Reply and ask them to provide temporary mitigation to the IP range. If
they say they can't, just reply and ask for it again. Repeat as
necessary. I promise it's okay, this is an intended workflow.
On 2023-08-17 16:41, Dan Mahoney (Gushi) via mailop wrote:
Hey there all.
Dayjob (ISC -- BIND, F-root, DHCP, those guys) just spun up a new ip
block to put a few F&F/Employee VMs on. We are the ISP -- this is our
netblock space. We've owned this block for a while, just haven't used
it recently, and we've never really used it for *any* spam sending
purpose.
One thing I'll note is that it looks *LIKE* an RFC1918 ip, but it's
not. (192.158 versus 192.168).
One of them tried to send mail and got this block message (note, all
domains are intaxct, but I have changed a letter in the uer-portion to
stop it from getting picked up by harvesters).
Aug 16 14:41:20 mail postfix/smtp[7844]: D47CA7A4672:
to=<busanroser...@hotmail.com>, orig_to=<busa...@dragon.net>,
relay=hotmail-com.olc.protection.outlook.com[104.47.56.161]:25,
delay=1.9, delays=0.08/0.02/1.7/0.15, dsn=5.7.1, status=bounced (host
hotmail-com.olc.protection.outlook.com[104.47.56.161] said: 550 5.7.1
Unfortunately, messages from [192.158.252.15] weren't sent. Please
contact your Internet service provider since part of their network is
on
our block list (S3150). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[CO1NAM11FT106.eop-nam11.prod.protection.outlook.com
2023-08-16T21:41:20.664Z 08DB9E137B1F64A7] (in reply to MAIL FROM
command))
Aug 16 14:41:20 mail postfix/smtp[7844]: D47CA7A4672:
to=<busanroser...@hotmail.com>, orig_to=<busa...@dragon.net>,
relay=hotmail-com.olc.protection.outlook.com[104.47.56.161]:25,
delay=1.9, delays=0.08/0.02/1.7/0.15, dsn=5.7.1, status=bounced (host
hotmail-com.olc.protection.outlook.com[104.47.56.161] said: 550 5.7.1
Unfortunately, messages from [192.158.252.15] weren't sent. Please
contact your Internet service provider since part of their network is
on
our block list (S3150). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[CO1NAM11FT106.eop-nam11.prod.protection.outlook.com
2023-08-16T21:41:20.664Z 08DB9E137B1F64A7] (in reply to MAIL FROM
command))
We reached out to MS, requested a delist, To which MS responded:
===
Hello,
Thank you for contacting Microsoft Online Services Technical Support.
This email is about ticket number [number], which was opened regarding
your delisting request for [192.158.252.15].
It appears that the IP you submitted is not currently listed on any of
our block lists. This may be due to an earlier delisting request that
has already been processed.
If you continue to receive Non-Delivery Receipts (NDRs), or "bounce
messages," that indicate that the IP address is still blocked by our
spam
filtering system, please forward one of the messages to us and we will
investigate further.
Thank you again for contacting Microsoft Online Services technical
support and giving us the opportunity to serve you.
====
We are continuing to receive these. Is there some magic incantation I
need to know. Shiboleet! (Help, plz).
-Dan
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
