauth knows what the 
> message means?  It doesn’t seem to be causing an issue, but obviously with 
> the current situation he’s a bit hesitant, so I’ve told him to use webmail 
> for now.
>  
> Sincerely,
> 
> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300
>  
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Quick question on Yahoo warning messages...

[Eric Tykwinski via mailop]

My next door neighbor, a doctor, is emailing through his MS Surface.  No clue 
what version, but every time he sends an email through it, it’s set’s a warning 
message on Yahoo.  My guess is that MS is using some app to download and send 
emails like Mail.ru <http://mail.ru/> and others, ie breaking DMARC.  Perhaps 
someone from Oauth knows what the message means?  It doesn’t seem to be causing 
an issue, but obviously with the current situation he’s a bit hesitant, so I’ve 
told him to use webmail for now.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Verizon/OAuth admin available offlist?

[Eric Tykwinski via mailop]

Minor issue with new block being given for Static IPs on Verizon Fios.

Spamhaus has them listed by VZ on PBL: 68.163.48.0/20 is listed on the
Policy Block List (PBL)

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] MegaRbl ?

[Eric Tykwinski via mailop]

From the site http://megarbl.net: This domain name registration has expired and 
renewal or deletion are pending. If you are the registrant and want to renew 
the domain name, please contact your registration service provider.
Registrar URL: http://www.tldregistrarsolutions.com
Updated Date: 2019-11-25T11:05:27Z

> -Original Message-
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Ken
> O'Driscoll via mailop
> Sent: Monday, November 25, 2019 8:57 AM
> To: mailop@mailop.org
> Subject: Re: [mailop] MegaRbl ?
> 
> On Mon, 2019-11-25 at 16:25 +0300, Emre Üst via mailop wrote:
> > Hello everyone ,
> >
> > Is anybody know this French blacklist firm megarbl.net ?  I think
> > something is wrong in their systems .
> 
> According to Slack this morning, it's been dead for years but the (new)
> domain owner seems to have changed the query response recently.
> 
> Rip it out from any filtering or monitoring configs.
> 
> Ken.
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Just a word of thanks....

[Eric Tykwinski via mailop]

I'm assuming this was an automated scan setup, but Viktor Dukhovni emailed
about incorrect DANE records.

 

Sadly, I forgot that I had done anything on the domain, but the email was
nice and had some really useful information about SSL changes, how to setup
dane with Let's Encrypt, et al.

 

So if Viktor's on the list, or anyone knows him, I owe him a beer.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [Senders] seeking information on attachments in email

[Eric Tykwinski via mailop]

Just a couple of examples from sigtool --find-sigs on ClamAV

> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Wise via 
> mailop
> Sent: Monday, July 29, 2019 3:19 PM
> To: mailop
> Subject: Re: [mailop] [Senders] seeking information on attachments in email
>
>
> PDFs have been weaponized.
>

https://nvd.nist.gov/vuln/detail/CVE-2012-4154

https://nvd.nist.gov/vuln/detail/CVE-2012-4157

https://nvd.nist.gov/vuln/detail/CVE-2011-4370

https://nvd.nist.gov/vuln/detail/CVE-2017-2958

> Aloha,
> Michael.
> -- 
> Michael J Wise
> Microsoft Corporation| Spam Analysis
> "Your Spam Specimen Has Been Processed."
> Got the Junk Mail Reporting Tool ?



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Microsoft blacklisting a /16

[Eric Tykwinski via mailop]

> On Jun 7, 2019, at 3:49 PM, Michael Wise via mailop  wrote:
> 
>  
> All true progress depends on SOMEbody sticking their neck out.
> … I think.

Good response, being mostly a network guy the first thing I thought of was the 
Hurricane Electric cake.
PS Don’t tell them to eat cake, it still doesn’t work.

>  
> Or maybe that’s just propaganda from the ones who would prefer to NOT stick 
> their necks out, and thus keep them.
>  
> Aloha,
> Michael.
> --
> Michael J Wise
> Microsoft Corporation| Spam Analysis
> "Your Spam Specimen Has Been Processed."
> Got the Junk Mail Reporting Tool ?


Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Quick question...

[Eric Tykwinski]

We received something rather strange, basically normal spam but a lot of 
attachments, like 10 to 12 jpgs, or sometimes txt attachments.
Seems like a buffer overflow or something that’s not effecting us and I haven’t 
heard anything from clients, but just wondering if this is something new going 
on?

I haven’t seen anything related, so might be a new 0day that I’m just seeing 
start up.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Quick question on SPF...

[Eric Tykwinski]

I've got a customer receiving emails from ProofPoint and failing SPF.

Looks like they followed this page on ProofPoint's website:

https://support.proofpointessentials.com/index.php?/Knowledgebase/Article/Vi
ew/346/0/why-is-spf-check-failing-with-office-365

 

Basically, add "a:dispatch-us.ppe-hosted.com" to your current SPF record.

$ dig +short dispatch-us.ppe-hosted.com

148.163.129.52

148.163.129.53

67.231.154.189

67.231.154.184

148.163.129.62

67.231.154.188

67.231.154.187

67.231.154.164

148.163.129.49

67.231.154.183

67.231.154.186

148.163.129.58

148.163.129.56

67.231.154.165

148.163.129.63

148.163.129.48

 

Is this a legit method?  Looks like it's a typical round-robin so will fail
more often then work..

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Relevant topic from NANOG

[Eric Tykwinski]

Ronald Guilmette found a spammer leasing IP space from a polish ISP, and 
figured it would be more relevant here in all honesty.
Here’s the post: 
https://mailman.nanog.org/pipermail/nanog/2018-November/097916.html 
<https://mailman.nanog.org/pipermail/nanog/2018-November/097916.html>

Quite a bit of research done, so worthy of posting for anyone running RBLs or 
doing research.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] apple.com uses servers not covered by SPF?

[Eric Tykwinski]

Seeing the same here:
[2018.10.31] 08:06:11 [17.151.1.241][66194430] cmd: EHLO 
nwk-txn-msbadger0211.apple.com
[2018.10.31] 08:07:17 [17.151.1.244][14063806] cmd: EHLO 
nwk-txn-msbadger0511.apple.com
[2018.10.31] 08:25:16 [17.151.1.246][47927537] cmd: EHLO 
nwk-txn-msbadger0711.apple.com

These are all from "Apple Business Team " in the from, 
and the marketing campaign is "Order the updated MacBook Air" in the subject.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> -Original Message-
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tobi
> Sent: Wednesday, October 31, 2018 8:17 AM
> To: mailop@mailop.org
> Subject: Re: [mailop] apple.com uses servers not covered by SPF?
> 
> so far they're all from their 17/8 network
> Some samples:
> 
> 17.151.1.86
> 17.151.1.45
> 17.151.1.98
> 17.171.37.90
> 
> which are not covered by their ~all spf record for domain apple.com
> 
> Cheers
> 
> tobi
> 
> Am 31.10.18 um 12:38 schrieb Michael Wise:
> > Are they coming from 17/8, or somewhere else?
> > And if elsewhere, can you share an IP?
> >
> > Aloha,
> > Michael.
> > —
> > “Your Spam Specimen Has Been Processed,”
> > 
> > From: mailop  on behalf of Tobi
> 
> > Sent: Wednesday, October 31, 2018 2:29:18 AM
> > To: mailop@mailop.org
> > Subject: [mailop] apple.com uses servers not covered by SPF?
> >
> > We're currently seeing a lot of messages from "apple.com" sender domain
> > which are delivered via apple servers but not listed in their SPF.
> > Did they add new servers and forgot to update their SPF? Anyone else
> > seeing such mails?
> >
> > Cheers
> >
> > tobi
> >
> > ___
> > mailop mailing list
> > mailop@mailop.org
> >
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.no
> signal.org%2Fcgi-
> bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%
> 40microsoft.com%7C791bf4e66f494798b3aa08d63f144b67%7C72f988bf86f
> 141af91ab2d7cd011db47%7C1%7C0%7C636765753733470417sdata=
> KcCpNZT%2FwnJoCbPKHLIor0fYa4h%2BG2pKGJ4277I2pRY%3Dreserved
> =0
> >
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] GMail Delisting

[Eric Tykwinski]

Actually,  what are some small time providers using for OAUTH2 servers?  I was 
thinking about checking out WSO2 locally for a dovecot/postfix database, but 
open to some other suggestions…

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Sep 11, 2018, at 5:28 PM, Brandon Long via mailop  
> wrote:
> 
> 
> 
> On Tue, Sep 11, 2018 at 2:13 PM Ángel  <mailto:mai...@16bits.net>> wrote:
> On 2018-09-11 at 10:20 -0600, Dave Warren wrote:
> > In my experience attacks against webmail are quite uncommon, and also 
> > can be mitigated with more flexible techniques than the SMTP protocol 
> > offers.
> 
> Maybe for bruteforcing attacks, but phishing pages that attempt to grab
> webmail credentials are not uncommon at all.
> 
> People falling at pages requesting that in order to open the document
> you need to provide any credentials, no matter if it is Outlook, GMail,
> AOL, Roundcube, Horde or anything else, are probably not the brightest
> kids, but that just makes it more important to protect them from
> themselves.
> 
> Attackers do connect to your webmail in order to send spam / BEC
> campaigns.
> 
> From time to time we've seen spammers try to use the internal gmail api that 
> the 
> web client uses, but it requires passing a login page which has a lot more 
> smarts and
> abilities to it (including captchas and risk verification based on second 
> factors and such)
> and the general assumption that an actual human is doing it.
> 
> Protecting against a username / password combo with a protocol that offers 
> little in the
> way of challenge-response and is often used unattended and with no ability to 
> change the clients
> to adapt to abuse campaigns is more challenging.  Another benefit of OAUTH2 
> in our usage is that
> the original grant by the user is done on the web, where the more 
> advanced/flexible techniques are 
> available.
> 
> Obviously, phishing has different levels of targets and time worthiness, a 
> single high value target can
> be worth all the effort of getting through web challenges.  Hijacking for 
> spamming purposes requires
> volume, assuming you have per account sending limits in the first place.
> 
> Brandon
> ___
> mailop mailing list
> mailop@mailop.org <mailto:mailop@mailop.org>
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop 
> <https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Email viruses still a thing?

[Eric Tykwinski]

Looking at stats on some of our server, we average about 2/user daily, 

but it’s probably over estimated with third party sigs and yara rules to block 
known stuff.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Erwin
Sent: Tuesday, July 17, 2018 2:40 PM
To: mailop
Subject: Re: [mailop] Email viruses still a thing?

 

Glancing at the stats at  I'd say they are definitely still a thing, 
although thankfully for a lot of messages other scoring methods bring the 
hammer down before an AV scanner is needed.

 

--Erwin

 

On Tue, Jul 17, 2018 at 10:44 AM, Chris Adams  wrote:

I was looking at some stats on a mail server cluster I operate to handle
a handful of small telephone companies, and I noticed that I get almost
no viruses blocked anymore.  It's a fairly typical setup of postfix and
amavisd (calling spamassassin and clamav), with some DNS-based
blocklists on the front end.  Looking at the last 3 weeks of logs, I
only see about 1 out of every 57,000 messages blocked as a virus.

Mostly just wondering if my virus filtering is hosed up, or have email
viruses really dropped that much (or are enough of the sources blocked
by DNS blocklists?). :)

-- 
Chris Adams 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Bitcoin password ransom email from user at outlook.com

[Eric Tykwinski]

I really hope your wrong, since it's in their FAQs.
https://support.office.com/en-us/article/Deal-with-abuse-phishing-or-spoofing-in-Outlook-com-0d882ea5-eedc-4bed-aebc-079ffa1105a3

Reporting abuse

If you're being threatened, call your local law enforcement.

To report harassment, impersonation, child exploitation, child pornography, 
or other illegal activities received via an Outlook.com account, forward the 
offending email as an attachment to ab...@outlook.com. Include any relevant 
info, such as the number of times you've received messages from the account and 
the relationship, if any, between you and the sender.

I never rely on just emailing standards since I've noticed more and more form 
submittals, so I usually search first.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300


> -Original Message-
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael
> Rathbun
> Sent: Thursday, July 12, 2018 4:21 PM
> To: mailop@mailop.org
> Subject: Re: [mailop] Bitcoin password ransom email from user at outlook.com
> 
> On Thu, 12 Jul 2018 10:41:46 -0400, "Eric Tykwinski" 
> wrote:
> 
> >Did you submit to ab...@outlook.com?
> 
> Unless something has changed profoundly since I worked there, no human
> will
> likely ever read ab...@microsoft.com or the other domains concerned.  I
> would
> be delighted to discover that this is no longer the case.
> 
> At this moment, Michael Wise is on holiday in Uganda, so Monday would be
> the
> earliest he might respond.
> 
> mdr
> --
> "The fact of being reported multiplies the apparent extent of any
>  deplorable development by five- to tenfold"
>  -- Tuchman's Law
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] HELO *.*

[Eric Tykwinski]

I still see a lot of helo *.local which is supposed to be a multicast address, 
and sadly was the MS way.
Not complaining to Michael directly as that was long embedded. 

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Jun 11, 2018, at 7:21 PM, Brielle Bruns  wrote:
> 
> On 6/11/2018 4:23 PM, Michael Wise via mailop wrote:
>> Back in the day ... I'd be inclined to not accept mail from something 
>> HELOing with an IP literal where the connecting IP was not on our local 
>> network.
>> An excuse can be made for a mail client.
>> An actual mail server doing this doesn't belong on the Internet until they 
>> buy a clue.
>> IMHO only, of course.
> 
> 
> You're not the only one who thinks along those lines.  I'm glad by default 
> exim does sanity checking of the HELO/EHLO responses.  Does a good job in on 
> itself blocking bots.
> 
> 
> -- 
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org/ http://www.ahbl.org
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] TLS cipher issue with AppRiver...

[Eric Tykwinski]

If anyone is from AppRiver, drop me an email off-list.  We’re having a strange 
cipher issues, at least I think.  Wireshark is saying your sending SSLv3, but 
support just put in a bandaid for 1 client of yours and the same for others I 
messaging on a forum.  It’s probably better for at least someone to fix it 
permanently.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] AOL Postmaster site down, if anyone is from there.

[Eric Tykwinski]

https://postmaster.aol.com/

 

I'm getting a http/1.1 Service Unavailable.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Quick question on Comcast FBL...

[Eric Tykwinski]

Just last week I've noticed a sudden uptick on very old spam notifications.
(Some dated back to 2010.)

Just wondering if anyone else is seeing the same and if Comcast knows about
it.

Doesn't seem to be effecting our deliverability, but guessing maybe they did
some changes.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] TLS support

[Eric Tykwinski]

> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Angelo Giuffrida
> Sent: Monday, February 26, 2018 3:02 AM
> To: Anthony Chiulli
> Cc: mailop@mailop.org; Brotman, Alexander
> Subject: Re: [mailop] TLS support
>
> Seems that the email client stripped the double forward-slash from the link. 
> Copy the URL exactly as it appears, don't use the hyperlink:
> https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43962.pdf
> Complete with the double forward-slash and everything...


That didn’t work for me either, so I did a quick search:

Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery 
Security Zakir Durumeric† David Adrian† Ariana Mirian† James Kasten† Elie 
Bursztein‡
https://research.google.com/pubs/archive/43962.pdf

I'm assuming that's the document in question.

Did a search on the DMARC mailing list as well originally, since I was 
interested in those stats.
Found this site mentioned for statistics: 
http://secspider.verisignlabs.com/stats.html

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Sort of old but Apple now accepts TLS1.2 on IMAP...

[Eric Tykwinski]

I just saw on Full Disclosure about Apple patching a bunch of services for 
disabling TLS1.0, so I figured I’d give Apple Mail a shot.
I can confirm that Apple Mail Version 11.1 (3445.4.7) does in fact use TLS1.2 
now, but of course you’re always going to have older clients hitting your 
servers unless you are corporate and can control it.

I can’t remember who was asking, but at least we are getting there to disabling 
TLS1.0.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Seeing a lot of rDNS temp failures for GoDaddy.

[Eric Tykwinski]

If someone from GoDaddy is on the list,  we are seeing this from several
servers:

421 p3plibsmtp01-13.prod.phx3.secureserver.net bizsmtp Temporarily rejected.
Reverse DNS for

421 p3plibsmtp01-05.prod.phx3.secureserver.net bizsmtp Temporarily rejected.
Reverse DNS for

421 p3plibsmtp01-15.prod.phx3.secureserver.net bizsmtp Temporarily rejected.
Reverse DNS for

.

 

I've had customers saying that they are seeing the same.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Comcast timeouts

[Eric Tykwinski]

I'm seeing a bunch of timeouts on mx1.comcast.net and mx2.comcast.net

Tested from office and an OVH server to make sure it's not regional.

Timeouts are sporadic, so delivery happens after a few tries.

 

Just want to let someone know if Comcast guys are reading.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Talos Blocklist?

[Eric Tykwinski]

I use it for hosts.deny, so a bit of everything...

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> -Original Message-
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Chris Boyd
> Sent: Friday, August 04, 2017 3:43 PM
> To: mailop
> Subject: [mailop] Talos Blocklist?
> 
> Just noticed that Talos Intelligence is now publishing—every 15 minutes—a
> downloadable block list on their web site at
> 
> https://talosintelligence.com/documents/ip-blacklist
> 
> Anyone used it for anti-spam?
> 
> —Chris
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] self-signed cert for inbound TLS

[Eric Tykwinski]

> On Jul 26, 2017, at 5:42 PM, Steve Atkins  wrote:
> 
> It doesn't _really_ matter in the context of deciding whether a certificate
> is being presented by a legitimate domain owner or a MitM.

Well I think that’s the whole solution of DANE, ie validate through DNSSCEC 
that the owner of the domain is the owner.
Obviously the DNS chain could be compromised, but at some point we have to let 
birds fly.

> A domain-validated certificate doesn't stop being domain-validated
> the day it's dodgy CA is removed from the approved list.

But that is the point of anyone removing the CA from authoritative chains, or 
intermediates.
Quick google search and GlobalSign comes up, sorry guys: 
https://www.theregister.co.uk/2016/10/13/globalsigned_off/ 


> It's relationship to the domain continues to be about as trustworthy
> as it was before the CA was smacked down, and still more so
> than anything self-signed or created using a private CA.

Trust me, if you ask the CAs, if you get “smacked” down, it’s probably all 
hands on deck.
Having a self signed cert, you the domain owner know what you are getting into.

> Cheers,
>  Steve

I think the major argument would be with corporate as they don’t care about 
random joe, but then do they than care about DNSSEC to actually publish 
records.  It’s sort of like the same catch 22 that DANE was supposed to fix.  I 
personally think of it like DEMARC, it’s that extra bit of time that spammers 
sure are not going to go through, but possible.  So security wise, it’s 
basically the same, we know mail.example.com  sent an 
email, it’s either DNS validated through DNSSEC, or some CA did it’s magic.  

The major problem apparently is that most solutions don’t check CA certificate 
paths, so at least DANE does something.___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] self-signed cert for inbound TLS

[Eric Tykwinski]

> On Jul 25, 2017, at 7:46 PM, Brandon Long via mailop  
> wrote:
> 
> Agreed that STS and DANE are the solution for enforcing, however it's still 
> early days for those.
> 
> Brandon 

Sorry, probably straying from the topic, but does anyone know any good SMTP 
tests for DANE.
I’m using https://dane.sys4.de/ currently and it works, but I would like 
something with some more details if possible.

Eric

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Properly vetting an hosting provider before buying/moving

[Eric Tykwinski]

> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Simon Forster
> Sent: Monday, July 17, 2017 10:57 AM
> To: Stefano Bagnara
> Cc: mailop
> Subject: Re: [mailop] Properly vetting an hosting provider before 
> buying/moving
>
> >  On 17 Jul 2017, at 13:28, Stefano Bagnara  wrote:
> >
> >  Senderscore,
> >  senderbase, uce-protect, spamhaus, spamcop and other sources are not
> >  publishing informations that declare OVH worse than others direct
> >  competitor in EU.
>
>  
>
> ovh.net at #9. Some of their listings are fairly obnoxious stuff which should 
> be dealt with quickly.
>
>  Summary: Spamhaus seems to be saying they’re quite bad.
>
>  Simon
>  PS #1 on the same page is Microsoft — but that looks more like someone 
> finding a way to game their signup process to get snowshoe spamming set up on 
> Microsoft's networks. IIRC, there’s a gang rotating around big providers 
> doing this — so different… quality of problem.

Of more interest to me is how is anyone proactively monitoring for spam?
We have in place a lot of reactive methods, ie monitoring abuse boxes, FBLs, 
and using Netflow/SiLK to track SMTP volume changes.
I've never heard of anyone proxying all email out though, or do some providers 
put in an SMTP block unless requested?



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] GoDaddy abuse form

[Eric Tykwinski]

If anyone from GoDaddy is here, I tried to fill in the form at
https://supportcenter.godaddy.com/AbuseReport#,

Captcha just kept error out with the following: There was an error
submitting your request. SSE001 CSE001

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] LOUDMOUTHS WANTED!! ICANN WHOIS Replacement Work URGENT IMPORTANT ACTION NEEDED

[Eric Tykwinski]

It seems to me that people are getting rather hot headed about this.
First, I would suggest just emailing yourself on a private registration.  
I did and it seems to work fine for me at least:

Received: from localhost (localhost [127.0.0.1]) by mail.virtcolo.com (Postfix) 
with ESMTP id 22923740535 for ; Sun, 26 Mar 2017 03:15:12 
+0200 (CEST)
Received: from mail.virtcolo.com ([127.0.0.1]) by localhost (mail.virtcolo.com 
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2jRDEcjvQFy5 for 
; Sun, 26 Mar 2017 03:15:07 +0200 (CEST)
Received: from wgfwd1.registrar-servers.com (wgfwd1.registrar-servers.com 
[198.187.30.106]) by mail.virtcolo.com (Postfix) with ESMTP id C9D1C740225 for 
; Sun, 26 Mar 2017 03:15:03 +0200 (CEST)
Received: from se15-1.registrar-servers.com (se15.registrar-servers.com 
[198.54.122.195]) by wgfwd1.registrar-servers.com (Postfix) with ESMTP id 
1939F438400 for ; Sat, 
25 Mar 2017 21:15:01 -0400 (EDT)
Received: from mail.virtcolo.com ([149.202.229.102]) by 
se15.registrar-servers.com with esmtps 
(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.86) (envelope-from 
) id 1crwlm-0005x2-A4 for 
bd9ad01da322428a867837d8be5c97fa.prot...@whoisguard.com; Sat, 25 Mar 2017 
18:15:00 -0700
Received: from localhost (localhost [127.0.0.1]) by mail.virtcolo.com (Postfix) 
with ESMTP id A3C3C7403D6 for 
; Sun, 26 Mar 2017 
03:14:42 +0200 (CEST)
Received: from mail.virtcolo.com ([127.0.0.1]) by localhost (mail.virtcolo.com 
[127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 0isA7ahpW9sh for 
; Sun, 26 Mar 2017 
03:14:41 +0200 (CEST)
Received: from [192.168.15.100] (pool-108-36-147-39.rcmdva.fios.verizon.net 
[108.36.147.39]) (Authenticated sender: e...@virtcolo.com) by mail.virtcolo.com 
(Postfix) with ESMTPSA id 27069740225 for 
; Sun, 26 Mar 2017 
03:14:41 +0200 (CEST)
X-Spf-Result: se15.registrar-servers.com: domain of virtcolo.com designates 
149.202.229.102 as permitted sender
Return-Path: 

Re: [mailop] LOUDMOUTHS WANTED!! ICANN WHOIS Replacement Work URGENT IMPORTANT ACTION NEEDED

[Eric Tykwinski]

I agree with Mike on this one.  Yes WHOISd does need a replacement, and I was 
thinking that’s what RDAP was about.
Getting rid of it entirely makes absolutely no sense, and will probably have 
many repercussions like everyone here has noted…
I have no problems with private registrations, they should be listed to a 
company that can handle government/abuse requests like any other registrar. I 
would also want sub accounts, ie resellers to be listed for the sake of sanity, 
which I think was proposed earlier as well.

No clue where the whole idea of ditching it all together came from, but seems a 
bit bizarre to anyone dealing with operations.

> On Mar 24, 2017, at 6:42 PM, Michael Wise via mailop  
> wrote:
> 
>  
> If a reliable WHOIS replacement is not proffered...
>  
> The Pro-Privacy crowd will have all the privacy they want and more.
> Because I suspect, personally, not speaking for my employer, that there will 
> be many, many places where their connects will be refused without recourse.
>  
> Aloha,
> Michael.
> --
> Michael J Wise
> Microsoft Corporation| Spam Analysis
> "Your Spam Specimen Has Been Processed."
> Got the Junk Mail Reporting Tool ?
>  


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Comcast FBL issues?

[Eric Tykwinski]

We’ve got the same email from the FBL 35 times and counting now from them dated 
4 years ago?
I know we do receive some old emails some times, but this is sort of strange 
being the same exact email over and over and over again.
Below is the FBL headers, as the IP isn’t used, and customer isn’t any longer 
with us, any way to stop them?

Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: message/feedback-report

User-Agent: ReturnPathFBL/1.0
Abuse-Type: complaint
Arrival-Date: Thu, 29 Aug 2013 13:46:36 +
Feedback-Type: abuse
Version: 1
Source-IP: 66.252.96.11
Original-Rcpt-To: 465803caf169718b828ec3125d748...@comcast.net
Original-Mail-From: cra...@domain.com
Reported-Domain: comcast.net

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone from SherWeb on the list?

[Eric Tykwinski]

Please contact me offlist.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] outlook.com returning "452 4.3.1 Insufficient system resources"

[Eric Tykwinski]

Doug,

I'm seeing the same.  Seems to have started possibly at 1:58PM EST for us, 
though I do see one message from 11/21 at 7:34PM but probably an outlier.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Doug Brenner
Sent: Tuesday, November 22, 2016 3:16 PM
To: mailop@mailop.org
Subject: [mailop] outlook.com returning "452 4.3.1 Insufficient system 
resources"

Our forwarding relay queues are starting to build due to Microsoft returning 
the following message,

Connecting to iowa-uiowa-edu.mail.protection.outlook.com. via esmtp...
452 4.3.1 Insufficient system resources

Anyone else seeing similar issues?

--
Doug Brenner, UNIX System Administrator
Information Technology Services, The University of Iowa
+1 319 467 1625 / doug-bren...@uiowa.edu / doug.bren...@gmail.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Office365 question...

[Eric Tykwinski]

Here's what I'm showing:
protection.outlook.com. 7200IN  NS  
ns1-gtm.glbdns.o365filtering.com.
protection.outlook.com. 7200IN  NS  
ns2-gtm.glbdns.o365filtering.com.

Not bad at all.  Honestly, the amount of traffic for each person is probably 
minimal, 
and I would think it would affect those DNS servers before ours.

I was more thinking that most DNS resolvers will cache for some period of time 
and repeated lookups within the TTL would probably start rate limiting for most.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tim Bray
Sent: Friday, November 11, 2016 12:42 PM
To: mailop@mailop.org
Subject: Re: [mailop] Office365 question...



On 11/11/16 03:15, Bill Cole wrote:
>
> I think it's a perfectly reasonable TTL for a mail system that uses 
> round-robin DNS for loadbalancing and high availability. Arbitrarily 
> forcing it higher on the client end could have unintended negative 
> consequences.

(quick reply)

The other question is, what is the TTL for the NS records for the same domain.

If the NS has a long TTL, then looking up the A record is pretty cheap (one DNS 
lookup to authoritative server).

If the NS has short TTL, then looking up the A record is pretty expensive 
(potentially all the way back to the root again).

NS records look like short TTL to me.  And generally short TTLs all the way, 
although I've not had a proper dig to see.




Tim

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Office365 question...

[Eric Tykwinski]

We had some DNS issues, so I was looking through logs and noticed that 
domain-com.mail.protection.outlook.com 
<http://domain-com.mail.protection.outlook.com/> was set to a 10 second refresh 
on the TTL.  IMHO, this seems just a bit extreme.  Given I know end users can 
set the min TTL to be what ever they want, but I also think following TTLs for 
people in known transition states is also good.  Just wondering what others 
here are thinking on the subject...

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Barracuda hosted spam filtering having issues?

[Eric Tykwinski]

Sorry for the noise, found that status page: http://status.barracuda.com/

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300


-Original Message-
From: Eric Tykwinski [mailto:eric-l...@truenet.com] 
Sent: Wednesday, November 02, 2016 4:05 PM
To: 'mailop@mailop.org'
Subject: Barracuda hosted spam filtering having issues?

I'm seeing a lot of session timeouts on connections to
.ess.barracudanetworks.com servers.
Just checking to see if it's a known issue...

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Barracuda hosted spam filtering having issues?

[Eric Tykwinski]

I'm seeing a lot of session timeouts on connections to
.ess.barracudanetworks.com servers.
Just checking to see if it's a known issue...

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Office365 still having issues?

[Eric Tykwinski]

I'm seeing the opposite of yesterday at least, just long delays in receiving
emails from there.

Two example sending servers:

NAM02-SN1-obe.outbound.protection.outlook.com

NAM03-DM3-obe.outbound.protection.outlook.com

 

Anywhere from 30 minutes to 3 hours, but they are getting here.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Abuse Contacts hosted @ gmail and Google's Spam filter

[Eric Tykwinski]

Just as a side note, I was checking out: https://github.com/ovh/cerberus-ux
I don’t think it will work for us, but it’s main purpose is to delegate spam 
reports into categories.
As a customer, I can say they kick ass, for this contribution for us, meh…  But 
it’s worth checking out at least.

P.S.  It seems like nosignal.org’s cert on let’s encrypt still hasn’t updated 
yet.

> On Jun 28, 2016, at 7:14 PM, Steve Atkins  wrote:
> 
> 
>> On Jun 28, 2016, at 3:57 PM, Hal Murray  wrote:
>> 
>> 
>>> There is currently no way to deliver spam to abuse@
>> 
>> Google isn't the only problem.  There are lots of outfits that do content 
>> filtering on their abuse mailbox.
>> 
>> It seem reasonable to reject mail from IP Addresses on black lists, but 
>> rejecting spam reports because they look like spam seems silly.  What did 
>> you 
>> expect them to look like?
>> 
>> Is that mentioned in any BCP?  Do any spam-filtering examples process abuse@ 
>> correctly?
>> 
>> How much actual spam arrives at abuse@ after filtering on source address?
> 
> It can be a lot. It's not too difficult to distinguish from abuse reports for 
> a decent ticketing
> system or for custom filters, but it is difficult for typical email content 
> filters to distinguish
> the two streams.
> 
> (It's particularly hard to distinguish between spam directly to abuse@ and 
> badly
> written or misdirected spam reports. Fortunately you take the same action on
> both).
> 
> Cheers,
>  Steve
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Lack of TLS 1.1/1.2 support on Apple email products

[Eric Tykwinski]

Frank,

Here’s the strange part, I get conflicting responses depending on protocol, and 
server.
Running OSX 10.11.5 

333885  67.190981000XXX.XXX.XXX.100 192.168.15.100  TLSv1.2 259 Server 
Hello, Change Cipher Spec, Encrypted Handshake Message
That’s to my Exchange server using EWS.

258785  47.527004000XXX.XXX.XXX.102 192.168.15.100  TLSv1   125 Change 
Cipher Spec, Encrypted Handshake Message
This is a DoveCot Server, IMAP4S

127064  20.228638000XXX.XXX.XXX.9   192.168.15.100  TLSv1   211 Server 
Hello, Change Cipher Spec, Encrypted Handshake Message
This is a SmarterMail server, also IMAP4S

21150   16.384388000192.168.15.100  XXX.XXX.XXX.9   TLSv1.2 167 
Encrypted Handshake Message
Same Server, but EWS.

So my guess is that this is really just effecting standard mail protocols, but 
not SOAP calls.
I’ve been meaning to test out SOGo, but haven’t had the chance, so OpenChange 
may work the same, but I’m not sure.

I agree with Bill that it’s effecting many older clients as well, but I 
disagree that RC4/TLS1 is less immune to MITM just because you are using a 
SMTP/IMAP/POP transport.  Most client systems won’t fallback to non encryption 
they will just error out, only servers will.  

Good news is at least the POODLE attack on TLS1 was restricted to F5 load 
balancers, at least I think:
https://en.wikipedia.org/wiki/POODLE#POODLE_attack_against_TLS

> On Jun 24, 2016, at 11:24 PM, frnk...@iname.com wrote:
> 
> I want to disable it for the reasons that Eric spelled out. TLS 1.0 is 
> broken, so if we turn it off on websites, shouldn't we turn it off for all 
> protocols?  Not that we promise our customers end-to-end encryption for all 
> their e-mail messages and handling, but I'd like to take advantage of the 
> standards that are already out there for web browsing.
> 
> And I think we could, if it weren't for Apple's mail products.
> 
> Frank
> 
> -Original Message-
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Seth Mattinen
> Sent: Friday, June 24, 2016 6:28 PM
> To: mailop@mailop.org
> Subject: Re: [mailop] Lack of TLS 1.1/1.2 support on Apple email products
> 
> On 6/24/16 10:31 AM, Frank Bulk wrote:
>> Due to PCI requirements to disable TLS 1.0, and recognizing an overall
>> push towards to TLS 1.1 and TLS 1.2, we tried turning off TLS 1.0 on our
>> email servers.  That generally worked out fine for webmail, but Apple
>> users couldn’t use SMTP, POP3, or IMAP, resulting in a lot of helpdesk
>> calls.  We ended turning TLS 1.0 back on.
>> 
> 
> Unless you're sending card numbers or track data by email why would you 
> need to disable TLSv1.0 on a mail server for PCI?
> 
> ~Seth
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Quick practical question on DMARC.

[Eric Tykwinski]

So I’ve seen on here, people seem to be pushing for DMARC, but honestly what is 
the difference between DMARC and just using DKIM for end users.  IMHO, if the 
message is signed with DKIM, sending reports for DMARC matters little besides 
knowing that someone is spamming with your domain.  I’m sure this happens a lot 
for free domains like gmail.com <http://gmail.com/>, outlook.com 
<http://outlook.com/>, et al, so is there really much of an advantage?

I understand the idea of sending DMARC reports sounds great, but I don’t think 
any of our business servers support it as of yet, but I’ll definitely be asking 
vendors...

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone know if iPage is having issues...

[Eric Tykwinski]

We seem to be receiving disconnects and "451 Internal queueing error" when
trying to deliver to them today.

Seems a bit sporadic, so what to make sure it's not just our servers here.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AOL SCOMP messages

[Eric Tykwinski]

This is were I wish there was some standardization of bounce messages.  If 
email server operators could receive reports of X number of bounces reliably it 
may cut down on the number of compromised accounts considerably, by scripting 
some sort of shutdown of the account.

At the current state it seems like Exim, Exchange, SmarterTools, sendmail, et 
al all have their own format which makes this error prone to say the least.  
SmarterTools is trying bounce.io to inform the end-client, but as I’m sure you 
are all aware that they will just delete and continue like it’s just more spam.

 On Feb 13, 2015, at 7:36 PM, W Kern wk...@pixelgate.net wrote:
 
 
 On the other hand, when I've had actual compromised accounts that start 
 spamming, AOL's SCOMPs have always been the first external report, so I 
 actually find them quite useful. Only once did they notice a problem before 
 I did (or my systems) found and plugged the hole, but still, it's nice to 
 have the feedback. Other feedback loops seem far less useful to me, most 
 sent more messages in the verification/signup phase than have sent actual 
 ARF reports. Maybe I just don't send enough spam to get value out of the 
 other FBLs out there?
 
 
 Yes, AOL SCOMPs are invaluable for that.  Unfortunately, we have seen 
 situations where the SCOMP WAS our notification because rather than being 
 obvious and sending out spam/malware full blast, the spammer was being sly 
 and throttling the output to a couple a second, where it blended in with real 
 email.
 
 
 
 ___
 mailop mailing list
 mailop@mailop.org
 http://chilli.nosignal.org/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop