Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Odhiambo Washington via mailop 
On Sun, Mar 31, 2024 at 6:30 PM Slavko via mailop  wrote:

> Dňa 31. marca 2024 15:02:31 UTC používateľ Odhiambo Washington via mailop <
> mailop@mailop.org> napísal:
>
> >> Something bad seems to have gained the ability to use that IP...
> >>
> >
> >Not that easy unless there is some recent exploit that I am not aware of.
>
> Don't seems as neighbor problem...
>
> checkrbl 41.212.32.14
>
> Found in "Spamhaus ZEN DQS" (zen.dq.spamhaus.net):
>  * CSS, Snowshoe SPAM (127.0.0.3)
>  * XBL, exploited, open proxy or botnet (127.0.0.4)
>  * PBL, end user (from Spamhaus) (127.0.0.11)
>
> checkrbl 41.212.32.15
> Found in "Spamhaus ZEN DQS" (zen.dq.spamhaus.net):
>  * PBL, end user (from Spamhaus) (127.0.0.11)
>
> checkrbl 41.212.32.16
> Found in "Spamhaus ZEN DQS" (zen.dq.spamhaus.net):
>  * PBL, end user (from Spamhaus) (127.0.0.11)
>
> regards
>

I have got the ISP to deal with it.

Might someone know what I must do to get data showing on
https://postmaster.google.com/managedomains ?
I have two verified domains in there, but nothing on the (expected)
dashboard.

https://imgur.com/a/g3DhGWJ


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Julian Bradfield via mailop 
On 2024-03-31, Slavko via mailop  wrote:
> Dňa 31. marca 2024 15:02:31 UTC používateľ Odhiambo Washington via mailop 
>  napísal:
>
>>> Something bad seems to have gained the ability to use that IP...
>>>
>>
>>Not that easy unless there is some recent exploit that I am not aware of.
>
> Don't seems as neighbor problem...

Cisco Talos thinks there is a lot of spam coming from
41.212.32.190

It also thinks 41.212.32.14 has been very spammy in recent
months.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread John Levine via mailop 
It appears that Odhiambo Washington via mailop  said:
>> checkrbl 41.212.32.15
>> Found in "Spamhaus ZEN DQS" (zen.dq.spamhaus.net):
>>  * PBL, end user (from Spamhaus) (127.0.0.11)
>>
>> checkrbl 41.212.32.16
>> Found in "Spamhaus ZEN DQS" (zen.dq.spamhaus.net):
>>  * PBL, end user (from Spamhaus) (127.0.0.11)

You're still going to have problems sending mail until you take it out
of the PBL.

Start here:

https://check.spamhaus.org/listed/?searchterm=41.212.32.14

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Odhiambo Washington via mailop 
I have just had several email bounces from a mailing list that I have been
running since 2005.
I have contacted Google using this form

and gotten a reference number 7-289335971.

The strangest thing is that I have gotten only 37 bounces whereas my
mailing list has several hundreds of gmail.com addresses.

The bounce text looks like this:

```
  john...@gmail.com
host alt2.gmail-smtp-in.l.google.com [142.251.9.26]
SMTP error from remote mail server after end of data:
550-5.7.1 [41.212.32.14] The IP you're using to send mail is not
authorized to
550-5.7.1 send email directly to our servers. Please use the SMTP relay
at your
550-5.7.1 service provider instead. For more information, go to
550 5.7.1  https://support.google.com/mail/?p=NotAuthorizedError
j21-20020a508a9500b0056bacdf79e0si3584946edj.443
- gsmtp
```
Now, this server - 41.212.32.14 - is authorized (by ALL DNS requirements
and policies)  to handle mail for lists.kictanet.or.ke which is the domain
name used for the mailing lists.

Why would this happen?

Last but not least, I have never seen any data on the Postmaster Tools web
UI. How do you guys set that up so that you get reports/data from Gmail?


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Odhiambo Washington via mailop 
On Sun, Mar 31, 2024 at 6:55 PM Julian Bradfield via mailop <
mailop@mailop.org> wrote:

> On 2024-03-31, Slavko via mailop  wrote:
> > Dňa 31. marca 2024 15:02:31 UTC používateľ Odhiambo Washington via
> mailop  napísal:
> >
> >>> Something bad seems to have gained the ability to use that IP...
> >>>
> >>
> >>Not that easy unless there is some recent exploit that I am not aware of.
> >
> > Don't seems as neighbor problem...
>
> Cisco Talos thinks there is a lot of spam coming from
> 41.212.32.190
>
> It also thinks 41.212.32.14 has been very spammy in recent
> months.
>


Thank you so much for this info about  41.212.32.190. I have shared it with
the ISP.

Ass regards  41.212.32.14, I have very tight control over that host to the
extent I don't think it can ever send spam.
The Mailing Lists that it runs are also tightly controlled.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Slavko via mailop 
Dňa 31. marca 2024 17:06:30 UTC používateľ Richard W via mailop 
 napísal:
>That Spamhaus listing is PBL, not an indication of bad.  Your ISP must have 
>decided, or Spamhaus decided you shouldn't be sending mail. Looks like the 
>whole /24 is on PBL.

PBL is not (bigest) problem, the worse part is XBL & SBL...

I guess, that despite of PBL, the mail (ML) server has stable
IP (as indicated by "all DNS auth", thus i expect PTR too), thus
that cannot be bad actor previously used that IP. If not, then
any effort will be reset on nect IP change...

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Richard W via mailop 

41.212.32.14 is PBL only.  Other IPs in the /24 have other listings

Richard

On 2024-03-31 12:02 p.m., Slavko via mailop wrote:

Dňa 31. marca 2024 17:06:30 UTC používateľ Richard W via mailop 
 napísal:

That Spamhaus listing is PBL, not an indication of bad.  Your ISP must have 
decided, or Spamhaus decided you shouldn't be sending mail. Looks like the 
whole /24 is on PBL.


PBL is not (bigest) problem, the worse part is XBL & SBL...

I guess, that despite of PBL, the mail (ML) server has stable
IP (as indicated by "all DNS auth", thus i expect PTR too), thus
that cannot be bad actor previously used that IP. If not, then
any effort will be reset on nect IP change...

regards



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Odhiambo Washington via mailop 
On Sun, Mar 31, 2024 at 8:54 PM Benny Pedersen via mailop 
wrote:

> Julian Bradfield via mailop skrev den 2024-03-31 17:35:
>
> > It also thinks 41.212.32.14 has been very spammy in recent
> > months.
>
> oh https://multirbl.valli.org/lookup/41.212.32.14.html dont send email
> from pbl listed ips
>
> OP should ask isp for a static ip
>

Not sure I understand you. but 41.212.32.14 is a static IP.
I don't thing the /24 has any dynamic segment.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Google Postmaster Tools

2024-03-31 Thread Mark Milhollan via mailop 

On Sun, 31 Mar 2024, Odhiambo Washington wrote:


Might someone know what I must do to get data showing on
https://postmaster.google.com/managedomains ?
I have two verified domains in there, but nothing on the (expected)
dashboard.


You must reach a certain volume of messages before anything will appear.


/mark
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Slavko via mailop 
Ahoj,

Dňa Sun, 31 Mar 2024 12:29:54 -0600 Richard W via mailop
 napísal:

> 41.212.32.14 is PBL only.  Other IPs in the /24 have other listings

yes, now. the CSS & XBL was at time of previous check, as posted...

regards

-- 
Slavko
https://www.slavino.sk


pgprDduQ9ZmeR.pgp
Description: Digitálny podpis OpenPGP
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Matus UHLAR - fantomas via mailop 

Julian Bradfield via mailop skrev den 2024-03-31 17:35:
> It also thinks 41.212.32.14 has been very spammy in recent months.



On Sun, Mar 31, 2024 at 8:54 PM Benny Pedersen via mailop 
wrote:

oh https://multirbl.valli.org/lookup/41.212.32.14.html dont send email
from pbl listed ips

OP should ask isp for a static ip


On 31.03.24 22:16, Odhiambo Washington via mailop wrote:

Not sure I understand you. but 41.212.32.14 is a static IP.
I don't thing the /24 has any dynamic segment.


ask your ISP to solve this issue with spamhaus, ideally together with 
solving spam from other IP addresses from that range.


PBL should contain IP addresses that are NOT supposed to send e-mail, e.g. 
dynamic addresses but also statically assigned IPs of end(home) networks.


Solving this can be done e.g. by blocking connections from those addresses 
to port 25 in the internet - mail submission from clients should be done on 
ports 465 and/or 587.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Benny Pedersen via mailop 

Odhiambo Washington via mailop skrev den 2024-03-31 21:16:


Not sure I understand you. but 41.212.32.14 is a static IP.
I don't thing the /24 has any dynamic segment.


https://hetrixtools.com/blacklist-check/41.212.32.14
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Bill Cole via mailop 

On 2024-03-31 at 10:21:40 UTC-0400 (Sun, 31 Mar 2024 17:21:40 +0300)
Odhiambo Washington via mailop 
is rumored to have said:

I have just had several email bounces from a mailing list that I have 
been

running since 2005.
I have contacted Google using this form

and gotten a reference number 7-289335971.

The strangest thing is that I have gotten only 37 bounces whereas my
mailing list has several hundreds of gmail.com addresses.

The bounce text looks like this:

```
  john...@gmail.com
host alt2.gmail-smtp-in.l.google.com [142.251.9.26]
SMTP error from remote mail server after end of data:
550-5.7.1 [41.212.32.14] The IP you're using to send mail is not
authorized to
550-5.7.1 send email directly to our servers. Please use the SMTP 
relay

at your
550-5.7.1 service provider instead. For more information, go to
550 5.7.1  https://support.google.com/mail/?p=NotAuthorizedError
j21-20020a508a9500b0056bacdf79e0si3584946edj.443
- gsmtp
```
Now, this server - 41.212.32.14 - is authorized (by ALL DNS 
requirements
and policies)  to handle mail for lists.kictanet.or.ke which is the 
domain

name used for the mailing lists.

Why would this happen?


Something bad seems to have gained the ability to use that IP...

See https://check.spamhaus.org/listed/?searchterm=41.212.32.14

Google is not known to specifically use Spamhaus listings, so this is 
likely to indicate that both organizations have independently deemed 
your IP to be badly behaving.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Odhiambo Washington via mailop 
On Sun, Mar 31, 2024 at 5:52 PM Bill Cole via mailop 
wrote:

> On 2024-03-31 at 10:21:40 UTC-0400 (Sun, 31 Mar 2024 17:21:40 +0300)
> Odhiambo Washington via mailop 
> is rumored to have said:
>
> > I have just had several email bounces from a mailing list that I have
> > been
> > running since 2005.
> > I have contacted Google using this form
> > <
> https://support.google.com/mail/contact/gmail_bulk_sender_escalation?visit_id=638474903329581839-3979393277=1
> >
> > and gotten a reference number 7-289335971.
> >
> > The strangest thing is that I have gotten only 37 bounces whereas my
> > mailing list has several hundreds of gmail.com addresses.
> >
> > The bounce text looks like this:
> >
> > ```
> >   john...@gmail.com
> > host alt2.gmail-smtp-in.l.google.com [142.251.9.26]
> > SMTP error from remote mail server after end of data:
> > 550-5.7.1 [41.212.32.14] The IP you're using to send mail is not
> > authorized to
> > 550-5.7.1 send email directly to our servers. Please use the SMTP
> > relay
> > at your
> > 550-5.7.1 service provider instead. For more information, go to
> > 550 5.7.1  https://support.google.com/mail/?p=NotAuthorizedError
> > j21-20020a508a9500b0056bacdf79e0si3584946edj.443
> > - gsmtp
> > ```
> > Now, this server - 41.212.32.14 - is authorized (by ALL DNS
> > requirements
> > and policies)  to handle mail for lists.kictanet.or.ke which is the
> > domain
> > name used for the mailing lists.
> >
> > Why would this happen?
>
> Something bad seems to have gained the ability to use that IP...
>

Not that easy unless there is some recent exploit that I am not aware of.


See https://check.spamhaus.org/listed/?searchterm=41.212.32.14
>
> Google is not known to specifically use Spamhaus listings, so this is
> likely to indicate that both organizations have independently deemed
> your IP to be badly behaving.
>

Then there must be a possibility that the 41.212.32.0/24 is blacklisted.

Actually when I posted I must have spoken too soon, because the bounces
have increased.

Let me talk to my ISP.

Thanks for looking into this.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Slavko via mailop 
Dňa 31. marca 2024 15:02:31 UTC používateľ Odhiambo Washington via mailop 
 napísal:

>> Something bad seems to have gained the ability to use that IP...
>>
>
>Not that easy unless there is some recent exploit that I am not aware of.

Don't seems as neighbor problem...

checkrbl 41.212.32.14   
  
Found in "Spamhaus ZEN DQS" (zen.dq.spamhaus.net):
 * CSS, Snowshoe SPAM (127.0.0.3)
 * XBL, exploited, open proxy or botnet (127.0.0.4)
 * PBL, end user (from Spamhaus) (127.0.0.11)

checkrbl 41.212.32.15
Found in "Spamhaus ZEN DQS" (zen.dq.spamhaus.net):
 * PBL, end user (from Spamhaus) (127.0.0.11)

checkrbl 41.212.32.16
Found in "Spamhaus ZEN DQS" (zen.dq.spamhaus.net):
 * PBL, end user (from Spamhaus) (127.0.0.11)

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Richard W via mailop 
That Spamhaus listing is PBL, not an indication of bad.  Your ISP must 
have decided, or Spamhaus decided you shouldn't be sending mail. Looks 
like the whole /24 is on PBL.


As for 41.212.32.190, yes there was spam runs from that IP three to ten 
days ago. Malicious script.


Richard

On 2024-03-31 8:47 a.m., Bill Cole via mailop wrote:

On 2024-03-31 at 10:21:40 UTC-0400 (Sun, 31 Mar 2024 17:21:40 +0300)
Odhiambo Washington via mailop 
is rumored to have said:

I have just had several email bounces from a mailing list that I have 
been

running since 2005.
I have contacted Google using this form

and gotten a reference number 7-289335971.

The strangest thing is that I have gotten only 37 bounces whereas my
mailing list has several hundreds of gmail.com addresses.

The bounce text looks like this:

```
  john...@gmail.com
    host alt2.gmail-smtp-in.l.google.com [142.251.9.26]
    SMTP error from remote mail server after end of data:
    550-5.7.1 [41.212.32.14] The IP you're using to send mail is not
authorized to
    550-5.7.1 send email directly to our servers. Please use the SMTP 
relay

at your
    550-5.7.1 service provider instead. For more information, go to
    550 5.7.1  https://support.google.com/mail/?p=NotAuthorizedError
j21-20020a508a9500b0056bacdf79e0si3584946edj.443
- gsmtp
```
Now, this server - 41.212.32.14 - is authorized (by ALL DNS requirements
and policies)  to handle mail for lists.kictanet.or.ke which is the 
domain

name used for the mailing lists.

Why would this happen?


Something bad seems to have gained the ability to use that IP...

See https://check.spamhaus.org/listed/?searchterm=41.212.32.14

Google is not known to specifically use Spamhaus listings, so this is 
likely to indicate that both organizations have independently deemed 
your IP to be badly behaving.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Benny Pedersen via mailop 

Julian Bradfield via mailop skrev den 2024-03-31 17:35:


It also thinks 41.212.32.14 has been very spammy in recent
months.


oh https://multirbl.valli.org/lookup/41.212.32.14.html dont send email 
from pbl listed ips


OP should ask isp for a static ip

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

2024-03-31 Thread Matus UHLAR - fantomas via mailop 

Something bad seems to have gained the ability to use that IP...



Dňa 31. marca 2024 15:02:31 UTC používateľ Odhiambo Washington via mailop 
 napísal:

Not that easy unless there is some recent exploit that I am not aware of.


On 31.03.24 15:18, Slavko via mailop wrote:

Don't seems as neighbor problem...

checkrbl 41.212.32.14
* CSS, Snowshoe SPAM (127.0.0.3)
* XBL, exploited, open proxy or botnet (127.0.0.4)
* PBL, end user (from Spamhaus) (127.0.0.11)

checkrbl 41.212.32.15
Found in "Spamhaus ZEN DQS" (zen.dq.spamhaus.net):
* PBL, end user (from Spamhaus) (127.0.0.11)

checkrbl 41.212.32.16
Found in "Spamhaus ZEN DQS" (zen.dq.spamhaus.net):
* PBL, end user (from Spamhaus) (127.0.0.11)


now it does:
http://www.uceprotect.net/en/rblcheck.php
shows 41.212.32.0/24 listed in L2 and 41.212.0.0/17 as Increased Listingrisk


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #9: Out of error messages.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop