Re: [mailop] SpamHaus listings
On Sat, Mar 23, 2024 at 3:32 PM Matus UHLAR - fantomas via mailop < mailop@mailop.org> wrote: > > I am curious how do people configure hosts that send mail. > > For years I recommended using separate IP address (if possible) to send > mail > from such servers directly, so one host getting listed in dnsbl does not > affect others. > > However, if logic like the mentioned one can result into IP being listed > when a sudden (small) mail peak happens, it would make sense to send all > mail through one mailhub which sends mail more often, so it has good score > and does not get listed (but if it gets listed, all mail gets rejected). > We follow the route of having centralized mail hubs. Our internal servers send their emails to a set of (currently) 2 bulky email servers which are under the same IP & hostname (I believe originally to save IPs). Our rep is great, but we send hundreds of thousands of emails a day, so we could likely get away with doing it either way. We do occasionally have smaller receivers block us, and it is unfortunate whenever mail is rejected, but for our type of mail it isn't the end of the world, so we attempt to make contact, and if we can't resolve it, direct the user to contact their provider. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SpamHaus listings
On Mar 22, 2024, at 10:58 AM, Matus UHLAR - fantomas via mailop wrote: the result code and the spamhaus search didn't provide any relevant info. On 22.03.24 16:32, Robert L Mathews via mailop wrote: Hmmm. Not relevant to you, perhaps, but it may be relevant to someone else who can help. I can't imagine how anyone could begin helping you without knowing the exact "127.0.x.x" Spamhaus code as a starting point. When you ask for help, and people ask for more details, it isn't helpful to say "that isn't relevant" or "that info isn't useful" or whatever. As the bible [1] says, "If your diagnostic theories were such hot stuff, would you be consulting others for help?" People wouldn't ask for a detail if they didn't think it might help them to help you. On 22.03.24 18:55, Richard W via mailop wrote: I've never understood why people post for help but withhold information. They seem to be afraid to reveal the affected IP. Why? Afraid we'll all run to block it? Given the IP, others can tell you what we are seeing from that IP and possibly what is causing listings with different BLs. Sorry, guys, I was thinking that since those two IP addresses send nearly no mail, there's not much to advise knowing those IPs without knowing the real reason they were listed. Perhaps I should have shared those IPs to the list immediately. Both IPs are dedicated to single machines with no mail, proxy or similar services and no indication that they have been compromised. They both have proper DNS records and SPF records (one of them got listed 3rd time this year while sending nearly no mail) There were no other dnsbl listings (I use 2 dnsbl searchers to confirm). IIRC(*) they both have been listed in CSS (code 127.0.0.3) and searching spamhaus web for detailed info only produced: https://check.spamhaus.org/faqs/?id=CSS_what_is_it - this is what I meant by no relevant info. I could see something happened but not what was it. (*) I see 2 separate results (different time) from one machine in mail logs, but for the other IP I asked for delisting immediately and haven't kept the lookup info I got contacted off-list so I hope I have enough hints to avoid for next time. On 22.03.24 16:32, Robert L Mathews via mailop wrote: This is also not ideal. The list is a place to share knowledge and help other people having similar issues. (The sacred text has a chapter on this, too [2].) I have noticed that some problems are often resolved off-list. I assume that some admins want to keep their info like their e-mail address or their sources like spamtraps private, so others can't see or find them in the archive. Since I'm glad spamhaus and others do the job they do, I don't want to spoil their work by revealing such info. So... What were the hints you got? What do you think was wrong in the first place? How can other people who might stumble across this thread in the future fix it? The hint was that we (my employer) should take care of spam originating from our network, it seems that too many IP addresses are listed which may affect listings of other IPs in our network (similar to that UCEPROTECT-L2 and UCEPROTECT-L3 are doing). I've met this problem at my former employer, where we have "solved" it by blocking access from end-users to port 25 in the Internet. AFAIK my current employer does not do that currently I will suggest implementing this measure globally if possible. Question for the list: I am curious how do people configure hosts that send mail. For years I recommended using separate IP address (if possible) to send mail from such servers directly, so one host getting listed in dnsbl does not affect others. However, if logic like the mentioned one can result into IP being listed when a sudden (small) mail peak happens, it would make sense to send all mail through one mailhub which sends mail more often, so it has good score and does not get listed (but if it gets listed, all mail gets rejected). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SpamHaus listings
On Fri, 22 Mar 2024 18:55:19 -0600, Richard W via mailop wrote: >I don't participate in guessing games. Too old and grumpy for that. I >just move on. Thus my own lack of further engagement. mdr -- Those who can make you believe absurdities can make you commit atrocities. -- Voltaire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SpamHaus listings
I've never understood why people post for help but withhold information. They seem to be afraid to reveal the affected IP. Why? Afraid we'll all run to block it? Given the IP, others can tell you what we are seeing from that IP and possibly what is causing listings with different BLs. I don't participate in guessing games. Too old and grumpy for that. I just move on. Richard On 2024-03-22 5:32 p.m., Robert L Mathews via mailop wrote: On Mar 22, 2024, at 10:58 AM, Matus UHLAR - fantomas via mailop wrote: the result code and the spamhaus search didn't provide any relevant info. Hmmm. Not relevant to you, perhaps, but it may be relevant to someone else who can help. I can't imagine how anyone could begin helping you without knowing the exact "127.0.x.x" Spamhaus code as a starting point. When you ask for help, and people ask for more details, it isn't helpful to say "that isn't relevant" or "that info isn't useful" or whatever. As the bible [1] says, "If your diagnostic theories were such hot stuff, would you be consulting others for help?" People wouldn't ask for a detail if they didn't think it might help them to help you. I got contacted off-list so I hope I have enough hints to avoid for next time. This is also not ideal. The list is a place to share knowledge and help other people having similar issues. (The sacred text has a chapter on this, too [2].) So... What were the hints you got? What do you think was wrong in the first place? How can other people who might stumble across this thread in the future fix it? [1] http://www.catb.org/~esr/faqs/smart-questions.html#symptoms [2] http://www.catb.org/~esr/faqs/smart-questions.html#followup ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SpamHaus listings
On Mar 22, 2024, at 10:58 AM, Matus UHLAR - fantomas via mailop wrote: > the result code and the spamhaus search didn't provide any relevant info. Hmmm. Not relevant to you, perhaps, but it may be relevant to someone else who can help. I can't imagine how anyone could begin helping you without knowing the exact "127.0.x.x" Spamhaus code as a starting point. When you ask for help, and people ask for more details, it isn't helpful to say "that isn't relevant" or "that info isn't useful" or whatever. As the bible [1] says, "If your diagnostic theories were such hot stuff, would you be consulting others for help?" People wouldn't ask for a detail if they didn't think it might help them to help you. > I got contacted off-list so I hope I have enough hints to avoid for next time. This is also not ideal. The list is a place to share knowledge and help other people having similar issues. (The sacred text has a chapter on this, too [2].) So... What were the hints you got? What do you think was wrong in the first place? How can other people who might stumble across this thread in the future fix it? [1] http://www.catb.org/~esr/faqs/smart-questions.html#symptoms [2] http://www.catb.org/~esr/faqs/smart-questions.html#followup -- Robert L Mathews ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SpamHaus listings
On Thu, 21 Mar 2024 18:40:16 +0100, Matus UHLAR - fantomas via mailop wrote: Are there any other checks or measures I can do? On 21.03.24 13:58, Michael Rathbun via mailop wrote: What exactly is the Zen result code? There are many reasons for such listings. the result code and the spamhaus search didn't provide any relevant info. I got contacted off-list so I hope I have enough hints to avoid for next time. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I drive way too fast to worry about cholesterol. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] SpamHaus listings
On Thu, 21 Mar 2024 18:40:16 +0100, Matus UHLAR - fantomas via mailop wrote: >Are there any other checks or measures I can do? What exactly is the Zen result code? There are many reasons for such listings. mdr -- "There are no laws here, only agreements." -- Masahiko ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] SpamHaus listings
Hello, last few days we've had 2 diferent IP addresses listed in SpamHaus ZEN 1. monitoring server which rarely sends e-mail - to single address in our internal network - single address of our customer (outside our network) - got listed after 4 e-mails within one day. 2. nextcloud server which sends only a few mails in a time - mostly to our internal network - one single gmail address on 2024/02/29 - also got listed after 4 e-mails within one day The only common denominator except our AS is our internal network as destination, running Fortimail, admins told me it's very unlikely to report to SpamHaus. I have tcpdump running on the latter for over a month because this happened about 3rd time within a few months - no other port 25 connection was made nearly two weeks before listing. We have delisted both addresses without any feedback but I am really curious what happens here and/or how to avoid it. Are there any other checks or measures I can do? Is there anyone from SpamHaus who could help me to solve this? Thanks for any ideas. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam is for losers who can't get business any other way. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop