Re: [mailop] domain research tools?
On Thu 2016-Jul-28 09:05:22 -0600, Anne Mitchellwrote: … I just call `whois` from BASH and pipe the results into `less`. I do this too, except I use 'more'. Is there a quantifiable difference between 'less' and 'more'? Or, perhaps, less is more? ;-) In a matter of speaking, yes: --- more(1) DESCRIPTION more is a filter for paging through text one screenful at a time. This version is especially primitive. ***Users should realize that less(1) provides more(1) emulation plus extensive enhancements.*** --- (emphasis mine) Fom my purposes, `less` provides simpler navigation, and `more` always felt tailored to always moving forward not back. There is: b or ^B Skip backwards k screenfuls of text. Defaults to 1. Only works with files, not pipes. ...but `less` just seemed simpler to navigate. Anne -- Hugo ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Microsoft/Hotmail discards mails
On Fri 2016-Jun-10 12:32:20 -0600, Tim Starrwrote: I am not saying this is a good idea, but it sounds to me like what would fit the bill here would be a new folder for each user called "Bounced" in which they would see all messages sent to their email address but which were bounced by their mailbox provider. However, that would defeat the purpose of preventing sufficiently malicious email from wasting mailbox provider resources, and would seem to be largely redundant with the purposes of having a quarantine folder. It would allow for users to report undesired bounces to the mailbox provider, though. That doesn't really seem helpful to me. If you've actually rejected the message and communicated that to the sending MTA, it's no longer your problem. The sender can take up the issue of deliverability as you've given them sufficient information to do that. We're dealing with the in-between zone where a message has not been rejected at SMTP time, but it's still spammy. The Junk folder is the means to catch FPs and for the user to report those to their mailbox provider. The problem is that silently discarding things after issuing a 25x removes that avenue from the user and the message vanishes into /dev/null. Honestly I would love to hear how other large mail hosts handle this. The reasoning for discards after 25x have boiled down to "we operate at a scale you can only imagine; it doesn't work that way" plus some layer >=8 issues. That said, in this admittedly small sample group, I've seen this complaint leveled against Hotmail and the related services multiple times, but not against other large mailbox houses. Does Gmail & Google Apps do the same? What about the large filtering services? I and many others on this list do not operate at nearly the scale of the MS services, but some other orgs *do*. Are we just not hearing about similar behaviour at those orgs? I think everyone gets that the preferred behaviour is to reject at SMTP time, that it gets difficult/impossible to do the more tests you try and stuff into the filtering decision making, and that we don't want backscatter. But what options are there for working within those parameters while still honouring that a 25x response means that the user will have *some* indication of the message arriving, be that in their inbox, junk folder, or even just a report page/link of "these things were so horrible we did not even bother putting them in your spam folder"? Stuff the quick stuff in at SMTP time eval and reject the most egregious ones, do additional processing post-25x, deliver to junk folder if found to be spammy and feed back information from post-25x processing into the quick tests if possible (e.g. IP blacklisting for heavy offenders etc.). Is such a thing feasible at über scale at play? Dropping it on the floor is Not Nice. We obviously don't live in an ideal world, but it would seem unfortunate for us to give up the goal of actually following through on our attestation that we will deliver the message to the user (even if in their naughty folder) because of scaling issues, if at all possible. This is not any slight against Michael: You provide a valuable bridge to the community and it is greatly appreciated that you brave the onslaught and offer insight into the inner workings of the machine. You've indicated that you have a similar distate for silent drop and I think we're all on the same page with the objective. I'm just hopeful there are alternative means that *do* scale and could be adopted to restore balance in the universe... Tim Starr -- Hugo On Thu, Jun 9, 2016 at 9:52 AM, Renaud Allard via mailop wrote: On 09/06/16 17:26, Steve Atkins wrote: Actually, what I do is that when a mail goes to the junk folder, the server gives a 5XX error message to the sender at the end of DATA phase. So the sender, if real, knows something happened to his mail and that it might not be read. So if you mis-classify mail - and the fact that you *do* misclassify mail is implicit in your having a junk folder - users get bounced off the mailing lists they've subscribed to, despite having seen the mail arrive. I do not really mis-classify emails. If it appears in the junk folder, there is an extremely high chance that it's junk. In fact, I should probably not have delivered it, and that's what I was doing before I configured the junk folder. It's just done that to avoid the very rare false positive. If I look at my personal junk folder right now (2 weeks retention time), it's 100% spam. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___
Re: [mailop] Messages over IPv6 rejected by Google for failed authentication checks
On Thu 2016-Jun-09 18:21:17 +0200, Sebastian Hagedornwrote: Hi, since around 13:00 UTC today all of the sudden we see massive rejects of mails towards Google when delivering on IPv6 Jun 9 15:12:07 lxmhs52 postfix-postout/smtp[50664]: 3rQQgp3VQTzyWn: to= , relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.7, delays=0.01/0/0.16 /0.53, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b] said: 550-5.7.1 This message does not have authentication information or fails to pass 550-5.7.1 authentication checks. To best protect our users from spam, the 550-5.7.1 message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/answer/81126#authentication for m ore 550 5.7.1 information. d7si7802319wjc.145 - gsmtp (in reply to end of DATA command)) Header-From and Envelope-From are aligned, the sending domain does not have any DKIM/SPF/DMARC published. We're working on DKIM, but this is not rolled out for all domains yet. The hosts in question do have proper FCrDNS, i.e. http://multirbl.valli.org/fcrdns-test/2001%3A4ca0%3A0%3A103%3A%3A81bb%3Af f89.html Anyone seeing the same? From outside it looks like Google has implemented the "all mail delivered over IPv6 has to be DKIM/SPF authenticated" previously done by Microsoft, but without the softfail. FWIW: we deliver via IPv6 to Google, and we are currently not affected. We don't yet use DKIM, but we do have an SPF record that advertises both our IPv4 and our IPv6 subnets. Of course I don't know if that's the reason our mails are accepted. Yes, it is. It's right there in their policy: https://support.google.com/mail/answer/81126?hl=en#authentication Additional guidelines for IPv6 ... The sending domain should pass ***either*** SPF check or DKIM check. Otherwise, mail might be marked as spam. (emphasis mine) Cheers Sebastian -- Sebastian Hagedorn - Postmaster - Weyertal 121, Zimmer 2.02 Regionales Rechenzentrum (RRZK) Universität zu Köln / Cologne University - Tel. +49-221-470-89578 -- Hugo ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Messages over IPv6 rejected by Google for failed authentication checks
On Thu 2016-Jun-09 18:06:30 +0200, Bernhard Schmidtwrote: Hi, since around 13:00 UTC today all of the sudden we see massive rejects of mails towards Google when delivering on IPv6 Jun 9 15:12:07 lxmhs52 postfix-postout/smtp[50664]: 3rQQgp3VQTzyWn: to= , relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b]:25, delay=0.7, delays=0.01/0/0.16 /0.53, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[2a00:1450:400c:c0a::1b] said: 550-5.7.1 This message does not have authentication information or fails to pass 550-5.7.1 authentication checks. To best protect our users from spam, the 550-5.7.1 message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/answer/81126#authentication for m ore 550 5.7.1 information. d7si7802319wjc.145 - gsmtp (in reply to end of DATA command)) Header-From and Envelope-From are aligned, the sending domain does not have any DKIM/SPF/DMARC published. We're working on DKIM, but this is not rolled out for all domains yet. The hosts in question do have proper FCrDNS, i.e. http://multirbl.valli.org/fcrdns-test/2001%3A4ca0%3A0%3A103%3A%3A81bb%3Aff89.html Anyone seeing the same? From outside it looks like Google has implemented the "all mail delivered over IPv6 has to be DKIM/SPF authenticated" previously done by Microsoft, but without the softfail. ...hasn't this been the case for some time? They want FCrDNS + at least one of SPF or DKIM to accept delivery over v6: https://support.google.com/mail/answer/81126?hl=en#authentication Did they just defer previously? Best Regards, Bernhard -- Hugo ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Webmail
On Mon 2016-Apr-04 12:34:19 +0100, Stuart Patonwrote: Roundcube is used a fair bit out there but after working for Cloudmark for 8 years in the email security area I am now at Open-Xchange. OX offer a pretty compelling webmail offering - very google apps or O365 like with the usual PIM but also cloud storage, VoIP, IM and document editing. Comcast, Cablevision,1&1, Vodafone Germany, Orange, VirginMedia UK using/moving to it. Community use license for it for non-comm purposes. See oxpedia.org That's all I am saying. Feel free to check it out and give me a shout if you want. Stuart On 3 April 2016 at 22:14, Renaud Allard via mailop wrote: On 03/04/16 21:18, Doug Barton wrote: Sorry if this is off topic, but I'm just curious what folks are using for webmail nowadays. roundcube was fine at some point, but rainloop replaced it fine and is ways faster. Horde, though for a personal box rather than corp or service provider. Was using roundcube before, but I use the groupware/PIM bits as well, and that was less "cohesive" in roundcube whereas it's horde's bread and butter. I've also been seeing a decent amount of "ZimbraWebClient" in X-Mailer strings for corp or hosted-looking domains, with "Zoho Mail" to a lesser degree. -- Hugo ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Strange Gmail IPv6 rejects?
That's a decent chunk of redacted going on there... What's in the smtp path after the message leaves mail.redacted.com? Does mail.redacted.com relay out directly? Is it configured to smarthost through something else? Further more, The "From" address below (The 2602:306 one) isn't even in our allocation space. But actually in ATT AS7018's allocation. Something to consider about that: $ whois 2602:306:2554:63c9:91c2:5c8a:ae39:ed80 | grep -i netname NetName:ATT-6RD Not sure exactly how that changes the picture for you, but the fact that 6RD is involved (at least if AT is accurate in that netname and set aside a whole /24 for 6RD) might change the picture a bit... -- Hugo On Thu 2015-Oct-08 10:20:02 -0400, Nick Olsenwrote: Greetings all, Please see below. Our parent office is having trouble sending to all gmail accounts. They all get rejected with the below message. The strange part is, We don't have IPv6 enabled on the customers exchange server. Nor on their router. Further more, The "From" address below (The 2602:306 one) isn't even in our allocation space. But actually in ATT AS7018's allocation. I'm not sure how google is seeing that as the source address on this SMTP connection. The below email was sent from OWA. Which explains the local fe80 IPv6 address. But still once again, Not the 2602:306 address in the SMTP response from google. Anyone have any insight? Diagnostic information for administrators: redac...@gmail.com mx.google.com #550-5.7.1 [2602:306:2554:63c9:91c2:5c8a:ae39:ed80] Our system has detected that 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR 550-5.7.1 records and authentication. Please review 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more 550 5.7.1 information. y19si303834ywd.40 - gsmtp ## Original message headers: Received: from mail.redacted.com ([fe80::91c2:5c8a:ae39:ed80]) by mail.redacted.com ([fe80::91c2:5c8a:ae39:ed80%13]) with mapi; Thu, 8 Oct 2015 10:01:50 -0400 From: Krisi To: "redac...@gmail.com" Date: Thu, 8 Oct 2015 10:01:49 -0400 Subject: TEST Thread-Topic: TEST Thread-Index: AQHRAdHgIYTSkNTvA0ip9Ycg6Q8Mrg== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Nick Olsen Network Operations (855) FLSPEED x106 ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
Re: [mailop] BTInternet delivery problems
On Tue 2015-Sep-08 06:45:55 +1000, Bron Gondwanawrote: On Tue, Sep 8, 2015, at 04:39, Gary Baribault wrote: On 07/09/15 02:31 PM, mikea wrote: On Mon, Sep 07, 2015 at 02:10:48PM -0400, Gary Baribault wrote: Whatever happened to postmas...@example.com? First, it was a standard. Second, it got too much traffic. I get the too much traffic part, what's wrong with it being a standard? How can you be a special snowflake and make your own stamp on the world if you follow a standard? As a numbered list of gripes/issues/concerns it doesn't make too much sense. As a chronology, though? "First, this happened (which was fine). Then, this happened (which sucked)." Perhaps mikea meant the latter. Bron ( responding to a top post with a standard form of quoting... ) -- Hugo ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
Re: [mailop] MailFoundry Replacement?
On Wed 2015-Aug-05 20:47:43 +, Michael Wise michael.w...@microsoft.com wrote: We do, however, support On Prem servers way beyond 10k users. I'm confused. No hardware or software required to install, manage, and maintain, which minimizes up-front investment.[1] Microsoft Exchange Online Protection (EOP) is a cloud-based email filtering service that helps protect your organization against spam and malware, and includes features to safeguard your organization from messaging-policy violations.[2] Q. How long does it take to put EOP into production? A. When you change your MX record, as per the steps outlined in Set up your EOP service, and your mail flows through EOP, filtering begins immediately. The MX record may take as long as 24-48 hours to propagate via DNS. You can fine tune your protection settings in the Exchange admin center (EAC) at any time during this process.[3] That all points to hosted filtering with no mention of on-prem filtering, though with the option of either Exchange Online or on-prem for the actual mailboxes. My reading of Doug's request was that he wanted the filtering on-prem, not just the mailboxes. Unless I'm either misreading Doug's request or the EOP service info, and e.g. EOP also has the ability to deploy filtering nodes on-prem? Aloha, Michael. -- Sent from my Windows Phone -- Hugo [1] https://products.office.com/en-us/exchange/microsoft-exchange-online-protection-email-filter-and-anti-spam-protection-email-security-email-spam [2] https://technet.microsoft.com/library/exchange-online-protection-service-description.aspx [3] https://technet.microsoft.com/en-us/library/jj871669.aspx ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
Re: [mailop] Blog: Logjam, Openssl and Email Deliverability
On Tue 2015-Jun-30 01:04:48 +0200, Michelle Sullivan miche...@sorbs.net wrote: That said, so far today, only 0.015% of our outbound messages that were over an encrypted link were using SSLv3. At our volume, that's not nothing, unfortunately, but it's a pretty small amount to allow to continue to allow the possibility of breaking the rest. TLSv1 is still about 5%, way too high to deprecate at this point. Inbound is 0.1% at SSLv3, 37% at TLSv1. So +60% is unencrypted inbound... because it has to be or because it is not forced otherwise... that is the burning question. You policy Encrypted or nothing and it'll be interesting how many cope and how many don't... Just to be clear: It sounds like you're talking about a scenario where Google would require TLS inbound and possibly outbound and refusing *any* cleartext delivery. Is that right? Correct me if I'm wrong, but I don't believe Brandon's said anything to that effect. Any discussion so far has been about if STARTTLS ( DHE -le 512 ) then disconnect, possibly/probably with DANE in the mix as well and refusing to fall back to clear if STARTTLS is initiated but fails to negotiate, but nothing about refusing *all* cleartext SMTP from the get-go, Michelle -- Michelle Sullivan http://www.mhix.org/ -- Hugo ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
Re: [mailop] Yahoo.com/frontiernet.net delivery delays
Same: relay=mta5.am0.yahoodns.net[98.136.217.203]:25, delay=513, delays=505/0/6/2.3, dsn=4.3.2, status=deferred (host mta5.am0.yahoodns.net[98.136.217.203] said: 451 4.3.2 Internal error reading data (in reply to MAIL FROM command)) -- Hugo -Original Message- Date: Wed, 3 Jun 2015 10:13:24 -0500 From: Frank Bulk frnk...@iname.com To: mailop@mailop.org Subject: [mailop] Yahoo.com/frontiernet.net delivery delays X-Mailer: Microsoft Outlook 16.0 FYI, since 9:01 am (U.S. Central) I've been seeing email delivery delays to various IPs for yahoo.com/frontiernet.net, all logging this: Site yahoo.com (66.196.118.35) said in response to MAIL FROM (451 4.3.2 Internal error reading data) Anyone else seeing the same thing? Frank ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop