Re: [mailop] Scanner frequency ?

2024-05-29 Thread Frost The Fox via mailop 
I see what you are describing on a primary MX of mine, same IP address
connecting multiple times roughly every hour.

May 29 22:31:44 irys postfix/submission/smtpd[444857]: warning: hostname
scanner-401.hk2.censys-scanner.com does not resolve to address 199.45.154.4:
Name or service not known
May 29 22:31:44 irys postfix/submission/smtpd[444857]: connect from
unknown[199.45.154.4]
May 29 22:31:44 irys postfix/submission/smtpd[444857]: lost connection
after UNKNOWN from unknown[199.45.154.4]
May 29 22:31:44 irys postfix/submission/smtpd[444857]: disconnect from
unknown[199.45.154.4] unknown=0/1 commands=0/1

That seems more often than I remember as well but I don't particularly keep
an eye on their connections.

-Frost

On Wed, May 29, 2024 at 7:08 PM J Doe via mailop  wrote:

> On 2024-05-29 17:16, Mark Alley via mailop wrote:
>
> > The website is here below; I get this in my web logs occasionally.
> >
> > https://about.censys[.]io/
> >
> > User Agent: Mozilla/5.0 (compatible; CensysInspect/1.1;
> > +https://about.censys[.]io/)
> >
> > - Mark Alley
>
> Hi Mark,
>
> Thank you for your reply.  I am familiar with what Censys is, but what I
> found unusual is that the frequency with which they scan has noticeably
> increased over the last week or so ... at least from the perspective of
> the mail server I manage.
>
> I wasn't sure if others in the Mailop community were also seeing this or
> whether I was just "lucky"!
>
> - J
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft outages?

2024-05-07 Thread Frost The Fox via mailop 
Everything looks fine from our end on the US east coast, sending to
outlook.com & european TLD variants.

On Tue, May 7, 2024 at 1:29 PM Jarland Donnell via mailop 
wrote:

> Hoping it’s not just me, looking for a sanity check. Our queues today
> are packed with these responses from Microsoft’s mail servers:
>
> 451 4.7.500 Server busy. Please try again later
>
> Hoping, surely, it’s not that they’re deferring email from us and just
> experiencing normal issues.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SpamHaus listings

2024-03-24 Thread Frost The Fox via mailop 
On Sat, Mar 23, 2024 at 3:32 PM Matus UHLAR - fantomas via mailop <
mailop@mailop.org> wrote:

>
> I am curious how do people configure hosts that send mail.
>
> For years I recommended using separate IP address (if possible) to send
> mail
> from such servers directly, so one host getting listed in dnsbl does not
> affect others.
>
> However, if logic like the mentioned one can result into IP being listed
> when a sudden (small) mail peak happens, it would make sense to send all
> mail through one mailhub which sends mail more often, so it has good score
> and does not get listed (but if it gets listed, all mail gets rejected).
>

We follow the route of having centralized mail hubs. Our internal servers
send their emails to a set of (currently) 2 bulky email servers which are
under the same IP & hostname (I believe originally to save IPs). Our rep is
great, but we send hundreds of thousands of emails a day, so we could
likely get away with doing it either way. We do occasionally have smaller
receivers block us, and it is unfortunate whenever mail is rejected, but
for our type of mail it isn't the end of the world, so we attempt to make
contact, and if we can't resolve it, direct the user to contact their
provider.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] iCloud outage?

2024-01-17 Thread Frost The Fox via mailop 
I see something similar looking at our logs. At this moment, that
particular IP you gave seems to be closing the connection on us every time.
However, looking at yesterday's logs, that IP has accepted mail before, and
looking at the past 10 days, I see instances in each log of the connection
closing happening on various iCloud IP addresses:
2024-01-16 23:24:44 [mid] H=mx01.mail.icloud.com [17.57.156.30]: Remote
host closed connection in response to initial connection
2024-01-16 23:26:10 [mid] H=mx01.mail.icloud.com [17.57.152.5]: Remote host
closed connection in response to pipelined sending data block
2024-01-16 23:26:12 [mid] H=mx02.mail.icloud.com [17.57.156.30]: Remote
host closed connection in response to initial connection
2024-01-16 23:35:38 [mid] H=mx01.mail.icloud.com [17.56.9.29]: Remote host
closed connection in response to pipelined sending data block
2024-01-16 23:42:30 [mid] H=mx01.mail.icloud.com [17.57.155.34]: Remote
host closed connection in response to pipelined sending data block

Our server moves on to the next IP though and it seems to accept the mail,
so nothing's queuing up here.

Thanks,
Frost

On Wed, Jan 17, 2024 at 2:59 AM Jarland Donnell via mailop <
mailop@mailop.org> wrote:

> Just a quick sanity check, are others seeing intermittent failure to
> reach iCloud servers? My logs are filled with:
>
> 450 Error connecting to 17.57.156.30. Unexpected socket close
>
> I've been having trouble delivering mail to them for at least 12 hours.
> I hope it's not just me, but it would help to know if it is.
>
> <3
> Jarland
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is anyone seeing new temporary errors from Gmail?

2023-12-18 Thread Frost The Fox via mailop 
I see a very small amount of these throughout our logs for the past few
days (<10). A bit more today, mostly centered around 19:40-19:44 UTC, but
it is a very small fraction of our mail that hour (~42 of 47087). Nothing
since. For us, they cleared almost immediately on a retry, so I'm inclined
to say just something on Gmail's end as the code suggests.

Thanks,
Frost

On Mon, Dec 18, 2023 at 1:44 PM Brian Kowalewicz via mailop <
mailop@mailop.org> wrote:

> Hi,
>
>
> In the last 5 hours or so, we've been seeing this from Gmail on a fraction
> of our traffic:
>
>
> "Message failed: 451-4.3.0 Mail server temporarily rejected message. For
> more information, go to 451 4.3.0
> https://support.google.com/a/answer/3221692 "
>
>
> Doesn't look like the new* 421 4.7.28 errors.*
>
>
> Is Gmail having issues or am I?
>
>
> Thanks,
>
>
> Brian
>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Outlook.com: missing data in SNDS + IPs blocked on Apr 06

2023-04-13 Thread Frost The Fox via mailop 
I also show no data for the 6th, but no blocking here (granted, we are a
very high traffic single IP sender).

On Thu, Apr 13, 2023 at 11:33 AM Fernando MM via mailop 
wrote:

> Hi,
>
> On Apr 06 we detected that 28 IPs were blocked in Outlook.com, all with
> the following error:
>
> 550 5.7.1 Unfortunately, messages from [185.103.9.41] weren't sent. Please
> contact your Internet service provider since part of their network is on
> our block list (S3150). You can also refer your provider to
> http://mail.live.com/mail/troubleshooting.aspx#errors.
>
>
> Although some of the blocked IPs were new, most of them were in use by the
> same customers for years without issues. Part of them didn't had a single
> spam report or spam trap hit in the last 3-6 months.
>
> After making sure that these servers weren't compromised, I opened tickets
> at https://olcsupport.office.com/ and, after escalation, the response was
> that the IPs didn't qualify for mitigation at this time or that there were
> "changes in email sending volume" ( there weren't, the volume hasn't
> changed since we have limits for each IP/customer to avoid these issues )
>
> Today I noticed that the data on Apr 06 in missing in SNDS. All other
> dates are showing up, just Apr 06 is missing.
>
> I was wondering if anyone else experienced similar issues on Apr 06 with
> missing data on SNDS or a high number of IPs getting blocked?
>
> Thanks.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Salesforce abuse bounces

2023-04-03 Thread Frost The Fox via mailop 
Typo, or am I missing something? You've got asalesforce.com instead of
salesforce.com there, and indeed smtp.secureserver.net is the MX for that
domain. Actual SF has Proofpoint MXs.

On Mon, Apr 3, 2023 at 2:45 PM Jay Hennigan via mailop 
wrote:

> Trying to report spam from their network, got this:
>
> Reporting-MTA: dns; speedy.sb.west.net
> X-Postfix-Queue-ID: 4PqzpV4cYJz6N6gs
> X-Postfix-Sender: rfc822; [me]
> Arrival-Date: Mon,  3 Apr 2023 11:25:22 -0700 (PDT)
>
> Final-Recipient: rfc822; ab...@asalesforce.com
> Original-Recipient: rfc822;ab...@asalesforce.com
> Action: failed
> Status: 5.1.1
> Remote-MTA: dns; smtp.secureserver.net
> Diagnostic-Code: smtp; 550 5.1.1  Recipient not
> found.
>  
>
>
>
> --
> Jay Hennigan - j...@west.net
> Network Engineering - CCIE #7880
> 503 897-8550 - WB6RDV
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

2023-03-22 Thread Frost The Fox via mailop 
I'm not saying they're required to accept everyone's mail. And I hold
nothing against anyone trying to protect themselves or their users from
spammers. But if they have decided not to accept my TLD, it would be nice
to know that instead of running around wondering what list my domain found
itself on. Whether that is via the reject message, or replying to an email
to the relevant contact points.

Of course, as a mail admin, and with this being my personal domain, I know
what to do when I get a bounce like this, and I have alternatives
available. But someone who buys a cheap domain and mail hosting for a small
business or something like that and gets the bounce message will have no
idea what to do about it.

In any case, someone very kindly contacted me off list about my situation.
I was just sharing the example of a known TLD block I experienced and what
it can be like from the blocked side.

On Wed, Mar 22, 2023 at 3:01 PM John Levine  wrote:

> It appears that Frost The Fox via mailop  said:
> >-=-=-=-=-=-
> >-=-=-=-=-=-
> >
> >Which I can understand, I obviously might not like it as a legitimate user
> >of the TLD, but sometimes a measure like that could be the most effective
> >mitigation (especially for smaller scale ops). What I did have a problem
> >with was both the fact that the message was generic ("sender rejected"),
> >which isn't very helpful if I wasn't a mail admin, and that no one seemed
> >willing to talk to me about it (emails to contact addresses were not
> >allowed from my domain either, and emailing from other addresses went
> >unanswered).
>
> I would definitely ask them to refund the money you paid them to accept
> your mail.
>
> Oh, wait.
>
> If you want people to accept your mail, it is a good idea not to look
> like a spammer. It is hard for me to imagine why anyone would want to
> use a .PW domain for mail other, perhaps, than the handful of people
> who live there.
>
> R's,
> John
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

2023-03-22 Thread Frost The Fox via mailop 
Which I can understand, I obviously might not like it as a legitimate user
of the TLD, but sometimes a measure like that could be the most effective
mitigation (especially for smaller scale ops). What I did have a problem
with was both the fact that the message was generic ("sender rejected"),
which isn't very helpful if I wasn't a mail admin, and that no one seemed
willing to talk to me about it (emails to contact addresses were not
allowed from my domain either, and emailing from other addresses went
unanswered).

It's not a huge issue as I just use one of my other addresses to forward
things to my family member (and we're trying to move him away from that
address anyway), but the fact that as a customer, I can't even forward
emails to myself, is kinda frustrating.

On Wed, Mar 22, 2023 at 11:58 AM John Levine via mailop 
wrote:

> It appears that fh--- via mailop  said:
> >On 2023-03-22 12:19, Scott Undercofler wrote:
> >> Like .tk and .ml that are free?
> >>
> >
> >He means the .pw TLD he was using.
>
> Oh, no wonder.  I block it too.
>
> R's,
> John
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

2023-03-21 Thread Frost The Fox via mailop 
I have heard of domains that were quite popular for spamming like xyz/info
being outright blocked. My domain is completely blocked by Comcast without
having ever successfully sent mail to them. I'm guessing in that case it is
the TLD, as the domain had been registered for a couple years or so before
I noticed.

On Tue, Mar 21, 2023 at 11:58 PM Scott Undercofler via mailop <
mailop@mailop.org> wrote:

> This is kinda a deep question. IMO, the short answer is yes. Many
> receivers flat block or severely restrict sketch TLDs. I’d say there are
> exceptions (.bank, which is monitored) you do gain an advantage with common
> TLDs.
>
> Sent from my iPhone
>
> > On Mar 21, 2023, at 7:28 PM, fh--- via mailop  wrote:
> >
> > Hello
> >
> > Does sender domain itself have influence on delivery reputation? is new
> domain worse than old one? and xyz/info/pub/... domains worse than .com one?
> >
> > Thanks
> > corey
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://list.mailop.org/listinfo/mailop
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop