Re: [mailop] Microsoft Announces Tenant Trusted ARC Seal
I dont respond to smart arse trolls who have nothing better to do than try bait people, youve been around long enough to know exactly what I was talking about its nothing to do with lists its email standards if you dont understand that put your bottle down, sober up, and itll come back to you On 19/06/2022 11:36, Dave Crocker via mailop wrote: On 6/18/2022 3:40 PM, Noel Butler via mailop wrote: As for forwarding, SPF is only a problem if you dont follow standards and re-write Hi. You don't indicate what kind of rewriting you mean. It probably doesn't matter, since you seem to feel that mailing lists have to follow some relevant standards. that would sustain SPF validation. However I don't have a guess at what standards you have in mind. I also don't understand how SPF validates, when mail is simply relayed through an MTA that isn't pre-registered in the SPF DNS record. Are you thinking that it is natural and reasonable to pre-register all of the MTAs in a path, up to the receiving one that does SPF validation? Please enlighten us. d/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft Announces Tenant Trusted ARC Seal
On 19/06/2022 00:03, Jaroslaw Rafa via mailop wrote: this thread (forwarding or mailing lists). That was the main goal of SPF - ensuring that the message isn't fake - and it cannot even fulfill that one goal properly. Why even use it at all? I was a very early (even in testing) user of SPF, It's rather commical reading these FUD sayers about SPF and mailing lists, it has never been a problem with mailing lists, not using mailman nor its more common predecessor majordomo, and I've never noticed anything wrong with qmail users ezmlm. If you have used some half baked concoction that doesn't conform to standards that's not an SPF failure, it's yours. I've enforced and published SPF since get go, I did extensive testing and never found ONE instance of a list problem. As for forwarding, SPF is only a problem if you dont follow standards and re-write. Nearing two decades of SPF use (forget exactly its been so long) never had a mailing problem sending or receiving with SPF and I've always published hard fail, rarely forward Email, and it seems our customers don't either. If it was so dooming and earth ending do you really think I'd be using it privately, let alone commercially (a couple top 5 national "end user" ISPs & one with web hosting) for all this time, no, I'm not a masochist. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Question for Google -- how am I able to be added to google groups without opting in?
Thankfully most who run lists have morals :) Something you'd think Google would have, but perhaps its relies on the fact certain dnsbl's have made it known to the big boys they wont be listed, luckily not all think that way, funnny this I'm sure this is a no no in the USA, perhaps not it seems. Even if the law of the land does not require it, it is the right thing to do in being a good netizen. On 17/06/2022 15:24, Mark Foster wrote: On 17/06/2022 3:46 pm, Noel Butler via mailop wrote: On 17/06/2022 05:55, Brandon Long via mailop wrote: You should get a welcome message when a user direct subscribes you to a group that should have an unsubscribe link in it. The welcome message part of the flow that the group manager can set should be added to that message. What the F, no confirmation? if anyone adds me to any group and I do NOT get an email asking for confirmation - like the LAW in some countries requires (Australian law in my case), google will be treated like every other UBE sender, _blocked_ and the regulator will be notified, as this is a breach of the Spam Act in this country and as google has Australian offices the ACMA has jurisdiction to prosecute them. I'd concur with your action should it occur, but it's not uncommon... Mailman Mass Subscription offers you the ability to do the same thing: (screenshot): Above are my instance's default settings but I could select 'No' for welcome message and directly subscribe someone to one of my lists. I've actually done so, when migrating a mailing list between hosts. With consent, is the main element (and here in New Zealand, I imagine the legal constraints are much like Australia's). Turns out I still have admin rights to a Google Group, so I had a look, here's the relevant dialogue for adding people: (screenshot): ... so the bad guy has deliberately selected 'directly add members', which is valid functionality. The act of doing so without consent is what makes it illegal. Good luck prosecuting :( Does Google have the ability to at least 'score' groups (and their owners actions) based on negative reports ? Not that it takes much to register another junk gmail.com address anonymously and start again I suppose... Mark. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Question for Google -- how am I able to be added to google groups without opting in?
On 17/06/2022 05:55, Brandon Long via mailop wrote: You should get a welcome message when a user direct subscribes you to a group that should have an unsubscribe link in it. The welcome message part of the flow that the group manager can set should be added to that message. What the F, no confirmation? if anyone adds me to any group and I do NOT get an email asking for confirmation - like the LAW in some countries requires (Australian law in my case), google will be treated like every other UBE sender, _blocked_ and the regulator will be notified, as this is a breach of the Spam Act in this country and as google has Australian offices the ACMA has jurisdiction to prosecute them. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Yohoo rejecting mails from Rackspace
On 07/06/2022 01:18, Nitin Kumar via mailop wrote: Hi, Any one from Yahoo mail please look into this issue. Mails from Rackspace are getting rejected by Yahoo. Some of our IPs which are affected: 184.106.54.111 184.106.54.108 184.106.54.75 184.106.54.74 184.106.54.116 184.106.54.102 184.106.54.119 We are getting this error: Failed - host mta5.am0.yahoodns.net[67.195.228.106] said: 553 5.7.2 [TSS11] All messages from 184.106.54.108 will be permanently deferred; Retrying will NOT succeed. See https://postmaster.yahooinc.com/error-codes (in reply to MAIL FROM command) I would be grateful if you could investigate this issue and reply to us. Regards Nitin Kumar Postmaster Rackspace Technology ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop Most (but not all) of those are listed in at least one RBL (spam.sorbs...) Before asking them for removal I suggest you find the offenders and kick em off -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] gmail - pop3 retrieval checking SPF ? ( gmail, wth ? Take 2 )
On 14/04/2022 01:02, Paulo Pinto via mailop wrote: Hi all. Why on earth is gmail checking the IP address of the message sender (ISP assigned home address, for instance) against the sender's domain SPF without the ability of checking if that original delivery was done using SMTP authentication ( hence voiding the need for that IP being part of the SPF record ) ? I know its early i morning and I;m only just now taking my first sip of coffee, but, err... this is what SPF does, checks sebder is allowed to send as XYZ, smtp authed users sender from mail server and its in senders domain, all fine there Moreover, why on earth is gmail doing a SPF check ( that should ONLY be done during the smtp conversation ) during a pop3 retrieval ?! If there is anyone here from gmail ... fix that please. That however is not fine, it should already have done the spf check, are you certain it is doing it in pop transaction or just guessing? Pasting a short snippet of your evidence might help someone take notice. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] AT blocking IP addresses
On 31/03/2022 13:45, Carl Byington via mailop wrote: On Wed, 2022-03-30 at 10:55 -0700, Michael Peddemors via mailop wrote: Imagine the day where you can't use email unless you use Gmail or o356. If that happens, there will be two mail systems (gmail/o365) and (everyone else). If the (gmail/o365) folks will only accept mail from each other, then there is no reason for (everyone else) to accept mail from them. So folks that want to apply to a college won't be able to do it from a gmail account. So everyone will have at least two addreses, one in each side of the partition. Real situation about 5 years ago, CSR took call basics... Customer: I need your help I can't connect to my mail CSR CSR: what program you using Customer: oh I only use web CSR: webmail then, no problems, plz hold CSR->Me, any problems with webmail, xyz can't login Me->CSR ... nope /checks radius/greps apache logs/.. theyre not on our webmail CSR->Customer: We dont see any login attempts, can you check the login address, can you read it out to me Customer: I'm on the server it shows me choose account and i click on it CSR: (interrupts, being awake) Errr, sir we dont have a facility like that, what is the web address Customer: www.gmail.com [1] CSR: so youre using gmail webmail Customer: yes CSR: go call gmail support, we only support our mail services Customer: gmail have phone support? CSR: I dont know (he really meant "care" ) you are not using our mail service we can not help you -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Links: -- [1] http://www.gmail.com___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] AT blocking IP addresses
On 29/03/2022 13:49, Graeme Slogrove via mailop wrote: the world is moving to cloud. Conversely, it may not be best move, plenty of orgs in Australia went cloud and plenty reverted back. As for website/Email, cloud providers think they are the only ones who know how to do things, plenty have been using web hosting, even shared hosting, for decades, and technically that's cloud, just with a new name some marketing wanker decided to call it (few things Richard Stallman and I actually agree on, but THAT, is one of them) orgs have been doing long before amazon, linode, etc were conceived, and long before google and microsoft decided they wanted a piece of that pie too. It may not be the best overall strategy going forward to block spam. Maybe it blocks some spam, but likely interferes with other large corporates in cloud from communicating with a higher than acceptable false positive rate Not the best strategy for who, it certainly works for many, we care about our users, not theirs, and for near 30 years I've maintained I will never inconvenience 100K people, just to make 100 happy. Every organization choosing to use this IP space SHOULD insist that MS give them SWIP or 'rwhois'. Otherwise you may look like the many spammers using their IP Space. Or make it well known in whois - just like google does - the IP range is of their customers usage only, unrelated to their core business (search/gmail/etc), so google gave that thought to keep any remote blocks away from their core, microsoft, not so much thought. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] AT blocking IP addresses
On 29/03/2022 08:30, Graeme Slogrove via mailop wrote: We are actively using the new IP ranges as published a few weeks ago, everything seemed fine until this morning Server refused mail at MAIL FROM - 553 5.3.0 flpd577 DNSBL:RBL 521< 52.165.84.32 >_is_blocked.For assistance forward this error to abuse_...@abuse-att.net The ranges again are 52.165.84.32/28 52.165.84.16/28 20.81.235.112/28 20.81.235.96/28 Anyone from AT that I can contact to escalate this block, as it's affecting customers. Regards, Graeme Slogrove Sr. Director, Product Engineering m: +64 21.277.0844 There has been an absolute tsunami of scriddie activity from some of those ranges in past few days, along with large chunks of linode space. We are blocking them outright, so I'd say AT's blocking would be more than justified, hell, I'm not even in the same country as AT and seeing it. Strangely though, 99% of linodes crap is via IPv6, but Microsoft's ranges are IPv4. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] sorbs DNS problems
On 12/03/2022 11:20, Luis E. Muñoz via mailop wrote: On 11 Mar 2022, at 19:09, Noel Butler via mailop wrote: Firslty yes, seen too many issues with SORBS, we removed them about 3 weeks ago, the problems have been ongoing for months. Just wrapping up a trial with them for a traffic sample. We saw no issues in processing north of 300 million messages. Care to share what issues did you see? We configured a private secondary for this and experienced exactly zero issues. Best regards -lem timeouts, its like a few of their different zones just disappear and reappear hours or days later -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] sorbs DNS problems
Firslty yes, seen too many issues with SORBS, we removed them about 3 weeks ago, the problems have been ongoing for months. Secondly, like most DNSBL's they probably use rbldnsd, this does not support TCP, only UDP On 12/03/2022 06:17, Slavko via mailop wrote: Ahoj, Dňa Fri, 11 Mar 2022 11:20:24 -0800 Dan Mahoney via mailop napísal: Why are you instead not doing a dig against these ips? It's clear you understand that ICMP may be blocked, so why not use a check method that actually uses the protocol you'd use to query them? (send only to Dan accidentally, resend to ML) I did it manually previous, without results collected, i tried to tcptraceroute too (expecting that they responds to TCP requests), etc. I used ping output to demonstrate the problem. I do not know what dig's return code 9 means: ns0.sorbs.net. 113.52.8.11 dig fail 9 ns2.sorbs.net. 87.106.246.125 dig fail 9 ns4.sorbs.net. 78.153.202.24 dig OK ns5.sorbs.net. 72.12.198.241 dig OK ns1175.dns.dyn.com. 108.59.166.201 dig OK ns2174.dns.dyn.com. 108.59.168.201 dig OK ns3179.dns.dyn.com. 108.59.170.201 dig OK ns4151.dns.dyn.com. 108.59.172.201 dig OK ns9.sorbs.net. 169.48.121.207 dig OK rbldns10.sorbs.net. 185.87.186.55 dig OK rbldns7.sorbs.net. 88.208.216.85 dig OK rbldns0.sorbs.net. 113.52.8.50 dig fail 9 rbldns17.sorbs.net. 210.50.3.173 dig fail 9 rbldns3.sorbs.net. 74.208.146.124 dig fail 9 rbldns16.sorbs.net. 74.53.186.252 dig fail 9 rbldns8.sorbs.net. 89.150.195.2 dig fail 9 rbldns4.sorbs.net. 78.153.202.22 dig OK rbldns15.sorbs.net. 87.106.246.154 dig fail 9 rbldns2.sorbs.net. 72.12.198.247 dig OK rbldns18.sorbs.net. 72.12.198.248 dig OK rbldns14.sorbs.net. 194.134.35.168 dig fail 9 rbldns12.sorbs.net. 74.208.146.124 dig fail 9 rbldns13.sorbs.net. 113.52.8.157 dig fail 9 rbldns6.sorbs.net. 194.134.35.204 dig fail 9 rbldns1.sorbs.net. 78.153.202.21 dig OK rbldns11.sorbs.net. 216.12.212.155 dig fail 9 rbldns9.sorbs.net. 169.48.121.206 dig OK While i didn't compare it side by side with ping, it +- corresponds with ping results, at least in mean, that some responds and some not. Here is one example of result with code 9: ; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> @113.52.8.11 163.44.213.129.safe.dnsbl.sorbs.net ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached regards ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Best email server for home use...
On 23/02/2022 23:10, Sinclair, John via mailop wrote: Staring at the end of the Google Suite (aka Workspace) free lunch days. Trying to find a free solution that will still let me use a custom domain, not coming up with much, so thinking about going back to rolling and hosting my own email server for the family. What's the best of breed these days for small/micro servers hosting five-ish email accounts, probably no more than 1TB total - looking for as-close-to-gmail-as-possible webmail, IMAP access for mobile, might even throw a nextcloud/freenas type of environment on for file storage/sharing. Not interested in hosting my own IMAP and using a free gmail account as a client - looking to only have the family have to keep one username (on the custom domain) and basically cut out Google entirely. I have the hardware and the bandwidth, it's more of a what OS/email/webmail is best of breed these days, not only for robustness/security, but also something that can have at least some attempt at blocking most of the spam… Thoughts? ___ You can get a small cheap reliable VPS for around 10 USD a year from likes of host.us that would be perfect for what you want, install postfix, dovecot and you're up and running if all you want is a personal domain. You can add on amavisd/spamassassin/clamav to deal with vermin as you get time, you can then add opendkim and dmarc also as your time permits. As has already been stated, your initial setup should always involve setting your matching DNS correctly, create SPF records, and use a few DNSBL's to stop the rot. - That said, if your internet is reliable, I've run my personal mail server on a spare PC at home for family, extended family, and a few friends, for decades with next to no issues, also means if I changed employers I don't have to have downtime moving it all the time, I'm always sus of those who change IP's all the time, appears they have been up to no good. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Best hosting platform was Re: [EXTERNAL] Microsoft IP Filtering - sort of full details
Yes, but why would I block you specifically, are you spamming in your spare time tst tst :) On 17/01/2022 13:08, Mary via mailop wrote: You are still getting my mail via mailop, so all is fine :) On Mon, 17 Jan 2022 12:52:12 +1000 Noel Butler via mailop wrote: You dont send to us then :) There are a few ranges of linode's blocked here ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Best hosting platform was Re: [EXTERNAL] Microsoft IP Filtering - sort of full details
You dont send to us then :) There are a few ranges of linode's blocked here On 17/01/2022 12:43, Mary via mailop wrote: I'm hosted at linode and I manage 100+ mail servers there. To be honest, I would highly suggest linode for mail server hosting, since over the past 6 years, this is the first time I encountered a problem. No blocks, emails to gmail/hotmail/yahoo go to inbox, never being blocked by spamhaus and the servers are super fast. Their API is their selling point, since I can manage my own servers with my own tools (ansible in this case). This recent incident with Microsoft is a sore spot and so far a unique occurrence. On Sun, 16 Jan 2022 20:23:46 -0600 John Gateley via mailop wrote: I did misunderstand Michael's reply, but not in the manner you suggest. He contacted kindly off list and mentioned a huge backlog of items to be processed. Since you bring it up, I have seen on this list several times Linode is terrible for hosting mailservers I have also seen that for other hosting platforms (AWS for instance). I have never seen someone say "platform X is fantastic at hosting mailservers". Is there a platform that doesn't instantly provoke the response: "Well, of course they are blocking you, you are on platform X"? Thanks John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] MX advice for small operator
On 15/01/2022 15:54, Sam Mulvey via mailop wrote: I just wanted to let everyone know that I've got this all sorted, and I thank everyone on the list for their advice. I indeed had removed a few SPF records from the domains I control. I had plan forgot about them. But the most important domain-- the one for the station-- had a perfectly cromulent record, oddly enough. dkim=fail reason="key not found in DNS You might want to work on that one too ;) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] So, Sendgrid / Zoom, planning on actually doing anything about webinar spams?
On 09/01/2022 13:44, Brie via mailop wrote: Hi Sendgrid and Zoom, We've been over this before, multiple times... But alas, it looks like that you neither of you seem to care a single bit about your services being used to send spams that can't be unsubscribed from. Yep, I know you, Sendgrid, told me that you'd be working on it with Zoom. And, as expected, nothing ever happened and they still keep coming. Should I just give up hoping that anything will ever be done about it and blacklist Sendgrid and Zoom? Because, lets be honest here, based on what others are reporting, it looks like that I'd have an easier time trying to broker world peace AND cure cancer than it would be to get you guys to deal with abuse from your network. Yep. This message is written in anger, and I'll probably be accused of being unprofessional. But, frankly, if you (Sendgrid) or them (Zoom) ain't going to do jack shit, then don't fucking tell me you are "working on it". Actually, I think you put it rather nicely, much more polite than I would, but how long has sendgrid been around, they still cant figure out how to add the auto submitted header so their junk doesnt get all those vacation replies, so you probably got years before they do anything. Both of those slack arse companies have been blocked for 30 days here on and off a few times, no doubt they will be again because yep, their care factor = zero. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Roundcube client IPs → dovecot, postfix
Happy New Year! now for bad news, i'm back :) On 30/12/2021 13:05, Mark Foster via mailop wrote: On 29/12/2021 11:48 pm, Noel Butler via mailop wrote: Mark, you do realise, that information *is already there* in the header, well, for network operators it is, as its encrypted but roundcube has a tool for them to decrypt it, but you want them to put it plain text? when google and the like never will, wont win any fans with that request :) Maybe I need to be clear that I both use Roundcube, and operate it on a private MTA. I havn't seen how my HTTP(S) IP address was encoded in any emails i've sent using Roundcube, even as the operator of that platform. Perhaps I missed something. I'm using RC now, have a look, the first received line, all that jibberish, is my actual hostname and IP Sure, but you are not exposing it to all and sundry are you, you are exposing it to those with authority to see it, webmasters, newsmasters, irc opers, facebook, google, microsoft admins, and so on, your not exposing it for say, me, or your neighbours to look at - unless you using our services lol. If I send someone an email, I expect my email address to be presented as the sender. However it's relatively easy to forge these and very inexpensive to create a large number of disposable email addresses. There's such a large number of operators that full transparency is not available, and the headers failing to provide a link to the last-mile network provider just adds to the anonymity. And when we're guaranteed anonymity, we know that people will take advantage for negative effect. But your email address is not the same as your IP address which is not the same as a residential address As for your 'authority to see it' comment... if I typo a web address in my browser, that's on me, but i'm giving my IP away to the person who operates the DNS server and webserver. Anyone can do this, so a malicious What is it with some people and believing that all ISPS perform DNS logging, do ISP's in your country really log every DNS request? Then your best using tails if you're that paranoid about it, or a VPN. I mean most people on this list are from USA, not all like yours truly, but most, I really dont see every USA ISP logging DNS requests of all of its users, it is one reason why I'm outspoken against DoH, sending all your DNS requests to cloudfare, centralising the internet. If you use an SMTP mail client your home IP is given away. Plenty of webmail services log an HTTP(S) Received: line . I guess i'd just expect Roundcube to do the same. as above, it does What purpose will it serve for the victim to know the IP of the person causing them harm? If the only info you have is the mail service provider, and that mail service provider is a huge, freemail operator, noone is going to expect any real consequence to come out of reporting abusive activities. The ISP is the party who's going to (more likely) have an actual commercial relationship with the malicious party. Onceuponatime these may have been the same parties, but no longer, ... if i'm reporting nefarious behavior I'd want to get as close to the actual offender as possible, an anonymously-signed-up-to freemail service is not going to care too much... they might block the account, there'll be ten more signed up in as many minutes, rinse and repeat. There is always accountability, just it might be a slower process in some cases. Most ISPs have a similar AUP, which also aligns with most freemailers - I'm no fan of them, but they are not the topic of this discussion which is roundcube, which is hardly used by freemail providers, so any problem you have with a RC user, is likely the actual ISP/Hosting provider where there is a contractual agreement, so again I see no problem that needs solving -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Roundcube client IPs → dovecot, postfix
On 29/12/2021 14:15, Mark Foster via mailop wrote: I use Roundcube myself and as a _user_ of the software, it hadn't occurred to me that, much like Gmail, people who send emails using this webmail tool have _full anonymity_ (except, of course, from the service operator). Should have included this in previous,. went of on such a rant I lost where I was LOL... The problem I see is the OP wants the rules in dovecot, to also apply to a web server. So what if RC gave clear text IP's, you add some config and block them at imap, do you think the badguys care? they will still be slamming your web server, so you have just moved the problem sideways, not cured it, as I said rcguard to force captcha after a couple failures, in combination with fail2ban - problem solved, bad guys dont get to webmail let alone hitting imap which still has to happen for dovecot to ignore them. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Roundcube client IPs → dovecot, postfix
On 29/12/2021 14:15, Mark Foster via mailop wrote: So your attitude is fine if you're a _good_ platform operator _and the victim _ Most operators will be better operators, as most of us dont have tools scanning its users emails to target advertising and christ knows what else they do with the information they scan whilst invading their users privacy. (And Google have the added advantage of being too-big-to-block... and Nobody is too big to block, not even google who love people like you touting this nonsense, because it gives them less incentive to police things, and yes we have blocked them before, and wont hesitate to do it again if need arises, just the same as with any org. abuse reports filed with them... there's little evidence of this to an end-user/victim...) I for one look forward to Roundcube building in the option to have the web IP included in headers, Mark, you do realise, that information *is already there* in the header, well, for network operators it is, as its encrypted but roundcube has a tool for them to decrypt it, but you want them to put it plain text? when google and the like never will, wont win any fans with that request :) But with a victims perspective in mind, feels like it'd be nice to show some public accountability. (And your IP address shouldn't be treated as PII kid-gloves... you expose it every time you access network resources) Sure, but you are not exposing it to all and sundry are you, you are exposing it to those with authority to see it, webmasters, newsmasters, irc opers, facebook, google, microsoft admins, and so on, your not exposing it for say, me, or your neighbours to look at - unless you using our services lol. People have a right to privacy, yes people have a right not to be a victim, that's where network operators come in, to identify and if need be deal with their user. What purpose will it serve for the victim to know the IP of the person causing them harm? They cant exactly do anything with it, but report it to the users ISP, which is exactly what they need to do now to find out who it is, the ISP sure as hell is not going to tell the alleged victim their alleged perpetrators name and address or phone number or anything, I'm sure even the country with the worse privacy laws wont allow that. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Roundcube client IPs → dovecot, postfix
On 29/12/2021 03:50, Jaroslaw Rafa via mailop wrote: It is Roundcube that is actually connecting to Dovecot/Postfix and receiving/sending mail, not the user's browser, so the connecting IP that Dovecot/Postfix gets is technically correct. No need to change it. On the other hand, user's browser is talking HTTP to Roundcube, and Roundcube knows it's IP address, so Roundcube is the point where restrictions should be enforced, not Dovecot/Postfix. Agreed, dovecot doesnt know - nor care - if its kmail, evolution, thunderbird, outlook, RC, imapproxy, or some other client, it's not its job to care. RC has rcguard which works well, and as mentioned by another poster there is always fail2ban. Frankly, I don't see any problem that needs addressing, and I guess neither do the RC team if this is as is claimed a "long standing" issue for a small minority. As to the anti privacy brigade, suck it up, we are network operators, if we want to know who they are, we can, just means we have to multitask looking at two logs, i mean FFS, how hard is that, you already do this tracking local spammers actions and then looking them up in CRM or radius, or some other database. get over it. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] rejected by DMARC policy for microsoft.com
You are enforcing what Microsoft asks you to, that is their problem, not yours. On 21/12/2021 02:37, Mary via mailop wrote: It appears that SPF is a pass, but OpenDMARC rejected the email. Does this look like a microsoft problem or is it me? Thank you. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] spamhaus blocking Linode IPv6 (2a01:7e01)
Fair enough too, the amount of crap coming from linode in recent weeks exceeds the levels from gmail and outlook combined, both ipv4 and 6 usually they send about the same as the others, not more than both of them together. On 25/11/2021 21:15, Mary via mailop wrote: I first noticed that all outgoing emails that are using IPv6 addresses, are being rejected by anyone using zen.spamhaus.org -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Google DNS Quad 8 Outage tonight
On 23/11/2021 05:09, Joel M Snyder via mailop wrote: Speak for yourself, friend. You want me to build 400+ small DNS resolvers and manage them world-wide? Forget the cost of the hardware; now I have to deal with the software, updates, security, long-term management? And this in an organization that is desperately trying to go "server-less" in the offices to cut costs and overhead? What drugs are you on, the OS keeps the software up to date, if they are recursive servers they are pretty much set and forget. and what is so hard and time consuming? you sit there and configure those alleged 400 devices in the first place. ohh and when you say edge router, I hope you mean edge as in type, not as in brand/model, else you will have far bigger problems using soho junk like that in commercial networks. (unless your alleged 400 sites are 5 people offices, where it might last a tiny bit longer) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Google DNS Quad 8 Outage tonight (Grant Taylor)
On 23/11/2021 04:16, Chris Adams via mailop wrote: Once upon a time, Joel M Snyder said: Since this is happening in a number of countries, it's hard to discern exactly why 8.8.8.8 is given the exception Possibly because some consumer equipment and software appears to have 8.8.8.8 hard-coded, ignoring local (e.g. DHCP-provided) settings. IIRC I've seen that behavior from some (but not all) Google Home products and the Netflix app on various devices. Yep, I've got 2 bauhn (Aldi) android TV's, one in bedroom and in my office, it does honour my local DNS, however as you point out, the netflix app does not, it uses quad8 - which I intercept at home so no big deal :) ( Why do I intercept at home, the family has windowsy things because they like to game, and I run malware dns blocklists actually that is also one of the reasons I know its done around here in enterprise and why some of the ISP's do it, as for ISP, its also an agreed method for Federal Court ordered site blockings for copyright infringing (iinet v movie-industry ) ... I think someone wasa right, this is really a dnsops list thread :) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Google DNS Quad 8 Outage tonight (Grant Taylor)
On 23/11/2021 02:39, Joel M Snyder via mailop wrote: as the conspiracy theorists propose, they are intercepting 8.8.8.8 and re-directing to their own in-house servers. They are not conspiracy theorists, ISP's are intercepting 8.8.8.8 and 8.8.4.4 and ipv6 variants, but they also do same to cloudfare, Q9 et al, and some even redirect all., and no, those ISP's are not just in china either, they are in some major western societies. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Google DNS Quad 8 Outage tonight
strange, lots of people from multiple networks reported google dns went MIA in Australia for an hour or two on 19th poor souls, had to shake off the google fanboisms and revert to using ISPs DNS On 21/11/2021 02:11, Al Iverson via mailop wrote: I never thought to monitor for it but Twitter suggests yes, there was an outage, both on 11/19 and maybe back on 11/12 too. Cheers, Al Iverson On Fri, Nov 19, 2021 at 8:52 PM Kevin A. McGrail via mailop wrote: Anyone out there see any Quad 8 outages from about 20:25PM Eastern to 21:16PM Eastern? Regards, KAM ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- Al Iverson / Deliverability blogging at www.spamresource.com [1] Subscribe to the weekly newsletter at wombatmail.com/sr.cgi [2] DNS Tools at xnnd.com [3] / (312) 725-0130 / Chicago (Central Time) ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Links: -- [1] http://www.spamresource.com [2] http://wombatmail.com/sr.cgi [3] http://xnnd.com___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
On 14/11/2021 20:02, Simon Arlott via mailop wrote: On 12/11/2021 18:56, Slavko via mailop wrote: I am using bl.0spam.org and nbl.0spam.org RBLs in my custom RBL check script, but in more days their DNS server returns SERVFAIL. Please, are these RBL gone or it is only mistake in its configuration? The DNSSEC RRSIG for the SOA RR is out of date, so all NXDOMAIN (not found) responses will fail to validate: https://dnsviz.net/d/1.0.0.127.bl.0spam.org/dnssec/ In this case, the signature is for the SOA with serial 2021110401 but the current SOA serial is 2021110501: https://gist.github.com/nomis/239c16f5f2321600e9397933b193d955 You can request data even if it doesn't validate by using "dig +dnssec +cd": 0spam.org.56 IN SOA ns1.0spam.org. sa.0spam.org. ( 2021110501 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 1209600; expire (2 weeks) 3600 ; minimum (1 hour) ) 0spam.org.56 IN RRSIG SOA 8 2 10800 ( 20211219192545 20211104182545 53779 0spam.org. rSfVa/1fDI+075D0UmXxiJJ2o8OJ37cszPhrtuvADk0e OtNtfVH4q+vTP2mIVZKq3/DeE7aDFSiQNrL4rSoeubvq +CmD6ACJ+vBW1hvw2teQgtTAV7CmIZgRbA+AJeHNOb9J 32U0hBWUs+s7hWyfjy7GLd3qLe13xBYajJeKLrw= ) 0spam.org.3566 INDNSKEY 256 3 8 ( AwEAAa4Y6IcV8Aa47O2aJAciBJ+ys9r+ycnpR5nhWWOC DHCXuLAUQZFWf9LbbNs1z2YrYuvpMhY424AK9nqkbBZl 9mTd+2suXd4PpKSK4AJ4YdA+WkOVF4O2zvQUzseYjAQh fMaSlT7BwmVE1myRAn+x9gysJ+mBsHTiBvGxDgMAGnhf ) ; ZSK; alg = RSASHA256 ; key id = 53779 https://zonecheck.org/result/99fbf54020a2b9a9 Seems they have an issue or 2 with dnssec -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
On 14/11/2021 18:31, Slavko via mailop wrote: dig 1.0.0.127.bl.0spam.org ; <<>> DiG 9.17.19-1-Debian <<>> 1.0.0.127.bl.0spam.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48097 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;1.0.0.127.bl.0spam.org.INA ;; Query time: 1740 msec ;; SERVER: 192.168.10.13#53(192.168.10.13) (UDP) ;; WHEN: Sun Nov 14 09:29:50 CET 2021 ;; MSG SIZE rcvd: 51 dig 1.0.0.127.bl.0spam.org ; <<>> DiG 9.11.34 <<>> 1.0.0.127.bl.0spam.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32988 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 6cecf7e7919b888b01006190e2b03fc3fc671e57ffcd (good) ;; QUESTION SECTION: ;1.0.0.127.bl.0spam.org. IN A ;; AUTHORITY SECTION: 0spam.org. 3600 IN SOA ns1.0spam.org. sa.0spam.org. 2021110501 10800 3600 1209600 3600 ;; Query time: 1169 msec ;; SERVER: 10.10.0.254#53(10.10.0.254) ;; WHEN: Sun Nov 14 20:19:28 AEST 2021 ;; MSG SIZE rcvd: 131 -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] 0spam.org DNSBL SERVFAIL
On 13/11/2021 21:58, Renaud Allard via mailop wrote: It fails here too # time dig 2.0.0.127.bl.0spam.org ; <<>> dig 9.10.8-P1 <<>> 2.0.0.127.bl.0spam.org ;; global options: +cmd ;; connection timed out; no servers could be reached 0m15.04s real 0m00.01s user 0m00.01s system ~# dig 2.0.0.127.bl.0spam.org ; <<>> DiG 9.16.22 <<>> 2.0.0.127.bl.0spam.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58252 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; COOKIE: 4cefd8603a6ecf1c0100619059ee80bbc9a8db3121ed (good) ;; QUESTION SECTION: ;2.0.0.127.bl.0spam.org. IN A ;; ANSWER SECTION: 2.0.0.127.bl.0spam.org. 10800 IN A 127.0.0.2 ;; Query time: 3047 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Nov 14 10:35:58 AEST 2021 ;; MSG SIZE rcvd: 95 -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] IMAP and SMTP in the same or separated IPs?
On 16/10/2021 12:41, John Levine via mailop wrote: According to Michael Peddemors via mailop : Put everything under mail.yourdomain.com Unless you have some strange firewall rule requirements, there is no real technical advantage, and some real technical disadvantages.. (including paying for multiple certs) Who pays for certs these days? I have over 100 for my MTA, all free from Let's Encrypt. R's, John Banks. Because in their imaginary world of blaming someone if they get MITM'd they can point blame and make claims under their monetary guarantees. You get none of that with LE. They probably also sleep better at night knowing this :) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] IMAP and SMTP in the same or separated IPs?
On 16/10/2021 11:44, Grant Taylor via mailop wrote: On 10/15/21 7:11 PM, Dave Crocker via mailop wrote: Let's try I again. I said "for these two functions". The original query, as noted in the Subject line, is for IMAP and SMTP. How does reputation for SMTP activity interact with IMAP activity? And what does reputation mean, relative to IMAP activity? I can see a hypothetical scenario where a client is running a firewall that is filtering connections based on IP reputation. So if an SMTP server is erroneously listed, said firewall might block the IP, thereby blocking the client's access to the IMAP server if it was on the same IP as the SMTP server. But that surely is the mail operators fault, if an abuser on say 25 or 587 results in everything being blocked, that's too heavy handed and they accept the end result for their paranoia. I use a more measured heavy handedness ;) if one abuses any of 25|465|587 they are blocked on all of 25/465/587 with a lengthy filter time if one abuses any of 110|143|993|995 they are blocked on all of 110/143/993/995 with a slightly shorter filter time Not saying its perfect or ideal, as always YMMV, but it's worked well enough for me for many many years. O.P I used to run separate ip's and names way back in the day, but in the end, it did cause CSR's more grief, so for past 15 years or so using just mail.domain removed most of it, and yes as someone else mentioned earlier, when you need to scale, load balancers, that's what they were designed for :) If you get biggish though it helps to keep the mx side of things separate though using its own name and perhaps behind its own LB too. You don't need to go out and buy one of the criminally overprices "brand name" things that cost 10's to 100's of thousands, maybe if you get to size of Microsoft or google you might, but for most of us here, nah, our 2 LB's cost about 4K each, but that was a while back :) -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] IMAP and SMTP in the same or separated IPs?
On 16/10/2021 02:37, Mary via mailop wrote: For Let's Encrypt certificates, I use these awesome scripts, they are written as bash shell scripts and they are infinitely better than the official certbot tool, they can be used without a web server, by using DNS API integration. They are highly recommended: https://github.com/acmesh-official/acme.sh Just be careful of this one now, it no longer defaults to LE, it uses zerossl, because its rights are now owned by them. You can re-enable LE as default though by acme.sh --set-default-ca --server letsencrypt -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DKIM signing with ed25519 keys - leap of faith
opendmarc was very recently updated due to a security issue IIRC, I think was end of May start of June, v 1.4.1. Might have been on spamassassin list. I had a discussion with that person who's told me opendkim (which wont build on current supported openssl's without a patch), is being worked on next - though he gave me no time frame. I do share your concern, if we are all applying a patch for past year or 2, it would take mere minutes for them as well and update the site, so people can at least build it and use it, and add anything new afterwards for another release, given this was about 5 months ago now, it's obvious they don't seem to give two 's about it really. On 15/10/2021 06:10, Mary via mailop wrote: I've tried to get in touch with the OpenDKIM developers with little success, it appears that the project was alive 10 years ago with lots of development effort, which eventually died along with all their other projects (OpenDMARC, OpenARC, etc) Some poor dev seems to make a few adjustments here and there, but with no real commitment. They seem like dead projects to me. On Thu, 14 Oct 2021 21:35:02 +0200 Alexey Shpakovsky via mailop wrote: 1) install OpenDKIM 2) set it to use rsa-sha256 What means two things: first, self-host email admins might simply be not aware of ed25519; Second, OpenDKIM seems to be the most popular tool for this job (please correct me if I'm wrong here). Worth noting that OpenDKIM's latest stable release was in 2015, and latest beta in 2018. The app seems to be in somewhat active development on Github, but to see it you must switch from default "master" branch to more active "develop" one. Ed25519 signing and verifying is supported in the latest beta, but dual-signing is not supported at all. So maybe someone bigger than me can approach those guys and ask them to add a dual-signing (issue #6 in their github), and make a release already? Also, someone could've implemented DKIM signing primarily in hope to increase mail _deliverability_, not _security_. Note that there is a support.google.com page titled "Prevent mail to Gmail users from being blocked or sent to spam" which also mentions DKIM signatures. So maybe to make a wide public interested in ed25519, one of big players could start a _rumor_ that using ed25519 DKIM signatures _might_ increase chances that your message passes GMail spam filter? After all, they were able to push everyone to turn to HTTPS in WWW-world, so why not do the same in SMTP-land? Heck, I have a friend who annoyed me hard enough that I've enabled TLS for outgoing SMTP connections just so that he could see a gray padlock in his GMail client instead of red! Given that my VPS provider seems to have direct peering with Google, I doubt it improves real security in any way. Thanks for reading so much, Alexey. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?
On 06/08/2021 01:38, Jaroslaw Rafa via mailop wrote: problem from Google from time to time; especially when I post a lot to mailing lists like this one, my mails start suddenly going to spam at Gmail). I'm starting to like google again buwahahaha -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?
On 06/08/2021 00:08, Hans-Martin Mosner via mailop wrote: 5. August 2021 14:52, "Noel Butler via mailop" schrieb: pt NEWSFLASH the blocking is to the advantage of end users (sorry for inital empty response, mail program malfunction) If you block only spammers you'd be right. But SendGrid is one of the sorry cases where you have spam and legit, sometimes important e-mails coming from the same network. Your users won't be happy if you reject their order confirmations or online tickets. Cheers, Hans-Martin So you think it's better to have the potential to inconvenience MariaDB [vmail]> select count(*) from virtual_users where active='1'; +--+ | count(*) | +--+ | 836019 | +--+ over the likelihood of a dozen or so people who may have loss of a legit mail? I'm not one to bow to the tiny minorities, also, T's are most clear. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?
On 05/08/2021 19:07, Jaroslaw Rafa via mailop wrote: Dnia 5.08.2021 o godz. 11:18:55 Noel Butler via mailop pisze: This only happens because as demonstrated here many are too scared to block the bigger mail senders/providers - and since these gutless so and so's publicly admit it, the big boys know it, so have little reason to be motivated to "clean up their act". I would never block an entire server/provider, no matter big or small, unless the server/provider sends spam *only* and not any legitimate emails. If there are even few legitimate emails from this IP address, I would never block it. Because email is all about communications, and I don't want to sacrifice actual communications in order to fight spam aggresively. I don't care about providers, I do care about end users. Someone who wants to send an email and someone who wants to receive it. Their ability to send and receive emails should NOT be harmed in any way because I want to fight spam. Yes, obviously I do want to fight spam, but NEVER at the cost of someone losing actual email. pt NEWSFLASH the blocking is to the advantage of end users nobody wakes up one morning and says who are we gonna blacklist today for no reason, if you are not doing your best to stop the trash getting to your users, you are not doing your job, or, you just DGAF about them We've done this since the 90's and nobodys said " oh how dare you" well, nobody but the spammers - yes I've had 2 in my lifetime who had the nerve to call us, admit they were spamming and demand we unblock them... I dunno, must have had a bad batch of drugs I guess. and in case you still aint grasped it, I block these f'wits for the benefit of and to protect users, many of whom are not geeks and in their 80s and wouldnt know how to tell a phishing email. you run your spam infested network the way you want, and i'll run mine the way I want. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?
On 05/08/2021 10:59, Michael Peddemors via mailop wrote: You do realize that kind of response probably won't make any friends.. Should SendGrid not simply block obvious malware, no matter who the client? And 4 weeks is far to long to allow malware to We helped them out last week to reduce their end user reach, we blocked sendgrid completely for 96 hours, next time, its 7 days, then 28 days, then permanently. Month's later, the activity continues, virus's propogate, phishing and other criminal activity continue This only happens because as demonstrated here many are too scared to block the bigger mail senders/providers - and since these gutless so and so's publicly admit it, the big boys know it, so have little reason to be motivated to "clean up their act". I know for without a doubt sendgrid (and gmail et al) would never notice us blocking them, but if we all did, they'd sure as hell notice that. Digital Ocean went public based on how many customers they Ahhh another mob who have a fair chunck of their IP space blacklisted -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] mail.ru broke mailing lists
On 13/07/2021 10:23, Brandon Long via mailop wrote: In any case, in today's world where it's mostly hosted solutions talking to other solutions, a mailing list admin has limited ability to change how their hosted mailing list solution works... and even less ability to influence someone like Google to make a work-around for some other much smaller provider who is choosing to be non-standard. After all, the BOFH is making wow fancy google talking about non standard as a bad thing, thanks, you made my night! -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] mail.ru broke mailing lists
On 12/07/2021 22:09, Al Iverson via mailop wrote: have to conform to the whims of others. Never. They are our servers, so why let anyone dictate how we should run them. But I expect this attitude from some here, the same attitude some here use when claiming gmail is too big to block, again, no they are not, and yes, we have, multiple times. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Outlook sending with no PTR
On 11/06/2021 16:51, Hans-Martin Mosner via mailop wrote: Am 11.06.21 um 06:14 schrieb Noel Butler via mailop: MS sending out mail with no rdns? Jun 10 09:20:20 cust-mta01 postfix/smtpd[8137]: NOQUEUE: reject: RCPT from unknown[40.92.62.80]: 554 5.7.1 Client host rejected: cannot find your reverse hostname, [40.92.62.80]; from= to= proto=ESMTP helo= This is probably something that you wouldn't miss. Outlook.com and hotmail.com accounts (most likely created by bots) are being used to spam massively for the last couple of days/weeks. these are confirmed legitimate emails being affected by MS not have rdns on those servers, we will not whitelist, there are many Australian ISP/ASP's being affected, its been discussed over several days. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Outlook sending with no PTR
MS sending out mail with no rdns? Jun 10 09:20:20 cust-mta01 postfix/smtpd[8137]: NOQUEUE: reject: RCPT from unknown[40.92.62.80]: 554 5.7.1 Client host rejected: cannot find your reverse hostname, [40.92.62.80]; from= to= proto=ESMTP helo= $ host 40.92.62.80 Host 80.62.92.40.in-addr.arpa. not found: 3(NXDOMAIN) Michael, any chance you can get this sorted? -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Gmail's MTA is broken
On 07/06/2021 05:14, Gene Hightower via mailop wrote: On 06/06/2021 07:34, Larry M. Smith via mailop wrote: Seems that gmail.com's MTA can't properly speak SMTP. [...] $ telnet imp.fahq2.com smtp Trying 47.12.77.216... Connected to imp.fahq2.com. Escape character is '^]'. 220 "helob0gus.fahq2.com ESMTP" The syntax of the initial greeting offered by your MX includes double quote characters which don't look to be complaint with the syntax of an SMTP reply as specified by RFC 5321 section 4.2. SMTP Replies. Perhaps your MTA might be the problem? Those who live in terribly fragile glass houses, shouldn't ever cast stones Test #133683 - digilicious.com https://www.zonemaster.fr/result/d02eb1719121efa2 -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [INFORMATION] What's happening in the world of spam/email abuse update
On 29/04/2021 20:05, Jaroslaw Rafa via mailop wrote: Dnia 29.04.2021 o godz. 13:04:55 Noel Butler via mailop pisze: nobody, but nobody, is too big to block to protect my users. And what if your users because of being unable to communicate with Google users (which is roughly equal to "almost everyone" for an average user) will switch to Google and move their email there? And BTW. in my opinion that's exactly what Google wants - that everyone uses their services and nobody else's. So just in order to stop people moving to GGogle we should be able to communicate with Google :) I have no doubt they rather people use their service so they can scan and scam them, but I don't and wont play their games, if the rest of you are too gutless to stand up the bullies thats more work for you, answering irate clients who want the spam to stop, how does that go down you telling them google is too big to block in your eyes - that, would be a faster way to lose clients. Think what we will about Microsoft, even I give them credit in this area, they do a pretty good job when it comes to dealing with abusers on their network, no reason google can't. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [INFORMATION] What's happening in the world of spam/email abuse update
On 28/04/2021 17:05, Jaroslaw Rafa via mailop wrote: Dnia 28.04.2021 o godz. 10:19:17 Noel Butler via mailop pisze: What's so hard about 1 ? What do we do with any S.P. that emits tonnes of crap, we block them, often outright, nothing hard about that. It shouldn't matter how big a company is, it certainly didn't 20 years ago when most people here who were around at the time would have blocked AOL for the exact same thing, yet people are scared to block the freemailers these days, why, it's those actions that force said companies to pull their finger out of their arse and clean up their network, if they don't, well, like i said, AOL, they become irrelevant. From "normal" people (ie. not email-related professionals like on this list) that I correspond with, about 70% have email addresses on Gmail. There are also numerous companies that use Gsuite for their work email (and among them are really big corporations, like my employer). The popularity of smartphones and mobile applications has a big impact on this. So blocking Google is like blocking 70% or more of your possible correspondents. If you can afford this, then good luck, but most people cannot. Google just grew too big and for a small email operator (and almost everyone is small compared to Google) blocking Google will hurt themselves more than it will hurt Google. you see, this is EXACTLY what I am talking about it is EXACTLY what google counts on and google does S F A about it. I've blocked them in the past yes, I have no hesitation in doing so again. nobody, but nobody, is too big to block to protect my users. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [INFORMATION] What's happening in the world of spam/email abuse update
On 28/04/2021 01:31, Rob McEwen via mailop wrote: (1) sent from legit Google mail servers (2) the spammer's "payload URL" in the body of the message - is content is hosted at storage[.]googleapis[.]com servers (3) Those links are staying "live" for many days (possibly weeks/months?) This combination (1 & 2) makes them difficult to block - especially for small and medium sized hosters who don't have as much expertise and resources to deal with this. What's so hard about 1 ? What do we do with any S.P. that emits tonnes of crap, we block them, often outright, nothing hard about that. It shouldn't matter how big a company is, it certainly didn't 20 years ago when most people here who were around at the time would have blocked AOL for the exact same thing, yet people are scared to block the freemailers these days, why, it's those actions that force said companies to pull their finger out of their arse and clean up their network, if they don't, well, like i said, AOL, they become irrelevant. As for 2, blocking them is easy in even the most basic of systems like milter-regex, or even spamassassin et al Lastly for 3, that makes 1 even more justifiable. -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Spamhaus Public Mirror Error Return Code Update
On 16/02/2021 04:13, Jim Popovitch via mailop wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, 2021-02-15 at 18:53 +0100, Jaroslaw Rafa via mailop wrote: Dnia 15.02.2021 o godz. 15:43:56 Matthew Stith via mailop pisze: Wanted to get this out to you all for awareness for anyone who is using the Spamhaus public mirrors to query our DNSBLs. Beginning in March Spamhaus will start enforcing the follow error return codes for these news codes announced in 2019: 127.255.255.252 - Typing error in DNSBL Name 127.255.255.254 - Query via public/open resolver/generic unattributable rDNS 127.255.255.255 - Excessive Number of Queries The main thing to take away from this announcement is that these codes are meant to be treated as errors and not an indicator of negative reputation. The plugins that we have developed for Spamassassin and Rspamd already properly parse out these errors. You can read more about the change here: Are these "error" codes covered by any RFC? If not, I suppose that Wietse will refuse to implement them in Postfix :) Anyone can implement it in postfix. Just use: postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[0..255]*3 If you are using a version so old that it doesn't support postscreen, then Wietse isn't your friend. - -Jim P. breaking news: even those using latest versions postfix dont always see postscreen as a good fit in their network, so even using the latest... smtpd_recipient_restrictions = ... reject_rbl_client zen.spamhaus.org=127.0.0.[2..255] ... -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Sendgrid is giving others anti-abuse/security advice? Wow!
On 12/02/2021 04:26, Stefano Bagnara via mailop wrote: On Thu, 11 Feb 2021 at 18:49, Rob McEwen via mailop He's not even trying to let people guess Sendgrid is good at preventing abuses. Why would he? because they are not good at it, sendgrid are blocked here, have been for w months -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Sendgrid is giving others anti-abuse/security advice? Wow!
On 12/02/2021 03:40, Rob McEwen via mailop wrote: These questions! WOW! IS THIS FOR REAL? Don't get me wrong, I like Len Shneyder and I think he's a good person TRYING to do the right thing - but - considering what is coming FROM SendGrid in recent years, is this the right time to be giving OTHERS anti-abuse/security advice? Just... wow! I think they should instead consider trying to "lead by example". The world would certainly become a MUCH better place! https://martechseries.com/mts-insights/tech-bytes/len-shneyder-twilio-sendgrid/ -- Rob McEwen, invaluement " given that 80% of email inboxes around the world are validating DMARC." LOL I think that figure is a tad optimistic, probably more like 8% and even might be a bit generous -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Spamcop
postfix reported nothing, so must check for appropriate response codes, and I certainly hope it checks 127.* not just .2, as we are not to know every DNSBL's response codes. Our only alert was an internal monitor on our own IP's - just basic check script in perl, that's what alerted us to the problem, and as its a monitor not a block its handy to see if *any* errors occur, and re-coccur On 02/02/2021 10:05, Kai 'wusel' Siering via mailop wrote: According to reports, any query for *.spamcop.net resulted in an A reponse to a landing page (there were no NXDOMAINs), so when not specifically checking for 127.0.0.2 but just for a positive reply, any query would be seen as a hit. As such, the incident would have only impacted misconfigured sites. Regards, -kai On 01.02.21 20:39, Don Owens via mailop wrote: I've received a report from someone that said that all IP lookups against the SpamCop blocklist resulted in blocks during this time. Did anyone else have the same observation? I'm trying to figure out if this person has a bad blocklist lookup implementation (saying an IP is in the list, as opposed to returning an error, when the blocklist DNS is unavailable), or if it was something larger. ./don On Jan 31, 2021, at 09:01, Don Owens wrote: We have the domain back now, but we have to wait for propagation delays. If you query the name servers they Arne mentioned, that should give you the right IPs. Sorry for the trouble, folks. Now I have to go see who needs flogging. ./don -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Anyone using clustered DoveCot?
Hi Tom, What did you want to know? load balancer multi imap, pop3, smtp with dovecot using NFS to EMC storage backend works exceptionally well. but we dont use director, thats an unnecessary extra cog in the wheel thats not needed for a functional system despite what dovecot will try tell you, redirecting someone to same server is job of a good hardware load balancer, plenty use NFS backend without director for many many many years, it scales very well, add or take away servers when you need, do upgrades by one down at a time, nobody has ever noticed it. We do it slightly different though, we dont use lmtp, we use dovecots LDA on the smtp servers accepting/storing mail direct, and yes, we use maildir. it might be old skool, where the new kds on hte block want to use clusterfs, but no, thast asking for trouble, and lots of media horror stories about mail down fr days at isps around teh world justify avoiding it, good ol NFS " just works" On 23/01/2021 08:36, Tom Perrine via mailop wrote: I'd be interested in chatting with anyone who has rolled out (or failed to rollout!) Dovecot in a cluster. Especially if you're using an object store. Tom -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC Reports are Spam according to Google...
On 17/10/2020 04:12, Bill Cole via mailop wrote: > On Bill Cole via mailop wrote: > > Apparently enough people like https://dmarcian.com to keep them in business. I'll second dmarcian, used them for a while -- Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore at all times remains confidential and subject to copyright protected under international law. You may not disseminate this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is DNS-over-HTTPS bad? Sure.
On 08/07/2020 18:57, Laura Atkins via mailop wrote: > I expect that most of the telcos are unlikely to have any instrumentation for > tracking users beyond what is needed to ensure the service works. The > companies that are offering DoH as a service and have gone so far as to talk > about what they're doing with the data likely have a lot more instrumentation > and the ability to track users than the telcos do. Exactly! In fact, if "free uncounted traffic usage" to select sites/networks (mirrors, MS, netflix) was not thing, netflow wouldn't be either. -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Is DNS-over-HTTPS bad? Sure.
On 07/07/2020 22:18, Stuart Henderson via mailop wrote: > Looking at netflow data, it's at least aggregated with other devices > behind the same NAT IP, and a lot of it is just "tcp 443 to cloudflare" > or whatever which tells a lot less than DNS query data. But if you are the ISP, NAT doesnt matter - unless your one of the unlucky souls forced to run CGNAT that is -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Is DNS-over-HTTPS bad? Sure.
On 07/07/2020 15:11, Andrew C Aitchison via mailop wrote: > On Tue, 7 Jul 2020, Noel Butler via mailop wrote: > > On 07/07/2020 01:01, Johann Klasek via mailop wrote: > > I have been told that DoH is set into place to solve the privacy > problem. On a small DNS workgroup meeting I saw a presentation on how > they statistically identify users by their DNS traffic, and could create > a profile with interests and affectations these users have. I think DNS > is not that anonymous one would expect. > Don't you think there is more chance of a perfect picture of you being > built from, ohh i dunno, long standing things like, netflow :) On the whole yes. With shared hosting and content delivery networks ISPs have access to less of the relevant netflowdata - which means Cloudflare wins again ? perhaps, but they are trying to force a change on 99.999% of the world where the problem does not exist. Even here in Australia with meta data retention laws, web browsing and DNS are specifically excluded, like much of the rest of the western world, admins dont care, Australia, like Europe also have strong privacy laws. Mozilla and cloudfare centralising the internet might be fine if your from China or North Korea, but its unacceptable in the rest of the world. The world of shared hosting wont matter too much, because they will know which site on that IP your hitting, if they want to. At present there are work around yes, but if they take them away, there are still ways and means to deny DoH, and I guess it will mean way less support staff will be needed, reducing CSR operating costs, which should also result in less system admins simple IVR option " If you're calling about web site thats unreachable press 5" ivr-options-5 set announcement go-call-cloudfare-or-mozilla set end-call hr more profits hey thanks mozilla :) -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Is DNS-over-HTTPS bad? Sure.
On 07/07/2020 01:49, John Levine via mailop wrote: > In article <20200706150152.ga9...@tron.kom.tuwien.ac.at>, > >> I have been told that DoH is set into place to solve the privacy >> problem. On a small DNS workgroup meeting I saw a presentation on how >> they statistically identify users by their DNS traffic, and could create >> a profile with interests and affectations these users have. I think DNS >> is not that anonymous one would expect. > > It's not anonymous at all. The question is who's going to collect the data. > > I would not put Cloudflare at the top of that list. Many would. The original announcement on this said they WERE logging requests, for 30 days, then the data would be destroyed, magically, that announcement no longer existed a few weeks later, perhaps it was meant for internal. I dunno, even if Matthew Prince came here and said they were not logging, I still would be VERY skeptical and not take him at face value. I don't trust organisations that want to try centralise the Internet. But don't worry, I don't trust google facebook IBM or Cisco either. -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Anyone from TPG (in Australia) here?
Wouldn't worry too much about it, they've had problems with their mail system for months. And good luck getting anyone to talk to who can understand your problem, you're palmed out to their non Australian call centre monkeys who are less then useless in philipines, with COVID-19 its even worse with only a handful working from their homes due to philipines govt lockdown, they employ SFA people in Australia where tech support is regarded as essential service and are exempt personnel (major telco Telstra is same, except they have urgently hired 2500 local people over past few weeks because they have learned their lesson about cheap offshore call center labor) Anyway, you might as well stick toothpicks under your fingernails - it's that torturous dealing with TPG. On 17/04/2020 18:30, Mark Dale via mailop wrote: > Hi, > > Is there anyone from TPG here? > > Since Monday we've been seeing messages sent to tpg.com.au addresses > intermittently get rejected with "451 4.3.2 Please try again later". > > Grateful if you could contact me. > > Thanks, > Mark > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Is there anyone from Telstra Bigpond here?
see offlist mail On 27/01/2020 08:49, Mark Dale via mailop wrote: > Hi, > > Is there anyone from Telstra Bigpond here? > > We're seeing list emails from our UK server get blocked, and we've had > no response from postmas...@bigpond.com (who the NDR advises to contact). > > Thanks, > Mark > MailmanLists > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Kind Regards, Noel Butler This Email, including attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate any part of this message without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message.___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] FW: Junk filtering as a tool for unfair competition
On 24/10/2019 05:16, Michael Wise via mailop wrote: > Also, trivial messages look like probes, and are probably going to be junked. Therein lies the problem, what if we all decided to junk everybodys email because it looks trivial, we might as well junk everybodys email and be done with it. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Junk filtering as a tool for unfair competition
On 24/10/2019 07:20, Brielle via mailop wrote: > On 10/23/2019 3:05 PM, Noel Butler via mailop wrote: Reality is, your mere > suggestion of regulation / courts to make providers accept your e-mail makes > you a liability to my services. That will never happen, precedent already > set, remember that West Australian super spammer from decades gone by, forget > its name, he tried that after a DNSBL (SORBS from memory??) blocked his > trash, the courts ruled they can block whoever they like, now might just be > aussie, but if your in the commonwealth at least that does hold weight, not > sure about in US but I dare say a defendant can use such a precedence to sway > even a US court. US courts have ruled that providers are allowed to block under 47 U.S. Code § 230. Pretty much reaffirms the whole private ownership thing. I was more saying, if I know you are litigious piece of crap that doesn't respect my rights to control unwanted e-mail, then for my own sake it was better if you not have access to ANY of my systems at all from the start. Absolutely, our network our rules will always win the day, but when you are one of the huge guys in the business, you cant be as anal about things like the smaller guys can, contradicting myself here though as I'm not sure I always agree with that, such as I dont believe in certain DNSBL's policy to never blacklist certain freemail providers because they are too big . poppy. nobody is too big if they send enough trash. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Junk filtering as a tool for unfair competition
On 24/10/2019 03:36, Brielle via mailop wrote: > We have gatekeepers that control access to things already. > > We've got mail filtering providers that act as gatekeepers for e-mail - > proofpoint, etc. People _pay_ them to control inbound and outbound. more fool them Trust is earned, not bought. > This is why we have other methods to communicate as well - and why most > courts, for example, won't let you 'serve' people over e-mail and require a > physical process server. Yet courts accept email as evidence, so its reliable enough > Reality is, your mere suggestion of regulation / courts to make providers > accept your e-mail makes you a liability to my services. That will never happen, precedent already set, remember that West Australian super spammer from decades gone by, forget its name, he tried that after a DNSBL (SORBS from memory??) blocked his trash, the courts ruled they can block whoever they like, now might just be aussie, but if your in the commonwealth at least that does hold weight, not sure about in US but I dare say a defendant can use such a precedence to sway even a US court. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Junk filtering as a tool for unfair competition
On 23/10/2019 18:11, Stefano Bagnara via mailop wrote: > Often the "reason" is "Smartscreen" but sounds like no one really knows why > Smartscreen do things, or at least-- Smartscreen has never been smart, it did this exact same thing back in the late 90's or early 00's. MS couldnt figure it out then, why should we think they can now :) -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] announcement about invaluement (or more like a tease?)
On 27/08/2019 20:37, Rob McEwen via mailop wrote: > On 8/27/2019 3:22 AM, Noel Butler via mailop wrote: > >> oh btw rob, your message was found in Junk because >> 3.7 FORGED_RELAY_MUA_TO_MX >> kinda funny how spamassassin already knows where to put your mail haha > > Noel, > > FYI - unless your system did some strange altering my message - otherwise, > I'm pretty sure you're running an outdated SA where that rule hit was due to > a bug that has since been fixed. I sent an identical copy of that message to > my own 3rd party ISP, then got a copy of that with all headers (including > dkim headers that I wouldn't have existed if I had just sent it to myself) - > then I ran that against the latest version of SA (3.4.2), and there wasn't a > single hit on any spam rules. If I recall correctly, there is a bug in an old > version of SA's FORGED_RELAY_MUA_TO_MX rule that mistakenly hits on some > valid Thunderbird signatures. (that the bug probably isn't hitting very often > in your filtering doesn't make it any less of a bug) > > But if I'm wrong about that - I'd love to figure out what caused that hit - > so that I could then improve my setup. (and figure out why it didn't > replicate when I ran an identical message through the latest version of SA). Dunno, I'm using 3.4.2 everywhere, and rules are updated nightly (yes I know they are current, they run from scripts that email a few people if they fail for any reason) -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] announcement about invaluement (or more like a tease?)
gawd.. now this fucking idiot has resorted to trying to direct mail me with his life story and justifications or some rot, I stopped reading half way through it... oh btw rob, your message was found in Junk because 3.7 FORGED_RELAY_MUA_TO_MX kinda funny how spamassassin already knows where to put your mail haha On 27/08/2019 08:01, Noel Butler via mailop wrote: > On 26/08/2019 13:45, Rob McEwen via mailop wrote: > On 8/25/2019 11:33 PM, Noel Butler via mailop wrote: > > borders on spam -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] announcement about invaluement (or more like a tease?)
On 26/08/2019 11:23, Rob McEwen via mailop wrote: > announcement about invaluement (or more like a tease?) > > https://www.linkedin.com/feed/update/urn:li:activity:6571558988201148416/ > > -- > Rob McEwen > https://www.invaluement.com > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop borders on spam apart from that, nothing to see anyway so dont bother -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Anyone on this List with Access to Amazon SES Maillogs?
On 19/05/2019 03:47, Steve Dodd wrote: > On Sat, 18 May 2019 at 01:00, Noel Butler via mailop > wrote: > >> I am using HE tunnels and can access them > >> the demos I provided yesterday were all from HE tunnels >> >> nothing to see here, time to move along. > > AFAIK he.net [1] filter ingoing and outgoing port 25 *by default*: > > https://ipv6.he.net/certification/faq.php > > At some point people may have requested to have the block removed for their > accounts/tunnels. > > S. The fact that anyone on ipv6 can get to him on port 25 at all suggests its not him or HE that are that are the problem This one is NOT from a HE tunnel ipv6 address, its from a machine in one wilshire ~# telnet 2001:4060:1:1001::12:5 25 Trying 2001:4060:1:1001::12:5... Connected to 2001:4060:1:1001::12:5. Escape character is '^]'. 220-obelix.imp.ch ESMTP Postfix This one IS from a HE tunnel ipv6 address ~# telnet 2001:4060:1:1001::12:5 25 Trying 2001:4060:1:1001::12:5... Connected to 2001:4060:1:1001::12:5. Escape character is '^]'. 220-obelix.imp.ch ESMTP Postfix -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [2] and ODF [3] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://he.net [2] http://www.adobe.com/ [3] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Anyone on this List with Access to Amazon SES Maillogs?
I'd dont see levines posts, probably same as why the remote site is denying him :) so replying to it here BS I am using HE tunnels and can access them the demos I provided yesterday were all from HE tunnels nothing to see here, time to move along. On 18/05/2019 02:23, Jost Krieger via mailop wrote: > Am 17. Mai 2019 16:42:17 MESZ schrieb John R Levine via mailop > : > >> No, you're refusing the connections. When I connect via an IPv6 tunnel >> >> from HE you refuse the connection, when I connect from a VPS somewhere >> else, you accept it. Traceroutes show it's going to you, not anywhere >> else. > > For some value of "you". "Network is unreachable" points to a router, surely > not a mail server. > > Jost > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Anyone on this List with Access to Amazon SES Maillogs?
Connected to 2001:4060:1:1001::12:5. Escape character is '^]'. 220-obelix.imp.ch ESMTP Postfix Connected to 2001:4060:1:1001::12:4. Escape character is '^]'. 220-asterix.imp.ch ESMTP Postfix Connected to 2001:4060:1:1001::12:6. Escape character is '^]'. 220-idefix.imp.ch ESMTP Postfix On 16/05/2019 20:32, Yiorgos [George] Adamopoulos via mailop wrote: > This is what I see: > > $ host -t mx leunet.ch [1] > leunet.ch [1] mail is handled by 10 rrmx.imp.ch [2]. > $ nc -4 -vz rrmx.imp.ch [2]. 25 > Connection to rrmx.imp.ch [2]. 25 port [tcp/smtp] succeeded! > $ nc -6 -vz rrmx.imp.ch [2]. 25 > nc: connect to rrmx.imp.ch [2]. port 25 (tcp) failed: Network is unreachable > nc: connect to rrmx.imp.ch [2]. port 25 (tcp) failed: Network is unreachable > nc: connect to rrmx.imp.ch [2]. port 25 (tcp) failed: Network is unreachable > > So maybe AWS SES is trying to connect to the IPv6 address and cannot? > > On Thu, May 16, 2019 at 11:42 AM Benoit Panizzon via mailop > wrote: > >> Please contact me off-list >> >> Short story: >> >> A customer of Amazon SES is attempting to send emails to one of our >> customers. >> >> Our customer is not getting them, we don't see ANY trace of those >> emails in our logs, they just seem to disappear in transit. >> >> Re-Tested yesterday, exact times known. >> >> Long lasting cases have been opened @ Amazon but the only problem, >> according to Amazons SES Support is, that the recipient MX is not >> correct and we should fix that issue, without Amazon being able to tell >> us what's incorrect (leunet.ch [1], do you see any problem), or that >> leunet.ch [1] does not have a DKIM entriy (cause disproved by Amazon's own >> customer showing that he can perfectly send emails to recipients in >> other domains which also do not have a DKIM entry) >> >> Mit freundlichen Grüssen >> >> -Benoît Panizzon- -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [3] and ODF [4] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://leunet.ch [2] http://rrmx.imp.ch [3] http://www.adobe.com/ [4] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Hetzner blocking Gmail IPv6?
Usually, but if we get pissed off with constant complaints in a very short period of time... you will earn a temp penalty box stay for a day after which youll be sitting it out for a week, then month, then permban (unless thry have a very responsive abuse@).. like OVH, they just ended a month long ban here, next time, they're out for good. On 16/05/2019 07:23, Brandon Long wrote: > Nope, no one is too big to block. The big guys just hope that you block > based on percentage of bad traffic, and not absolute numbers. > > Luckily, mail receivers typically want that as well. > > And, of course, no one has to accept mail from anyone else. > > Brandon > > FROM: Noel Butler via mailop > DATE: Wed, May 15, 2019 at 1:34 PM > TO: > > nobody is too big to be blocked, despite the thinkings of such beasts > > On 16/05/2019 02:30, Yiorgos [George] Adamopoulos via mailop wrote: > I just tried to reply to a Hetzner support request from our GSuite account > and got back this: > > 550 Unfortunately we cannot currently accept your e-mail due to the amount of > spam we are receiving from your server. Please check > https://rbl.your-server.de/?ip=2607:f8b0:4864:20::136 for further details or > contact your server provider. > > There may be people in the list interested in this. Or you can point me to > relevant recipients privately -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Hetzner blocking Gmail IPv6?
nobody is too big to be blocked, despite the thinkings of such beasts On 16/05/2019 02:30, Yiorgos [George] Adamopoulos via mailop wrote: > I just tried to reply to a Hetzner support request from our GSuite account > and got back this: > > 550 Unfortunately we cannot currently accept your e-mail due to the amount of > spam we are receiving from your server. Please check > https://rbl.your-server.de/?ip=2607:f8b0:4864:20::136 for further details or > contact your server provider. > > There may be people in the list interested in this. Or you can point me to > relevant recipients privately > > -- > keep raising the bar > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Contact at tpg.com.au?
Yes, I can only speak for commbank who use their own servers and not offshore mail services cheers On 07/05/2019 18:41, Angelo Giuffrida wrote: > Most Australian banks that I know of don't usually attach the statement to > the email - it's simply a notification email that a new statement has been > generated. No different to sending those emails via Mailgun, SendGrid, > Postmark, etc. > > Cheers, Angelo > > On Tue, May 7, 2019 at 5:21 PM Noel Butler via mailop > wrote: > > On 07/05/2019 15:22, Scot Berggren via mailop wrote: > Checking to see if anyone has a contact at tpg.com.au [1] that I can reach > out to regarding a deliverability issue we're having for bank statement > emails. > > Thanks, > > Scot Berggren | Deliverability and Compliance Manager | Alterian US | +1 720 > 320-5365 | www.alterian.com [2] > > What Australian bank uses an offfshore emailing service to send statements? > Fraught with danger, no wonder you have deliverability issues > > -- > Kind Regards, > > Noel Butler > > This Email, including any attachments, may contain legally privileged > information, therefore remains confidential and subject to copyright > protected under international law. You may not disseminate, discuss, or > reveal, any part, to anyone, without the authors express written authority to > do so. If you are not the intended recipient, please notify the sender then > delete all copies of this message including attachments, immediately. > Confidentiality, copyright, and legal privilege are not waived or lost by > reason of the mistaken delivery of this message. Only PDF [3] and ODF [4] > documents accepted, please do not send proprietary formatted documents > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [3] and ODF [4] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://tpg.com.au [2] http://www.alterian.com [3] http://www.adobe.com/ [4] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Contact at tpg.com.au?
On 07/05/2019 15:22, Scot Berggren via mailop wrote: > Checking to see if anyone has a contact at tpg.com.au that I can reach out to > regarding a deliverability issue we're having for bank statement emails. > > Thanks, > > Scot Berggren | Deliverability and Compliance Manager | Alterian US | +1 720 > 320-5365 | www.alterian.com [1] What Australian bank uses an offfshore emailing service to send statements? Fraught with danger, no wonder you have deliverability issues -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [2] and ODF [3] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.alterian.com [2] http://www.adobe.com/ [3] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Admin: Gmail users of mailop suspended due to bounces.
On 30/04/2019 17:08, Thomas Walter via mailop wrote: > On 30.04.19 04:45, Noel Butler via mailop wrote: On 30/04/2019 05:35, Andreas > Klein via mailop wrote: so the SPF > check will fail if the FROM of the original message is retained and an > SPF record exists for that domain. > > ancient FUD > > I was a very, *very* early adopter of SPF, I always hear these claims, > but my mails always get through SPF tests (much to the annoyance of some > LOL), and I use hardfail -all. No FUD at all. You are just relying on some recipients not enforcing your -all. We have a lot of students forwarding their emails to external mailboxes (usually freemailers even though they have more options here). I can show you all kinds of examples where the forwarding is rejected in those cases because the new "sending IPs" are from our machines, not the ones listed in the From's SPF record. And no, I don't do SRS, because I don't want to do workarounds to support a protocol that was broken by design in the first place. It's your decision (-all) that you don't want these mails delivered to the recipients, so I don't really care. Regards, Thomas Walter Yes FUD, SPF is acting a designed. If its forwarded, it should reflect SPF record of the forwarding server, not the from domain, thats the problem of the forwarding configuration. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Admin: Gmail users of mailop suspended due to bounces.
On 30/04/2019 05:35, Andreas Klein via mailop wrote: > so the SPF > check will fail if the FROM of the original message is retained and an > SPF record exists for that domain. ancient FUD I was a very, *very* early adopter of SPF, I always hear these claims, but my mails always get through SPF tests (much to the annoyance of some LOL), and I use hardfail -all. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Admin: Gmail users of mailop suspended due to bounces.
On 28/04/2019 21:20, Simon Lyall via mailop wrote: > On Sun, 28 Apr 2019, Simon Lyall via mailop wrote: > >> Well since that email just triggered another round of bounces I've just >> updated mailop's mailman config to mung all email addresses (hopefully, this >> email is a test). > > Well the good news is that worked. The bad news is that gmail just bounced > the daily digest so all those list members are now suspended. > > Maybe a slack channel would be easier. or maybe all those users can bitch to google who has the nuttyness in their attempt to dictate to the world how they want things done .. didnt that fail before... you know... Microsoft... pffft if people choose to use a freemail service tehy have to accept *all* risks along with it. -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
