subject:"\[mailop\] T\-Online is now really blocking messages from non\-commercial and simliar senders"

Am 21.10.22 um 02:23 schrieb Grant Taylor via mailop:

On 10/20/22 4:49 PM, Kai 'wusel' Siering via mailop wrote:

Another rule from an earlier era outlines one of the fundamental principles of
the Internet Agreement: I will accept your traffic, *subject* *to* /my/
*policies* and agreements, if you will accept mine, *subject* *to* /your/
*policies* and agreements.

Yes, but as t-online.de fundamentally breaks with this principle,

No they do not.

Oh, they certainly do.

/Their/ /policy/, which they have published on the Internet, is /their/
prerogative.

But their "policy" does not adhere to "I will accept your traffic, *subject* *to* /my/
*policies* and agreements, if you will accept mine, *subject* *to* /your/ *policies* and
agreements." They just *do* *not* accept my traffic whatsoever => party's over, t-online.de is
out. End of story.

What's more is they /are/ /accepting/ your email *subject* *to* /their/
*policies*.

No. They 554 anyone, including me from any of my 1k+ v4 IPs except for 2 of
them. Let me compute 2/1000, I came up with 0. Please correct my math, really,
really please …

Nothing states that anyone has to approve their policy or that they have to
adhere to anybody else's policy.

Granted. OTOH, nothing states that _that single outcast_ shouldn't be properly
casted in the default configuration of any mailserver there is.

As has been pointed out before, doing so *does* increase deliverability, *does*
increase transparency.

Each and every single email administrator (or organization) is free to run
their email server(s) as they choose to.

Sure. Totally agree.

But: IF it is a KNOWN FACT that they DO NOT ACCEPT MAIL FROM ANY SERVER except
those where they previously whitelisted it's IPv4, AND THEY ARE THE SINGLE ONLY
MAILSERVICE ON PLANET EARTH to do so, THEY MUST BE MARKED AS SUCH.

As anything else leads to broken communication. I'm okay with you being okay
with that, but you cannot chance sides afterwards. And this is not over yet.

giving a 554 to *any* IP per default, they should be single cased out for good
by default.

What grounds do you think that T-Online should be singled out?

I made that clear multiple times already; feel free to check the archives.

How are they not operating their email server subject to their policy?

Anyone's policy has to work within the parameters of the choosen protocol and it's
policies, otherwise interoperability is not possible. As such, t-online.de's policy is
not compatible with how the SMTP protocol is supposed to work: 554'ing basically anyone
is NOT the way to go. Besides, mx*.t-online.de don't comply to RFC 5321, Section 3.1:
"a 554 response MAY be given in the initial connection opening message instead of
the 220. A server taking this approach MUST still wait for the client to send a QUIT
[…]". They don't. And they aren't Joe Random following a bad HowTo. t-online.de is
deliberately breaking standard's track RFCs to, as it seems, gain a competative
advantage. This mustn't hold.
-kai
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Am 21.10.22 um 00:33 schrieb Graeme Fowler via mailop:

No. There will be no changes to the Exim default configuration


So sad. It's up to the packagers then to fix the shit that hits the fan.
-kai
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Am 20.10.22 um 23:07 schrieb Lena--- via mailop:

T-Online clearly states in their terms and conditions that they will
block servers who perform sender verfication towards them.


Well, that's why you separate your MXes from your Sending servers; the
MX can do anything from it's IP, any fingering to the remote MX as it
likes — it will never ever rely on being able to relay a message to
remote's MXes :) OTOH, MX refusal due to frivolous behaviour hasn't
been implemented yet ;-)

Yes, I'm a big fan of sender-address-verification and other "abusive"
techniques. Be my guest: My domain, my rules.


Then a different check:


I don't speak smail3^Hexim anymore, but I assume it's somewhat similar to

telnet $mx 25
if 2xx send quit
if 5xx set fuckem=1 && send quit || ignore errors
if $fuckem<1 die in_peace else wreck havoc

?
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Grant Taylor via mailop


On 10/20/22 4:49 PM, Kai 'wusel' Siering via mailop wrote:
Another rule from an earlier era outlines one of the fundamental 
principles of the Internet Agreement:  I will accept your traffic, 
*subject* *to* /my/ *policies* and agreements, if you will accept mine, 
*subject* *to* /your/ *policies* and agreements.


Yes, but as t-online.de fundamentally breaks with this principle,


No they do not.

/Their/ /policy/, which they have published on the Internet, is /their/ 
prerogative.


What's more is they /are/ /accepting/ your email *subject* *to* /their/ 
*policies*.


Nothing states that anyone has to approve their policy or that they have 
to adhere to anybody else's policy.


Each and every single email administrator (or organization) is free to 
run their email server(s) as they choose to.


giving a 554 to *any* IP per default, they should be single cased 
out for good by default.


What grounds do you think that T-Online should be singled out?  How are 
they not operating their email server subject to their policy?




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Am 20.10.22 um 21:29 schrieb Michael Rathbun via mailop:

On Thu, 20 Oct 2022 20:47:40 +0200 (CEST), Bernardo Reino via mailop
  wrote:


However, I still find that Postel's law should apply, in any context, and
specifically in this one. You want to run an e-mail server and don't want to be
blocked, so you should (liberally) accept, instead of "being like them" and
block unfairly (for some definition of fairness anyway).


Yes and no. I don't want to be blocked by arbitrary rules that aren't based
on industry standards.
If my servers sent out spam, fine, block me and let's work on it case-by-case
(usually the root cause is failing spam detection – running non-profit or even
private mailservers, I cannot afford commercial services like expurgate – so
that the few spam content which rspamd with RBLs, Bayes- and Fuzzy-filters
doesn't detect is relayed via mailing lists or ticket systems to external
addresses).

That's the industry standard: block after abuse. Instead, t-online.de uses
block-and-maybe-unblock-after-contact. This is not how email is supposed to
work.

"Fairness" isn't my concern; the policy of t-online.de is creating bounces
at potentially a shitload of mailservers out there, because of a totaly
arbitrary setup.
This leads to lost communication — something no mail provider should stimulate.
Anything that helps to mitigate these effects is A Good Thing™, IMHO.


After all, this is what we (should) teach our kids, so I'm a bit surprised that
some people are proposing (or have already implemented) doing the eye-for-an-eye
(or was it a tooth?) to T-Online.


While it looks like an eye for an eye, this is only a side effect. Sitting on
the receiving side of t-online.de mails, I'm faced with users confused why
"that @t-online.de address I just replied to isn't valid anymore". Of course
it isn't, the error code is not 550 but 554 ...

Is there a quick solution? No, see the discussion here.

Is it my fault? No.

Will my users resent their message in a few days time, after this issue is
resolved, hopefully? Unlikely.

Does t-online.de care? Nope.

Do t-online.de's users understand who is causing the issues? Highly unlikely.

And last but not least: is t-online.de's setup significantly reducing the amount
of spam received by it's users in 2022? Highly unlikely — if t-online.de would
be run according to industry standards. But then 
https://postmaster.t-online.de/index.en.html#t3.5 reads:


 *

Do t-online.de systems use greylisting, SPF or DKIM for e-mail filtering?


Greylisting is generally understood to mean that every incoming e-mail is
initially rejected temporarily and only accepted after a renewed delivery
attempt. This is based on the assumption that only authorized e-mail
systems initiate renewed delivery of rejected e-mails. As greylisting cannot
actually identify unauthorized e-mails and also hinders the delivery of
legitimate e-mails, Telekom systems do not use this procedure.

The Sender Policy Framework, SPF for short, can enable a check to determine
whether the sending IP address is authorized to send e-mails for the domain
in question. This procedure has numerous vulnerabilities that cannot be
compensated for, including those that are described here 
. Therefore, Telekom
does not use SPF either passively (when receiving e-mails) or actively (for
sending) by creating corresponding DNS resources.

Until now, we have neither used nor evaluated DKIM signatures. (An exception
is the "Trusted Dialog" project, which uses DKIM signatures for "inbox
branding".)



Tja ... Since one cannot properly compute the validity of emails from 
t-online.de,
seriously, what's the point of accepting from that doamin anyway?


Another rule from an earlier era outlines one of the fundamental principles of
the Internet Agreement:  I will accept your traffic, subject to my policies
and agreements, if you will accept mine, subject to your policies and
agreements.


Yes, but as t-online.de fundamentally breaks with this principle, giving a 554
to *any* IP per default, they should be single cased out for good by default.
They can always apply for being re-enabled bilaterally on any mailserver — as 
per
their view on how email works.

Regards,
-kai
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Graeme Fowler via mailop


Just for completeness here, and wearing both my Exim and Mailop hats:

No. There will be no changes to the Exim default configuration, nor should 
there be. If the suggestion was made of a commercial product with thousands 
of people behind it, it would likely result in costly litigation.


To suggest that an open source project - one with a shrinking developer 
group behind it, despite our best efforts - should do this, could be 
financial suicide for those developers.


Be sensible. The elephant in the room is a commercial ISP who've made a 
decision based on their own economics. Target that.


Graeme
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Lena--- via mailop

> T-Online clearly states in their terms and conditions that they will
> block servers who perform sender verfication towards them.

Then a different check:

 deny condition = ${if or{\
{eqi{$sender_address_domain}{t-online.de}}\
.ifdef _HAVE_LOOKUP_DNSDB
{forany{${lookup dnsdb{>: defer_never,mxh=$sender_address_domain}}}\
   {match{$item}{\N^mx\d+\.t-online\.de$\N}}}\
.endif
   }}
  condition = ${if match{${readsocket{inet:\
.ifdef _HAVE_LOOKUP_DNSDB
${reduce{${lookup dnsdb{>: defer_never,mxh=$sender_address_domain}}}\
{}{$item}}\
.else
mx00.t-online.de\
.endif
:25}{}{2s}}}{^554 IP=}}
  message = We checked that $sender_address_domain blocks us. \
So we do not accept a message we cannot reply to.
# The server admin may change "deny" to "warn" and
# "message =" to "control = fakereject/"
# but few admins will want that (or notice and bother).

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Michael Rathbun via mailop

On Thu, 20 Oct 2022 20:47:40 +0200 (CEST), Bernardo Reino via mailop
 wrote:

>However, I still find that Postel's law should apply, in any context, and 
>specifically in this one. You want to run an e-mail server and don't want to 
>be 
>blocked, so you should (liberally) accept, instead of "being like them" and 
>block unfairly (for some definition of fairness anyway).
>
>After all, this is what we (should) teach our kids, so I'm a bit surprised 
>that 
>some people are proposing (or have already implemented) doing the 
>eye-for-an-eye 
>(or was it a tooth?) to T-Online.
>
>*We* can do better, and we should do better ;-)

Another rule from an earlier era outlines one of the fundamental principles of
the Internet Agreement:  I will accept your traffic, subject to my policies
and agreements, if you will accept mine, subject to your policies and
agreements.

As noted in the .sig below, things don't entirely work in this world as they
are assumed to work in the other.

mdr
-- 
 "There are no laws here, only agreements."  
-- Masahiko

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Jarosław Rafa via mailop

W dniu czw, 20.10.2022 o godzinie 22∶01 +0300, użytkownik Lena--- via
mailop napisał:
>   set acl_m_ton = checkdefer
>   !verify = sender/callout=10s
>   set acl_m_ton = $acl_verify_message

T-Online clearly states in their terms and conditions that they will
block servers who perform sender verfication towards them.

So that's not a good idea.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Lena--- via mailop

Kai Siering wrote on [mailop]:

> how about starting internal discussions within that community
> to include a default rejection of any mail from @t-online.de
> in Exim's default configuration?

> As nearly no-one who is deploying Exim
> (or Postfix, Sendmail for that matter)
> will be able to *send* to @t-online.de due to their policy,
> it is only logical to not *accept* any mail from them, too.

I propose to include in default Exim config (in rcpt ACL)
a code which checks whether the server is blocked by t-online.de:

 warn set acl_m_ton = notton
  condition = ${if or{\
{eqi{$sender_address_domain}{t-online.de}}\
.ifdef _HAVE_LOOKUP_DNSDB
{forany{${lookup dnsdb{>: defer_never,mxh=$sender_address_domain}}}\
   {match{$item}{\N^mx\d+\.t-online\.de$\N}}}\
.endif
   }}
  set acl_m_ton = checkdefer
  !verify = sender/callout=10s
  set acl_m_ton = $acl_verify_message

 deny condition = ${if !eq{$acl_m_ton}{notton}}
  condition = ${if !eq{$acl_m_ton}{checkdefer}}
  message = sender verify failed: $acl_m_ton

 deny condition = ${if eq{$acl_m_ton}{checkdefer}}
  message = We checked that $sender_address_domain blocks us. \
So we do not accept a message we cannot reply to.
# The server admin may change "deny" to "warn" and
# "message =" to "control = fakereject/"
# but few admins will want that (or notice and bother).

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On Thu, 20 Oct 2022, Kai 'wusel' Siering via mailop wrote:


[...]

Basically "Max" states that he needed to put an "simple imprint" at 
http://his.do.main/index.html, which made t...@rx.t-online.de whitelist his 
mailserver's IP. Thus, even in December 2020 they were keen on this imprint 
thingy; why it didn't happen with you before, I cannot tell.


Fair enough. Maybe it was just luck..


[...]


Since t-online.de is the only "walled garden mail domain" known – at least 
AFAIK? –, any email to and especially from @t-online.de should be rejected in 
any default configuration of any MTA. This reflects the discussed fact that 
one has to register one's mailserver with t...@rx.t-online.de _before_ any 
mail exchange can happen. It's not a "form of defamation", as Grand Taylor 
stated, it's the only proper local configuration for the rather special setup 
used at t-online.de.


Our server, our rules -- that's valid too.

However, I still find that Postel's law should apply, in any context, and 
specifically in this one. You want to run an e-mail server and don't want to be 
blocked, so you should (liberally) accept, instead of "being like them" and 
block unfairly (for some definition of fairness anyway).


After all, this is what we (should) teach our kids, so I'm a bit surprised that 
some people are proposing (or have already implemented) doing the eye-for-an-eye 
(or was it a tooth?) to T-Online.


*We* can do better, and we should do better ;-)

Kind regards,
Bernardo

PS: I'm afraid that this topic might be uninteresting and/or annoying to those 
around here working for larger operators, who are (or should be) wholly 
unaffected by this, so I apologize for my contribution to the increased volume 
if this is the case..___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

On 20.10.22 17:31, Bernardo Reino via mailop wrote:

And maybe to add to what Kai Siering wrote "Deutsche Telekom's policy for accessing
the MXes for t-online.de hasn't changed for 10+ years". Maybe the /written/ policy
has not changed, but the enforcement of the legal notice (Impressum) certainly happened
just now or in the last few days. For years I've been a braver Burger hier politey asking
tosa@ to whitelist me, and they did.. until suddenly they blocked me for lack of
Impressum.

Well, I usually am not polite after being blocked _again_ (about every other
year, maybe too few mails sent?), but got the whitelisting nonetheless. It's a
PITA, nonetheless.

But no, if you feed "t...@rx.t-online.de impressum" into the next Google search
widget, you should at least find
https://blog.rolandmoriz.de/2020/09/21/t-online-blockiert-mails-fuer-kunden/ from 2020, where
a comment dated 2020-12-06 states (cut & paste into the translator of you choice):

Hallo Roland,

ich habe die gleiche Erfahrung gemacht. T-online hat alle Mails von meinem
Mailserver grundsätzlich abgelehnt, obwohl dieser allen aktuellen Standards
entspricht. Bei Nachfrage wurde auf die besagte Liste technischer
Vorraussetzungen verwiesen und zusätzlich angemerkt, dass t-online keine Mails
von anonymen Anbietern annehmen möchte. Ich habe unter meiner Domain eine
index.html mit Verweis auf ein simples Impressum hinterlegt und anschließend
dem Support mitgeteilt.

Ender der Geschichte, ich wurde relativ schnell freigeschaltet und die Mails in
meiner mail queue sind direkt rausgegangen. Ich war auch tierisch genervt
davon, dass so ein Verfahren notwendig ist um in heutiger Zeit eine Mail senden
zu können. Hiermit möchte ich aber dem ein oder anderen Hoffnung geben und
aufzeigen, dass eine Freischaltung möglich ist!

LG, Max

Basically "Max" states that he needed to put an "simple imprint" at
http://his.do.main/index.html, which made t...@rx.t-online.de whitelist his mailserver's IP. Thus,
even in December 2020 they were keen on this imprint thingy; why it didn't happen with you before,
I cannot tell.

But I'm still waiting for certain blogs and magazines to take this up. If I
have time I'll write an e-mail to c't Magazine. I'm sure this requirement will
be relaxed, sooner or later.

Does "later" include "never"? Then I'd agree ...

Even c't would have to do a realiy check here and concede that the percentage
of email dropped by Deutsche Telekom's policy decision for t-online.de is next
to none, compared to what they do receive on a daily basis. I'm not even sure
Deutsche Telekom would answer a request from c't for a comment on that unique
policy — but if they would, I'd love to see it.

Since t-online.de is the only "walled garden mail domain" known – at least AFAIK? –, any
email to and especially from @t-online.de should be rejected in any default configuration of any
MTA. This reflects the discussed fact that one has to register one's mailserver with
t...@rx.t-online.de _before_ any mail exchange can happen. It's not a "form of
defamation", as Grand Taylor stated, it's the only proper local configuration for the rather
special setup used at t-online.de.

FTR, mx*.t-online.de's use of 554 does violate RC5231, as they ignore the MUST
clause regarding the wait for QUIT. But that's a different story.
-kai
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Andrew C Aitchison via mailop


On Wed, 19 Oct 2022, Jaroslaw Rafa via mailop wrote:


Dnia 19.10.2022 o godz. 18:55:29 Kai 'wusel' Siering via mailop pisze:


It would be less of an issue if t-online.de would take care _not_ to send
to domains they don't take the replies from; but they happily sent emails
to any MX in the world (anything else would upset _their_ users), but then
eagerly reject the replies.


So, as they don't do it themselves, the other party has to do it, as I
already wrote in my previous email. Anybody who receives email from T-Online
but has experienced rejection when trying to send to them, should reject any
messages from T-Online as well, with the error message stating exactly that
"We reject messages from t-online.de because you reject messages from us".


If sender-verify-callback was still considered acceptable,
that would resolve the issue automatically and accurately.

However, I would want to give fair warning before rejecting mail from 
innocent senders.

Pity I can't see a way use a temporary reject or greylisting to
get a message back to sending user but still delivering the message.

I suppose I could deliver the email but give a permanent reject
message saying that we believe the recipient will not be able to reply
to T-Online senders.

But of course, sending a clear and accurate reject or bounce message
to T-Online is no guarantee that it will reach the sender.

--
Andrew C. Aitchison  Kendal, UK
   and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

On 2022-10-20 14:51, Jaroslaw Rafa via mailop wrote:

Dnia 19.10.2022 o godz. 20:08:30 Bernardo Reino via mailop pisze:

> That seems really "interesting". How does that impressum look like, which
> has the magical power of transforming a private server into a "commercial"
> one? What should it contain? Could you provide a link to yours?

Well, now that it's public anyway :) -> www.bbmk.org

So basically they require anybody who runs a mail server to put their 
street

address and telephone number online to be publicly available???

Crazy idea. And this is the same country that banned Google Street View
(probably as a single country in the world?), on the basis that 
pictures of

individuals' houses were available online for anybody to view?

Crazy idea. Yes, also to me (note: I'm not German but count as one for 
all intents and purposes, including taxes and, unfortunately, 
electricity and gas price :).

I find it OK-ish to post an e-mail address (which is specific to the 
Impressum), and I find my own name uninteresting :).

I also used an unused telephone number (the Deutsche Telekom kindly 
gives you 3, but I only use one). I'll never receive a call there 
because it's set to voicemail server-side.

But I'm uncomfortable with the street address being there. As I said, I 
plan to make such information slowly disappear (so at least it won't be 
so obvious for the casual looker).

And maybe to add to what Kai Siering wrote "Deutsche Telekom's policy 
for accessing the MXes for t-online.de hasn't changed for 10+ years". 
Maybe the /written/ policy has not changed, but the enforcement of the 
legal notice (Impressum) certainly happened just now or in the last few 
days. For years I've been a braver Burger hier politey asking tosa@ to 
whitelist me, and they did.. until suddenly they blocked me for lack of 
Impressum.

But I'm still waiting for certain blogs and magazines to take this up. 
If I have time I'll write an e-mail to c't Magazine. I'm sure this 
requirement will be relaxed, sooner or later.

So, hasta la mailbox, siempre! or something :)
Bernardo
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Jaroslaw Rafa via mailop

Dnia 20.10.2022 o godz. 15:51:13 Kai 'wusel' Siering via mailop pisze:
> > such data online is perfectly valid for companies, for individuals it's
> > nothing more than an endorsement for criminal activity.
> 
> Well, just use your ISP's submission service, problem solved.

By ISP you mean hosting provider here? Because the actual ISPs, ie.
companies that provide Internet connectivity (either to your home or to your
hosting provider) usually don't offer any submission services. They *may*
offer an additional email service, but it's by no means a rule.

As for hosting provider, my provider for example does offer a submission
service only as a part of their mail service. If you sign up for their mail
service, you can use their submission service - but of course for sending
mail from *their* domain, not yours.

If you have a VPS (or even a physical server) hosted by them, with your own
domain, they don't offer you any submission service (or equivalent, like a
relay). After all, you have your own server where you can run your own mail
service for your domain (which is exactly what I do).

> Or pay someone to MX you domain, problem solved.

You probably mean provide outgoing SMTP for my domain, not MX? There is no
problem with *receiving* mail from t-online on any server.

But again, this makes no sense. I'm already paying for a server which is
fully capable of doing outgoing SMTP, why should I pay for another service
only to be able to send mail to some provider with shitty policy?

> > If some madman does not like what I write anywhere on the Internet (for 
> > example
> > on my blog,
> 
> As a German, you have to have an imprint on anything that is considered a
> "service", yes, even on your personal, non-monetized blog. It the law ;) And
> also off-topic here.

As a German. But as I mentioned, people who run mailservers and may want to
send mail to t-online are not necessarily Germans. Therefore the fact that
German law requires an imprint is actually completely off topic when it
comes to imprint as a requirement to be available to send mail to t-online.

> Well, it's a kind of non-written contractual agreement: you want your
> mailserver to be able to sent to t-online.de, they want to know who you are.

And I have no objection against giving that information to *them*. But to
*them* only, not to the whole world!

Plus, as I already stated, it's not information "who you are". I
deliberately mentioned my website as an example that perfectly (and in a
very detailed way) describes who I am, but does not fulfill their
requirements. They don't want to know "who I am", they want to know two very
specific things: my street address and telephone number. This is in no way
equivalent to "who I am". "Who I am" is my name, and this is available on my
website. And not only *they* want to know this specific information (as I
said, I have nothing against it); they want that the whole world knows it -
and that is an utterly absurd requirement.

> You're free not to agree to the terms, so where's law involved anyway?

I only mentioned the law because some people (you too) bring up the
non-relevant fact that all German websites are required by law to have an
imprint. Which is, as said, completely non-relevant here.

> And, to point this out again: the subject of this thread already has been
> disproven — t-online.de/Deutsche Telekom/t...@rx.t-online.de is still white-
> listing personal mailservers, as long as the criteria on their postmaster
> page are met.

That is, as long as you have that particular information on your website,
that I'm writing all about here :)
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Hello,

Grant Taylor via mailop wrote on 20.10.22 at 16:06:
Please forgive ~> humor my ignorance, but what does the imprint / 
impressum (?) /need/ to have in it?


not sure what Telekom actually asks for - but (as you can imagine, it's 
Germany :) things are quite regulated in the law. Depending on the kind 
of business, you have to provide various information, that could include 
VAT number, your chamber or supervisory authority etc.


There are actually websites offering "imprint generators" so you don't 
miss anything. It _is_ quite obscure and an everlasting legal discussion.


What I would assume, without knowing, is that Telekom would be happy 
with a name, street address (PO boxes are likely not accepted), phone 
number and e-mail address.


Not defending any policies or laws here, just trying to shed some light.

Florian
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Hello,

Kai 'wusel' Siering via mailop wrote on 20.10.22 at 15:51:


As a German, you have to have an imprint on anything that is considered a
"service", yes, even on your personal, non-monetized blog. It the law ;) 
And

also off-topic here.


I agree, this part of the discussion will likely lead to no conclusion. 
The regulations here in Germany are a bit weird, but it's something we 
can hardly ignore. Experience tells me that other jurisdictions have 
other "strange" regulations too.


Obviously the intersection with the imprint mandate on one hand, and the 
GDPR rules (and how public data can be misused) on the other hand is an 
interesting one, but that's more of a legal, less of a technical problem.


I totally understand for non-Germans this imprint stuff is just super 
irritating, for us it's sadly somehow "normal", which doesn't mean we 
don't find it stupid... :-)



Well, it's a kind of non-written contractual agreement: you want your
mailserver to be able to sent to t-online.de, they want to know who you 
are.

You're free not to agree to the terms, so where's law involved anyway?


In the end, the acceptance or non-acceptance of mail operators is 
something many of the small providers suffer from, as outlined just 
recently here on the list. However...



And, to point this out again: the subject of this thread already has been
disproven — t-online.de/Deutsche Telekom/t...@rx.t-online.de is still 
white-

listing personal mailservers, as long as the criteria on their postmaster
page are met.


...that is my understanding. And from all interactions I had with mail 
operators, Telekom was amongst the fastest and most uncomplicated ones, 
so at least the practical handling was quite relaxed.


Florian
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Grant Taylor via mailop


On 10/20/22 7:51 AM, Kai 'wusel' Siering via mailop wrote:
Well, just use your ISP's submission service, problem solved.  Or pay 
someone to MX you domain, problem solved.


I don't agree that the problem is /solved/.  Rather I think using such 
an external problem /changes/ or /moves/ the problem in such a way as to 
make DT/T-Online happy.


Similar to how lines of credit don't /solve/ money problems, they simply 
time shift them.


As a German, you have to have an imprint on anything that is considered 
a "service", yes, even on your personal, non-monetized blog. It the 
law ;) And also off-topic here.


Please forgive ~> humor my ignorance, but what does the imprint / 
impressum (?) /need/ to have in it?


Do imprints / impressums for brick and mortar stores include the CEO's 
personal information?  Or, instead, do they include contact information 
for a company employee that can handle inquiries and connect them with 
the proper other internal employees on an as needed basis?  Sort of like 
many businesses have an operator that answers phone calls and connects 
people with internal departments.


This sort of seems like the quintessential $BUSINESS is licensed in 
$STATE and $LAWYER is the official point of contact that is common for a 
number of (above board) small businesses in the U.S.A.


Would said $LAWYER's contact information in an imprint / impreessum 
suffice?  Or is there supposed to be something more direct?


I ask as I'm genuinely curious, not wanting to object.  I'm trying to 
understand the laws / regulations / rules of business for another 
country on the common spinning body of water and rock riding through the 
solar system.


Aside:  I wonder if there is any use for the old Responsible Person DNS 
record or a TXT record for something like this.  Obviously people would 
have to support it.  I could see value in something like 
. being a TXT record that either provides the details 
or points to the impressum (e.g. URL).




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Slavko via mailop

Dňa 20. októbra 2022 12:51:42 UTC používateľ Jaroslaw Rafa via mailop 
 napísal:

>So basically they require anybody who runs a mail server to put their street
>address and telephone number online to be publicly available???

Perhaps not really. How they can verify, that published  phone number is
really your? Yes, they can call, but do they speak in all world's languages?
I do no speak German... And even, how they want to verify name and/or
address? At least in our country, the citizen's register is not public.

In other words, if one want to publish that imprint, he/she can try to fill
random things in it in most of the world.

Anyone little experienced with Internet know, how problematic (even
impossible) is to remove information from it, when it was published,
see [1]

>Of course, as I would have to publish that information myself, it does not
>*literally* and *formally* violate the GDPR, but it is completely
>contradictory to the "spirit" of GDPR and the whole idea why that
>regulation was introduced.

That is whole idea why GDPR was introduced, to the big cannot do
anything, but someone have to complain...

BTW, when i look their SMTP IPs, i found that they link DNSWL.org [2] site
with these IPs. I take look at numbers of emails, which DNSWL sees and
the numbers are pretty low. Thus despite how big ISP they are, it doesn't
seems as big email provider and whole this thread can be mainly "internal"
Germany problem, not worth to waste time on it for most of others.

I will leave their SMTPs in my blacklist, just for reciprocity... But i am sure,
that i will remove it after some time, as checking it is wasting of resources
only.

regards

[1] https://web.archive.org/web/20221019213340/https://katara.bbmk.org/
[2] https://www.dnswl.org/s/?s=1972


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 20.10.22 14:51, Jaroslaw Rafa via mailop wrote:

So basically they require anybody who runs a mail server to put their street
address and telephone number online to be publicly available???

Crazy idea. And this is the same country that banned Google Street View
(probably as a single country in the world?), on the basis that pictures of
individuals' houses were available online for anybody to view?

Something's completely inconsistent here.


One could hold that view, yes. OTOH, it's what Deutsche Telekom
requests from you, not the state ...


As someone already said in this discussion, while the requirement to put
such data online is perfectly valid for companies, for individuals it's
nothing more than an endorsement for criminal activity.


Well, just use your ISP's submission service, problem solved.
Or pay someone to MX you domain, problem solved.


If some madman does not like what I write anywhere on the Internet (for example
on my blog,


As a German, you have to have an imprint on anything that is considered a
"service", yes, even on your personal, non-monetized blog. It the law ;) And
also off-topic here.


I would understand if I had to provide this information *to T-Online only*,
so they can contact me in case of any malicious activity from my server, but
there is no way I put this information publicly available.


I could see some GDPR questions with that, so I can understand they
don't want to start such an internal database. Hence "ony commercial
servers are allowed", make some kind of sense to me.


[…] on this absurd
requirement. It cannot be even justified by German law, which requires (as
far as I know) *German* websites to have such an impressum, because people
operating mail servers who may want to send mail to T-Online are not
necessarily German, so German law does not apply to them.


Well, it's a kind of non-written contractual agreement: you want your
mailserver to be able to sent to t-online.de, they want to know who you are.
You're free not to agree to the terms, so where's law involved anyway?

Again: I strongly oppose reject-unless-whitelisted-before for an automated
service like SMTP. But I don't see a legal lever against it (with one
exception noted yesterday), and as this basically only puts a strong burden
on private people running personal mailservers – which is what percentage
on global mail traffic? –, frankly: who cares? As you pointed out, any
business basically has to have their contact details present on the Internet
anyway.

And, to point this out again: the subject of this thread already has been
disproven — t-online.de/Deutsche Telekom/t...@rx.t-online.de is still white-
listing personal mailservers, as long as the criteria on their postmaster
page are met.

No policy change as far as I can see, just a new wording on rejection. Same
old, IMHO shitty, policy, but well.

So: move on, nothing to see here ;)
-kai

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Kirill Miazine via mailop

• Kirill Miazine via mailop [2022-10-19 19:21]:
[...]
> I've sent t...@rx.t-online.de an email and asked to clarify why my fullu
> compliant mail server on TransIP network is being blocked and what kind
> of problem has occured.

And there I've received a response:


Thank you very much for your message.

We only allow evidently commercial or similar operators to connect to
our mailservers. So, please use an SMTP relay or e-mail gateway of your
hoster or ISP, that you can use as part of your contract with them.
Their support will surely help you to configure your system accordingly.

However, from our point of view, a host would be evidently commercial if
it fulfills all the requirements an recommandations from the first two
paragraphs of section 4.1 of our FAQ; see
.


I responded back stating that the technical requirements are met, but
contact details not disclosed for privacy reasons, while postmaster@
& co being fully operational for any required contact regarding the
operation of the mail server.

We'll see...

Stay tunded...

K.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Renaud Allard via mailop




On 10/20/22 14:51, Jaroslaw Rafa via mailop wrote:

Dnia 19.10.2022 o godz. 20:08:30 Bernardo Reino via mailop pisze:

That seems really "interesting". How does that impressum look like, which
has the magical power of transforming a private server into a "commercial"
one? What should it contain? Could you provide a link to yours?


Well, now that it's public anyway :) -> www.bbmk.org


So basically they require anybody who runs a mail server to put their street
address and telephone number online to be publicly available???



Now, one has to wonder how they can verify if the information is 
correct? And also, what are the risks of providing fake information?


What if I say in my impressum something like this:
Jorge Mario Bergoglio
Lungotevere Castello, 50
00193 Roma RM, Italia
+39066819111
tonl...@mydomain.com

OK, that one is obviously fake, but the data is coherent.



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Jaroslaw Rafa via mailop

Dnia 19.10.2022 o godz. 20:08:30 Bernardo Reino via mailop pisze:
> > That seems really "interesting". How does that impressum look like, which
> > has the magical power of transforming a private server into a "commercial"
> > one? What should it contain? Could you provide a link to yours?
> 
> Well, now that it's public anyway :) -> www.bbmk.org

So basically they require anybody who runs a mail server to put their street
address and telephone number online to be publicly available???

Crazy idea. And this is the same country that banned Google Street View
(probably as a single country in the world?), on the basis that pictures of
individuals' houses were available online for anybody to view?

Something's completely inconsistent here.

Of course, as I would have to publish that information myself, it does not
*literally* and *formally* violate the GDPR, but it is completely
contradictory to the "spirit" of GDPR and the whole idea why that
regulation was introduced.

As someone already said in this discussion, while the requirement to put
such data online is perfectly valid for companies, for individuals it's
nothing more than an endorsement for criminal activity. If some madman does
not like what I write anywhere on the Internet (for example on my blog,
which is on the very same website as that "impressum"), or on some forum
where I register with an email address, knowing where I live he can come to
me to beat me up. Or knowing my telephone number he can call me at random
times (for example wake me up in the night) and threaten me over the phone
or just annoy me saying stupid things.

I would understand if I had to provide this information *to T-Online only*,
so they can contact me in case of any malicious activity from my server, but
there is no way I put this information publicly available.

I have a personal website that is under my domain. There's a lot of
information about me there. One can learn how old I am, what company I'm
working for, there is even my picture, and there are also a lot of articles
I wrote for various magazines on Internet related topics (I was a journalist
some time ago). Doesn't this prove that my server is a genuine one at least
good enough as putting up my home address or personal telephone number
online?

I would be *really very* interested to hear T-Online's representatives (who,
as somebody mentioned, are on this list) statement on this absurd
requirement. It cannot be even justified by German law, which requires (as
far as I know) *German* websites to have such an impressum, because people
operating mail servers who may want to send mail to T-Online are not
necessarily German, so German law does not apply to them.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Hello,

Bernardo Reino via mailop wrote on 20.10.22 at 09:01:


I wasn't aware of the timing aspect, so thank you for this!


that's at least what I understood back in the days. :-) Whether there's 
a more fine-grained approach, differentiation by ISP reputation and 
other factors, I don't know. I have my machines at Hetzner, too, and I 
think I had to unblock all new IPs in the same way. The IP I used before 
was working without explicit unblocking, but I had it in use for some 
years already.


Florian
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 2022-10-20 09:10, Dominique Rousseau via mailop wrote:

Le Wed, Oct 19, 2022 at 01:33:04PM +0200, Heiko Schlittermann via
mailop [mailop@mailop.org] a écrit:
(...)

(translation by me):
  Sorry, we only accept messages from proven
  commercial or similiar servers. Please use the SMTP relay of your 
hoster

  or your ISP.


How is "proven" defined ?

Do they use a very strict whitelist ?

Or some other criteria ?


From what we're gathering here, a sine qua non is that the server 
belongs to a commercial provider (as opposed to 
private/personal/whatever), and this is —by their definition— based on 
the presence of an impressum (or lack thereof) in the web site 
associated with the e-mail domain (which is in itself a bit unclear, but 
OK).


This is in section 4.1 of https://postmaster.t-online.de/, where you 
also see that FcrDNS is a must, etc.


The whitelist seems to be managed by them (though surely they have some 
pre-approved providers), and if you're not there you can, upon request, 
get in the list.


Obviously this doesn't mean that anyone with an impressum can spam their 
users at will (at least I hope so), so whatever further spam measures 
they have will still apply.


The above is what I've understood from the available experiences 
(including mine) and from the link quoted above.


Maybe a DT representative will speak up (if needed).

Cheers,
Bernardo
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Dominique Rousseau via mailop

Le Wed, Oct 19, 2022 at 01:33:04PM +0200, Heiko Schlittermann via mailop 
[mailop@mailop.org] a écrit:
(...)
> (translation by me): 
>   Sorry, we only accept messages from proven
>   commercial or similiar servers. Please use the SMTP relay of your hoster
>   or your ISP.

How is "proven" defined ?

Do they use a very strict whitelist ?

Or some other criteria ?


-- 
Dominique Rousseau 
Neuronnexion, Prestataire Internet & Intranet
6 rue des Hautes cornes - 8 Amiens
tel: 03 22 71 61 90 - fax: 03 22 71 61 99 - http://www.neuronnexion.coop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 2022-10-20 01:40, Ángel via mailop wrote:

On 2022-10-19 at 21:28 +0200, Bernardo Reino via mailop wrote:

Yup. I have another server for which I have to request whitelisting..
but it's a bit more difficult because the front page of the domain is
the webmail (roundcube), so I have to figure out how to inject the
Impressum there.


Assuming you are using the defualt skin (larry), edit
skins/larry/templates/login.html and add your html link above
  


Thanks a lot for the suggestion!

I'll see if get around to doing this later today or in the weekend, and 
I'll keep in mind to test what happens when I "de-publish" the Impressum 
a few days later.


Deutsche Telekom: if you're reading this: please be reasonable ;-)

Good luck,
Bernardo
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 2022-10-20 08:48, Florian Effenberger via mailop wrote:

Hello,

I actually ran into a similar problem last year after a mail server
migration. Here's what I documented back then in my blog:

"Deutsche Telekom, respectively T-Online, by default blocks IP
addresses that haven’t been used for sending e-mails to their servers
for a certain amount of time. You can test if you are blocked by
connecting to their mail server on port 25 – if the blocking is
active, the connection will get immediately dropped with an 5xx error
message, that lists a contact address to request unblocking from. To
test, run the following command from your mail server:

[...]


I wasn't aware of the timing aspect, so thank you for this!

I will prepare a cron job to send an e-mail to my @t-online.de address 
(which is pretty much dormant) very week or so, in case this prevents my 
servers from dropping off the whitelist..


Cheers,
Bernardo
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Hello,

I actually ran into a similar problem last year after a mail server 
migration. Here's what I documented back then in my blog:


"Deutsche Telekom, respectively T-Online, by default blocks IP addresses 
that haven’t been used for sending e-mails to their servers for a 
certain amount of time. You can test if you are blocked by connecting to 
their mail server on port 25 – if the blocking is active, the connection 
will get immediately dropped with an 5xx error message, that lists a 
contact address to request unblocking from. To test, run the following 
command from your mail server:


telnet [-b floating IPv4] mx00.t-online.de 25

When I ran into the problem, they were quite fast in reacting and 
removed the blocking in about an hour. However, as per their use policy, 
they require the mail server’s main domain to have a proper imprint. In 
other words, if your mail server’s hostname is mail.mydomain.tld, you 
must place a proper imprint at mydomain.tld."


I just checked on a machine I operate, and they still can deliver to the 
Telekom MX'es. So right now I would guess that only the error message 
has changed, without a change in the policy.


The imprint thing is probably something very specific German, nearly 
everyone needs an imprint here.


I don't comment on whether all this is sensible or not, but I hope the 
above helps a bit those of you who run into problems.


Florian
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Kirill Miazine via mailop

• Kai 'wusel' Siering via mailop [2022-10-20 00:44]:
[...]
> > In the German Net Neutrality report 2020/2021, published by
> > Bundesnetzagentur, section 24, they say:
> > 
> >  In several cases end-users could not receive incoming emails. They
> >  believed that internet access providers were blocking emails of certain
> >  email providers. The blocking, however, was carried out by involved
> >  email service providers. For this reason the net neutrality Regulation
> >  did not apply.
> > 
> > In the t-online case the blocking is carried out by the ISP.
> 
> Nice find. But:
> 
[...]
> 
> As such: the MXes are run by »Deutsche Telekom Technik GmbH«, their IP
> space is routed by »Deutsche Telekom AG, Internet service provider«.
> Therefore it's not a net neutrality issue: There is a distinction
> between the mail service and the routing service.
> 
> Even if not: AFAICS net neutrality only applies to the transport
> level. So if the GmbH or the AG would configure their routers to drop
> 25% of packets to my ASN (or if I'd do similar stuff), that would be
> an issue of net neutrality.

I wouldn't argue very hard on this one, as I do agree that net
neutrality primarily applies on the transport level. However, I don't
think it's too far fetched to consider application of net neutrality
when an email service is provided by an ISP as a service to the ISP
subscribers, even if the email service itself technically is provided by
an entity different from the ISP, maybe being based on some kind of
contractual arrangement between AG and GmbH.

IIRC there are some situations where carrier specific rules apply to
higher level services/applications provided by an ISP, but not to
non-ISPs providing similar services.

> -kai

-- 
-- Kirill Miazine 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-20 Thread Renaud Allard via mailop




On 10/19/22 23:19, Kai 'wusel' Siering via mailop wrote:

Am 19.10.22 um 21:28 schrieb Bernardo Reino via mailop:

On Wed, 19 Oct 2022, Renaud Allard via mailop wrote:

If you try deleting the impressum, please share your experience on 
what happens with t-online.


Yup. I have another server for which I have to request whitelisting.. 
but it's a bit more difficult because the front page of the domain is 
the webmail (roundcube), so I have to figure out how to inject the 
Impressum there.


Once I've managed that and they whitelist it, I'll try to remove the 
Impressum there (it's a less critical server I manage for a friend, so 
hopefully he won't notice..).


Hopefully I can report in a few days :)


You are aware that people responsible for t-online.de do participate on 
this list, too? ;-)


So perhaps, they should reply to the topic explaining their point of 
view. Some people from big mailers do that.


smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Moin,

am 20.10.22 um 01:40 schrieb Ángel via mailop:

On 2022-10-19 at 11:37 -0700, Michael Peddemors wrote:

I am not going to go into whether operating a service on the internet
is a 'right' or a 'privelege', but coming into my home sure is..

Well, precisely. Providing an address should be no issue for a company,
but requesting the home address from an individual (and by extension
from their family!) is a whole different matter.


Just feel lucky that TMG §5 (1) does not apply to you. If you run a website,
even a personal, non-AdWorded, blog, you have to put the name and address of
whoever is responsible into the imprint on that site — if you fall under the
jurisdiction of TMG.

Therefore, Deutsche Telekom's request is kind of in-line with German law …


There is a difference between letting the world know where you and your
family live and getting some nasty visitor out of it, but avoiding the
former is generally a great way for the later.


Well, running off my own IP space currently makes it hard to hide. (Although
RIPE NCC is looking into reducing information about individuals in their
whois, IIRC ...) "Feel free to visit, but remember I'm from the school of
kill first, interrogate later" ;)


Maybe they are stating to only accept email from commercial servers as
a (light) attempt to avoid GDPR issues arising from individuals.


No. As has been proven today already, the published policies
(https://postmaster.t-online.de/index.en.html#t4.1) still apply. As long
as you are able, and/or willing, to comply, they'll still whitelist you,
commercial mailhub or not.

Cheers,
-kai
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Am 19.10.22 um 22:58 schrieb Martin Neitzel via mailop:

My private Mailserver never ran into problems delivering to
@t-online.de recipents.  And there's no impressum for it -- not
even a matching web server.


Then I supppose you're using IP space tagged with your name, which
trumps the imprint requirement, and you do send emails to t-online.de
addresses at least once in a while? I obviously don't do the later
that often, and t-online.de seemingly has a timer per entry ... Last
use > threshold => no entry.


Still, I *am* a certainly worried by this kind of business practice,
exercising dominant market force unto everybody (commercial or not),
and making life difficult in particular for non-commercial end users
running their own mail server.  I am not so much worried about
T-Online in particular but the emerging consolidation to just a
few giant players in the market (incumbents, GMAIL, O365, ...).


Thank you.


So, what about running your own, private mail server?

The German "Telekommunikationsgesetz" ("TKG") is the relevant law
here just for *commercial* telco/network providers, i.e. it
applies Hetzner and T-Online, but not really the Hetzner user.


The TKG does *not* apply to email providers as per ECJ. And IP is
obviously flowing well between Hetzner's and DTAG's ASNs ...


Assuming that tosa@ reacts in a better way to the original poster
than the referenced standard information sheet, the issue might be
resolved the easy way.


In the case of "554 IP=168.119.159.241 - A problem occurred. …",
there's no identificability provided, hence it's no wonder tosa@rx
turned the request down. As I said before, would I stumble upon that
IP in an errorlog, I'd dig, host, wget and then simply do an iptables
-I INPUT -s 168.119.159.241 -j DROP. Maybe even -I FORWARD at the
border routers.

As for ...


I am afraid that, with this viewpoint by the BNetzA, their alleged aim

"Wahrung der gleichberechtigten und diskriminierungsfreien
Behandlung des Datenverkehrs bei der Bereitstellung von
Internetzugangsdiensten und damit verbundener Rechte der
Endnutzer zu schaffen"

(briefly, "protect the discriminatory-free traffic for the
access of end-users to services")

is a lost cause.


... I'm actually with BNetzA: SMTP is *not* an Internet access service,
and the *data transfer* to mx*.t-online.de itself is *not* harmed.
The connection is dropped after connect, not at the *data transfer*
level but at the *mail service*, i. e. application, level.

No ISP must prefer Google's port-443-traffic over mine. Or deliver
packets to speedtest.net faster than to nat.agency. That's what net
neutrality is about: Layer 1-3.

Regards,
-kai

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Ángel via mailop

On 2022-10-19 at 11:37 -0700, Michael Peddemors wrote:
> > I hear your message, but I can't believe the only way out is to dox
> > myself.
> 
> I don't think it is 'doxing' unless you are trying to hide ;)
> 
> I am not going to go into whether operating a service on the internet
> is a 'right' or a 'privelege', but coming into my home sure is..

Well, precisely. Providing an address should be no issue for a company,
but requesting the home address from an individual (and by extension
from their family!) is a whole different matter.

There is a difference between letting the world know where you and your
family live and getting some nasty visitor out of it, but avoiding the
former is generally a great way for the later.

Maybe they are stating to only accept email from commercial servers as
a (light) attempt to avoid GDPR issues arising from individuals.

I would be tempted to "paywall" such details from that "Impressum"
behind an eIDAS login, that *their* data will be logged and they will
be considered liable for any misuse or illegal activity that happens
linked to the address they are requesting.

Regards

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Ángel via mailop

On 2022-10-19 at 21:28 +0200, Bernardo Reino via mailop wrote:
> Yup. I have another server for which I have to request whitelisting..
> but it's a bit more difficult because the front page of the domain is
> the webmail (roundcube), so I have to figure out how to inject the
> Impressum there.

Assuming you are using the defualt skin (larry), edit
skins/larry/templates/login.html and add your html link above 
  


Regards


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Moin,

am 19.10.22 um 22:42 schrieb Wolfgang Rosenauer via mailop:

A given mailhost (ran privately for smaller entities) can't send

messages to T-Online anymore.

  554 IP=168.119.159.241 - A problem occurred. …

The sending IP belongs to a rented host (rented from a major German
hoster). The answer he (the owner of that host) got was about like this:

[...]


I just tested and can confirm the same issue. My server is also hosted @Hetzner.
The 554 occurs while connecting, so they really reject only based on the 
IP/range, which is indeed quite brutal.


sorry, I'm late to the party and didn't reach the end of the thread yet.

I run two mailservers within the Hetzner network and none is currently being 
blocked according to opening a simple SMTP session.
So I don't think it's as simple as a network block.


It's not, it's worse: reject, unless whitelisted (with major players 
pre-whitelisted, as none of the big international players would care to 
register with t-online.de).


I remember that someone from T-Online announced a policy earlier that they are checking 
if the corresponding connecting hostname domain has a webpage with an imprint or anything 
which would identify it as "somewhat legit". I don't remember where I heard 
about that but I don't think I'm dreaming.


You're quite awake: https://postmaster.t-online.de/index.en.html#t4.1 (strip 
the .en for the page in German). But this requirement is there for, AFAIK, at 
least a decade.

Am 19.10.22 um 22:55 schrieb Wolfgang Rosenauer via mailop:

I used to own a @t-online.de address just because you get one as soon as you 
have any contract with them (at least again used to).
And trust me:
It's the worst mailbox I ever owned in regards to spam and phishing.
I haven't used it for real at any point in time and it's full of targeted 
phishing against their own business.


Odd. I use mine only for a) testing sending to @t-online.de and b) verifying 
the blockage of t-online's sending servers. It's there for 11 years now, and 
there's no spam at all. Well, as nobody knows the address, anything else would 
be alarming ;-)
-kai
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Am 20.10.22 um 00:04 schrieb Kirill Miazine via mailop:

In the German Net Neutrality report 2020/2021, published by
Bundesnetzagentur, section 24, they say:

 In several cases end-users could not receive incoming emails. They
 believed that internet access providers were blocking emails of certain
 email providers. The blocking, however, was carried out by involved
 email service providers. For this reason the net neutrality Regulation
 did not apply.

In the t-online case the blocking is carried out by the ISP.


Nice find. But:

$ host mx01.t-online.de.
mx01.t-online.de has address 194.25.134.72
$ whois 194.25.134.72
[…]
inetnum:    194.25.134.0 - 194.25.134.255
netname:    DTOS-ULM-001
country:    DE
admin-c:    HD1710-RIPE
tech-c: HD1710-RIPE
[…]

role:   Hostmaster DTOS
address:    Deutsche Telekom Technik GmbH
address:    Bonn
address:    Germany
[…]
nic-hdl:    HD1710-RIPE
[…]

route:  194.25.0.0/16
descr:  Deutsche Telekom AG, Internet service provider
origin: AS3320
[…]

As such: the MXes are run by »Deutsche Telekom Technik GmbH«, their IP space is 
routed by »Deutsche Telekom AG, Internet service provider«. Therefore it's not 
a net neutrality issue: There is a distinction between the mail service and the 
routing service.

Even if not: AFAICS net neutrality only applies to the transport level. So if 
the GmbH or the AG would configure their routers to drop 25% of packets to my 
ASN (or if I'd do similar stuff), that would be an issue of net neutrality.
-kai
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Kirill Miazine via mailop

• Bernardo Reino via mailop [2022-10-19 20:24]:
> On Wed, 19 Oct 2022, Kirill Miazine via mailop wrote:
> 
> > • Bernardo Reino via mailop [2022-10-19 14:51]:
> > > On 2022-10-19 14:25, Stefano Bagnara via mailop wrote:
> > > > On Wed, 19 Oct 2022 at 13:32, Heiko Schlittermann via mailop
> > > >  wrote:
> > > > > A given mailhost (ran privately for smaller entities) can't send
> > > > > messages to T-Online anymore.
> > > > > 
> > > > >   554 IP=168.119.159.241 - A problem occurred. …
> > > > 
> > > > Do you get this error at the connection or after you transmitted the
> > > > message?
> > > 
> > > It happens while connecting, so it's blocking on the IP address.
> > > 
> > > Even though I'm a tiny "provider" (4 users :), I've sent an e-mail to
> > > postmas...@rx.t-online.de (note the "rx", which you need if you are being
> > > blocked from contacting the usual postmas...@t-online.de address), to let
> > > them know that their users will be missing a lot of e-mails (Germany is
> > > quite "diverse" ISP-wise).
> > > 
> > > Maybe they'll reconsider (not because of my e-mail, but because of the 
> > > flood
> > > of complaints that should be — surely? — arriving :).
> > 
> > I've sent t...@rx.t-online.de an email and asked to clarify why my fullu
> > compliant mail server on TransIP network is being blocked and what kind
> > of problem has occured.
> > 
> > > We'll see..
> > 
> > We'll see... I'd say this is a net neutrality issue. Have Germany
> > adopted some rules on net neutrality?
> 
> TBH I don't think this has anything to do with net neutrality, but the term
> is (ab)used for many purposes and sometimes even with opposite meanings.

I'm not sure, as Deutsche Telekom -- as an ISP -- has apparently adopted
the policy that only commercial email servers are able to connect to
deliver email to Deutsche Telekom's email service. When t-online.de
sender is not able to receive a reply due to this policy, isn't it
exactly a net neutrality issue?

In the German Net Neutrality report 2020/2021, published by
Bundesnetzagentur, section 24, they say:

In several cases end-users could not receive incoming emails. They
believed that internet access providers were blocking emails of certain
email providers. The blocking, however, was carried out by involved
email service providers. For this reason the net neutrality Regulation
did not apply.

In the t-online case the blocking is carried out by the ISP.

If I were German, I'd file a complaint and see what Bundesnetzagentur
says. Actually I'll see what t-online answers, and if they ask me about
Impressum, I'll forward it to Bundesnetzagentur and ask them to kindly
impose measures on t-online.

> I think this is just Deutsche Telekom going Microsoft. But instead of
> rejecting (or silently dropping after accepting) after DATA they block the
> connection itself (so at least you know what hit you and when..)
> 
> To me it's a case of "their server, their rules" but also a clear case of
> "shooting yourself in the foot" or if my German doesn't fail me now "sich
> ins Knie schießen".
> 
> They'll learn..
> Bernardo

> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

-- 
-- Kirill Miazine 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On Wed, 19 Oct 2022, Kai 'wusel' Siering via mailop wrote:


Am 19.10.22 um 21:28 schrieb Bernardo Reino via mailop:

 On Wed, 19 Oct 2022, Renaud Allard via mailop wrote:


 If you try deleting the impressum, please share your experience on what
 happens with t-online.


 Yup. I have another server for which I have to request whitelisting.. but
 it's a bit more difficult because the front page of the domain is the
 webmail (roundcube), so I have to figure out how to inject the Impressum
 there.

 Once I've managed that and they whitelist it, I'll try to remove the
 Impressum there (it's a less critical server I manage for a friend, so
 hopefully he won't notice..).

 Hopefully I can report in a few days :)


You are aware that people responsible for t-online.de do participate on this 
list, too? ;-)


I assume that, and that's OK..
.. if only in the interests of advancing knowledge ;-)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On Wed, 19 Oct 2022, Kai 'wusel' Siering via mailop wrote:

Which OTOH means that Deutsche Telekom is still whitelisting mailservers that 
comply with their request to be able to identify the other side. And which 
means that the subject is false, nothing has basically changed besides the 
response sent by Deutsche Telekom. Thank you for the update!


Already some years ago I had had my server whitelisted by sending an e-mail to 
tosa@. Suddenly (I assume today) the IP was not in the whitelist anymore, so 
from my perspective something did change.


In the past an e-mail to tosa@ would suffice. Now they explicitly request the 
Impressum..


--
Bernardo
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Am 19.10.22 um 21:28 schrieb Bernardo Reino via mailop:

On Wed, 19 Oct 2022, Renaud Allard via mailop wrote:


If you try deleting the impressum, please share your experience on what happens 
with t-online.


Yup. I have another server for which I have to request whitelisting.. but it's 
a bit more difficult because the front page of the domain is the webmail 
(roundcube), so I have to figure out how to inject the Impressum there.

Once I've managed that and they whitelist it, I'll try to remove the Impressum 
there (it's a less critical server I manage for a friend, so hopefully he won't 
notice..).

Hopefully I can report in a few days :)


You are aware that people responsible for t-online.de do participate on this 
list, too? ;-)
-kai
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

Moin,

am 19.10.22 um 20:08 schrieb Bernardo Reino via mailop:

Well, now that it's public anyway  -> www.bbmk.org

BTW they replied an hour ago with:

[…]

which means they'll whitelist the IP address (can take up to 24h).

Which OTOH means that Deutsche Telekom is still whitelisting mailservers that
comply with their request to be able to identify the other side. And which
means that the subject is false, nothing has basically changed besides the
response sent by Deutsche Telekom. Thank you for the update!

Am 19.10.22 um 20:24 schrieb Bernardo Reino via mailop:

TBH I don't think this has anything to do with net neutrality, but the term is
(ab)used for many purposes and sometimes even with opposite meanings.

Yeah, I doubt this is on a net neutrality level, it's a some level above that.

I think this is just Deutsche Telekom going Microsoft. But instead of rejecting
(or silently dropping after accepting) after DATA they block the connection
itself (so at least you know what hit you and when..)

As said before: this is nothing new, the need to whitelist one's sending
server(s) to reach t-online.de customers exists for several years already (at
least since 2012, see
https://serversupportforum.de/threads/kein-mailversand-mehr-an-t-online-moeglich.46646/).

To me it's a case of "their server, their rules" but also a clear case of "shooting yourself in the foot" or if my German doesn't fail me now "sich ins Knie schießen".

They do it for at least a decade now, without major pushback there's no reason
why they shouldn't do it until IPv4 is dead and buried.
-kai

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Martin Neitzel via mailop

> They blocked at least my non commercial mail server until I added an 
> impressum. So, I guess they now block everyone without an impressum.

My private Mailserver never ran into problems delivering to
@t-online.de recipents.  And there's no impressum for it -- not
even a matching web server.

Speaking with my micro-ISP business hat on:

Yepp, we routinely have to contact t...@rx.t-online.de
whenever we install a new mailserver for a customer.  They
always react swiftly, so it isn't too much of a bother for
us.   In many cases, we provide just the mail service, and
any "impressum" page is completely inaccessable or unrelated
to us.

I fully acknowlegde the "our server, our rules" point of view
of T-Online/Deutsche Telekom, and I think their rules are, all
in all, pretty reasonable.


Still, I *am* a certainly worried by this kind of business practice,
exercising dominant market force unto everybody (commercial or not),
and making life difficult in particular for non-commercial end users
running their own mail server.  I am not so much worried about
T-Online in particular but the emerging consolidation to just a
few giant players in the market (incumbents, GMAIL, O365, ...).


So, what about running your own, private mail server?

The German "Telekommunikationsgesetz" ("TKG") is the relevant law
here just for *commercial* telco/network providers, i.e. it
applies Hetzner and T-Online, but not really the Hetzner user.

Yet, the TKG aims to prevent overwhelmingly dominant players and
unequal access to the market (and "communication" in general).

Until recently the TKG explicitly mentioned the "end user", in
addition to and independently of any commercial provider, as having
protected rights within the market, even as a non-commercial
participant.  This end user reference got dropped in 2021 with the
last major TKG revision, an alignment with new, EU-wide umbrella
regulations. These now also contain the "net neutrality"
regulations, previously part of the TKG itself.


Assuming that tosa@ reacts in a better way to the original poster
than the referenced standard information sheet, the issue might be
resolved the easy way.

If not, and only then, the Hetzner user has a point to make this
an issue with the national regulator ("Bundes-Netz-Agentur")
which is supposed to enforce the TKG and uphold a fair market.

This () should be a good starting point:

https://www.bundesnetzagentur.de/DE/Vportal/TK/InternetTelefon/Netzneutralitaet/start.html

Do not get too hooked on the word "net neutrality" -- it is extremely
multi-faceted and mostly used in a different sense on the BNetzA
pages.  More on that below.

The BNetzA *is* open to end users, but I'd recommend to do this
jointly with the affected provider, in this case Hetzner.  After
all, the Hetzner user will have to argue that T-Online is pushing
a problem on both him/her and Hetzner that both cannot reasonably
resolve together.  That is, the sending user should not complain
against his provider (Hetzner) but along with him, and against a
3rd party (T-Online).   (This is a bit unusual because the BNetzA
usually sees its role as a consumer protector, protecting a user
from his own, mis-behaving provider.)

If Hetzner refuses to assist in this matter...  well, vote with
your feet.

Making a case won't be easy, I guess.  The BNetzA has routinely
rejected complaints about blocked emails from (non-) recipients,
against their own, blocking provider.

The BNetzA argues that such complaints have no merit with them
because "email" works on the application layer, above any layers
governed by the official "net neutrality rules", and apparantly
that's all they care for.

I am absolutely baffeled by this reasoning.  In particular because
they cite the relevant "traffic management" passage from the EU
regulations, and I fail to see any relationship to layers in there.

Better read for yourself, here are the links:

Regulation (EU) 2015/2120, "measures concerning open internet access":
https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32015R2120

Pick the language of your choice and head to Article 3, "Safeguarding
of open internet access", and in particular 3.3.

The most recent BNetzA report on complaints (sorry,  again):

https://www.bundesnetzagentur.de/SharedDocs/Downloads/DE/Sachgebiete/Telekommunikation/Unternehmen_Institutionen/Netzneutralitaet/Netzneutralitaet_Jahresbericht%202021_2022.pdf?__blob=publicationFile=1

See pages 9+10, "Keine Anwendbarkeit der Verordnung", "23. E-Mails"


I am afraid that, with this viewpoint by the BNetzA, their alleged aim

"Wahrung der gleichberechtigten und diskriminierungsfreien
Behandlung des Datenverkehrs bei der Bereitstellung von
Internetzugangsdiensten und damit verbundener Rechte der
Endnutzer zu schaffen"

(briefly, "protect the discriminatory-free traffic for the
access of end-users to services")

is a lost cause.

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Wolfgang Rosenauer via mailop


Am 19.10.22 um 18:25 schrieb Michael Peddemors via mailop:

On 2022-10-19 08:38, Carsten Schiefner via mailop wrote:

Grant & all -

if it‘s a .de domain name one does not need a privacy service any 
longer since 2018(?) as the GDPR (or its interpretation) mandates that 
holder data must not be available via WHOIS to the general public.


Please provide reference, as this appears to be an interpretation.  Like 
all GDPR privacy rules, IF THERE IS A VALID REASON.. AND THE PERSON IS 
INFORMED THAT IT IS OCCURRING AND WHY.. (oh, I let the lawyers take it 
from here)


here is DENIC's policy about public whois data:

https://www.denic.de/en/service/whois-service/



Wolfgang
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Wolfgang Rosenauer via mailop


Hi,

Am 19.10.22 um 14:42 schrieb Kai 'wusel' Siering via mailop:

Moin,

on 19.10.22 13:33, Heiko Schlittermann via mailop wrote:

I'm not sure how to complain and where. But I hope that here we can
start a discussion again. I'm quite upset.


Personally I doubt any discussion on whatever mailing list would make 
Deutsche Telekom change their mind about this. They practice this policy 
of reject unless whitelisted for ages, literally, and obviously are 
quite happy with the outcome.


I used to own a @t-online.de address just because you get one as soon as 
you have any contract with them (at least again used to).

And trust me:
It's the worst mailbox I ever owned in regards to spam and phishing.
I haven't used it for real at any point in time and it's full of 
targeted phishing against their own business.


So whatever they are doing it's not working well.


Wolfgang
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Wolfgang Rosenauer via mailop


Hi,

Am 19.10.22 um 14:28 schrieb Bernardo Reino via mailop:

On 2022-10-19 13:33, Heiko Schlittermann via mailop wrote:

Hello,

I'm not sure how to complain and where. But I hope that here we can
start a discussion again. I'm quite upset.

Is this the new world?

A given mailhost (ran privately for smaller entities) can't send
messages to T-Online anymore.

  554 IP=168.119.159.241 - A problem occurred. …

The sending IP belongs to a rented host (rented from a major German
hoster). The answer he (the owner of that host) got was about like this:

[...]


I just tested and can confirm the same issue. My server is also hosted 
@Hetzner.
The 554 occurs while connecting, so they really reject only based on the 
IP/range, which is indeed quite brutal.


Hopefully this is just a misconfiguration (or a badly 
interpreted/implemented policy).


sorry, I'm late to the party and didn't reach the end of the thread yet.

I run two mailservers within the Hetzner network and none is currently 
being blocked according to opening a simple SMTP session.

So I don't think it's as simple as a network block.

I remember that someone from T-Online announced a policy earlier that 
they are checking if the corresponding connecting hostname domain has a 
webpage with an imprint or anything which would identify it as "somewhat 
legit". I don't remember where I heard about that but I don't think I'm 
dreaming.


If such a policy makes sense or not is a different story though.


Wolfgang
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Gellner, Oliver via mailop

> Am 19.10.2022 um 19:09 schrieb Kai 'wusel' Siering via mailop 
> :
>
> On 19.10.22 18:21, Gellner, Oliver via mailop wrote:
>> It looks more like t-online.de blocks incoming connections from the whole 
>> world, except from a list of IP addresses they maintain internally. To get 
>> added to this list you have to a) contact them manually and b) fulfill 
>> arbitrary rules that t-online.de set up.
>
> Yepp, that is my understanding and how it felt when talking to the 
> tosa-people to get my server(s) whitelisted.
>
>> If only 10% of all ESPs in the world would act like this and require manual 
>> requests so that one MTA can talk to another MTA, email would be unusable.
>
> True. But if you are the biggest fish in the (German) pond (which, from your 
> point of view, belongs to you anyway), maybe you try to make these kind of 
> one-sided rules? And unless really challenged, why change a working setup?

Well, they should change it, because even from a technical perspective their 
setup is actually not working. I at least consider a spam filter that creates 
vast amounts of false positives as „broken“ and not as „working“.
Each and every message that we tried to send to t-online.de and their related 
domains and which got blocked was a false positive. I wouldn’t give good marks 
to a spam filter that keeps my inbox clean by rejecting all kind of emails 
including messages from my friends or replies to my own messages.

—
BR Oliver

dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On Wed, 19 Oct 2022, Renaud Allard via mailop wrote:


On 10/19/22 20:08, Bernardo Reino via mailop wrote:


 I wonder what happens if I delete the "Impressum" in a few days, but who
 knows, maybe they do add some monitoring for *that* ¯\_(ツ)_/¯



If you try deleting the impressum, please share your experience on what 
happens with t-online.


Yup. I have another server for which I have to request whitelisting.. but it's a 
bit more difficult because the front page of the domain is the webmail 
(roundcube), so I have to figure out how to inject the Impressum there.


Once I've managed that and they whitelist it, I'll try to remove the Impressum 
there (it's a less critical server I manage for a friend, so hopefully he won't 
notice..).


Hopefully I can report in a few days :)
Bernardo___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

On 2022/10/19 20:37, Michael Peddemors via mailop wrote:
...snip...

If you want to be accepted as a 'good netizen', then show you are responsible for what goes out onto the internet from
your networks and servers. You roll the dice otherwise.

Thank you for taking the time to type out a detailed reply to this, I can definitely understand your reasoning and I
appreciate the fact that knowing more about the "other guy" makes it easier to decide whether to keep talking or not.

I don't think it is 'doxing' unless you are trying to hide ;)

Not so much trying to hide as trying to avoid abuse on my telephone. I was once a victim of someone dialing at all hours
of the night and day, breathing into the phone, screetching etc. Police were unhelpful bla bla bla - only option was to
change numbers.

W.r.t to t-online, I would've been OK to send them a telephone number that they could keep in their whitelist file in
case of emergencies, but that obviously doesn't scale.

I only digress because you so politely said you were interested in knowing more, so I guess explaining how this isn't an
unrealistic expectation from many operators out there, and I don't want to get into a flame war on this topic, or
stretch it out any longer.

Thank you for answering the question in the spirit it was asked, I don't enjoy
flame wars either.

But stand up and be counted as a transparent and responsible email operator, and you will see that your reputation is
rewarded.

Perhaps I'll have to register a little dummy company with a daytime voip line
in order to send email in the future.

PS, I just ran into a situation where I was trying to be helpful, and call a local Canadian operator when we saw their
whole /22 being used for spam attacks and auth attacks. Their IP range did not have SWIP information, the provider
refused to disclose who the client was, and they had PTR records that didnt' resolve to a website.. As a result, I am
sure their business is being impacted, their customers are upset, and they might have spent many wasted hours figuring
out what happened to their network. In reality, most people would not put in that amount of work, and the network would
simple be blacklisted if no contact information is available..

This is an interesting anecdote, I had no idea.

Regards,

Johann
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders




On 10/19/22 20:08, Bernardo Reino via mailop wrote:


I wonder what happens if I delete the "Impressum" in a few days, but who 
knows, maybe they do add some monitoring for *that* ¯\_(ツ)_/¯




If you try deleting the impressum, please share your experience on what 
happens with t-online.


smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Michael Peddemors via mailop


On 2022-10-19 10:30, Johann Haarhoff via mailop wrote:


On 2022/10/19 18:05, Michael Peddemors via mailop wrote:

On 2022-10-19 07:52, Slavko via mailop wrote:

For the record, while they might be going about it the wrong way, 
transparency is key to reputation.


If you obfuscate, or don't have an associated URL with the domain in 
the PTR records, it makes it hard for someone to contact the operator 
of the email server when there is a problem.


Is monitoring abuse@ and postmaster@ not enough? Are you really calling 
people up when you get spam from their networks? I'm not being 
facetious, I just don't know ... I run a few tiny mail servers so I 
don't get to see what the big guys have to deal with.


Actually, many helpful citizens might actually call the operator, if it 
is really a threat to the sending operator or their customers. And those 
helpful citizens know nothing about abuse@..


And of course, there are those of us in the industry that know how 
poorly those addresses are monitored.


But sometimes, you just want to know.. is jellybean.com a real company? 
If they don't have a website, am I likely to be able to reach someone to 
tell them their CEO has their email account compromised?


With no 'whois' any more (effectively) and many hosting companies still 
not offering 'rwhois', you need to be able to reach the operator.


You have to understand that email operators might only want to accept 
email from operators where they can effectively report problems to.


If you want to be accepted as a 'good netizen', then show you are 
responsible for what goes out onto the internet from your networks and 
servers. You roll the dice otherwise.




Expect more of this in the future.  While we all commiserate with 
those concerned about privacy, if you want to operate an email server 
in todays world, you should be willing to be openly responsible for 
that activity.


I hear your message, but I can't believe the only way out is to dox myself.


I don't think it is 'doxing' unless you are trying to hide ;)

I am not going to go into whether operating a service on the internet is 
a 'right' or a 'privelege', but coming into my home sure is..


And as someone else mentioned on this thread, the right to control who 
can enter/use my 'home', be that my house or a service I host on the 
internet will always be mine to make.


Simple, make it easy for me to decide if I should allow traffic from 
your server, eg.. is there a responsible party operating this service..


I only digress because you so politely said you were interested in 
knowing more, so I guess explaining how this isn't an unrealistic 
expectation from many operators out there, and I don't want to get into 
a flame war on this topic, or stretch it out any longer.


But stand up and be counted as a transparent and responsible email 
operator, and you will see that your reputation is rewarded.


'Nuff said?

PS, I just ran into a situation where I was trying to be helpful, and 
call a local Canadian operator when we saw their whole /22 being used 
for spam attacks and auth attacks.  Their IP range did not have SWIP 
information, the provider refused to disclose who the client was, and 
they had PTR records that didnt' resolve to a website.. As a result, I 
am sure their business is being impacted, their customers are upset, and 
they might have spent many wasted hours figuring out what happened to 
their network.  In reality, most people would not put in that amount of 
work, and the network would simple be blacklisted if no contact 
information is available..


And even spent too much time on this threat today as well, but if it 
helps make it a more transparent email world, it will also be a safer 
email world.


--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On Wed, 19 Oct 2022, Kirill Miazine via mailop wrote:


• Bernardo Reino via mailop [2022-10-19 14:51]:

On 2022-10-19 14:25, Stefano Bagnara via mailop wrote:

On Wed, 19 Oct 2022 at 13:32, Heiko Schlittermann via mailop
 wrote:

A given mailhost (ran privately for smaller entities) can't send
messages to T-Online anymore.

  554 IP=168.119.159.241 - A problem occurred. …


Do you get this error at the connection or after you transmitted the
message?


It happens while connecting, so it's blocking on the IP address.

Even though I'm a tiny "provider" (4 users :), I've sent an e-mail to
postmas...@rx.t-online.de (note the "rx", which you need if you are being
blocked from contacting the usual postmas...@t-online.de address), to let
them know that their users will be missing a lot of e-mails (Germany is
quite "diverse" ISP-wise).

Maybe they'll reconsider (not because of my e-mail, but because of the flood
of complaints that should be — surely? — arriving :).


I've sent t...@rx.t-online.de an email and asked to clarify why my fullu
compliant mail server on TransIP network is being blocked and what kind
of problem has occured.


We'll see..


We'll see... I'd say this is a net neutrality issue. Have Germany
adopted some rules on net neutrality?


TBH I don't think this has anything to do with net neutrality, but the term is 
(ab)used for many purposes and sometimes even with opposite meanings.


I think this is just Deutsche Telekom going Microsoft. But instead of rejecting 
(or silently dropping after accepting) after DATA they block the connection 
itself (so at least you know what hit you and when..)


To me it's a case of "their server, their rules" but also a clear case of 
"shooting yourself in the foot" or if my German doesn't fail me now "sich ins 
Knie schießen".


They'll learn..
Bernardo___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On Wed, 19 Oct 2022, Jaroslaw Rafa via mailop wrote:


Dnia 19.10.2022 o godz. 18:56:17 Bernardo Reino via mailop pisze:


After I contacted them they told me that they only accept e-mail from
commercial servers, so in my case (private/family server) I would have to
add an "Impressum" (to the associated www site) in order to make it
"commercial" (some logic here).


That seems really "interesting". How does that impressum look like, which
has the magical power of transforming a private server into a "commercial"
one? What should it contain? Could you provide a link to yours?


Well, now that it's public anyway :) -> www.bbmk.org

BTW they replied an hour ago with:

"Wir werden veranlassen, dass die Reputation dieser IP-Adresse bei
unserem System resettet wird. Bitte berücksichtigen Sie, dass es bis zu
24 Stunden dauern kann, bis die Änderung wirksam wird, erfahrungsgemäß
dürfte es allerdings in ein bis zwei Stunden erledigt sein."

which means they'll whitelist the IP address (can take up to 24h).

I wonder what happens if I delete the "Impressum" in a few days, but who knows, 
maybe they do add some monitoring for *that* ¯\_(ツ)_/¯


Cheers,
Bernardo___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Christof Meerwald via mailop

On Wed, Oct 19, 2022 at 05:49:40PM +0200, Carsten Schiefner via mailop wrote:
> Having read up the entire thread now, I wonder if this issue might be worth 
> raising with Germany‘s federal regulator for (inter alia) postal and telco 
> services, BNetzA.

Maybe better trying to get one of the bigger German IT news web sites
interested so they get some bad publicity?


Christof

-- 

https://cmeerw.org sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org   xmpp:cmeerw at cmeerw.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Kirill Miazine via mailop

• Bernardo Reino via mailop [2022-10-19 14:51]:
> On 2022-10-19 14:25, Stefano Bagnara via mailop wrote:
> > On Wed, 19 Oct 2022 at 13:32, Heiko Schlittermann via mailop
> >  wrote:
> > > A given mailhost (ran privately for smaller entities) can't send
> > > messages to T-Online anymore.
> > > 
> > >   554 IP=168.119.159.241 - A problem occurred. …
> > 
> > Do you get this error at the connection or after you transmitted the
> > message?
> 
> It happens while connecting, so it's blocking on the IP address.
> 
> Even though I'm a tiny "provider" (4 users :), I've sent an e-mail to
> postmas...@rx.t-online.de (note the "rx", which you need if you are being
> blocked from contacting the usual postmas...@t-online.de address), to let
> them know that their users will be missing a lot of e-mails (Germany is
> quite "diverse" ISP-wise).
> 
> Maybe they'll reconsider (not because of my e-mail, but because of the flood
> of complaints that should be — surely? — arriving :).

I've sent t...@rx.t-online.de an email and asked to clarify why my fullu
compliant mail server on TransIP network is being blocked and what kind
of problem has occured.

> We'll see..

We'll see... I'd say this is a net neutrality issue. Have Germany
adopted some rules on net neutrality?

> Bernardo
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

-- 
-- Kirill Miazine 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders



On 2022/10/19 18:05, Michael Peddemors via mailop wrote:

On 2022-10-19 07:52, Slavko via mailop wrote:

For the record, while they might be going about it the wrong way, transparency 
is key to reputation.

If you obfuscate, or don't have an associated URL with the domain in the PTR records, it makes it hard for someone to 
contact the operator of the email server when there is a problem.


Is monitoring abuse@ and postmaster@ not enough? Are you really calling people up when you get spam from their networks? 
I'm not being facetious, I just don't know ... I run a few tiny mail servers so I don't get to see what the big guys 
have to deal with.


Expect more of this in the future.  While we all commiserate with those concerned about privacy, if you want to operate 
an email server in todays world, you should be willing to be openly responsible for that activity.


I hear your message, but I can't believe the only way out is to dox myself.

Regards,

Johann
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 2022/10/19 17:12, Grant Taylor via mailop wrote:
..snip..
Do you use privacy options in WhoIs for your domain name?  Since you (understandably) obfuscated your domain name I 
can't check.


I wonder if having real, non-privacy options, in a domain name helps with this.


I didn't explicitly choose any privacy options, but the ZACR (.za central registry) redacted all whois information a 
couple of years ago to comply with GPDR (internationally) and POPI (locally). More information here:



https://www.tech4law.co.za/business/law-business-business/zacr-south-african-central-registry-for-domains-whois-information-redaction/


Regards,

Johann
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Jaroslaw Rafa via mailop

Dnia 19.10.2022 o godz. 18:56:17 Bernardo Reino via mailop pisze:
> 
> After I contacted them they told me that they only accept e-mail from
> commercial servers, so in my case (private/family server) I would have to
> add an "Impressum" (to the associated www site) in order to make it
> "commercial" (some logic here).

That seems really "interesting". How does that impressum look like, which
has the magical power of transforming a private server into a "commercial"
one? What should it contain? Could you provide a link to yours?
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Jaroslaw Rafa via mailop

Dnia 19.10.2022 o godz. 18:55:29 Kai 'wusel' Siering via mailop pisze:
> 
> It would be less of an issue if t-online.de would take care _not_ to send
> to domains they don't take the replies from; but they happily sent emails
> to any MX in the world (anything else would upset _their_ users), but then
> eagerly reject the replies.

So, as they don't do it themselves, the other party has to do it, as I
already wrote in my previous email. Anybody who receives email from T-Online
but has experienced rejection when trying to send to them, should reject any
messages from T-Online as well, with the error message stating exactly that
"We reject messages from t-online.de because you reject messages from us".
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 19.10.22 18:43, Alessandro Vesely via mailop wrote:

Do you get this error at the connection or after you transmitted the message?


$ telnet mx00.t-online.de 25
Trying 194.25.134.8...
Connected to mx00.t-online.de.
Escape character is '^]'.
554 IP=378.294.445.288 - A problem occurred. (Ask your postmaster for help or 
to contact t...@rx.t-online.de to clarify.)


Heck, then even if you're getting unblocked like Thomas Walter, it's only until you change ISP.  Sooner or later even GMail will... 


I'm rather sure that Deutsche Telekom has ways of automatically updating the 
whitelist for IPv4 ranges of MAMAA and other sources their customers exchange a 
lot email with. They do not want to accidently block ebay notifications or 
password reset mails from Facebook, Apple, or Google ... But for the rest, 
frankly, no-one really cares — except maybe patients that are asking for 
appointments that never make it back to them ...
-kai

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Slavko via mailop

Dňa 19. októbra 2022 16:07:36 UTC používateľ "Adam Gołębiowski via mailop" 
 napísal:

>How should BNetZa evaluate who is good and who is bad here?

Of course, someone must. As in current state his server's IP is
"bad", only because is not "comercional or similar" (BTW my too,
but i can ignore it).

I am sure, that Heiko will not complain about blocking, when
his server will be on many DNSBL and/or was sending a lot of
SPAMs, doing AUTH attacks, etc.

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 19.10.22 18:25, Michael Peddemors via mailop wrote:

On 2022-10-19 08:38, Carsten Schiefner via mailop wrote:

Grant & all -

if it‘s a .de domain name one does not need a privacy service any longer since 
2018(?) as the GDPR (or its interpretation) mandates that holder data must not 
be available via WHOIS to the general public.


Please provide reference, as this appears to be an interpretation. 


https://www.denic.de/en/whats-new/press-releases/article/extensive-innovations-planned-for-denic-whois-domain-query-proactive-approach-for-data-economy-and/

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 19/10/2022 17:16, Renaud Allard via mailop wrote:


On 10/19/22 16:10, Kai 'wusel' Siering via mailop wrote:

On 19.10.22 15:55, Renaud Allard via mailop wrote:
They blocked at least my non commercial mail server until I added an 
impressum. So, I guess they now block everyone without an impressum. 


But that's the status quo for several years. Question is: do they 
still adhere to that, or would they reject an appliction from you for 
a new sending IP because you're a non commercial mail server.


Actually, I had to contact them and show them the impressum page to be 
whitelisted, so this seems at least partially manual. So, you might need 
to contact them for any new IP. But I hope they are smart enough to 
store the domain names in databases where they can verify the legitimacy 
in a more automated way.


After I contacted them they told me that they only accept e-mail from 
commercial servers, so in my case (private/family server) I would have 
to add an "Impressum" (to the associated www site) in order to make it 
"commercial" (some logic here).


They said once I've done that I should let them know (I just did) and 
they'll add the address to the whitelist. It does look like they check 
that manually.


So regardless of the requirements or logic they may be applying, they do 
seem to be responsive.


Cheers,

--
Bernardo Reino

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 19.10.22 17:49, Carsten Schiefner via mailop wrote:

Having read up the entire thread now, I wonder if this issue might be worth 
raising with Germany‘s federal regulator for (inter alia) postal and telco 
services, BNetzA.

I wonder what would happen if the owner of a 20-storey apartment building would 
only allow properly accredited - according to its own, partly ambiguous rules - 
mail delivery services into the house…

Comments?


I'd be surprised of DT's lawyers wouldn't have checked this policy against any 
remotely applicable regulation or law. But then there's the saying of if you 
ask two lawyers, you get three opinions ;)

It would be less of an issue if t-online.de would take care _not_ to send to domains they 
don't take the replies from; but they happily sent emails to any MX in the world 
(anything else would upset _their_ users), but then eagerly reject the replies. Doing 
that to competitors would make them liable, hence this "we only talk to commercial 
mail servers", I think. Still, any reply from an not-yet-whitelisted mail server 
would bounce, which should be seen as an infringement of §303a StGB, imho. But IANAL ;)

So, yes, as I'm tired of this discussion, I'd like to see this policy probed 
against applicable German law (UWG, StGB, ...; TKG does not apply to email 
according to the ECJ), too. If you can organize something, you have my details 
;-)
-kai
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 19.10.22 18:21, Gellner, Oliver via mailop wrote:

It looks more like t-online.de blocks incoming connections from the whole 
world, except from a list of IP addresses they maintain internally. To get 
added to this list you have to a) contact them manually and b) fulfill 
arbitrary rules that t-online.de set up.


Yepp, that is my understanding and how it felt when talking to the tosa-people 
to get my server(s) whitelisted.


If only 10% of all ESPs in the world would act like this and require manual 
requests so that one MTA can talk to another MTA, email would be unusable.


True. But if you are the biggest fish in the (German) pond (which, from your 
point of view, belongs to you anyway), maybe you try to make these kind of 
one-sided rules? And unless really challenged, why change a working setup?
-kai
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Alessandro Vesely via mailop


On Wed 19/Oct/2022 14:46:39 +0200 Kai 'wusel' Siering via mailop wrote:

On 19.10.22 14:25, Stefano Bagnara via mailop wrote:

On Wed, 19 Oct 2022 at 13:32, Heiko Schlittermann via mailop
 wrote:

A given mailhost (ran privately for smaller entities) can't send
messages to T-Online anymore.

   554 IP=168.119.159.241 - A problem occurred. …

Do you get this error at the connection or after you transmitted the message?


$ telnet mx00.t-online.de 25
Trying 194.25.134.8...
Connected to mx00.t-online.de.
Escape character is '^]'.
554 IP=378.294.445.288 - A problem occurred. (Ask your postmaster for help or 
to contact t...@rx.t-online.de to clarify.)



Heck, then even if you're getting unblocked like Thomas Walter, it's only until 
you change ISP.  Sooner or later even GMail will...


People who can't do email shouldn't run MTAs.


Best
Ale
--





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread William Kern via mailop


Us as well.

We are in the US. That is OUR IP space announced by our ASN.

So I assume we would qualify as a commercial ISP.

That IP (and for the most part our IP space) is clean. That IP has been 
active for years.


I doubt they have seen our IPs before as our customers here in Southern 
California don't send a lot of email to them


They clearly have a default 'block' policy. The reject message is 
presented immediately upon connection.


$ telnet mx00.t-online.de 25
Trying 194.25.134.8...
Connected to mx00.t-online.de.
Escape character is '^]'.
554 IP=66.254.66.70 - A problem occurred. (Ask your postmaster for help 
or to contact t...@rx.t-online.de to clarify.)

Connection closed by foreign host.

-bill

On 10/19/2022 5:46 AM, Kai 'wusel' Siering via mailop wrote:

On 19.10.22 14:25, Stefano Bagnara via mailop wrote:

On Wed, 19 Oct 2022 at 13:32, Heiko Schlittermann via mailop
 wrote:

A given mailhost (ran privately for smaller entities) can't send
messages to T-Online anymore.

   554 IP=168.119.159.241 - A problem occurred. …
Do you get this error at the connection or after you transmitted the 
message?


$ telnet mx00.t-online.de 25
Trying 194.25.134.8...
Connected to mx00.t-online.de.
Escape character is '^]'.
554 IP=378.294.445.288 - A problem occurred. (Ask your postmaster for 
help or to contact t...@rx.t-online.de to clarify.)


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Michael Peddemors via mailop


On 2022-10-19 08:38, Carsten Schiefner via mailop wrote:

Grant & all -

if it‘s a .de domain name one does not need a privacy service any longer since 
2018(?) as the GDPR (or its interpretation) mandates that holder data must not 
be available via WHOIS to the general public.


Please provide reference, as this appears to be an interpretation.  Like 
all GDPR privacy rules, IF THERE IS A VALID REASON.. AND THE PERSON IS 
INFORMED THAT IT IS OCCURRING AND WHY.. (oh, I let the lawyers take it 
from here)




I would not be surprised if that‘d hold true for all ccTLDs where the GDPR is 
applicable.

Best,

-C.


Am 19.10.2022 um 17:23 schrieb Grant Taylor via mailop :

On 10/19/22 7:25 AM, Johann Haarhoff via mailop wrote:
T-Online:

the IP address  is delegated to your provider and there is no owner data in 
the public whois record for your domain.  Thus, the person or company who is 
responsible for this host is essentially anonymous to third parties.

Therefore we would expect that there is a page giving full contact details which can be 
reached via http:// or http://www.


Do you use privacy options in WhoIs for your domain name?  Since you 
(understandably) obfuscated your domain name I can't check.

I wonder if having real, non-privacy options, in a domain name helps with this.



--
Grant. . . .
unix || die

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Adam Gołębiowski via mailop

But that's what is actually happening worldwide, except that these rules 
that apatment building are enforcing are spam filtering and dnsbl.


Not that I like DT's approach, but using BNetzA seems wrong here - once 
we open this path, what should they do when some well-known spammer who 
is in everyone's comes and asks for same?


How should BNetZa evaluate who is good and who is bad here?

W dniu 2022-10-19 o 17:49, Carsten Schiefner via mailop pisze:

Having read up the entire thread now, I wonder if this issue might be worth 
raising with Germany‘s federal regulator for (inter alia) postal and telco 
services, BNetzA.

I wonder what would happen if the owner of a 20-storey apartment building would 
only allow properly accredited - according to its own, partly ambiguous rules - 
mail delivery services into the house…

Comments?


Am 19.10.2022 um 13:39 schrieb Heiko Schlittermann via mailop 
:

Hello,

I'm not sure how to complain and where. But I hope that here we can
start a discussion again. I'm quite upset.

Is this the new world?

A given mailhost (ran privately for smaller entities) can't send
messages to T-Online anymore.

  554 IP=168.119.159.241 - A problem occurred. …

The sending IP belongs to a rented host (rented from a major German
hoster). The answer he (the owner of that host) got was about like this:

(translation by me):
  Sorry, we only accept messages from proven
  commercial or similiar servers. Please use the SMTP relay of your hoster
  or your ISP.

I know that T-Online's postmaster announced this kind of behaviour, but
I didn't expect that they are going to implement it, as I saw enough
complaints here.

 From my point of view they now force smaller MSP into contracts with
bigger mail relays, working towards a centralization of mail services,
which IMHO is exactly the opposite way mail was originally designed to
work as.

@mailops: What's your opinion?

Personally I consider this quite rude, and as a smaller ISP I'll be hit
sooner or later. As an Exim developer I'm asking myself why they
(T-Online) assume that I shouldn't run my own mail service.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de  internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --- key ID: F69376CE -
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Gellner, Oliver via mailop

On 10/19/22 17:16, Renaud Allard via mailop wrote:

> Actually, I had to contact them and show them the impressum page to be
> whitelisted, so this seems at least partially manual. So, you might need to
> contact them for any new IP. But I hope they are smart enough to store the
> domain names in databases where they can verify the legitimacy in a more
>  automated way.

I don't believe there is an automated process. Our MTAs got blocked as well and 
they share the same apex domain as our website which includes an imprint. The 
whois information of the IP addresses include contact information as well and 
everything else t-online.de might ask for. Yet they still got blocked from the 
very first message on.
It looks more like t-online.de blocks incoming connections from the whole 
world, except from a list of IP addresses they maintain internally. To get 
added to this list you have to a) contact them manually and b) fulfill 
arbitrary rules that t-online.de set up.
If only 10% of all ESPs in the world would act like this and require manual 
requests so that one MTA can talk to another MTA, email would be unusable.

--
BR Oliver

dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.

smime.p7s
Description: S/MIME cryptographic signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Carsten Schiefner via mailop

Grant & all -

if it‘s a .de domain name one does not need a privacy service any longer since 
2018(?) as the GDPR (or its interpretation) mandates that holder data must not 
be available via WHOIS to the general public.

I would not be surprised if that‘d hold true for all ccTLDs where the GDPR is 
applicable.

Best,

-C.

> Am 19.10.2022 um 17:23 schrieb Grant Taylor via mailop :
> 
> On 10/19/22 7:25 AM, Johann Haarhoff via mailop wrote:
> T-Online:
>> the IP address  is delegated to your provider and there is no owner data 
>> in the public whois record for your domain.  Thus, the person or company who 
>> is responsible for this host is essentially anonymous to third parties.
>> 
>> Therefore we would expect that there is a page giving full contact details 
>> which can be reached via http:// or http://www.
> 
> Do you use privacy options in WhoIs for your domain name?  Since you 
> (understandably) obfuscated your domain name I can't check.
> 
> I wonder if having real, non-privacy options, in a domain name helps with 
> this.
> 
> 
> 
> -- 
> Grant. . . .
> unix || die
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Michael Peddemors via mailop


On 2022-10-19 07:52, Slavko via mailop wrote:

For the record, while they might be going about it the wrong way, 
transparency is key to reputation.


If you obfuscate, or don't have an associated URL with the domain in the 
PTR records, it makes it hard for someone to contact the operator of the 
email server when there is a problem.


Expect more of this in the future.  While we all commiserate with those 
concerned about privacy, if you want to operate an email server in 
todays world, you should be willing to be openly responsible for that 
activity.




As an aside, tracking a large increase in compromised Calix Routers spam 
activity that started yesterday.. Check your networks.. block port 25 on 
egress ..



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Carsten Schiefner via mailop

Having read up the entire thread now, I wonder if this issue might be worth 
raising with Germany‘s federal regulator for (inter alia) postal and telco 
services, BNetzA.

I wonder what would happen if the owner of a 20-storey apartment building would 
only allow properly accredited - according to its own, partly ambiguous rules - 
mail delivery services into the house…

Comments?

> Am 19.10.2022 um 13:39 schrieb Heiko Schlittermann via mailop 
> :
> 
> Hello,
> 
> I'm not sure how to complain and where. But I hope that here we can
> start a discussion again. I'm quite upset.
> 
> Is this the new world?
> 
> A given mailhost (ran privately for smaller entities) can't send
> messages to T-Online anymore.
> 
>  554 IP=168.119.159.241 - A problem occurred. …
> 
> The sending IP belongs to a rented host (rented from a major German
> hoster). The answer he (the owner of that host) got was about like this:
> 
> (translation by me): 
>  Sorry, we only accept messages from proven
>  commercial or similiar servers. Please use the SMTP relay of your hoster
>  or your ISP.
> 
> I know that T-Online's postmaster announced this kind of behaviour, but
> I didn't expect that they are going to implement it, as I saw enough
> complaints here.
> 
> From my point of view they now force smaller MSP into contracts with
> bigger mail relays, working towards a centralization of mail services,
> which IMHO is exactly the opposite way mail was originally designed to
> work as.
> 
> @mailops: What's your opinion?
> 
> Personally I consider this quite rude, and as a smaller ISP I'll be hit
> sooner or later. As an Exim developer I'm asking myself why they
> (T-Online) assume that I shouldn't run my own mail service.
> 
>Best regards from Dresden/Germany
>Viele Grüße aus Dresden
>Heiko Schlittermann
> --
> SCHLITTERMANN.de  internet & unix support -
> Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
> gnupg encrypted messages are welcome --- key ID: F69376CE -
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders




On 10/19/22 16:10, Kai 'wusel' Siering via mailop wrote:

On 19.10.22 15:55, Renaud Allard via mailop wrote:
They blocked at least my non commercial mail server until I added an 
impressum. So, I guess they now block everyone without an impressum. 


But that's the status quo for several years. Question is: do they still 
adhere to that, or would they reject an appliction from you for a new 
sending IP because you're a non commercial mail server.


Actually, I had to contact them and show them the impressum page to be 
whitelisted, so this seems at least partially manual. So, you might need 
to contact them for any new IP. But I hope they are smart enough to 
store the domain names in databases where they can verify the legitimacy 
in a more automated way.


The later is 
what their recent reply to some people implies; unfortunately I only 
know of a German language version of that, dated about a month ago:



Nachdem wir nur nachvollziehbar kommerziellen und vergleichbaren
Betreibern erlauben, sich mit unseren Mailservern zu verbinden,
verwenden Sie als/für Privatnutzer bitte ein SMTP-Relay bzw. Mailgateway
des Hosters oder ISPs, um E-Mails im Rahmen der vertraglichen Leistungen
vom Mailserver über dessen offizielles Mailgateway zu senden. Der
dortige Support ist Ihnen bei der Konfiguration sicherlich gerne
behilflich.

Für weitere Informationen und Hinweise beachten Sie bitte auch unsere
FAQ: https://postmaster.t-online.de/


On that link, as of today, still the imprint stuff is listed as a 
prerequisite to be whitelisted, so the question remains: did Deutsche 
Telekom change their policy or "just" their wording?


I think it was already like this when I contacted them in January. But I 
never went to the German language page, only the English one.


smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Grant Taylor via mailop


On 10/19/22 7:25 AM, Johann Haarhoff via mailop wrote:
T-Online:
the IP address  is delegated to your provider and there 
is no owner data in the public whois record for your domain. 
 Thus, the person or company who is responsible for this host is 
essentially anonymous to third parties.


Therefore we would expect that there is a page giving full contact 
details which can be reached via http:// or 
http://www.


Do you use privacy options in WhoIs for your domain name?  Since you 
(understandably) obfuscated your domain name I can't check.


I wonder if having real, non-privacy options, in a domain name helps 
with this.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Slavko via mailop

Dňa 19. októbra 2022 13:49:08 UTC používateľ Kai 'wusel' Siering via mailop 
 napísal:

>It's not the first time this has been discussed, and I doubt that any amount 
>of complaints from 3-mails-a-month-to-t-online operators would change their 
>mind. Unfortunately, they are quite big in terms of mail addresses, whereas 
>you and I aren't — thus far "the oligopoly has won".

It is incorrect approach, you give up without a fight. And
nobody other will fight on behalf you...

And that approach is exactly, what they expect (calculate
with).

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 19.10.22 15:55, Renaud Allard via mailop wrote:
They blocked at least my non commercial mail server until I added an impressum. So, I guess they now block everyone without an impressum. 


But that's the status quo for several years. Question is: do they still adhere 
to that, or would they reject an appliction from you for a new sending IP 
because you're a non commercial mail server. The later is what their recent 
reply to some people implies; unfortunately I only know of a German language 
version of that, dated about a month ago:


Nachdem wir nur nachvollziehbar kommerziellen und vergleichbaren
Betreibern erlauben, sich mit unseren Mailservern zu verbinden,
verwenden Sie als/für Privatnutzer bitte ein SMTP-Relay bzw. Mailgateway
des Hosters oder ISPs, um E-Mails im Rahmen der vertraglichen Leistungen
vom Mailserver über dessen offizielles Mailgateway zu senden. Der
dortige Support ist Ihnen bei der Konfiguration sicherlich gerne
behilflich.

Für weitere Informationen und Hinweise beachten Sie bitte auch unsere
FAQ: https://postmaster.t-online.de/


On that link, as of today, still the imprint stuff is listed as a prerequisite to be 
whitelisted, so the question remains: did Deutsche Telekom change their policy or 
"just" their wording?

Regards,
-kai
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders




On 10/19/22 15:49, Kai 'wusel' Siering via mailop wrote:


But see my initial reply: it's unclear as of now if section 4.1 of their 
postmaster site still applies, or if they now reject any application 
from "non-commercial" mailservers (as their current statement implies).




They blocked at least my non commercial mail server until I added an 
impressum. So, I guess they now block everyone without an impressum.


smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

On 19.10.22 14:28, Bernardo Reino via mailop wrote:

The 554 occurs while connecting, so they really reject only based on the
IP/range, which is indeed quite brutal.

Hopefully this is just a misconfiguration (or a badly interpreted/implemented policy).

No, it isn't. It's the way Deutsche Telekom is 'protecting' their t-online.de
mail service. The are the incumbent in Germany's telco market, and it's quite
hard to get fixed line Internet access without them being part of the service
stack some way or the other. (Nearly any German DSL line is owned, and at the
bitlevel operated, by Deutsche Telekom/it's subsidiaries.)

Ironically, if you just go to https://t-online.de and search for "Impressum" (imprint), you learn
that "t-online ist ein Angebot der Ströer Content Group" ("t-online is a service of Ströer
Content Group") — the requirement of Deutsche Telekom, that there should be a web page on the mail
domain with an imprint identifying the operator ... is misleading for there very own mail service ;-)

Maybe they'll reconsider (not because of my e-mail, but because of the flood of complaints that should be — surely? — arriving .

It's not the first time this has been discussed, and I doubt that any amount of
complaints from 3-mails-a-month-to-t-online operators would change their mind.
Unfortunately, they are quite big in terms of mail addresses, whereas you and I aren't —
thus far "the oligopoly has won".

But see my initial reply: it's unclear as of now if section 4.1 of their postmaster site
still applies, or if they now reject any application from "non-commercial"
mailservers (as their current statement implies).

Regards,
-kai
**___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

> Is this the new world?
>
> A given mailhost (ran privately for smaller entities) can't send
> messages to T-Online anymore.

I had a similar problem earlier this year which I couldn't resolve, so I've ended up just accepting I cannot deliver to
t-online.de

After some back and forth with (an admittedly very friendly) support person, the thing they got hung up on was that I
didn't have my full contact information displayed on a website matching the email domain.

This was for a email-only domain and a personal server with 7 users, and I didn't feel like a) spinning up a webserver,
and b) publishing my personal telephone numbers online. After mentioning this to the support person, they also
recommended I pay somebody to relay my mail for me. :(

Relevant snippets form the help-desk conversation below the signoff:

Regards,

Johann

T-Online:

"...In particular, we recommend choosing a host name that indicates its
usage as a mail server (eg. mail.example.com) and to ensure the host's
domain leads to a website providing full contact details" <<--!!

Unfortunately "domain" does not yet meet these requirements
because there is no legal contact information at "domain".

Me:

That's not going to happen, abuse@domain and postmaster@domain are actively
monitored which is good enough for
everybody else, but apparently not for t-online. An unreasonable request if I
may say so.

T-Online:

the IP address is delegated to your provider and there
is no owner data in the public whois record for your domain.
Thus, the person or company who is responsible for this host is
essentially anonymous to third parties.

Therefore we would expect that there is a page giving full contact
details which can be reached via http:// or
http://www.

Me:
is a small mail server. I have 7 users, all of which are members of my immediate family. Exactly whose
details are you expecting me to publish? Are you really asking me to post my personal cellphone number and home

address on the internet? Would you publish yours?

I maintain that keeping a careful watch on abuse@ and postmaster@ should be
enough to resolve any email related
problems that may ever arise between yourselves and us.

Of course, you are free to accept or reject any email you like (your network,
our rules), but I would also hope that
you are in the business of delivering legitimate email to your users.

Thank you for your time.

T-Online:

if you want to run your mail server anonymously (which we would
understand), please relay your mails via a mail gateway of your hoster
or another provider with whom you have a contractual relationship.
(Free mail gateways can also be found on the Internet, e.g. from Gmail:
)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Taavi Eomäe via mailop

I have my doubts about t-online.de caring about SPF+DKIM+DMARC, not 
having deployed it themselves. It has been quite tedious to filter spam 
abusing that domain.



On 19/10/2022 15:25, Stefano Bagnara via mailop wrote:

On Wed, 19 Oct 2022 at 13:32, Heiko Schlittermann via mailop
 wrote:

A given mailhost (ran privately for smaller entities) can't send
messages to T-Online anymore.

   554 IP=168.119.159.241 - A problem occurred. …

Do you get this error at the connection or after you transmitted the message?

If you get the error after the "DATA" and "." then maybe you just need
DKIM+DMARC compliance for your emails.

In this case look for an old thread here:
"DKIM+DMARC at t-online.de (Deutsche Telekom's ISP branche)" by
florian.kun...@telekom.de (Apr 6 2021)



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders




On 10/19/22 13:33, Heiko Schlittermann via mailop wrote:

Hello,

I'm not sure how to complain and where. But I hope that here we can
start a discussion again. I'm quite upset.

Is this the new world?

A given mailhost (ran privately for smaller entities) can't send
messages to T-Online anymore.

   554 IP=168.119.159.241 - A problem occurred. …



Do you have an impressum page on your website? T-online will reject any 
mail from a server without an impressum. This happened to me this year 
and, after contacting them, they made it clear that I would not be able 
to send mails to them without that impressum.

Check this URL too:
https://postmaster.t-online.de/index.en.html#t4.1


The sending IP belongs to a rented host (rented from a major German
hoster). The answer he (the owner of that host) got was about like this:

(translation by me):
   Sorry, we only accept messages from proven
   commercial or similiar servers. Please use the SMTP relay of your hoster
   or your ISP.

I know that T-Online's postmaster announced this kind of behaviour, but
I didn't expect that they are going to implement it, as I saw enough
complaints here.

 From my point of view they now force smaller MSP into contracts with
bigger mail relays, working towards a centralization of mail services,
which IMHO is exactly the opposite way mail was originally designed to
work as.

@mailops: What's your opinion?

Personally I consider this quite rude, and as a smaller ISP I'll be hit
sooner or later. As an Exim developer I'm asking myself why they
(T-Online) assume that I shouldn't run my own mail service.

 Best regards from Dresden/Germany
 Viele Grüße aus Dresden
 Heiko Schlittermann
--
  SCHLITTERMANN.de  internet & unix support -
  Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
  gnupg encrypted messages are welcome --- key ID: F69376CE -


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 2022-10-19 14:25, Stefano Bagnara via mailop wrote:

On Wed, 19 Oct 2022 at 13:32, Heiko Schlittermann via mailop
 wrote:

A given mailhost (ran privately for smaller entities) can't send
messages to T-Online anymore.

  554 IP=168.119.159.241 - A problem occurred. …


Do you get this error at the connection or after you transmitted the 
message?


It happens while connecting, so it's blocking on the IP address.

Even though I'm a tiny "provider" (4 users :), I've sent an e-mail to 
postmas...@rx.t-online.de (note the "rx", which you need if you are 
being blocked from contacting the usual postmas...@t-online.de address), 
to let them know that their users will be missing a lot of e-mails 
(Germany is quite "diverse" ISP-wise).


Maybe they'll reconsider (not because of my e-mail, but because of the 
flood of complaints that should be — surely? — arriving :).


We'll see..
Bernardo
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


Moin,

on 19.10.22 13:33, Heiko Schlittermann via mailop wrote:

I'm not sure how to complain and where. But I hope that here we can
start a discussion again. I'm quite upset.


Personally I doubt any discussion on whatever mailing list would make Deutsche 
Telekom change their mind about this. They practice this policy of reject 
unless whitelisted for ages, literally, and obviously are quite happy with the 
outcome.


Is this the new world?


Maybe, maybe not, see below.


(translation by me):
  Sorry, we only accept messages from proven
  commercial or similiar servers. Please use the SMTP relay of your hoster
  or your ISP.


This being Deutsche Telekom, I'm rather sure half a dozen of their lawyers did 
look into this new modus operandi and ack'd it before it got implemented.

Although: According to https://postmaster.t-online.de/#t4.1, as this is an ISP's IP 
address, one "just" needs to ensure that the domain leads to a website with an 
imprint. This isn't followed here at all:

$ dig +short -x 168.119.159.241
mx01.poskantoor.de.
$ dig +short a mx01.poskantoor.de.
168.119.159.241
$ host poskantoor.de.
poskantoor.de mail is handled by 10 mx01.poskantoor.de.
poskantoor.de mail is handled by 20 mx02.poskantoor.de.
$ host www.poskantoor.de.
Host www.poskantoor.de. not found: 3(NXDOMAIN)
$ wget -O - https://mx01.poskantoor.de
[…]
Welcome to nginx!
[…]

If I'd spot that IP in my mail logs with errors, I'd block it at the IP level 
right away.


I know that T-Online's postmaster announced this kind of behaviour, but
I didn't expect that they are going to implement it, as I saw enough
complaints here.


Well, it's discussed here and there every now and then — last time I'm aware of was a 
month ago, over at DENOG. The main change is the wording of the manual reply. According 
to their postmaster site, whitelisting is still possible, but the setup we're discussing 
about doesn't even TRY to comply. So the question remains, is there a real change or did 
they "just" get a more bullet-proof reply text from their lawyers? Has anyone 
recently tried to whitelist one's sending IP in a setup that complies with their section 
4.1?


Personally I consider this quite rude, and as a smaller ISP I'll be hit
sooner or later. As an Exim developer I'm asking myself why they
(T-Online) assume that I shouldn't run my own mail service.


Well, I do for 30+ years now, and I don't approve of Deutsche Telekom's 
approach at all. If I become aware of such blockage, I usually block those 
sender domains with their error code, pointing to their postmaster to fix 
things.

Currently, mx*.t-online.de still let's my old IP deliver mails to them, but if 
they ever stop this (as happens about every other year for whatever reason), 
I'm basically done with them.

Regards,
-kai

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders


On 19.10.22 14:25, Stefano Bagnara via mailop wrote:

On Wed, 19 Oct 2022 at 13:32, Heiko Schlittermann via mailop
 wrote:

A given mailhost (ran privately for smaller entities) can't send
messages to T-Online anymore.

   554 IP=168.119.159.241 - A problem occurred. …

Do you get this error at the connection or after you transmitted the message?


$ telnet mx00.t-online.de 25
Trying 194.25.134.8...
Connected to mx00.t-online.de.
Escape character is '^]'.
554 IP=378.294.445.288 - A problem occurred. (Ask your postmaster for help or 
to contact t...@rx.t-online.de to clarify.)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders

2022-10-19 Thread Slavko via mailop

Dňa 19. októbra 2022 12:00:55 UTC používateľ Hans-Martin Mosner via mailop 
 napísal:

>But there's another side to the story:
>
>That hoster is Hetzner. With their equally unacceptable policies regarding 
>abuse reports, they are at least partially creating this problem for their 
>customers themselves.

Yes, one can read in recent Spamhaus botnet report (Q3 2022) about
Hetzner, and that would be acceptable reason to reject, but in
postmaster's reply is nothing about bad reputation. It is only about
type of provider, and that is discriminative (at least in civilized world).

I will guess (hope), that Germany has some tools to fight with that type
of discrimination, you can try to use that.

While i do not remember any contact (connection) from it on my MTA,
i am willing to support your fight with it by blocking their MTAs, if you
will ask that.

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] T-Online is now really blocking messages from non-commercial and simliar senders