Re: [mailop] domain research tools?

2016-07-28 Thread Hugo Slabbert 


On Thu 2016-Jul-28 09:05:22 -0600, Anne Mitchell  wrote:




… I just call `whois` from BASH and pipe the results into `less`.


I do this too, except I use 'more'.  Is there a quantifiable difference 
between 'less' and 'more'? Or, perhaps, less is more? ;-)


In a matter of speaking, yes:

---
more(1)

DESCRIPTION
more  is  a  filter for paging through text one screenful at a time.  This 
version is especially primitive.  ***Users should realize that less(1) 
provides more(1) emulation plus extensive enhancements.***

---

(emphasis mine)

Fom my purposes, `less` provides simpler navigation, and `more` always felt 
tailored to always moving forward not back.  There is:


   b or ^B Skip backwards k screenfuls of text.  Defaults to 1.
   Only works with files, not pipes.

...but `less` just seemed simpler to navigate.



Anne


--
Hugo

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Microsoft/Hotmail discards mails

2016-06-10 Thread Hugo Slabbert 

On Fri 2016-Jun-10 12:32:20 -0600, Tim Starr  wrote:


I am not saying this is a good idea, but it sounds to me like what would
fit the bill here would be a new folder for each user called "Bounced" in
which they would see all messages sent to their email address but which
were bounced by their mailbox provider. However, that would defeat the
purpose of preventing sufficiently malicious email from wasting mailbox
provider resources, and would seem to be largely redundant with the
purposes of having a quarantine folder. It would allow for users to report
undesired bounces to the mailbox provider, though.


That doesn't really seem helpful to me.  If you've actually rejected the 
message and communicated that to the sending MTA, it's no longer your 
problem.  The sender can take up the issue of deliverability as you've 
given them sufficient information to do that.  We're dealing with the 
in-between zone where a message has not been rejected at SMTP time, but 
it's still spammy.  The Junk folder is the means to catch FPs and for the 
user to report those to their mailbox provider.  The problem is that 
silently discarding things after issuing a 25x removes that avenue from the 
user and the message vanishes into /dev/null.


Honestly I would love to hear how other large mail hosts handle this.  The 
reasoning for discards after 25x have boiled down to "we operate at a scale 
you can only imagine; it doesn't work that way" plus some layer >=8 issues.  
That said, in this admittedly small sample group, I've seen this complaint 
leveled against Hotmail and the related services multiple times, but not 
against other large mailbox houses.


Does Gmail & Google Apps do the same?  What about the large filtering 
services?  I and many others on this list do not operate at nearly the 
scale of the MS services, but some other orgs *do*.  Are we just not 
hearing about similar behaviour at those orgs?


I think everyone gets that the preferred behaviour is to reject at SMTP 
time, that it gets difficult/impossible to do the more tests you try and 
stuff into the filtering decision making, and that we don't want 
backscatter.  But what options are there for working within those 
parameters while still honouring that a 25x response means that the user 
will have *some* indication of the message arriving, be that in their 
inbox, junk folder, or even just a report page/link of "these things were 
so horrible we did not even bother putting them in your spam folder"?


Stuff the quick stuff in at SMTP time eval and reject the most egregious 
ones, do additional processing post-25x, deliver to junk folder if found to 
be spammy and feed back information from post-25x processing into the quick 
tests if possible (e.g. IP blacklisting for heavy offenders etc.).  Is such 
a thing feasible at über scale at play?


Dropping it on the floor is Not Nice.  We obviously don't live in an ideal 
world, but it would seem unfortunate for us to give up the goal of actually 
following through on our attestation that we will deliver the message to 
the user (even if in their naughty folder) because of scaling issues, if at 
all possible.


This is not any slight against Michael:  You provide a valuable bridge to 
the community and it is greatly appreciated that you brave the onslaught 
and offer insight into the inner workings of the machine.  You've indicated 
that you have a similar distate for silent drop and I think we're all on 
the same page with the objective.  I'm just hopeful there are alternative 
means that *do* scale and could be adopted to restore balance in the 
universe...




Tim Starr


--
Hugo



On Thu, Jun 9, 2016 at 9:52 AM, Renaud Allard via mailop 
wrote:




On 09/06/16 17:26, Steve Atkins wrote:




Actually, what I do is that when a mail goes to the junk folder, the
server gives a 5XX error message to the sender at the end of DATA phase.
So the sender, if real, knows something happened to his mail and that it
might not be read.



So if you mis-classify mail - and the fact that you *do* misclassify mail
is implicit
in your having a junk folder - users get bounced off the mailing lists
they've
subscribed to, despite having seen the mail arrive.



I do not really mis-classify emails. If it appears in the junk folder,
there is an extremely high chance that it's junk. In fact, I should
probably not have delivered it, and that's what I was doing before I
configured the junk folder. It's just done that to avoid the very rare
false positive.
If I look at my personal junk folder right now (2 weeks retention time),
it's 100% spam.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___

Re: [mailop] Messages over IPv6 rejected by Google for failed authentication checks

2016-06-09 Thread Hugo Slabbert 


On Thu 2016-Jun-09 18:21:17 +0200, Sebastian Hagedorn  
wrote:

Hi,


since around 13:00 UTC today all of the sudden we see massive rejects of
mails towards Google when delivering on IPv6

Jun  9 15:12:07 lxmhs52 postfix-postout/smtp[50664]: 3rQQgp3VQTzyWn:
to=,
relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.7,
delays=0.01/0/0.16
/0.53, dsn=5.7.1, status=bounced (host
gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b] said: 550-5.7.1 This
message does not have authentication information or fails to pass
550-5.7.1 authentication checks. To best protect our users from spam,
the 550-5.7.1 message has been blocked. Please visit 550-5.7.1
https://support.google.com/mail/answer/81126#authentication for m
ore 550 5.7.1 information. d7si7802319wjc.145 - gsmtp (in reply to end
of DATA command))

Header-From and Envelope-From are aligned, the sending domain does not
have any DKIM/SPF/DMARC published. We're working on DKIM, but this is
not rolled out for all domains yet. The hosts in question do have proper
FCrDNS, i.e.

http://multirbl.valli.org/fcrdns-test/2001%3A4ca0%3A0%3A103%3A%3A81bb%3Af
f89.html

Anyone seeing the same? From outside it looks like Google has
implemented the "all mail delivered over IPv6 has to be DKIM/SPF
authenticated" previously done by Microsoft, but without the softfail.


FWIW: we deliver via IPv6 to Google, and we are currently not 
affected. We don't yet use DKIM, but we do have an SPF record that 
advertises both our IPv4 and our IPv6 subnets. Of course I don't know 
if that's the reason our mails are accepted.


Yes, it is.  It's right there in their policy:

https://support.google.com/mail/answer/81126?hl=en#authentication


Additional guidelines for IPv6

...

The sending domain should pass ***either*** SPF check or DKIM check.  
Otherwise, mail might be marked as spam.


(emphasis mine)



Cheers
Sebastian
--
Sebastian Hagedorn - Postmaster - Weyertal 121, Zimmer 2.02
Regionales Rechenzentrum (RRZK)
Universität zu Köln / Cologne University - Tel. +49-221-470-89578


--
Hugo

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Messages over IPv6 rejected by Google for failed authentication checks

2016-06-09 Thread Hugo Slabbert 

On Thu 2016-Jun-09 18:06:30 +0200, Bernhard Schmidt  
wrote:


Hi,

since around 13:00 UTC today all of the sudden we see massive rejects of
mails towards Google when delivering on IPv6

Jun  9 15:12:07 lxmhs52 postfix-postout/smtp[50664]: 3rQQgp3VQTzyWn:
to=,
relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.7,
delays=0.01/0/0.16
/0.53, dsn=5.7.1, status=bounced (host
gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b] said: 550-5.7.1 This
message does not have authentication information or fails to pass
550-5.7.1 authentication checks. To best protect our users from spam,
the 550-5.7.1 message has been blocked. Please visit 550-5.7.1
https://support.google.com/mail/answer/81126#authentication for m
ore 550 5.7.1 information. d7si7802319wjc.145 - gsmtp (in reply to end
of DATA command))

Header-From and Envelope-From are aligned, the sending domain does not
have any DKIM/SPF/DMARC published. We're working on DKIM, but this is
not rolled out for all domains yet. The hosts in question do have proper
FCrDNS, i.e.

http://multirbl.valli.org/fcrdns-test/2001%3A4ca0%3A0%3A103%3A%3A81bb%3Aff89.html

Anyone seeing the same? From outside it looks like Google has
implemented the "all mail delivered over IPv6 has to be DKIM/SPF
authenticated" previously done by Microsoft, but without the softfail.


...hasn't this been the case for some time?  They want FCrDNS + at least
one of SPF or DKIM to accept delivery over v6:

https://support.google.com/mail/answer/81126?hl=en#authentication

Did they just defer previously?


Best Regards,
Bernhard


--
Hugo

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Webmail

2016-04-04 Thread Hugo Slabbert 

On Mon 2016-Apr-04 12:34:19 +0100, Stuart Paton  
wrote:


Roundcube is used a fair bit out there but after working for Cloudmark for
8 years in the email security area I am now at Open-Xchange. OX offer a
pretty compelling webmail offering - very google apps or O365 like with the
usual PIM but also cloud storage, VoIP, IM and document editing. Comcast,
Cablevision,1&1, Vodafone Germany, Orange, VirginMedia UK using/moving to
it.

Community use license for it for non-comm purposes. See oxpedia.org

That's all I am saying. Feel free to check it out and give me a shout if
you want.

Stuart

On 3 April 2016 at 22:14, Renaud Allard via mailop 
wrote:




On 03/04/16 21:18, Doug Barton wrote:


Sorry if this is off topic, but I'm just curious what folks are using
for webmail nowadays.



roundcube was fine at some point, but rainloop replaced it fine and is
ways faster.




Horde, though for a personal box rather than corp or service provider.  Was
using roundcube before, but I use the groupware/PIM bits as well, and that
was less "cohesive" in roundcube whereas it's horde's bread and butter.

I've also been seeing a decent amount of "ZimbraWebClient" in X-Mailer
strings for corp or hosted-looking domains, with "Zoho Mail" to a lesser 
degree.


--
Hugo


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Strange Gmail IPv6 rejects?

2015-10-08 Thread Hugo Slabbert 

That's a decent chunk of redacted going on there...

What's in the smtp path after the message leaves mail.redacted.com?  Does
mail.redacted.com relay out directly?  Is it configured to smarthost
through something else?


Further more, The "From" address below (The 2602:306 one) isn't even in
our allocation space. But actually in ATT AS7018's allocation.


Something to consider about that:

$ whois 2602:306:2554:63c9:91c2:5c8a:ae39:ed80 | grep -i netname
NetName:ATT-6RD

Not sure exactly how that changes the picture for you, but the fact that
6RD is involved (at least if AT is accurate in that netname and set aside
a whole /24 for 6RD) might change the picture a bit...

--
Hugo

On Thu 2015-Oct-08 10:20:02 -0400, Nick Olsen  wrote:



Greetings all, Please see below.  Our parent office is having trouble
sending to all gmail accounts. They all get rejected with the below
message.  The strange part is, We don't have IPv6 enabled on the customers
exchange server. Nor on their router. Further more, The "From" address
below (The 2602:306 one) isn't even in our allocation space. But actually
in ATT AS7018's allocation. I'm not sure how google is seeing that as the
source address on this SMTP connection.  The below email was sent from OWA.
Which explains the local fe80 IPv6 address. But still once again, Not the
2602:306 address in the SMTP response from google. Anyone have any insight?
   Diagnostic information for administrators:  redac...@gmail.com
mx.google.com #550-5.7.1 [2602:306:2554:63c9:91c2:5c8a:ae39:ed80] Our
system has detected that 550-5.7.1 this message does not meet IPv6 sending
guidelines regarding PTR 550-5.7.1 records and authentication. Please
review 550-5.7.1
https://support.google.com/mail/?p=ipv6_authentication_error for more 550
5.7.1 information. y19si303834ywd.40 - gsmtp ##  Original message headers:
Received: from mail.redacted.com ([fe80::91c2:5c8a:ae39:ed80]) by
mail.redacted.com ([fe80::91c2:5c8a:ae39:ed80%13]) with mapi; Thu, 8 Oct
2015  10:01:50 -0400 From: Krisi  To:
"redac...@gmail.com"  Date: Thu, 8 Oct 2015 10:01:49
-0400 Subject: TEST Thread-Topic: TEST Thread-Index:
AQHRAdHgIYTSkNTvA0ip9Ycg6Q8Mrg== Message-ID:

Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach:
X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain;
charset="us-ascii" Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Nick Olsen
Network Operations  (855) FLSPEED  x106





___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] BTInternet delivery problems

2015-09-08 Thread Hugo Slabbert 

On Tue 2015-Sep-08 06:45:55 +1000, Bron Gondwana  wrote:

On Tue, Sep 8, 2015, at 04:39, Gary Baribault wrote:

On 07/09/15 02:31 PM, mikea wrote:

On Mon, Sep 07, 2015 at 02:10:48PM -0400, Gary Baribault wrote:

Whatever happened to postmas...@example.com?

First, it was a standard.

Second, it got too much traffic.


I get the too much traffic part, what's wrong with it being a standard?


How can you be a special snowflake and make your own stamp on the world if
you follow a standard?



As a numbered list of gripes/issues/concerns it doesn't make too much 
sense.

As a chronology, though?

"First, this happened (which was fine).
 Then, this happened (which sucked)."

Perhaps mikea meant the latter.


Bron ( responding to a top post with a standard form of quoting... )


--
Hugo

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] MailFoundry Replacement?

2015-08-05 Thread Hugo Slabbert 

On Wed 2015-Aug-05 20:47:43 +, Michael Wise michael.w...@microsoft.com 
wrote:

We do, however, support On Prem servers way beyond 10k users.


I'm confused.

No hardware or software required to install, manage, and maintain, which 
minimizes up-front investment.[1]


Microsoft Exchange Online Protection (EOP) is a cloud-based email 
filtering service that helps protect your organization against spam and 
malware, and includes features to safeguard your organization from 
messaging-policy violations.[2]



Q. How long does it take to put EOP into production?

A. When you change your MX record, as per the steps outlined in Set up your 
EOP service, and your mail flows through EOP, filtering begins immediately.  
The MX record may take as long as 24-48 hours to propagate via DNS. You can 
fine tune your protection settings in the Exchange admin center (EAC) at 
any time during this process.[3]



That all points to hosted filtering with no mention of on-prem filtering, 
though with the option of either Exchange Online or on-prem for the actual 
mailboxes.  My reading of Doug's request was that he wanted the filtering 
on-prem, not just the mailboxes.


Unless I'm either misreading Doug's request or the EOP service info, and 
e.g. EOP also has the ability to deploy filtering nodes on-prem?



Aloha,
Michael.
--
Sent from my Windows Phone


--
Hugo

[1] 
https://products.office.com/en-us/exchange/microsoft-exchange-online-protection-email-filter-and-anti-spam-protection-email-security-email-spam
[2] 
https://technet.microsoft.com/library/exchange-online-protection-service-description.aspx

[3] https://technet.microsoft.com/en-us/library/jj871669.aspx

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Blog: Logjam, Openssl and Email Deliverability

2015-06-30 Thread Hugo Slabbert 
On Tue 2015-Jun-30 01:04:48 +0200, Michelle Sullivan miche...@sorbs.net 
wrote:



That said, so far today, only 0.015% of our outbound messages that
were over an encrypted link were using SSLv3.   At our volume, that's
not nothing, unfortunately, but it's a pretty small amount to allow to
continue to allow the possibility of breaking the rest.  TLSv1 is
still about 5%, way too high to deprecate at this point.

Inbound is 0.1% at SSLv3, 37% at TLSv1.

So +60% is unencrypted inbound... because it has to be or because it is
not forced otherwise... that is the burning question.  You policy
Encrypted or nothing and it'll be interesting how many cope and how many
don't...


Just to be clear:  It sounds like you're talking about a scenario where 
Google would require TLS inbound and possibly outbound and refusing *any* 
cleartext delivery.  Is that right?  Correct me if I'm wrong, but I don't 
believe Brandon's said anything to that effect.  Any discussion so far has 
been about if STARTTLS  ( DHE -le 512 ) then disconnect, 
possibly/probably with DANE in the mix as well and refusing to fall back to 
clear if STARTTLS is initiated but fails to negotiate, but nothing about 
refusing *all* cleartext SMTP from the get-go, 



Michelle

--
Michelle Sullivan
http://www.mhix.org/



--
Hugo

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Yahoo.com/frontiernet.net delivery delays

2015-06-03 Thread Hugo Slabbert 

Same:

relay=mta5.am0.yahoodns.net[98.136.217.203]:25, delay=513, 
delays=505/0/6/2.3, dsn=4.3.2, status=deferred (host 
mta5.am0.yahoodns.net[98.136.217.203] said: 451 4.3.2 Internal error 
reading data (in reply to MAIL FROM command)) 


--
Hugo

-Original Message-

Date: Wed, 3 Jun 2015 10:13:24 -0500
From: Frank Bulk frnk...@iname.com
To: mailop@mailop.org
Subject: [mailop] Yahoo.com/frontiernet.net delivery delays
X-Mailer: Microsoft Outlook 16.0

FYI, since 9:01 am (U.S. Central) I've been seeing email delivery delays to
various IPs for yahoo.com/frontiernet.net, all logging this:
Site yahoo.com (66.196.118.35) said in response to MAIL FROM (451
4.3.2 Internal error reading data)

Anyone else seeing the same thing?

Frank


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop