Re: [mailop] dnsbl.spam.fail

[John R Levine via mailop]

I also block most mail from Hetzner's network. It's not a vendetta,
it's not extortion, it's purely practical. My time is not unlimited,
the vast majority of the mail from that network is spam and if a tiny
bit of real mail gets lost, so be it. It is not worth my time to make
exceptions in my filtering rules.


If you're the only user on the system, then sure, fine -- your mail, your 
choice, but in my case I have "normal" users, ...


I also have normal users, and if they complain I make their mail work. 
But they've never complained about losing mail from Hetzner.


They complain a lot about losing mail but it very rarely has to do with 
local blocks.  More often it's either that the sender is taking a long 
time to get around to it, or don't send at all because their ESP decided 
not to send it.


Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Hetzner Blacklist via mailop]

Am 12.12.2023 um 07:37 schrieb Kirill Miazine via mailop:
But we're getting off-topic, my initial post triggered by discovery of 
the "new" dnsbl.spam.fail list, which I never had experienced earlier, 
and that question has been answered.


For the record, I reached out to Domeneshop yesterday.

Over the years there have been a handful of individuals/companies who 
have decided to block our ranges, or even our entire ASN. After reaching 
out, about half of them were willing to discuss the situation and then 
remove the blocks. I'm hoping Domeneshop will be one of them.


Kind regards

Bastiaan van den Berg
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Kirill Miazine via mailop]

• John Levine via mailop [2023-12-11 22:00]:

It appears that Gellner, Oliver via mailop  said:

And to add a rant to that: I don’t have much sympathy for operators that are 
trying to use their control over a MTA or DNSBL as some
kind of extortion tool or to put forward their own vendettas.


I also block most mail from Hetzner's network. It's not a vendetta,
it's not extortion, it's purely practical. My time is not unlimited,
the vast majority of the mail from that network is spam and if a tiny
bit of real mail gets lost, so be it. It is not worth my time to make
exceptions in my filtering rules.


If you're the only user on the system, then sure, fine -- your mail, 
your choice, but in my case I have "normal" users, and I don't want to 
throw my users' email away, so even OVH can't be blocked, as e.g. Migadu 
is/was using OVH. Of course, an option is making individual exception, 
as Domeneshop does here, but the trigger for the exception is that a 
non-spammer is affected by the block.



If you want people to accept your mail, act like someone who wants
people to do so, and that starts by not sending it from a network
that gushes spam.  Believe me, Hetzner's not the only one.


As a matter of fact I move my mail server to Hetzner only recently, 
until then I was using TransIP for a decade. But also a "test lab" at 
Hetzner, so I decided to just merge everything at Hetzner, as they're 
closer to me geographically, and after considering Hetzner's reputation 
for email: what has been decisive to give it a try is that a number of 
email providers seem to be using them. Initially it was a backup 
dedicated server, there were no issues at all (except one with Fastmail 
responding with 4xx instead of 5xx for a user which no longer existed, 
and reporting re-delivery attempts to senderscore, but that doesn't have 
anything to do with Hetzner).


I am still evaluating Hetzner as email source, though, and have a couple 
of hosts at Mythic Beasts, and have setup ready to let the mail flow 
through them, in case of any issues, but mostly it has been fine-ish.


I'm open for good alternatives in/close to Scandinavia. I had considered 
UpCloud, but comments on the list made me reconsider that option. Also, 
this is a personal setup, so price does indeed matter. :)


But we're getting off-topic, my initial post triggered by discovery of 
the "new" dnsbl.spam.fail list, which I never had experienced earlier, 
and that question has been answered.



R's,
John

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[John Levine via mailop]

It appears that Gellner, Oliver via mailop  said:
>And to add a rant to that: I don’t have much sympathy for operators that are 
>trying to use their control over a MTA or DNSBL as some
>kind of extortion tool or to put forward their own vendettas. 

I also block most mail from Hetzner's network. It's not a vendetta,
it's not extortion, it's purely practical. My time is not unlimited,
the vast majority of the mail from that network is spam and if a tiny
bit of real mail gets lost, so be it. It is not worth my time to make
exceptions in my filtering rules.

If you want people to accept your mail, act like someone who wants
people to do so, and that starts by not sending it from a network
that gushes spam.  Believe me, Hetzner's not the only one.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Kirill Miazine via mailop]

• Gellner, Oliver via mailop [2023-12-11 21:29]:

Even if there are a lot of addresses in that netblock that are sending
spam, Domeneshop now officially knows that at least one IP address does
not (Kirills). It would be trivial to exclude it from their blocking,


Domeneshop shall be given due credit here, as they added an exception 
for my IP very quickly.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Gellner, Oliver via mailop]

> On 11.12.2023 at 12:11 Kirill Miazine via mailop wrote:
>
> Also, Domeneshop confirmed they operate spam.fail as internal list and
> that they indeed have blacklisted Hetzner ranges because "lack of abuse
> handling":
>
> 
> The IP belongs to Hetzner which have a full lack of abuse handling.
> A broad range of IP addresses within the block the IP address you are
> requesting about s constantly being abused to spam and scam campaigns,
> and Hetzner does nothing about it.
> 
>
> Their MX, their rules...

While it‘s nice that they replied, their answer doesn’t really show any will to 
solve the problem. In this regard it’s comparable to the meaningless 
boilerplates you receive from Microsoft and the likes.

And to add a rant to that: I don’t have much sympathy for operators that are 
trying to use their control over a MTA or DNSBL as some kind of extortion tool 
or to put forward their own vendettas. Even if there are a lot of addresses in 
that netblock that are sending spam, Domeneshop now officially knows that at 
least one IP address does not (Kirills). It would be trivial to exclude it from 
their blocking, yet they apparently decided to continue to blacklist the 
server, to punish innocent bystanders, to prevent their own users from getting 
legitimate messages which they are waiting for and to generate false positives 
on full purpose. All this to push forward their own agenda in trying to force 
another service provider to act in a way Domeneshop sees as appropriate.
For a private email server, I‘m all with „their MX, their rules“, but for a 
company that offers mail services to customers I expect a little more 
professionalism.

—
BR Oliver


dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Atro Tossavainen via mailop]

> The residential address of the operator is a risk, because spamming is
> a criminal activity in most countries and spammers are sometimes
> organized like the mafia. They hate those lists and try to bring them
> down by all kinds of attacks. Not providing them more attack surface
> than necessary isn't a bad idea.

Domeneshop does not have a residential address.

They list their corporate physical address on their website.

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, https://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Marco Moock via mailop]

Am 11.12.2023 um 09:26:36 Uhr schrieb Kirill Miazine:


> • Marco Moock [2023-12-11 09:13]:
> [...]
> > > 
> > > Anyone has any experience with this list or who the operator is?
> > >   
> > 
> > The latter is something they hide because spammers would threat them
> > otherwise.  
> 
> Then does it make sense to reference that list in SMTP responses at
> all?

Yes, because admins of the IP can then check that list and find out why
they were listed.

The residential address of the operator is a risk, because spamming is
a criminal activity in most countries and spammers are sometimes
organized like the mafia. They hate those lists and try to bring them
down by all kinds of attacks. Not providing them more attack surface
than necessary isn't a bad idea.
Providing a residential address means spammers and ISPs hosting them
have an easy way to abuse that address for fraudulent orders, treating
the people living there personally and other nasty stuff.

> > > Inability to do external DNS lookups makes it impossible to
> > > monitor for presence on their list.
> > 
> > Why is that impossible for your?  
> 
> Well, I *could*, but then I'd have to deploy something at them to be
> able to do lookups from their network, as the zone does not answer
> external queries. Here trying from my system:
> 
> km@stable ~ $ dig +short 125.153.108.65.dnsbl.spam.fail
> km@stable ~ $ 

Ok, interesting.
It seems the list is not public like others.

The only way to get information is their website, I was able to query
it.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Marco Moock via mailop]

Am 11.12.2023 um 12:04:44 Uhr schrieb Kirill Miazine via mailop:

> The IP belongs to Hetzner which have a full lack of abuse handling.
> A broad range of IP addresses within the block the IP address you are
> requesting about s constantly being abused to spam and scam campaigns,
> and Hetzner does nothing about it. 

That is most likely the reason it is listed. Parts of that network are
also regular listed on uceprotect level2.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Atro Tossavainen via mailop]

> Well, yeah, not really _impossible_, but I was referring to doing
> monitoring based on DNS lookups, as is normal for DNS BL.

Of course.

> Also, Domeneshop confirmed they operate spam.fail as internal list

OK. I tried tagging them on LinkedIn; it's an automatically generated
corporate page with no owner. I tried tagging Asgeir Kristofersson, a
person who reports currently working there; the tagging was automatically
removed.

> that they indeed have blacklisted Hetzner ranges because "lack of abuse
> handling":

Bastiaan van den Berg even participates here from time to time. Not
that mailing list participation equals anything with respect to
abuse handling.

> Their MX, their rules...

Indeed, but a little bit of transparency would go a long way.

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, https://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Kirill Miazine via mailop]

• Atro Tossavainen via mailop [2023-12-11 09:54]:
> > Inability to do external DNS lookups makes it impossible to monitor
> > for presence on their list.
> 
> https://spam.fail/search?ip=127.0.0.2

Well, yeah, not really _impossible_, but I was referring to doing
monitoring based on DNS lookups, as is normal for DNS BL.

As they aren't providing an API either, I ended up doing doing HTTP GET
check and string matching, along the lines of

curl -s https://spam.fail/search?ip=foo|grep -q 'is not blacklisted'||echo foo 
blacklisted

Also, Domeneshop confirmed they operate spam.fail as internal list and
that they indeed have blacklisted Hetzner ranges because "lack of abuse
handling":


The IP belongs to Hetzner which have a full lack of abuse handling.
A broad range of IP addresses within the block the IP address you are
requesting about s constantly being abused to spam and scam campaigns,
and Hetzner does nothing about it. 


Their MX, their rules...

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Marco Moock via mailop]

Am 10.12.2023 um 14:27:35 Uhr schrieb Kirill Miazine:

> • Marco Moock via mailop [2023-12-10 11:24]:
> > Am 10.12.2023 um 10:55:21 Uhr schrieb Kirill Miazine via mailop:
> >   
> >> The block is quite new, I guess spam.fail operators just took
> >> Hetzner's IP ranges and put in their lists  
> > 
> > https://spam.fail/search?ip=65.108.153.125
> > 
> > It really seems that the entire /15 IPv4 net is on the blacklist.
> > You IPv6 is not on the list.  
> 
> Anyone has any experience with this list or who the operator is?

The latter is something they hide because spammers would threat them
otherwise.

> Inability to do external DNS lookups makes it impossible to monitor
> for presence on their list.

Why is that impossible for your?
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Atro Tossavainen via mailop]

> Inability to do external DNS lookups makes it impossible to monitor
> for presence on their list.

https://spam.fail/search?ip=127.0.0.2

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Kirill Miazine via mailop]

• Marco Moock via mailop [2023-12-10 11:24]:

Am 10.12.2023 um 10:55:21 Uhr schrieb Kirill Miazine via mailop:


The block is quite new, I guess spam.fail operators just took
Hetzner's IP ranges and put in their lists


https://spam.fail/search?ip=65.108.153.125

It really seems that the entire /15 IPv4 net is on the blacklist.
You IPv6 is not on the list.


Anyone has any experience with this list or who the operator is?

I suspect it could even be Domeneshop's own list, as it uses their name 
servers. And looking up e.g. 125.153.108.65.dnsbl.spam.fail is not 
possible from anywhere except their own network (I tested from their 
webhosting shell login server).


Inability to do external DNS lookups makes it impossible to monitor for 
presence on their list.



Maybe just ask them to remove your address from that if too many
spammers used that network in the past.


I already did request a manual delisting, which is "a manual process, 
and may therefore take a few days", and also shared my concern with the 
owners, who are competent guys, and hopefully will push forward a 
resolution.


This is ironic, as I've always had a whitelist entry for Domeneshop's 
servers, in case _they_ end up on some blacklist, and then they added me 
to their blacklist.


Checked IP of a friend, who also hosts his personal mail server on 
Hetzner, and he's blacklisted as well.


For now I will configure delivery to use a Mythic Beasts host I have 
around (let's see how this message derlivery flows)... MB seem to have a 
better network reputation.



According to uceprotect, parts of that net were used by spammers
recently:

http://www.uceprotect.net/de/rblcheck.php?asn=24940
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] dnsbl.spam.fail

[Marco Moock via mailop]

Am 10.12.2023 um 10:55:21 Uhr schrieb Kirill Miazine via mailop:

> The block is quite new, I guess spam.fail operators just took
> Hetzner's IP ranges and put in their lists

https://spam.fail/search?ip=65.108.153.125

It really seems that the entire /15 IPv4 net is on the blacklist.
You IPv6 is not on the list.

Maybe just ask them to remove your address from that if too many
spammers used that network in the past.

According to uceprotect, parts of that net were used by spammers
recently:

http://www.uceprotect.net/de/rblcheck.php?asn=24940
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] dnsbl.spam.fail

[Kirill Miazine via mailop]

Hi, list

Started getting reports of failed deliveries due to listing on some -- 
until now unknown to me -- DNSBL called dnsbl.spam.fail. I have never 
seen it before -- anyone has a clue what this list is about?


It's used by Norwegian provider Domeneshop, and they have quite a big 
share of non-microsoft/google email hosting in Norway, so this listing 
is quite annoying for my users.


The block is quite new, I guess spam.fail operators just took Hetzner's 
IP ranges and put in their lists


Thanks
Kirill
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop