> I see that current setup might be useful in case some user changes MX
> before the domain is activated at Fastmail, in which case giving 4xx
> could make sense. But it is not right to report such re-tries to sender
> score as attempts to deliver to non-existing users.
Yes, this is why we
We're seeing a strange rejection message with emails containing a
particular link.
Can someone please contact me off list.
Thanks
--
Rob Mueller
r...@fastmail.fm
___
mailop mailing list
mailop@mailop.org
> I'm thinking that perhaps your cert is using SHA-(256|512) and
> something better than 3DES for HMAC, and therefore the remote servers
> are unable to work with the certificate as they don't have access to
> the required crypto. I sincerely hope this is not the case, but
> perhaps you can test
> We've suddenly had a couple of reports from users about people sending
> to them (e.g. sending from a remote service to our servers) failing and
> bouncing with the error message:
>
> Certificate rejected over TLS. (unknown protocol)
Just to update with more information.
So it turns out we'd
We've suddenly had a couple of reports from users about people sending
to them (e.g. sending from a remote service to our servers) failing and
bouncing with the error message:
Certificate rejected over TLS. (unknown protocol)
There's not much more in the error message, I haven't managed to get
Hi
Is there anyone from cox.net on this list? Can you please contact me off
list, we're having a problem with email forward to @cox.net accounts.
Thanks
--
Rob Mueller
r...@fastmail.fm
___
mailop mailing list
mailop@mailop.org
> Laura Atkins has some pretty cool ideas here:
> https://wordtothewise.com/2014/05/dkim-injected-headers/
> I'd be interested to see if including those headers twice in the
> signature works, so an altered or second instance of them would
> fail DKIM.
They didn't alter any of the headers or add
> 1. Add timestamp (t=) to DKIM-Signature. It limits replay attacks in
> time.
Assuming the receiving side looks at it. But you probably mean the x=
tag anyway to set the expiry time, the RFC explicitly says though:
INFORMATIVE NOTE: The "x=" tag is not intended as an anti-
> Use a different selector for each account holder, and then revoke
> selectors that are abused.
That's an interesting idea, but I'm not sure it'll be a big help.
The reality is that the timeline between signup a new account, send one
email, copy it and mass send via AWS instance could all be
Hi mailop
So it appears at the moment that we're experiencing a DKIM replay attack
against us. Basically some people are signing up a trial FastMail
account, sending a couple of emails to a gmail account (to get them DKIM
signed by us), and then copying the entire content of the email and
sending
> I wonder what the point is. How does the bad guy monetize it, or is it a
> coordinated attack against a specific victim? What other nefarious
> issues? Making the address useless or burying some other mail in the
> midst of the junk would seem to be a possibility.
>
> If an attack against a
> just as an fyi, Gmail switched to sending out utf-8 (for messages we
> compose) by default in 2014 and removed the feature that allowed users
> to override this a year ago. Downgrading from utf-8 to some charset
> that handles a much smaller subset of characters seems mostly
> unnecessary at
Reported by one of our users...
---
Diagnostic information for administrators:
Generating server: AM4PR0601MB1986.eurprd06.prod.outlook.com
ville.kiiv...@ort.fi
Remote Server returned '550 5.6.0 CAT.InvalidContent.Exception:
InvalidCharsetException, Character set name (ISO-8859-10) is invalid
>> Ok, just to confirm, does this mean you don't recommend or recognise
>> SRS rewritten MAIL FROM addresses as special in any way?
>
> Does anyone understand SRS? I thought it was pretty much a dead end.
IMHO everything about SPF and SRS borders on somewhere between pointless
and craziness. Is
A client with a new iPhone (not sure what model), attempts to setup
imap/smtp using starttls. As part of the setup, the iPhone apparently
probes the smtp server on port 587 with an SSL handshake:
Jul 29 21:31:34 ns1 sendmail[20641]: t6U4VYQL020641: rejecting commands
from
Is anyone from mailchimp on this list?
I've got some examples of issues with your sending IPs that I'd like to
discuss.
Please contact me off list.
Thanks
--
Rob Mueller
r...@fastmail.fm
___
mailop mailing list
mailop@mailop.org
16 matches
Mail list logo