Re: [mailop] Microsoft contact for misclassified spam issue?

2020-08-07 Thread Matt Vernhout via mailop 
Start here: 
https://sendersupport.olc.protection.outlook.com/pm/policies.aspx

It has the rules and a link to get help from the support team. 

~
Matt

> On Aug 7, 2020, at 11:40, John Gateley via mailop  wrote:
> 
> Hi y'all,
> 
> I am using a user auth SaaS, and one of the actions it performs is sending 
> "Reset your password" emails.
> These emails have links inside for users to reset their passwords.
> 
> Delivery to most places is working (Google etc.) but Microsoft Office 365 
> users are consistently getting their emails in the junk folder.
> 
> I have tried everything I can think of... is there a contact at Microsoft 
> here that could give me a hand?
> 
> Thank you
> 
> John
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Extreme multiple posting (was Re: OVH Bulk Mailer? Anyone know this one?)

2020-08-07 Thread Ángel via mailop 
On 2020-08-07 at 20:24 +0200, Renaud Allard via mailop wrote:
> 
> On 05/08/2020 20:16, Large Hadron Collider via mailop wrote:
> > you know, Mr Allard, it appears that you sent this message to the list at 
> > least 5 times...
> > 
> 
> Actually, I only sent it once. From my logs, it was delivered on the 5th 
> once. It might be some processing problem at mailop because I only 
> received it today (once) like multiple other mails from mailop.

It's fun that we got multiple copies on *different* messages. In my case,
it was on the ones from Umut Alemdar 
(am6pr08mb5158c5d0677d418f254e7a16db...@am6pr08mb5158.eurprd08.prod.outlook.com),
Lily Crowley 
(cabpqdsmwn_r9q9mmzkuizfgfmnh0fcbdvtigtc8codcm6lz...@mail.gmail.com),
Stephen Frost (20200805132959.gd12...@tamriel.snowman.net), Hans-Martin
Mosner (173bec91138.2771.03b21a1406dc7ce0e2b3b53a52883...@heeg.de) and
Otto J. Makela mails (b05c8075-fbf9-1c87-3322-2b5eb7a94...@iki.fi). I
received 38 copies of each (except Stephen's which were 39).


Message 173bec91138.2771.03b21a1406dc7ce0e2b3b53a52883...@heeg.de,
 Received: from chilli.nosignal.org (213.138.100.131:):
 Thu, 6 Aug 2020 18:35:12 +
 Thu, 6 Aug 2020 19:08:58 +
 Thu, 6 Aug 2020 19:34:40 +
 Thu, 6 Aug 2020 20:04:28 +
 Thu, 6 Aug 2020 20:37:50 +
 Thu, 6 Aug 2020 21:03:58 +
 Thu, 6 Aug 2020 21:34:46 +
 Thu, 6 Aug 2020 22:15:53 +
 Thu, 6 Aug 2020 22:34:33 +
 Thu, 6 Aug 2020 23:04:19 +
 Thu, 6 Aug 2020 23:33:57 +
 Fri, 7 Aug 2020 00:04:16 +
 Fri, 7 Aug 2020 00:34:07 +
 Fri, 7 Aug 2020 01:07:51 +
 Fri, 7 Aug 2020 01:34:41 +
 Fri, 7 Aug 2020 02:04:34 +
 Fri, 7 Aug 2020 02:38:08 +
 Fri, 7 Aug 2020 03:04:14 +
 Fri, 7 Aug 2020 03:38:15 +
 Fri, 7 Aug 2020 04:04:13 +
 Fri, 7 Aug 2020 04:34:34 +
 Fri, 7 Aug 2020 05:05:17 +
 Fri, 7 Aug 2020 05:36:07 +
 Fri, 7 Aug 2020 06:09:18 +
 Fri, 7 Aug 2020 06:34:16 +
 Fri, 7 Aug 2020 07:20:24 +
 Fri, 7 Aug 2020 07:34:53 +
 Fri, 7 Aug 2020 08:05:06 +
 Fri, 7 Aug 2020 08:34:19 +
 Fri, 7 Aug 2020 09:04:00 +
 Fri, 7 Aug 2020 09:34:34 +
 Fri, 7 Aug 2020 10:04:14 +
 Fri, 7 Aug 2020 10:34:29 +
 Fri, 7 Aug 2020 11:04:39 +
 Fri, 7 Aug 2020 11:34:43 +
 Fri, 7 Aug 2020 12:04:08 +
 Fri, 7 Aug 2020 12:27:33 +
 Fri, 7 Aug 2020 12:30:27 +

Message b05c8075-fbf9-1c87-3322-2b5eb7a94...@iki.fi,
 Received: from chilli.nosignal.org (213.138.100.131:):

 Thu, 6 Aug 2020 18:35:56 +
 Thu, 6 Aug 2020 19:08:52 +
 Thu, 6 Aug 2020 19:39:06 +
 Thu, 6 Aug 2020 20:08:37 +
 Thu, 6 Aug 2020 20:38:33 +
 Thu, 6 Aug 2020 21:04:51 +
 Thu, 6 Aug 2020 21:33:51 +
 Thu, 6 Aug 2020 22:16:05 +
 Thu, 6 Aug 2020 22:34:15 +
 Thu, 6 Aug 2020 23:05:00 +
 Thu, 6 Aug 2020 23:35:02 +
 Fri, 7 Aug 2020 00:07:58 +
 Fri, 7 Aug 2020 00:35:03 +
 Fri, 7 Aug 2020 01:07:45 +
 Fri, 7 Aug 2020 01:34:55 +
 Fri, 7 Aug 2020 02:04:19 +
 Fri, 7 Aug 2020 02:34:56 +
 Fri, 7 Aug 2020 03:03:46 +
 Fri, 7 Aug 2020 03:35:16 +
 Fri, 7 Aug 2020 04:08:22 +
 Fri, 7 Aug 2020 04:34:10 +
 Fri, 7 Aug 2020 05:14:52 +
 Fri, 7 Aug 2020 05:36:53 +
 Fri, 7 Aug 2020 06:04:48 +
 Fri, 7 Aug 2020 06:44:16 +
 Fri, 7 Aug 2020 07:18:22 +
 Fri, 7 Aug 2020 07:34:21 +
 Fri, 7 Aug 2020 08:10:19 +
 Fri, 7 Aug 2020 08:35:30 +
 Fri, 7 Aug 2020 09:05:18 +
 Fri, 7 Aug 2020 09:34:49 +
 Fri, 7 Aug 2020 10:05:10 +
 Fri, 7 Aug 2020 10:33:46 +
 Fri, 7 Aug 2020 11:05:09 +
 Fri, 7 Aug 2020 11:34:52 +
 Fri, 7 Aug 2020 12:05:07 +
 Fri, 7 Aug 2020 12:28:25 +
 Fri, 7 Aug 2020 12:30:46 +



Best regards



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] OVH Bulk Mailer? Anyone know this one?

2020-08-07 Thread Hans-Martin Mosner via mailop 
Am 07.08.20 um 22:54 schrieb Alain Gaudreau via mailop:
> @Chris
>
> My vision of it is larger and includes a blacklist with the ability to 
> exclude and grey list certain hosts within the large blocks controlled by ovh 
> and the lot. 

I'm working on a system which may in the long run include such a mechanism. 
This is implemented a postfix policy daemon,
don't know if exim and sendmail can use similar policy handlers. Right now it 
can match on sender and SMTP client names,
IP addresses, and ASN numbers of hosts, their MX and NS records, with 
combinations of conditions and exceptions, so it's
pretty powerful already and helps me to keep out some prolific spammers who 
regularly acquire new domain names and
hosting. I'll probably add some SPF handling that could be used in rules, 
although I'm not fond of SPF (it breaks
forwarding which a good number of our users use.) In combination with 
exceptions it may still come in handy.

Rules are currently configured using files, I'm changing that to have rules in 
a database together with logs and a web
user interface so that users can see log records of mails they have received or 
that were destined for them but
rejected, and can add their own rules and exceptions.

The next step would be a kind of distributed reputation system which would 
allow users to share opinions about senders
(good and bad). I'm thinking about using some kind of blockchain based 
technology which would avoid having a central
source of opinions and a single point of failure. However, designing it such 
that it can have a good trust model,
protection against spammers gaming the system, and provision of privacy is not 
easy, so don't expect something in the
near future.

Cheers,
Hans-Martin



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Extreme multiple posting (was Re: OVH Bulk Mailer? Anyone know this one?)

2020-08-07 Thread Jaroslaw Rafa via mailop 
Dnia  5.08.2020 o godz. 11:16:05 Large Hadron Collider via mailop pisze:
> you know, Mr Allard, it appears that you sent this message to the list at 
> least 5 times...

I have received it only once. Maybe it's something on your side. Mailop
server seemed to have issues since Wednesday, my message to list was staying
in queue with 421 response and I didn't receive any messages from list. They
did pass through today.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] OVH Bulk Mailer? Anyone know this one?

2020-08-07 Thread Alain Gaudreau via mailop 
@Chris

My vision of it is larger and includes a blacklist with the ability to exclude 
and grey list certain hosts within the large blocks controlled by ovh and the 
lot. 

I never said we should abandon everything that has been done up until now but 
we definitely need to make it better, faster and allow for real-time detailed 
information for mailops adhering to the system that want to stay on top of 
their reputation.

I see it where an upstanding host could be registered, monitored and assigned a 
lower risk value so rather than discarding/discriminating altogether based on 
the uplink's ip block, it could be accepted and submitted to the receiving 
host's spam filtering system regardless of the uplink's ip range thereby 
putting more responsibility on the actual host which let's face it, has little 
to no influence on large corporations like ovh but can still be reputable and 
deserve a fighting chance. 

With that, we could have complete blockage of company X's ip range through a 
central list and still allow traffic to flow from upstanding smaller hosts 
within their larger block that do comply with the requirements to adhere to the 
system.

Oh I can imagine many of the conspiracy theorists out there can conjure up 1001 
scenarios but email has become such an essential service worldwide in some ways 
almost surpassing the good old telephone for B2B/Commercial, that at some point 
there has to be something done to ensure there is a healthy and competitive 
market out there while applying proper netiquette and regional laws regarding 
unsolicited email.

Solutions I.D.S.
Alain Gaudreau 
Président
514-907-0057 

-Original Message-
From: mailop  On Behalf Of Chris via mailop
Sent: August 7, 2020 2:13 PM
To: mailop@mailop.org
Subject: Re: [mailop] OVH Bulk Mailer? Anyone know this one?

On 2020-08-07 13:14, Alain Gaudreau via mailop wrote:

> Perhaps the time has come to change how we have all been doing it for 
> decades with the current hundreds of RBL’s and local block lists and 
> put in place a low cost or no cost to mailops neutral world wide 
> “governing body” built on fast response, information for mailops and best 
> practices.

I think the very fact that we have recalcitrant providers whose repute has 
universally gotten so low and stimulated widespread blocking as OVH has, proves 
that what you propose, even if implemented, couldn't possibly work.  Especially 
considering offshore bullet-proof providers.

If OVH or other large providers can get away with being the way they are, what 
makes you think any centralized thing would work any better?

As a corollary, what would make a provider comply if you've eliminated the 
mechanisms we have now? that do work to a significant extent  Eg: 
DNSBLs (local or public)?  Nothing.

And this doesn't begin to get into the vast wave of "centralized governing 
body" conspiracy theories or one-world-order or human rights violation 
squealing that would inevitable ensue.

And I say that as someone trying to run a mail server on OVH too.  One day when 
I get 'round to it and the blockage gets sufficiently a nuisance, I'll move it 
to a more reputable VPS.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Extreme multiple posting (was Re: OVH Bulk Mailer? Anyone know this one?)

2020-08-07 Thread Romain via mailop 
Same - sometimes I don’t receive emails from mailop during many hours/days
and then a huge number of emails are received within few minutes.

Le ven. 7 août 2020 à 20:24, Renaud Allard via mailop  a
écrit :

>
>
>
>
> On 05/08/2020 20:16, Large Hadron Collider via mailop wrote:
>
> > you know, Mr Allard, it appears that you sent this message to the list
> at least 5 times...
>
> >
>
>
>
> Actually, I only sent it once. From my logs, it was delivered on the 5th
>
> once. It might be some processing problem at mailop because I only
>
> received it today (once) like multiple other mails from mailop.
>
>
>
> ___
>
> mailop mailing list
>
> mailop@mailop.org
>
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Outlook 2016: Excessive IMAP connections

2020-08-07 Thread Brandon Long via mailop 
>From my memory, Outlook would keep two connections open, one kind of
"background / new mail" one, and one for the open folder.

Our experience was that there were cases where flakey tcp paths could lead
to long times for connections to die, though we were seeing it more with
macbooks and apple mail than with Outlook.  At one point we implemented a
periodic untagged response to force a dead connection to die... but
eventually we just moved to keeping track of the idle time on each
connection and instead of blocking new connections, we would just kill the
most idle one... though we would block a connection if there were no
connections over a minimum idle threshold to prevent too many real
connections from fighting for access.

It's unfortunate that imap connections (at least ones that are in SELECTED
state) are so heavy weight, otherwise we wouldn't need to care as much.

Anyways, the point of my story is that it may not be a change to Outlook at
all, but a Windows networking change or maybe just more network flakiness
among your customers or even your own network (less likely).

Brandon

On Fri, Aug 7, 2020 at 8:34 AM Benoit Panizzon via mailop 
wrote:

> Hi Gang
>
> We use DoveCot as IMAP Server and have limited the number of
> connections per IMAP account to 20 which looks to have been sufficient
> in the past couple of years.
>
> Since about two weeks we get an increased number of users complaining
> about IMAP connections problem and name (0x8...) error message which
> outlook 2016 throws at them.
>
> When looking at the log, we see those users sometimes hit the 20 IMAP
> connections limit. So we increased this limit to 50 connections per
> user+ip and they still hit it.
>
> This ONLY happens with customers using outlook 2016. Any other clients
> never hit this issue.
>
> So I wonder if Microsoft has rolled out some weird update for outlook
> 2016 lately or if anyone could have a hint on what causes this issue
> and how to solve.
>
> Mit freundlichen Grüssen
>
> -Benoît Panizzon-
> --
> I m p r o W a r e   A G-Leiter Commerce Kunden
> __
>
> Zurlindenstrasse 29 Tel  +41 61 826 93 00
> <+41%2061%20826%2093%2000>
> CH-4133 PrattelnFax  +41 61 826 93 01
> <+41%2061%20826%2093%2001>
> Schweiz Web  http://www.imp.ch
> __
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Extreme multiple posting (was Re: OVH Bulk Mailer? Anyone know this one?)

2020-08-07 Thread Renaud Allard via mailop 



On 05/08/2020 20:16, Large Hadron Collider via mailop wrote:

you know, Mr Allard, it appears that you sent this message to the list at least 
5 times...



Actually, I only sent it once. From my logs, it was delivered on the 5th 
once. It might be some processing problem at mailop because I only 
received it today (once) like multiple other mails from mailop.




smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] OVH Bulk Mailer? Anyone know this one?

2020-08-07 Thread Chris via mailop 

On 2020-08-07 13:14, Alain Gaudreau via mailop wrote:

Perhaps the time has come to change how we have all been doing it for 
decades with the current hundreds of RBL’s and local block lists and put 
in place a low cost or no cost to mailops neutral world wide “governing 
body” built on fast response, information for mailops and best practices.


I think the very fact that we have recalcitrant providers whose repute 
has universally gotten so low and stimulated widespread blocking as OVH 
has, proves that what you propose, even if implemented, couldn't 
possibly work.  Especially considering offshore bullet-proof providers.


If OVH or other large providers can get away with being the way they 
are, what makes you think any centralized thing would work any better?


As a corollary, what would make a provider comply if you've eliminated 
the mechanisms we have now? that do work to a significant extent  Eg: 
DNSBLs (local or public)?  Nothing.


And this doesn't begin to get into the vast wave of "centralized 
governing body" conspiracy theories or one-world-order or human rights 
violation squealing that would inevitable ensue.


And I say that as someone trying to run a mail server on OVH too.  One 
day when I get 'round to it and the blockage gets sufficiently a 
nuisance, I'll move it to a more reputable VPS.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Challenges delivering to cox.net

2020-08-07 Thread Stephen Frost via mailop 
Greetings,

* Alessandro Vesely via mailop (mailop@mailop.org) wrote:
> On 2020-08-05 11:09 p.m., John Levine via mailop wrote:
> >In article <20200805132959.gd12...@tamriel.snowman.net> you write:
> >>
> >>I'm part of the group that runs the postgresql.org mailing lists and
> >>we've been having some challenges getting email delivered to cox.net due
> >>to their... rather aggressive max-connections blocking.  Their unblock
> >>request support was less than helpful.
> >>
> >>Anyone on here who could perhaps help out, or at least commiserate?
> >
> >I've had similar problems with Comcast, and dealt with it by twiddling
> >the MTA behind the mailing list to rate limit the number of
> >connections per destination. In my experience it doesn't slow the mail
> >down much and makes those problems go away.
> 
> Not with Cox.  I set MAXHOST=1, which seems to effectively limit outgoing
> sessions per MX.[*]  However, whenever I happen to send them mail I keep
> getting those 421 replies and bogus "too many sessions".
> 
> Sometimes it takes several hours to send a few dozens messages.

I'll share that, thanks to this list, the issue we were having with Cox
ended up being successfully resolved.  I encourage others having
challenges to provide their info here and hopefully they'll have a
similar response and be able to work through it.

Thanks,

Stephen


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Extreme multiple posting (was Re: OVH Bulk Mailer? Anyone know this one?)

2020-08-07 Thread Andrew C Aitchison via mailop 


[ I am top-posting to continue the current format of this thread ]

My copy of Mr Allard's email took over two days to pass through the mailop 
server:

Received: from [2001:41c8:51:83:feff:ff:fe00:a0b] (port=52508 
helo=chilli.nosignal.org)
by balrog.mythic-beasts.com with esmtp (Exim 4.92.3)
(envelope-from )
id 1k44YF-0005zt-J0
for and...@aitchison.me.uk; Fri, 07 Aug 2020 16:45:03 +0100
Received: from localhost ([127.0.0.1] helo=chilli.nosignal.org)
by chilli.nosignal.org with esmtp (Exim 4.84_2)
(envelope-from )
id 1k44Kq-0006vs-3n; Fri, 07 Aug 2020 16:31:14 +0100
Received: from arnor.org ([91.183.56.64]) by chilli.nosignal.org with esmtps
(TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2)
(envelope-from ) id 1k3JtP-0006zg-Ku
for mailop@mailop.org; Wed, 05 Aug 2020 14:55:48 +0100

Perhaps that explains why he sent more than one copy ?

I see that several other list emails from Wednesday either reached
me today (Friday) or have not arrived yet, although they are in the 
archive.


On Wed, 5 Aug 2020, Large Hadron Collider via mailop wrote:


you know, Mr Allard, it appears that you sent this message to the list at least 
5 times...

On Wed, 5 Aug 2020 15:54:57 +0200
Renaud Allard via mailop  wrote:

> On 8/5/20 2:47 PM, Otto J. Makela via mailop wrote:
> > On 21/05/2019 12.37, Otto J. Makela via mailop wrote:
> >> Is there any point in receiving any email from any OVH space,
> >> since discussions on this list would seem to indicate they have
> >> no functioning abuse enforcement?
> >>
> >> Numerous netblocks registered to them [...]
> >> seem to be permanent spammer havens.
> >
> > Has the situation improved at all in the last year,
> > or shall I keep denying access for OVH large blocks?
> >
>
> It is about the same as blocking Hetzner or AWS or any VPS provider. You
> will definitely stop some spam, and lose some ham altogether. There are
> definitely real, legitimate servers in OVH space. But, your servers,
> your rules.

--
Large Hadron Collider 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Challenges delivering to cox.net

2020-08-07 Thread Alessandro Vesely via mailop 

On 2020-08-05 11:09 p.m., John Levine via mailop wrote:

In article <20200805132959.gd12...@tamriel.snowman.net> you write:


I'm part of the group that runs the postgresql.org mailing lists and
we've been having some challenges getting email delivered to cox.net due
to their... rather aggressive max-connections blocking.  Their unblock
request support was less than helpful.

Anyone on here who could perhaps help out, or at least commiserate?


I've had similar problems with Comcast, and dealt with it by twiddling
the MTA behind the mailing list to rate limit the number of
connections per destination. In my experience it doesn't slow the mail
down much and makes those problems go away.



Not with Cox.  I set MAXHOST=1, which seems to effectively limit 
outgoing sessions per MX.[*]  However, whenever I happen to send them 
mail I keep getting those 421 replies and bogus "too many sessions".


Sometimes it takes several hours to send a few dozens messages.

Best
Ale
--

[*] Rough discussion last March:
https://sourceforge.net/p/courier/mailman/message/36946100/



















___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

2020-08-07 Thread Anne P. Mitchell, Esq. via mailop 


>> 
>> It was Mr. Charles Benn who, according to the service of process affidavit, 
>> was authorized to receive process on their behalf. 
> 
> It won't surprise you to learn that we have absolutely no clue who "Charles 
> Benn" is, literally never heard of the guy.

Steve, my working theory is that Charlie Benn is a receptionist at the W1 
communications office building which you used to list as an address;  I've seen 
this sort of scenario happen on several occasions, and the proof of service 
filed by the process server bears that out.  Of course, if he could not accept 
service for Spamhaus he should have told the process server so, instead of 
accepting service.  Given that the location is a virtual office type place, in 
which, I imagine, nobody from Spamhaus has set foot in some years (if ever), it 
makes perfect sense that nobody in our communities knows who Charlie Benn is, 
if he is the receptionist at such a place.  

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] OVH Bulk Mailer? Anyone know this one?

2020-08-07 Thread Alain Gaudreau via mailop 
I disagree Hans-Martin.

 

We have been using ovh for years and years and enforce strict abuse policies
on our clients who are mostly notaries, lawyers, dental clinics and so on
that have specific needs of having their data hosted in their own
jurisdiction for privacy concerns, etc.

 

If you are going to block the entire address space, you would also need to
block most of the vps providers out there which are all as difficult to deal
with in terms of abuse be it email or various other brute force and ddos
attacks who generally ignore reports.

 

I have personally reported hundreds of abuse incidents originating from
dozens of major players in the hosting and cloud industries that generally
disregard the reports or return generic messages that they cannot be held
responsible for data passing through their network.

 

There are still many mailops out there aside from Microsoft/Google that
apply strict policies and get swept up in wide range ip bans for nothing
pushing clients to migrate to MS/Google and giving them even more control
over the market. 

 

We need to find better, smarter ways to fight undesirables than simply
carpet banning large blocks of ip’s and killing off smaller operators one
after another especially now, during this global pandemic where most
companies are suffering massive financial losses and depend on email as
their primary means of communication with their suppliers and clients.

 

Perhaps the time has come to change how we have all been doing it for
decades with the current hundreds of RBL’s and local block lists and put in
place a low cost or no cost to mailops neutral world wide “governing body”
built on fast response, information for mailops and best practices. 

 

Over the past decades, the only time we have had spam/bulk mail go through
our systems has been due to compromised wordpress/joomla/etc websites that
communicate with external smtp servers that bypassed for the most part our
mail filtering systems entirely which meant waiting for that server’s ip to
be blocked on some RBL or through MS to get notified of the issue then
factor in the time it takes for the team to investigate and shut down the
offending web site/account, it all adds up to slow response and more junk
floating out there.

 

If we had a widely adopted “central” organisation with better, faster, more
detailed mail reports or a database on greymail and undesirables we could
cut down the response time and consequently the number of undesirables and
downtime for legitimate clients and mailops dramatically and even force the
mailops/uplink providers that would normally ignore reports to pay
attention.

 

Microsoft’s JMRP and SNDS are great tools although lacking in usability and
information, something along those lines with a searchable database for our
registered mail servers and more detailed information on the reports would
be perfect. 

 

It’s a vast undertaking of course but in the end, might be our best bet to
fight spam, shady companies and maintain a healthy market for smaller
upstanding operators regardless of their ip space, uplink provider or
geolocation.

 

 

Solutions I.D.S.

Alain Gaudreau <  agaudr...@solutionsids.ca>

Président

514-907-0057 

 

From: mailop  On Behalf Of Hans-Martin Mosner via
mailop
Sent: August 5, 2020 9:22 AM
To: mailop@mailop.org
Subject: Re: [mailop] OVH Bulk Mailer? Anyone know this one?

 

Unless you or your users happen to be customers of those few mostly french
companies who use OVH for customer communication, blocking them is a pretty
sensible thing to do.

They still host spammers, they still ignore abuse reports, so nothing has
changed in the last year.

 

Cheers,

Hans-Martin

 

Am 5. August 2020 15:03:04 schrieb "Otto J. Makela via mailop"
mailto:mailop@mailop.org> >:

 

On 21/05/2019 12.37, Otto J. Makela via mailop wrote:

Is there any point in receiving any email from any OVH space,

since discussions on this list would seem to indicate they have

no functioning abuse enforcement?

 

Numerous netblocks registered to them [...]

seem to be permanent spammer havens.

 

Has the situation improved at all in the last year,

or shall I keep denying access for OVH large blocks?

 

5.135.0.0/16

5.196.0.0/16

51.38.0.0/16

51.68.0.0/16

51.75.0.0/16

51.77.0.0/16

51.83.0.0/16

51.89.0.0/16

51.91.0.0/16

51.178.0.0/16

51.254.0.0/15

54.36.0.0/16

54.37.0.0/16

54.38.0.0/16

91.121.0.0/16

91.134.0.0/16

92.222.0.0/16

145.239.0.0/16

147.135.128.0/17

149.202.0.0/16

164.132.0.0/16

176.31.0.0/16

188.165.0.0/16

193.70.0.0/17

213.32.0.0/17

 

-- 

   /* * * Otto J. Makela mailto:o...@iki.fi> > * * * * * * * * *
*/

  /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */

 /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */

/* * * Computers Rule 0100 01001011 * * * * * * */

 

___

mailop mailing list

mailop@mailop.org

[mailop] Extreme multiple posting (was Re: OVH Bulk Mailer? Anyone know this one?)

2020-08-07 Thread Large Hadron Collider via mailop 
you know, Mr Allard, it appears that you sent this message to the list at least 
5 times...

On Wed, 5 Aug 2020 15:54:57 +0200
Renaud Allard via mailop  wrote:

>
>
> On 8/5/20 2:47 PM, Otto J. Makela via mailop wrote:
> > On 21/05/2019 12.37, Otto J. Makela via mailop wrote:
> >> Is there any point in receiving any email from any OVH space,
> >> since discussions on this list would seem to indicate they have
> >> no functioning abuse enforcement?
> >>
> >> Numerous netblocks registered to them [...]
> >> seem to be permanent spammer havens.
> >
> > Has the situation improved at all in the last year,
> > or shall I keep denying access for OVH large blocks?
> >
>
> It is about the same as blocking Hetzner or AWS or any VPS provider. You
> will definitely stop some spam, and lose some ham altogether. There are
> definitely real, legitimate servers in OVH space. But, your servers,
> your rules.
>


--
Large Hadron Collider 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] OVH Bulk Mailer? Anyone know this one?

2020-08-07 Thread Michael Peddemors via mailop 
While there are unfortunately good email operators on the OVH network, 
unfortunately our data shows a lot more abuse than good..


BTW, speaking of OVH, anyone know these guys?

167.114.98.1512   guesser8.wdemg4.com
167.114.98.2273   guesser1.wdemg.com

NetRange:   167.114.0.0 - 167.114.255.255
CIDR:   167.114.0.0/16
NetName:OVH-ARIN-8
NetHandle:  NET-167-114-0-0-1
Parent: NET167 (NET-167-0-0-0-0)
NetType:Direct Allocation
OriginAS:   AS16276
Organization:   OVH Hosting, Inc. (HO-2)
RegDate:2014-08-28
Updated:2014-09-02
Ref:https://rdap.arin.net/registry/ip/167.114.0.0
OrgName:OVH Hosting, Inc.
OrgId:  HO-2
Address:800-1801 McGill College
City:   Montreal
StateProv:  QC
PostalCode: H3A 2N4
Country:CA
RegDate:2011-06-22
Updated:2017-01-28
Ref:https://rdap.arin.net/registry/entity/HO-2

And SendGrid, see you are still leaking a lot of phishing.. still no 
progress?




On 2020-08-05 6:21 a.m., Hans-Martin Mosner via mailop wrote:
Unless you or your users happen to be customers of those few mostly 
french companies who use OVH for customer communication, blocking them 
is a pretty sensible thing to do.
They still host spammers, they still ignore abuse reports, so nothing 
has changed in the last year.


Cheers,
Hans-Martin

Am 5. August 2020 15:03:04 schrieb "Otto J. Makela via mailop" 
:



On 21/05/2019 12.37, Otto J. Makela via mailop wrote:

Is there any point in receiving any email from any OVH space,
since discussions on this list would seem to indicate they have
no functioning abuse enforcement?

Numerous netblocks registered to them [...]
seem to be permanent spammer havens.


Has the situation improved at all in the last year,
or shall I keep denying access for OVH large blocks?

5.135.0.0/16
5.196.0.0/16
51.38.0.0/16
51.68.0.0/16
51.75.0.0/16
51.77.0.0/16
51.83.0.0/16
51.89.0.0/16
51.91.0.0/16
51.178.0.0/16
51.254.0.0/15
54.36.0.0/16
54.37.0.0/16
54.38.0.0/16
91.121.0.0/16
91.134.0.0/16
92.222.0.0/16
145.239.0.0/16
147.135.128.0/17
149.202.0.0/16
164.132.0.0/16
176.31.0.0/16
188.165.0.0/16
193.70.0.0/17
213.32.0.0/17

--
   /* * * Otto J. Makela  * * * * * * * * * */
  /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
 /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
/* * * Computers Rule 0100 01001011 * * * * * * */

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Need help with Microsoft S3150 and Yahoo TSS09 on recently transferred /24

2020-08-07 Thread Simon Arlott via mailop 
Thanks for helping me with Yahoo, Lili.


On 31/07/2020 23:16, Chris Woods via mailop wrote:
> Incidentally, are you also able to try sending via IPv6 or only IPv4?

Neither of those providers have any IPv6 addresses for incoming
messages.

If any server for the domain has an IPv4 addresses, I don't make any
attempts using IPv6. This is largely to satisfy Google who have decided
that any kind of temporary DNS resolution issue for an IPv6 address
should result in a permanent error for the message.


On 01/08/2020 01:23, Michael Wise via mailop wrote:
> And for "HotMail", we would suggest going ... here.
> 
> What to do in that case can be found by searching the archives of this 
> ML. 

2020-07-10 SRX1504740980ID "Not qualified for mitigation"
2020-07-25 SRX1505670381ID "Not qualified for mitigation"
2020-08-02 SRX1506075916ID "Not qualified for mitigation"

I reply every time but never get anything else back.

-- 
Simon Arlott

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Weekly state of the union (Summary of Spam Auditor Reports)

2020-08-07 Thread Michael Peddemors via mailop 
Bit of a strange week this week, seems almost like the spammer groups 
are taking turns.  Emotet's new email templates, being sent from 
compromised accounts has been increasing, with some of it sneaking 
through current filtering methods, so the spam auditors have been busy 
tweaking filtering rules, as much of this comes from accounts on the too 
big to block.


Strangely, the spam bots on infected routers, have gone real quite this 
week, a drop of about 75% in volume.  While Cutwail came back a couple 
of weeks ago, it doesn't look like this is expanding, and most of the 
sources are identified.


Auth attack source growth continue from Amazon AWS, GoogleCloud, and Azure.

OVH/Digital Ocean Spammers keep popping up, as usual, and more and more 
of their IP space is starting to appear on many blacklists.


Google spam leakage on the increase again.

And of course, still no improvement from the SendGrid problems, not only 
shared accounts being compromised to send the worst of the phishing 
emails, but seeing even dedicated SendGrid customers being compromised 
to send the really bad stuff. PS, if a SendGrid rep is listening, you 
might like to smack o1.memberservices.gonift.com, and the subscriber 
list they use.. purchased?


Chuckling over the ISP that uses Sophos, and the headers show Sophos 
detected a virus in the attachment, but the ISP still sends it out..


Emotet .. Received: from relaygw2-22.mclink.it (HELO 
relaygw2-22.mclink.it) (195.78.211.236)

X-Sophos-AV-Policy: File_Infected
X-Irideos-Libra-ESVA: No virus found

Endurance Group seems to be leaking a lot of Emotet.. Maybe they need 
Sophos ;) No, not picking favourites, but time to review your AV and see 
if it is catching Emotet.


If it DOES, do your customer a favour (look at the AUTH headers) and 
tell them their system is infected.


Watch for this weekend, have a feeling that Emotet and others are going 
to start 'ripping it up', given the success they had this week.


Take care everyone, see you all on the other side.. (of the weekend)

-- Michael --

PS, going to start quote of the day, for biggest chuckles on 
whitelisting requests reported... eg.. "i am not sending any spam. i am 
only doing simple marketing mailing", would the readers of this list 
like those? And frankly, request from team members.. ESP's, please stop 
sending automated removal requests.. canned requested, or bot requests 
don't help any one.. You want to engage properly, so they can help you 
with the problems you have in the first place..






--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Challenges delivering to cox.net

2020-08-07 Thread John Levine via mailop 
In article <20200805132959.gd12...@tamriel.snowman.net> you write:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Greetings,
>
>I'm part of the group that runs the postgresql.org mailing lists and
>we've been having some challenges getting email delivered to cox.net due
>to their... rather aggressive max-connections blocking.  Their unblock
>request support was less than helpful.
>
>Anyone on here who could perhaps help out, or at least commiserate?

I've had similar problems with Comcast, and dealt with it by twiddling
the MTA behind the mailing list to rate limit the number of
connections per destination. In my experience it doesn't slow the mail
down much and makes those problems go away.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Microsoft Support Forms Request Form down?

2020-08-07 Thread Eric Stelle via mailop 
I've tried submitting requests for the past two days (multiple times per
day) and constantly get "We're sorry, but something went wrong on our end.
Please try again later." response.

So now, three days worth of "later" and I'm still unable to report.

I am presuming this is known but am reporting just in case.  Also, is there
an alternative means to engage for support while the form is nonfunctional?

Thanks in advance all!

Regards,

Eric Stelle
MAPP Digital
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

2020-08-07 Thread Steve Linford via mailop 
On 4 Aug 2020, at 11:32, Laura Atkins via mailop  wrote:
> 
> It was Mr. Charles Benn who, according to the service of process affidavit, 
> was authorized to receive process on their behalf. 

It won't surprise you to learn that we have absolutely no clue who "Charles 
Benn" is, literally never heard of the guy.

I shouldn't comment really but this Nebraska default judgment is a wad of utter 
garbage if you ask me, oops I didn't type that did I, ohh good, disregard.

Regards,

  Steve Linford
  Chief Executive
  The Spamhaus Project
  https://www.spamhaus.org
  




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Altibox.no contact required

2020-08-07 Thread Andy Onofrei via mailop 
Hi everyone,

Weird request, does anyone has a contact address for Altibox.no abuse team. We 
are facing some delivery issues with them and I would love to chat about it.
Altibox is a Norwegian TV/Internet provider.

Thx

Andrei Onofrei
Dynamics 365 Email Deliverability Engineer
andrei.onof...@microsoft.com
[cid:image001.jpg@01D66CB6.F667E520]

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Outlook 2016: Excessive IMAP connections

2020-08-07 Thread Benoit Panizzon via mailop 
Hi Gang

We use DoveCot as IMAP Server and have limited the number of
connections per IMAP account to 20 which looks to have been sufficient
in the past couple of years.

Since about two weeks we get an increased number of users complaining
about IMAP connections problem and name (0x8...) error message which
outlook 2016 throws at them.

When looking at the log, we see those users sometimes hit the 20 IMAP
connections limit. So we increased this limit to 50 connections per
user+ip and they still hit it.

This ONLY happens with customers using outlook 2016. Any other clients
never hit this issue.

So I wonder if Microsoft has rolled out some weird update for outlook
2016 lately or if anyone could have a hint on what causes this issue
and how to solve.

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Microsoft contact for misclassified spam issue?

2020-08-07 Thread John Gateley via mailop 

Hi y'all,

I am using a user auth SaaS, and one of the actions it performs is 
sending "Reset your password" emails.

These emails have links inside for users to reset their passwords.

Delivery to most places is working (Google etc.) but Microsoft Office 
365 users are consistently getting their emails in the junk folder.


I have tried everything I can think of... is there a contact at 
Microsoft here that could give me a hand?


Thank you

John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] OVH Bulk Mailer? Anyone know this one?

2020-08-07 Thread Renaud Allard via mailop 



On 8/5/20 2:47 PM, Otto J. Makela via mailop wrote:

On 21/05/2019 12.37, Otto J. Makela via mailop wrote:

Is there any point in receiving any email from any OVH space,
since discussions on this list would seem to indicate they have
no functioning abuse enforcement?

Numerous netblocks registered to them [...]
seem to be permanent spammer havens.


Has the situation improved at all in the last year,
or shall I keep denying access for OVH large blocks?



It is about the same as blocking Hetzner or AWS or any VPS provider. You 
will definitely stop some spam, and lose some ham altogether. There are 
definitely real, legitimate servers in OVH space. But, your servers, 
your rules.




smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] OVH Bulk Mailer? Anyone know this one?

2020-08-07 Thread Jaroslaw Rafa via mailop 
Dnia  5.08.2020 o godz. 15:47:10 Otto J. Makela via mailop pisze:
> > Is there any point in receiving any email from any OVH space,

If you are interested in receiving mail from me, then there probably is... :)
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop