Re: [mailop] Looking for GoDaddy email/DNS contact

[frnkblk]

It's cleaned up now -- maybe it automatically happened after the aforementioned 
quarantine?

Thanks,

Frank 

-Original Message-
From: mailop  On Behalf Of Bill Cole
Sent: Friday, April 26, 2019 3:27 PM
To: mailop@mailop.org
Subject: Re: [mailop] Looking for GoDaddy email/DNS contact

On 25 Apr 2019, at 23:49, frnk...@iname.com wrote:

> We had a customer not renew their domain name (IRONINGENUITY.COM), but 
> upon
> expiration their MX records were left still pointing to us.  We're 
> looking
> for a way for that to get cleaned up (ideally null MX record, second 
> best is
> to reset to GoDaddy's default MX record for such domains), but since 
> the
> customer doesn't want to renew the domain, don't know really where to 
> turn.

I'm not seeing the problem...

$ host IRONINGENUITY.COM
Host IRONINGENUITY.COM not found: 3(NXDOMAIN)

$ host -t ns IRONINGENUITY.COM b.gtld-servers.net
Using domain server:
Name: b.gtld-servers.net
Address: 192.33.14.30#53
Aliases:

Host IRONINGENUITY.COM not found: 3(NXDOMAIN)



-- 
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Looking for GoDaddy email/DNS contact

[frnkblk]

We had a customer not renew their domain name (IRONINGENUITY.COM), but upon
expiration their MX records were left still pointing to us.  We're looking
for a way for that to get cleaned up (ideally null MX record, second best is
to reset to GoDaddy's default MX record for such domains), but since the
customer doesn't want to renew the domain, don't know really where to turn.

Regards,

Frank


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Mandrill service outage

[frnkblk]

FYI:
https://www.mediapost.com/publications/article/331556/mailchimps-mandrill-ap
p-suffers-service-outage-c.html

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] No MX records for mail.mil

[frnkblk]

Looks to be a DNSsec issue ... please correct me if I have that wrong.

Frank

-Original Message-
From: Frank Bulk (frnk...@iname.com)  
Sent: Thursday, May 3, 2018 8:28 AM
To: 'mailop@mailop.org' (mailop@mailop.org) 
Subject: No MX records for mail.mil

I haven't investigated this thoroughly, but it seems like mail.mil is not
returning MX records from certain DNS resolvers. 

Frank


DNS server: 1.1.1.1 (Cloudflare DNS)

; <<>> DiG 9.7.3 <<>> MX mail.mil @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49376
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mil.  IN  MX

;; Query time: 67 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu May  3 08:24:43 2018
;; MSG SIZE  rcvd: 26


DNS server: 1.0.0.1 (Cloudflare DNS)

; <<>> DiG 9.7.3 <<>> MX mail.mil @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39108
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mil.  IN  MX

;; Query time: 4171 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Thu May  3 08:24:47 2018
;; MSG SIZE  rcvd: 26


DNS server: 8.8.8.8 (Google DNS)

; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29691
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mil.  IN  MX

;; Query time: 34 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu May  3 08:24:42 2018
;; MSG SIZE  rcvd: 26


DNS server: 8.8.4.4 (Google DNS)

; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.4.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27285
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mil.  IN  MX

;; Query time: 76 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Thu May  3 08:24:42 2018
;; MSG SIZE  rcvd: 26




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] No MX records for mail.mil

[frnkblk]

I haven't investigated this thoroughly, but it seems like mail.mil is not
returning MX records from certain DNS resolvers. 

Frank


DNS server: 1.1.1.1 (Cloudflare DNS)

; <<>> DiG 9.7.3 <<>> MX mail.mil @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49376
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mil.  IN  MX

;; Query time: 67 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu May  3 08:24:43 2018
;; MSG SIZE  rcvd: 26


DNS server: 1.0.0.1 (Cloudflare DNS)

; <<>> DiG 9.7.3 <<>> MX mail.mil @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39108
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mil.  IN  MX

;; Query time: 4171 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Thu May  3 08:24:47 2018
;; MSG SIZE  rcvd: 26


DNS server: 8.8.8.8 (Google DNS)

; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29691
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mil.  IN  MX

;; Query time: 34 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu May  3 08:24:42 2018
;; MSG SIZE  rcvd: 26


DNS server: 8.8.4.4 (Google DNS)

; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.4.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27285
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mil.  IN  MX

;; Query time: 76 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Thu May  3 08:24:42 2018
;; MSG SIZE  rcvd: 26




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Email issues to outlook.com and hotmail.com this afternoon/evening

[frnkblk]

Thanks.  Most of them are "AS843".  I wish I knew what that meant.  Poking 
through those pending outbound messages in our queues, nothing seems sneaky or 
suspicious about them.  Hopefully they will eventually deliver.

Frank

-Original Message-
From: Benjamin BILLON  
Sent: Thursday, February 22, 2018 9:21 PM
To: frnk...@iname.com; mailop@mailop.org
Subject: RE: [mailop] Email issues to outlook.com and hotmail.com this 
afternoon/evening

Hi Frank, 

To answer the question: "not me", but any STMP reply that includes (AS[0-9]+) 
is related to spam detection/reputation issues.
Those "Server busy" without such codes can perfectly is that servers are, in 
fact, busy (so you should try again, maybe fallback a bit).

When talking with the support a few weeks back, we provided the proportion of 
each ASXXX numbers in our logs for a given IP/pool/client, as although I don't 
know what each code is about, that could help them spot something specific on 
their side (for the cases where I _know_ that there's no reason to consider the 
emails as spam).

Are you seeing many more "Server busy" without than with ASXXX ?

Hope that helps, 
--

Benjamin Billon

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of frnk...@iname.com
Sent: Thursday, 22 February, 2018 18:28
To: mailop@mailop.org
Subject: [mailop] Email issues to outlook.com and hotmail.com this 
afternoon/evening

Anyone else see email queued up to outlook.com and Hotmail.com domains?  It 
started around 5:30 pm U.S. Central and we're still seeing some issues.  

Here are some just some status logs from our email servers:

@outlook.com Site outlook.com (104.47.38.33) said after data sent:
452 4.3.1 Insufficient system resources (TSTE) 
[BL2NAM02HT002.eop-nam02.prod.protection.outlook.com]
[BL2NAM02FT001.eop-nam02.prod.protection.outlook.com]
@outlook.com ubad=-1386839216, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BL2NAM02FT028.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1678146736, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.28].
(AS843) [BN3NAM01FT001.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1390394544, Site (hotmail.com/104.47.45.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [CO1NAM04FT040.eop-NAM04.prod.protection.outlook.com]
@hotmail.com ubad=-1386839216, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.26].
(AS761) [BN3NAM01FT029.eop-nam01.prod.protection.outlook.com]
@msn.com ubad=-1386839216, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.27]. (AS843) 
[VE1EUR02FT061.eop-EUR02.prod.protection.outlook.com]
@msn.com ubad=-1386839216, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.20]. (AS843) 
[VE1EUR02FT047.eop-EUR02.prod.protection.outlook.com]
@outlook.com ubad=-1380134064, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BL2NAM02FT023.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1380134064, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.28].
(AS843) [BN3NAM01FT045.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1402289328, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BN3NAM01FT056.eop-nam01.prod.protection.outlook.com]
@outlook.com ubad=-1537227952, Site (outlook.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.28].
(AS761) [BN3NAM01FT003.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1537227952, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BN3NAM01FT047.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1377012912, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BN3NAM01FT006.eop-nam01.prod.protection.outlook.com]
@outlook.com ubad=-1514519728, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BL2NAM02FT017.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1396481200, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BN3NAM01FT033.eop-nam01.prod.protection.outlook.com]
@msn.com ubad=-1495354544, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.27]. (AS843) 
[VE1EUR02FT056.eop-EUR02.prod.protection.outlook.com]
@msn.com ubad=-1380134064, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.28]. (AS843) 
[VE1EUR02FT036.eop-EUR02.prod.protection.outlook.com]

[mailop] Email issues to outlook.com and hotmail.com this afternoon/evening

[frnkblk]

Anyone else see email queued up to outlook.com and Hotmail.com domains?  It
started around 5:30 pm U.S. Central and we're still seeing some issues.  

Here are some just some status logs from our email servers:

@outlook.com Site outlook.com (104.47.38.33) said after data sent:
452 4.3.1 Insufficient system resources (TSTE)
[BL2NAM02HT002.eop-nam02.prod.protection.outlook.com]
[BL2NAM02FT001.eop-nam02.prod.protection.outlook.com]
@outlook.com ubad=-1386839216, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BL2NAM02FT028.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1678146736, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.28].
(AS843) [BN3NAM01FT001.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1390394544, Site (hotmail.com/104.47.45.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [CO1NAM04FT040.eop-NAM04.prod.protection.outlook.com]
@hotmail.com ubad=-1386839216, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.26].
(AS761) [BN3NAM01FT029.eop-nam01.prod.protection.outlook.com]
@msn.com ubad=-1386839216, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.27]. (AS843)
[VE1EUR02FT061.eop-EUR02.prod.protection.outlook.com]
@msn.com ubad=-1386839216, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.20]. (AS843)
[VE1EUR02FT047.eop-EUR02.prod.protection.outlook.com]
@outlook.com ubad=-1380134064, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BL2NAM02FT023.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1380134064, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.28].
(AS843) [BN3NAM01FT045.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1402289328, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BN3NAM01FT056.eop-nam01.prod.protection.outlook.com]
@outlook.com ubad=-1537227952, Site (outlook.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.28].
(AS761) [BN3NAM01FT003.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1537227952, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BN3NAM01FT047.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1377012912, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BN3NAM01FT006.eop-nam01.prod.protection.outlook.com]
@outlook.com ubad=-1514519728, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BL2NAM02FT017.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1396481200, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BN3NAM01FT033.eop-nam01.prod.protection.outlook.com]
@msn.com ubad=-1495354544, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.27]. (AS843)
[VE1EUR02FT056.eop-EUR02.prod.protection.outlook.com]
@msn.com ubad=-1380134064, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.28]. (AS843)
[VE1EUR02FT036.eop-EUR02.prod.protection.outlook.com]
@hotmail.com ubad=-1398660272, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BN3NAM01FT058.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1678146736, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BN3NAM01FT001.eop-nam01.prod.protection.outlook.com]
@outlook.com ubad=-1503435952, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.26].
(AS843) [BL2NAM02FT018.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1678146736, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BN3NAM01FT001.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1403702448, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BN3NAM01FT020.eop-nam01.prod.protection.outlook.com]

Frank


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone else seeing "451 4.7.500 Server busy" from Hotmail?

[frnkblk]

Starting just after 9 pm (U.S. Central) we started seeing a little:
ubad=14039790, Site (hotmail.com/104.47.10.33) said: 451 4.7.500
Server busy. Please try again later from [96.31.0.20]. (AS761)
[DB5EUR03FT004.eop-EUR03.prod.protection.outlook.com]
ubad=14039790, Site (hotmail.com/104.47.33.33) said: 451 4.7.500
Server busy. Please try again later from [96.31.0.20]. (AS843)
[BN3NAM01FT051.eop-nam01.prod.protection.outlook.com]

Target IPs are 104.47.10.33, 104.47.32.33, and 104.47.33.33.

Anyone else see this, or know what Hotmail's antispam (AS) values mean?

Regards,

Frank Bulk


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Looks like GoDaddy is having email issues

[frnkblk]

Our outbound queues are draining now, down 37% from 10:56 pm U.S. Central, 
where it was the highest of the last 16 hours.

Frank

-Original Message-
From: Frank Bulk [mailto:frnk...@iname.com] 
Sent: Monday, September 25, 2017 11:59 AM
To: Anne P. Mitchell Esq. ; mailop@mailop.org
Subject: RE: [mailop] Looks like GoDaddy is having email issues

GoDaddy Support tweeted that the issue was resolved, but instead of:
421 p3plibsmtp02-14.prod.phx3.secureserver.net bizsmtp Temporarily 
rejected. Reverse DNS for 96.31.0.x failed. IB108  
we're seeing:
Open (72.167.238.32) Error 180sec (399 TCP Read failed (Err Code Zero 
after 180 seconds) 180 sec)
Open (68.178.213.203) Error 0sec (399 TCP Read failed (Connection was 
closed. after 0 seconds) 0 sec)
Site naturesedge-ds.com (72.167.238.32) said in response to MAIL FROM 
(452 4.1.0 ... temporary failure)

From our perspective they're getting flooded or there are still other issues 
going on.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Anne P. Mitchell 
Esq.
Sent: Monday, September 25, 2017 10:11 AM
To: mailop@mailop.org
Subject: Re: [mailop] Looks like GoDaddy is having email issues

This has been passed on to GoDaddy.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Comcast timeouts

[frnkblk]

Our spam filtering vendor also saw it in their outbound queues: 
https://edgewavecom.statuspage.io/

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brotman, Alexander
Sent: Wednesday, September 20, 2017 2:18 PM
To: mailop@mailop.org
Subject: Re: [mailop] Comcast timeouts

 

There was an issue with some backend systems, which I’ve been told are now 
resolved.  Things are still being cleaned up.

 

--

Alex Brotman

Sr. Engineer, Anti-Abuse

Comcast

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Russell Clemings
Sent: Wednesday, September 20, 2017 2:31 PM
To: mailop@mailop.org  
Subject: Re: [mailop] Comcast timeouts

 

I see nothing but timeouts from those two since 9 a.m. Eastern. Our server is 
in Maryland.

 

 

 

On Wed, Sep 20, 2017 at 11:15 AM, Eric Tykwinski mailto:eric-l...@truenet.com> > wrote:

I’m seeing a bunch of timeouts on mx1.comcast.net   and 
mx2.comcast.net  

Tested from office and an OVH server to make sure it’s not regional.

Timeouts are sporadic, so delivery happens after a few tries.

 

Just want to let someone know if Comcast guys are reading.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300  

 


___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





 

-- 

===
Russell Clemings

mailto:russ...@clemings.com> >
===

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone else email see email delays to cox.net today?

[frnkblk]

We saw email delivery delays to cox.net today, between 12:58 and 7:32 pm
(U.S. Central).  Our email server logged the following for each of them:
Site cox.net (68.6.19.3) said in response to MAIL FROM (452 4.1.0
ESMTP server temporarily not available - Refer to Error Codes section at
http://postmaster.cox.net/confluence/display/postmaster/Error+Codes for more
information.)"
Site cox.net (68.1.17.3) said in response to MAIL FROM (452 4.1.0
ESMTP server temporarily not available - Refer to Error Codes section at
http://postmaster.cox.net/confluence/display/postmaster/Error+Codes for more
information.)"
The web page doesn't address this specific issue (ESMTP server temporarily
not available), so I assume what it says at face value.

No hints of issues on Twitter or DownDetector.

Frank


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Email delivery to Yahoo! and Frontier (who also uses Yahoo! email)

[frnkblk]

We saw things clear up around 1:20 pm U.S. Central.  Whatever it was, it didn’t 
really show up in DownDetector, so end-user facing access was apparently OK.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Torsten Reinert 
via mailop
Sent: Thursday, July 13, 2017 1:33 PM
To: mailop@mailop.org
Subject: Re: [mailop] Email delivery to Yahoo! and Frontier (who also uses 
Yahoo! email)

 

Issues seem to be resolved. Our messages have gone out by now.

 

 

On Thu, Jul 13, 2017 at 11:16 AM, Torsten Reinert mailto:tors...@groupon.com> > wrote:

Same here.

 

 

On Thu, Jul 13, 2017 at 9:50 AM, Tony Maszeroski via mailop mailto:mailop@mailop.org> > wrote:

+1 - Yahoo queues bloating here as well.

These appear to be our top three problematic destinations:

mta6.am0.yahoodns.net  [98.136.216.25]
mta7.am0.yahoodns.net  [98.136.217.203]
mta7.am0.yahoodns.net  [98.138.112.33]

-tony

On 7/13/17 09:40, Tara Natanson wrote:
> Yes,  We have been seeing this as well and I have confirmed several
> other senders are seeing it too.  Same error.
>
> One person reported this error started appearing over the weekend.
>
> Tara Natanson
>
> On Thu, Jul 13, 2017 at 12:32 PM, Frank Bulk   
>  >> wrote:
>
> We're seeing outbound email queue up for yahoo.com  
>  and frontier.com   
>  and
> frontiernet.net    since 
> 7:50 am U.S.
> Central.  Our email server is logging
> "451 4.3.2 Internal error reading data"
>
> Frank
>
>
> ___
> mailop mailing list
> mailop@mailop.org     >
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 

>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org  
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>


___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





 

-- 



Torsten Reinert

Global Deliverability Manager

 

Email: tors...@groupon.com  

Groupon Inc. | www.groupon.com  

 





 

-- 



Torsten Reinert

Global Deliverability Manager

 

Email: tors...@groupon.com  

Groupon Inc. | www.groupon.com  

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Email issues to mx01.perfora.net?

[frnkblk]

Anyone else seeing delivery issues to mx01.perfora.net?  Sample logs/data
below:

Frank

Open (74.208.5.21) Error 181sec (399 TCP Read failed (Err Code Zero after
180 seconds) 180 sec)
ubad=14022638, Site (sibleypresby.church/74.208.5.21) said: 450 Requested
mail action not taken: mailbox unavailable
ubad=14022638, Site (firstcrc.com/74.208.5.21) said: 450 Requested mail
action not taken: mailbox unavailable

21.5.208.74.in-addr.arpa domain name pointer mx01.perfora.net.

IP: 74.208.5.21
Origin-AS: 8560
Prefix: 74.208.0.0/16
AS-Path: 6539 577 3356 8560
AS-Org-Name: ONEANDONE-AS Brauerstrasse 48
Org-Name: 1&1 Internet Inc.
Net-Name: 1AN1-NETWORK
Cache-Date: 1496904103
Latitude: 39.099730
Longitude: -94.578570
City: Kansas City
Region: Missouri
Country: United States
Country-Code: US


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] So, about this iOS10 unsubscribe feature...

[frnkblk]

Exactly. =)

This week was calm -- no alerts regarding our server queues about this issue.  
Perhaps it was just one spammer that had a non-working SMTP server.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Bill Cole
Sent: Thursday, May 25, 2017 7:15 PM
To: mailop@mailop.org
Subject: Re: [mailop] So, about this iOS10 unsubscribe feature...

On 22 May 2017, at 21:59, frnk...@iname.com wrote:

> Here are the domains that are currently in our server queues:
>
>   e.highwayhealth.org
>
>   e.everydown.org
>
>   e.thrivehealth.org
>
>   e.pro-associates.org
>
>   e.educationforourfuture.org
>
>   e.booktemplate.org
>
>   e.amicon.org
>
>   e.gatherit.org
>
> Note that none of these have an MX record.

Which is not itself a problem, since they all have A records. However, 
they all resolve to the same IP, 107.158.16.99, which does not answer on 
port 25.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Hotmail server(s) out of memory?

[frnkblk]

Thanks.  Last logged occurrence was 5:07 pm U.S. Central.

 

Frank

 

From: Michael Wise [mailto:michael.w...@microsoft.com] 
Sent: Friday, June 2, 2017 12:13 PM
To: Frank Bulk ; mailop@mailop.org
Subject: RE: [mailop] Hotmail server(s) out of memory?

 

 

Looks like the issue is being mitigated.

Our monitoring did catch it, apparently.

Past that, can’t say much. 😊

 

Thanks!

 

Aloha,

Michael.

-- 

Michael J Wise
Microsoft Corporation| Spam Analysis

"Your Spam Specimen Has Been Processed."

Got the   Junk 
Mail Reporting Tool ?

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Frank Bulk
Sent: Friday, June 2, 2017 7:36 AM
To: mailop@mailop.org  
Subject: [mailop] Hotmail server(s) out of memory?

 

Starting this morning at 8:44 am U.S. Central we saw this with two different 
customers of ours emailing Hotmail subs:

Site hotmail.com (104.44.194.235) said in response to MAIL FROM (452 Out of 
memory)

Site hotmail.com (104.44.194.236) said in response to MAIL FROM (452 Out of 
memory)

 

Regards,

 

Frank

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] So, about this iOS10 unsubscribe feature...

[frnkblk]

It appears to be the second -- some bulk mail sender has started sending mail 
with invalid Unsubscribe information and users that try to unsubscribe are 
generating queue noise.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Dave Warren
Sent: Monday, May 22, 2017 9:41 PM
To: mailop@mailop.org
Subject: Re: [mailop] So, about this iOS10 unsubscribe feature...

 

On Mon, May 22, 2017, at 18:59, frnk...@iname.com   
wrote:

Just starting last week we started seeing our outbound queues fill up with 
undeliverable client messages generated because of this one-click unsubscribe 
feature.  Since this Apple feature has been in place for over six months, I’m 
surprised we haven’t seen this until now.

 

Is the problem iOS 10 doing something wrong, or is it just some bulk mail 
sender has started sending mail with invalid Unsubscribe information and users 
that try to unsubscribe are generating queue noise?

 

I don't use the feature much myself on a day to day basis, but I did monkey 
with it a bit when it first came out and it seems to work as described.

 

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] So, about this iOS10 unsubscribe feature...

[frnkblk]

Just starting last week we started seeing our outbound queues fill up with 
undeliverable client messages generated because of this one-click unsubscribe 
feature.  Since this Apple feature has been in place for over six months, I’m 
surprised we haven’t seen this until now.

 

Here are the domains that are currently in our server queues:

  e.highwayhealth.org

  e.everydown.org

  e.thrivehealth.org

  e.pro-associates.org

  e.educationforourfuture.org

  e.booktemplate.org

  e.amicon.org

  e.gatherit.org

Note that none of these have an MX record.

 

How are others dealing with this? Just purging their outbound queues?

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Josh Nason
Sent: Thursday, September 15, 2016 3:27 PM
To: mailop 
Subject: [mailop] So, about this iOS10 unsubscribe feature...

 

Hi all -- I'm sure you've heard about the new iOS10 feature that highlights an 
unsubscribe at the top of bulk emails. I assumed it was only going to be active 
if a sender had list unsubscribe turned on, but was mistaken. 

 

However, the prompt I get saying 'Mail will send a message from (my email) to 
unsubscribe from this mailing list.'

 

Anyone know where that message is going to be sent to? I assume the reply 
address, but am unclear and can't seem to find documentation on it.


 

-- 

     
   
  

Josh Nason / Email Reputation Manager  
     
 +1 603-289-1244 | @JoshNason 
 

Email is hot! This is why 

  it's the original form of social media.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF record

[frnkblk]

Same here -- many of my customers, for example those who go to O365, aren't
aware of the implications when they add Microsoft's suggested SPF record,
and then wonder why some emails (originated from a non-O365 system) aren't
being received.  Fortunately our helpdesk is very attuned to these issues
and can suggest tweaks to their SPF record to resolve the issue.

Frank

-Original Message-
From: SM [mailto:s...@elandnews.com] 
Sent: Sunday, May 21, 2017 10:25 AM
To: frnk...@iname.com; mailop@mailop.org
Cc: Kurt Jaeger 
Subject: RE: [mailop] SPF record

Hi Frank,
At 06:52 21-05-2017, frnk...@iname.com wrote:
>Do you think the sending domain was not aware of that when they 
>wrote the policy?

I have come across cases where the sending domain was not aware of 
the impact of its SPF policy.  That does not mean that sending 
domains are not aware of what will happen because of their policies.

Regards,
-sm 




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF record

[frnkblk]

sm,

Do you think the sending domain was not aware of that when they wrote the 
policy?

Frank 

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of SM
Sent: Sunday, May 21, 2017 8:13 AM
To: Kurt Jaeger ; mailop@mailop.org
Subject: Re: [mailop] SPF record

Hi Kurt,
At 05:25 21-05-2017, Kurt Jaeger wrote:
>Can you tell more about this ? Why is '-all' bad ?

You are assuming that when the message is delivered to the receiver, 
it will see a connection from the sending IP address.

Regards,
-sm   


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

[frnkblk]

Neil,

 

Thanks for sharing with ExactTarget.

 

Are you saying that checking the box on our commercial spam filtering system’s 
“check SPF” feature, which quarantines messages that have SPF failures (-all), 
was a poor decision on my part?  

 

I don’t understand what DMARC has to do with this – a sender who implements an 
SPF record should not the assume the receiver has also implemented DMARC 
checking.  Let me remind everyone again – a message was sent to us from an IP 
address that was outside the range of the SPF record for that sending email 
address’s domain, and the SPF record told us to discard the message.  I really 
don’t understand why I’m being blamed for not delivering the message.  If the 
sender wanted a different behavior they should have used a “~all”.  I feel I 
already went above and beyond the call of duty by contacting dozens and dozens 
of senders who had incomplete SPF records.  It just turns out that I didn’t 
have a contact at Travelocity.

 

Regards,

 

Frank

 

From: Neil Schwartzman [mailto:spamfighter...@icloud.com] 
Sent: Saturday, May 20, 2017 10:58 AM
To: frnk...@iname.com
Cc: Brandon Long ; mailop ; John Levine 

Subject: Re: [mailop] Many SPF failures lately

 

Yeah. I did let exact target know.

 

I work supporting a userbase probably a few hundred million the size of yours, 
and I can tell you, in my world. knowingly, blithely dropping legitimate email 
is likely a firing offense.

 

I suggest you may wish to avail yourself of deep knowledge of DMARC 
technologies so you can actual insight into what senders intend you to do in 
light of their declarations.

--

Neil Schwartzman

spamfigh...@gmail.com  

Tel.: +1 (514) 629-6345


On May 20, 2017, at 11:31, mailto:frnk...@iname.com> > 
mailto:frnk...@iname.com> > wrote:

I guess it depends on how our customers forward to the email account provided 
by us.  I’m sure that there are some messages that we do block due to 
forwarding, but when I manually examined four weeks of SPF-based blocks, I 
don’t recall seeing one example.  You’re very much right that waiting for 
feedback from end-users is very much incomplete. 

 

We do not do policy enforcement purely based on SPF unless it is a ”-all”.  For 
all others it’s part of the spam analysis mix.

 

If someone does know the mail operator/group for Travelocity, perhaps they can 
be alerted to the issue I raised.  

 

Frank

 

From: Brandon Long [mailto:bl...@google.com] 
Sent: Saturday, May 20, 2017 1:56 AM
To: Frank Bulk mailto:frnk...@iname.com> >
Cc: John Levine mailto:jo...@taugh.com> >; mailop 
mailto:mailop@mailop.org> >
Subject: Re: [mailop] Many SPF failures lately

 

Is forwarding mail something your users never do?  Or do you think the sender 
should be able to specify that the mail can't be forwarded?

 

With the exception of a pure -all record, policy enforcement based purely on 
spf is a poor choice.  Maybe, depending on your users, it won't raise the fp 
rate that much.  OTOH, if you just reject without letting in a fraction, how do 
you even know what your fp rate is?  Waiting for feedback from your users that 
they're missing messages they may not even know they should have gotten is a 
poor way to measure effectiveness.

 

Brandon

 

On May 19, 2017 9:34 PM, mailto:frnk...@iname.com> > wrote:

John,

I'm a bit bewildered -- these aren't random strangers, they're the actual
sender.  Am I supposed to second-guess the sender's instructions?  If I have
to second-guess every sender's "-all" then I have to have another layer of
subjective analysis -- currently manual, in my situation.

Frank


-Original Message-
From: John R Levine [mailto:jo...@taugh.com  ]
Sent: Friday, May 19, 2017 7:22 PM
To: frnk...@iname.com  
Cc: mailop@mailop.org  
Subject: RE: [mailop] Many SPF failures lately

> Yet the senders, via their SPF records with a "-all", told me to reject
those messages. As MTA's, we're doing what the send told us to do.

I don't know about you, but I do not blindly follow instructions from
random strangers.  It rarely leads to good outcomes.

> For my users, I have the quaint idea that I should try and deliver the
> mail that they obviously want.

Regards,
John Levine, jo...@taugh.com  , Taughannock Networks, 
Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly



___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

[frnkblk]

I guess it depends on how our customers forward to the email account provided 
by us.  I’m sure that there are some messages that we do block due to 
forwarding, but when I manually examined four weeks of SPF-based blocks, I 
don’t recall seeing one example.  You’re very much right that waiting for 
feedback from end-users is very much incomplete. 

 

We do not do policy enforcement purely based on SPF unless it is a ”-all”.  For 
all others it’s part of the spam analysis mix.

 

If someone does know the mail operator/group for Travelocity, perhaps they can 
be alerted to the issue I raised.  

 

Frank

 

From: Brandon Long [mailto:bl...@google.com] 
Sent: Saturday, May 20, 2017 1:56 AM
To: Frank Bulk 
Cc: John Levine ; mailop 
Subject: Re: [mailop] Many SPF failures lately

 

Is forwarding mail something your users never do?  Or do you think the sender 
should be able to specify that the mail can't be forwarded?

 

With the exception of a pure -all record, policy enforcement based purely on 
spf is a poor choice.  Maybe, depending on your users, it won't raise the fp 
rate that much.  OTOH, if you just reject without letting in a fraction, how do 
you even know what your fp rate is?  Waiting for feedback from your users that 
they're missing messages they may not even know they should have gotten is a 
poor way to measure effectiveness.

 

Brandon

 

On May 19, 2017 9:34 PM, mailto:frnk...@iname.com> > wrote:

John,

I'm a bit bewildered -- these aren't random strangers, they're the actual
sender.  Am I supposed to second-guess the sender's instructions?  If I have
to second-guess every sender's "-all" then I have to have another layer of
subjective analysis -- currently manual, in my situation.

Frank


-Original Message-
From: John R Levine [mailto:jo...@taugh.com  ]
Sent: Friday, May 19, 2017 7:22 PM
To: frnk...@iname.com  
Cc: mailop@mailop.org  
Subject: RE: [mailop] Many SPF failures lately

> Yet the senders, via their SPF records with a "-all", told me to reject
those messages. As MTA's, we're doing what the send told us to do.

I don't know about you, but I do not blindly follow instructions from
random strangers.  It rarely leads to good outcomes.

> For my users, I have the quaint idea that I should try and deliver the
> mail that they obviously want.

Regards,
John Levine, jo...@taugh.com  , Taughannock Networks, 
Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly



___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

[frnkblk]

John,

I'm a bit bewildered -- these aren't random strangers, they're the actual
sender.  Am I supposed to second-guess the sender's instructions?  If I have
to second-guess every sender's "-all" then I have to have another layer of
subjective analysis -- currently manual, in my situation.  

Frank


-Original Message-
From: John R Levine [mailto:jo...@taugh.com] 
Sent: Friday, May 19, 2017 7:22 PM
To: frnk...@iname.com
Cc: mailop@mailop.org
Subject: RE: [mailop] Many SPF failures lately

> Yet the senders, via their SPF records with a "-all", told me to reject
those messages. As MTA's, we're doing what the send told us to do.

I don't know about you, but I do not blindly follow instructions from 
random strangers.  It rarely leads to good outcomes.

> For my users, I have the quaint idea that I should try and deliver the
> mail that they obviously want.

Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

[frnkblk]

I looked at the last week of blocked email from Travelocity.com and found just 
one blocked message.

It was a flight change email from traveloc...@e.travelocity.com with a source 
IP of 66.244.67.50.

fbulk@frankb-PC:/mnt/c/Users/fbulk$ dig TXT e.travelocity.com +short
"spf2.0/pra include:cust-senderid.exacttarget.com -all"
"v=spf1 include:cust-spf.exacttarget.com -all"
fbulk@frankb-PC:/mnt/c/Users/fbulk$ dig TXT cust-spf.exacttarget.com +short
"v=spf1 ip4:64.132.92.0/24 ip4:64.132.88.0/23 ip4:66.231.80.0/20 
ip4:68.232.192.0/20 ip4:199.122.120.0/21 ip4:207.67.38.0/24 " 
"ip4:207.67.98.192/27 ip4:207.250.68.0/24 ip4:209.43.22.0/28 
ip4:198.245.80.0/20 ip4:136.147.128.0/20 ip4:136.147.176.0/20 ip4:13.111.0.0/18 
-all"
fbulk@frankb-PC:/mnt/c/Users/fbulk$

Besides cust-spf-exacttarget.com having some extra quotes in their SPF record, 
you can see that 66.244.67.50 is not in the above SPF record(s).

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Carl Byington
Sent: Friday, May 19, 2017 11:55 AM
To: mailop@mailop.org
Subject: Re: [mailop] Many SPF failures lately

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Fri, 2017-05-19 at 03:49 -0500, frnk...@iname.com wrote:
> Most well-known cuplprit is Travelocity and their flight change
> notifications.

The only travelocity mail I see here is from
traveloc...@ac.travelocity.com via 192.161.140.0/24. Are the flight
change notifications from some other system?

ac.travelocity.com CNAME -> travelocity.neolane.net
travelocity.neolane.net TXT -> redirect p140.neolane.net
p140.neolane.net TXT "v=spf1 ip4:192.161.140.0/24 -all"

Even if spf fails, we would accept those based on the DKIM signature by
ac.travelocity.com which is listed in our local policy database.


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlkfI0oACgkQL6j7milTFsF0QgCfU/e06B6EOZ9sOLGOUX+HBtpV
X1UAnjCwr/FwQXA3jbew/nHT1IVC2apB
=Iv5/
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

[frnkblk]

Yet the senders, via their SPF records with a "-all", told me to reject those 
messages. As MTA's, we're doing what the send told us to do.

Frank

-Original Message-
From: John Levine [mailto:jo...@taugh.com] 
Sent: Friday, May 19, 2017 9:56 AM
To: mailop@mailop.org
Cc: frnk...@iname.com
Subject: Re: [mailop] Many SPF failures lately

In article <002401d2d07c$de401730$9ac04590$@iname.com> you write:
>I turned on SPF checking on our incoming email server about two or three 
>months and notified
>domain holders who were sending legitimate email from bad IPs, and there, too, 
>some fixed up
>their SPF records, but the majority didn't do anything.  So we keep rejecting 
>those emails.  Most
>of them tend to be from auto-notify systems (bank statements, receipts for 
>purchases from online
>stores, etc).  The recipients don't complain to the sender because they're not 
>aware they were
>supposed to get an email, and since a human didn't send it, there's no one on 
>the sending side
>chasing it down.  Most well-known cuplprit is Travelocity and their flight 
>change notifications. 
>Too bad the travelers aren't getting notified.

I must say I'm glad that I'm not one of your mail users.

For my users, I have the quaint idea that I should try and deliver the
mail that they obviously want.

R's,
John



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SymantecCloud "Message filtered"

[frnkblk]

My $WORK domain is also labeled the same “50”, so I suspect the same “limited 
sampling” issue.  

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Stefano Bagnara
Sent: Friday, May 19, 2017 9:03 AM
To: mailop 
Subject: Re: [mailop] SymantecCloud "Message filtered"

 

On 19 May 2017 at 15:22, Ken O'Driscoll mailto:k...@wemonitoremail.com> > wrote:

Hi Stefano,

WatchGuard (http://reputationauthority.org/) are starting to not like the
IP also - "The ip 188.165.188.38 has sent a high ratio of spam (50
percent)."

 

At that portal I get 50 percent also for IP that never sent anything and they 
picture 50 as *green*... I think that my IPs are simply too "low-volume" for 
that database to "gauge". 

 

Are you suggesting that SymantecCloud uses data from ReputationAuthority.org?

 

My guess is that you are seeing the beginning of a reputation problem
developing with your IP. It's not restaurant menu that's causing the
problem. 

 

My IP send mainly italian emails to italian recipient and I found that often 
this reputation portals do not have a real sample from my IPs to get a correct 
reputation.

That IP returns a 97 on Senderscore and "Good" with a 3.4 magnitudo on 
Senderbase. To me it soulds like reputantionauthority doesn't see a lot of 
emails from my IP so it stays on the 50 that it is his default, while 
senderbase and senderscore collect data from more recipients and they are able 
to measure my good reputation.

 

I don't have any other problem to other providers.. It's just a couple of 
message refuses from symanteccloud that I'd like to investigate.

 

Stefano

 


Ken.

-- 
Ken O'Driscoll / We Monitor Email
t: +353 1 254 9400   | w: www.wemonitoremail.com 
 

On Fri, 2017-05-19 at 14:42 +0200, Stefano Bagnara wrote:
> On 19 May 2017 at 13:28, Ken O'Driscoll   > wrote:
> > Hi Stefano,
> >
> > That link is only intended for customers. Try using the IP address
> > removal
> > portal at http://ipremoval.sms.symantec.com/lookup/ to request that
> > your IP
> > be de-listed. They will de-list a false positive or tell you what is
> > actually causing the issue. All of their services still share the same
> > reputation data as far as I know.
>
> I should have written that I already tested all of my IPs at that page
> and they are not listed.
>
> > The IP address you submitted, 188.165.188.38, does not have a negative
> reputation and therefore cannot be submitted for investigation.
>
> > The alternative is to find a Symantec customer who is affected and get
> > them
> > to open a service request listing you as an available contact point for
> > troubleshooting. All Symantec products and services come with basic
> > support
> > cover which allows this.
>
> That's what I will do.. but this is a "menu" email from a restaurant to a
> lenovo address (nearby office).. the recipient subscribed to receive the
> menu (sent to other 60 people, 2 in lenovo), but I'm not sure he cares
> enough to open a ticket with his manager at lenovo dealings with the
> symanteccloud configuration. So for my customer it's a fault or mine. I
> hoped I was able to get some sort of hint from symantec or anyone else
> already seen that Message filtered block from symantec when the IP was
> not blocked.
> The same happened to another customer with a vodafone.com 
>   address
> (different IP, similar story).
>
> Thank you,
> Stefano
>  
> >  
> >
> > Ken.
> >
> > -- 
> > Ken O'Driscoll / We Monitor Email
> > t: +353 1 254 9400   | w: 
> > www.wemonitoremail.com  
> >
> > On Fri, 2017-05-19 at 12:56 +0200, Stefano Bagnara wrote:
> > > Hi,
> > >
> > > i'm seeing some reject like this by some of our senders:
> > >
> > > > 553 Message filtered. Refer to the Troubleshooting page at 
> > > > http://www.symanteccloud.com/troubleshooting for more information.
> > > (#5.7.1)
> > >
> > > The landing page explanation for the message filtered brings on the
> > table
> > > almost anything (blacklist ip, open relay, duns, urls, mail server
> > > configuration, virus, exploit, opt-out link).
> > >
> > > So the answer is no to everything. If one of my customer spammed
> > Symantec
> > > customers I'd like to identify him.
> > >
> > > I was about to submit the "False positive" here:
> > > https://support.symantec.com/en_US/article.TECH233678.html
> > >
> > > But from the description it's not clear to me if this is only for
> > their
> > > customers or not.
> > >
> > > Is there anyone from Symantec here?
> > > Does anyone have experience with this generic message filtered error
> > and
> > > how to deal with it?
> > >
> > > Stefano
> > >
> > > --
> > > Stefano Bagnara
> > > Void Labs / VOXmail.it
> > > Apache James/jSPF/jDKIM
> > >
> > > ___
> > > mailop mailing list
> > > mailop@mailop.org  
> > > https://chilli.nosignal.org/cgi-bin/mailman/

Re: [mailop] Many SPF failures lately

[frnkblk]

We have an automated SPF checking system in place for clients/partners/vendors 
and auto-notify them of invalid/malformed SPF records every three weeks.  The 
responsive ones got them fixed up, but I still have three die-hards that 
haven't made any changes.  Their domains are low-volume, so they probably 
haven't had a palpable issue.

I turned on SPF checking on our incoming email server about two or three months 
and notified domain holders who were sending legitimate email from bad IPs, and 
there, too, some fixed up their SPF records, but the majority didn't do 
anything.  So we keep rejecting those emails.  Most of them tend to be from 
auto-notify systems (bank statements, receipts for purchases from online 
stores, etc).  The recipients don't complain to the sender because they're not 
aware they were supposed to get an email, and since a human didn't send it, 
there's no one on the sending side chasing it down.  Most well-known cuplprit 
is Travelocity and their flight change notifications.  Too bad the travelers 
aren't getting notified.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Orlitzky
Sent: Tuesday, May 16, 2017 8:20 AM
To: mailop@mailop.org
Subject: Re: [mailop] Many SPF failures lately

On 05/15/2017 12:34 PM, D'Arcy Cain wrote:
>
> My personal preference is to just bounce it and make them fix their 
> records but it is becoming a support problem because the senders are not 
> reading the bounce message which explains the problem and has a link to 
> a page with more detail.  They simply contact our users saying that it 
> must be our problem.
> 

I usually respond with something like "the administrator of the sending
system told us to reject this message, you'll have to take it up with
him." Then if you ever hear from that guy, tell him to delete the SPF
record completely.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Yahoo email issues this afternoon

[frnkblk]

Our outbound email queues to Yahoo were somewhat delayed this afternoon ..
from what I see on downdetector.com, looks like it's not just us.

 

http://downdetector.com/status/yahoo-mail

 

Our queues are draining and the downdetector graph suggests that the issue
is resolving.

 

Frank

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] HB spike from Yahoo?

[frnkblk]

Not sure this this is related: 
http://www.express.co.uk/life-style/science-technology/758307/BT-Mail-Down-Email-Address-BT-Internet-Not-Working

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Alberto Miscia via 
mailop
Sent: Tuesday, January 24, 2017 12:06 PM
To: mailop@mailop.org
Subject: [mailop] HB spike from Yahoo?

 

Hi,

We are seeing a strange spike in hard bounces from Yahoo!, reported also for 
accounts that should work.

"smtp;554 delivery error: dd This user doesn't have a yahoo.com 
  account"

 

Does anyone else see the same?

 

Thanks

 

Alberto Miscia | Head of Deliverability & Compliance | MailUp

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Lack of TLS 1.1/1.2 support on Apple email products

[frnkblk]

Bill,

Thanks for bringing up all those points.  While perhaps the practical 
implications of the TLS1.0's brokenness may not be as applicable to email, it 
doesn't mean ESPs should automatically be satisfied with the status quo.  If 
most vendors have found a way to implement TLS 1.1 and 1.2 then it's not 
unreasonable to expect an industry giant such as Apple to participate.

Based on our own experience and what I've read so far, it appears that if Apple 
stepped in line the percentage of clients that can't support TLS 1.0 with 
fallback to clear text would be very small.  When we turned TLS 1.0 off on our 
webmail server we got a few calls from customers, but our helpdesk was not 
ashamed to encourage our customers to try another browser and/or upgrade their 
OS to address the issue.  As I may have mentioned earlier, it didn't hurt that 
a regional bank did the same with their online banking page ... come to think 
of it, we may have had more calls from customers about the bank's web page than 
our webmail.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Bill Cole
Sent: Saturday, June 25, 2016 3:38 PM
To: mailop@mailop.org
Subject: Re: [mailop] Lack of TLS 1.1/1.2 support on Apple email products

On 24 Jun 2016, at 23:24, frnk...@iname.com wrote:

> I want to disable it for the reasons that Eric spelled out. TLS 1.0 is 
> broken, so if we turn it off on websites, shouldn't we turn it off for 
> all protocols?

Can you explain how exactly TLS 1.0 is broken in ways that are relevant 
for email? What is the attack model where a TLS 1.0 weakness is relevant 
to any facet of email other than end-user HTTPS-based access? Can you 
see how one might protect against such attacks short of disabling TLS 
1.0?

As for the relevance of this to PCI-DSS compliance: There are many 
people making money from selling a weak and oversimplified understanding 
of that standard to others who think it is beyond their capacity to 
understand and so never bother trying to read it. If a PCI "expert" 
claims you must disable TLS 1.0 for SMTP to be compliant, make him give 
you a specific citation. Read that whole section with all the fine print 
before firing him. (HINT: Appendix 2 is the critical part, where the 
phrase "Risk Mitigation and Migration Plan" is used heavily)

> Not that we promise our customers end-to-end encryption for all their 
> e-mail messages and handling,

Good call. No one passing mail too and from the Internet at large can 
keep such a promise and provide mail service customers will actually pay 
for and rely on.

> but I'd like to take advantage of the standards that are already out 
> there for web browsing.

Mail is different. Really. You can allow for people running the latest 
software to use the latest protocols without requiring that everyone do 
so. All the relevant RFCs say SMTP falls back to cleartext if 
negotiating encryption fails. IMAP and SMTP authentication standards 
offer mechanisms that are safe over unencrypted transport, and many 
clients will fall back to using those *silently* if they can't make TLS 
work. Require encryption, and you eliminate interoperability with many 
SMTP servers. Limit encryption to the latest and greatest protocols but 
still allow cleartext fallback, and you get back some of those 
cleartext-only senders but lose senders who won't ever try cleartext and 
can't do better than TLS 1.0. I won't even try to explain the morass of 
limiting ciphersuites: the corner cases there are too complex. If you 
want an exhaustive explanation for why NOT to make a mail server overly 
restrictive  (and how far is reasonable to go) go hunting for Viktor 
Dukhovni's many discussions of the issue on the Postfix mailing lists.

> And I think we could, if it weren't for Apple's mail products.

That is probably false. It's certainly false for MOST mail systems. 
There's a lot of old software in widespread use. Do you want mail 
servers on EL6-family distributions to fall back to cleartext when 
talking to you? People still clinging to Windows 7? How about people 
with service-subsidized Android 4 phones whose contracts aren't done? 
What is your view on interop with FreeBSD 9? How about people behind an 
idiotically configured (i.e. default configured) Cisco ASA or PIX 
firewall? There's a LOT of software out there linked to OpenSSL 0.9.8 
and a bit less to 1.0.0, both of which had their final patch releases in 
12/2015 and support nothong newer than TLS 1.0. Note that anyone running 
on those final versions with default build options and prudent 
configurations should be safe from known TLS 1.0 vulnerabilities. The 
precise wording of PCI-DSS 3.2 arguably would exempt those releases, 
since their TLS 1.0 implementations differ in important ways from "early 
TLS" (a squishy phrase PCI-DSS seems fond of...)

There are sound reasons for nominally closed and controlled environments 
to use nothing older than TLS 1.2, but to do so you need 

Re: [mailop] Email issues with Microsoft?

[frnkblk]

We saw this start to ramp up around 8:20 am (U.S. Central) and about an hour
later messages were predominately getting delayed, yet even now a few do get
delivered from time to time.  

Someone on the outages listserv posted about this, too.
(https://puck.nether.net/pipermail/outages/2016-June/009214.html)

Frank

-Original Message-
From: Frank Bulk (frnk...@iname.com) [mailto:frnk...@iname.com] 
Sent: Thursday, June 30, 2016 10:01 AM
To: 'mailop@mailop.org' (mailop@mailop.org) 
Subject: Email issues with Microsoft?

We're seeing multiple Microsoft-hosted domains having difficulty getting our
email.

@hsitire.com  Open (207.46.163.170) Error
4sec (399 TCP Read failed (Connection reset by peer after 4 seconds) 4 sec)
@animalhealthinternational.comOpen (207.46.163.170) Error
4sec (399 TCP Read failed (Connection reset by peer after 4 seconds) 4 sec)
@midwestwheel.com ubad=13799805, Site
(midwestwheel.com/207.46.163.170) said: 451 4.3.2 Temporary server error.
Please try again later ATTR2
@pamhc.orgOpen (207.46.163.170) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@hsitire.com  Open (207.46.163.170) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@kingsleybank.com Open (207.46.163.170) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@moc-fv.k12.ia.us Open (207.46.163.138) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@dordt.eduOpen (207.46.163.138) Error
1sec (421 4.3.2 The maximum number of concurrent server connections has
exceeded a per-source limit, closing transmission channel
(BN1AFFO11FD020.protection.gbl))
@nimanranch.com   Open
(207.46.163.138) Error 1sec (421 4.3.2 The maximum number of concurrent
server connections has exceeded a limit, closing transmission channel
(BN1AFFO11FD040.protection.gbl))
@hsitire.com  Open (207.46.163.138) Error
4sec (399 TCP Read failed (Connection reset by peer after 4 seconds) 4 sec)
@dordt.eduOpen (207.46.163.138) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)

Frank


138.163.46.207.in-addr.arpa domain name pointer
mail-bn14138.inbound.protection.outlook.com.

IP: 207.46.163.138
Origin-AS: 8075
Prefix: 207.46.128.0/17
AS-Path: 31019 8075
AS-Org-Name: Microsoft Corporation
Org-Name: Microsoft Corporation
Net-Name: MICROSOFT-GLOBAL-NET
Cache-Date: 1467291365
Latitude: 47.682900
Longitude: -122.120900
City: Redmond
Region: Washington
Country: United States
Country-Code: US


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Email issues with Microsoft?

[frnkblk]

We're seeing multiple Microsoft-hosted domains having difficulty getting our
email.

@hsitire.com  Open (207.46.163.170) Error
4sec (399 TCP Read failed (Connection reset by peer after 4 seconds) 4 sec)
@animalhealthinternational.comOpen (207.46.163.170) Error
4sec (399 TCP Read failed (Connection reset by peer after 4 seconds) 4 sec)
@midwestwheel.com ubad=13799805, Site
(midwestwheel.com/207.46.163.170) said: 451 4.3.2 Temporary server error.
Please try again later ATTR2
@pamhc.orgOpen (207.46.163.170) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@hsitire.com  Open (207.46.163.170) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@kingsleybank.com Open (207.46.163.170) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@moc-fv.k12.ia.us Open (207.46.163.138) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@dordt.eduOpen (207.46.163.138) Error
1sec (421 4.3.2 The maximum number of concurrent server connections has
exceeded a per-source limit, closing transmission channel
(BN1AFFO11FD020.protection.gbl))
@nimanranch.com   Open
(207.46.163.138) Error 1sec (421 4.3.2 The maximum number of concurrent
server connections has exceeded a limit, closing transmission channel
(BN1AFFO11FD040.protection.gbl))
@hsitire.com  Open (207.46.163.138) Error
4sec (399 TCP Read failed (Connection reset by peer after 4 seconds) 4 sec)
@dordt.eduOpen (207.46.163.138) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)

Frank


138.163.46.207.in-addr.arpa domain name pointer
mail-bn14138.inbound.protection.outlook.com.

IP: 207.46.163.138
Origin-AS: 8075
Prefix: 207.46.128.0/17
AS-Path: 31019 8075
AS-Org-Name: Microsoft Corporation
Org-Name: Microsoft Corporation
Net-Name: MICROSOFT-GLOBAL-NET
Cache-Date: 1467291365
Latitude: 47.682900
Longitude: -122.120900
City: Redmond
Region: Washington
Country: United States
Country-Code: US


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Lack of TLS 1.1/1.2 support on Apple email products

[frnkblk]

I want to disable it for the reasons that Eric spelled out. TLS 1.0 is broken, 
so if we turn it off on websites, shouldn't we turn it off for all protocols?  
Not that we promise our customers end-to-end encryption for all their e-mail 
messages and handling, but I'd like to take advantage of the standards that are 
already out there for web browsing.
 
And I think we could, if it weren't for Apple's mail products.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Seth Mattinen
Sent: Friday, June 24, 2016 6:28 PM
To: mailop@mailop.org
Subject: Re: [mailop] Lack of TLS 1.1/1.2 support on Apple email products

On 6/24/16 10:31 AM, Frank Bulk wrote:
> Due to PCI requirements to disable TLS 1.0, and recognizing an overall
> push towards to TLS 1.1 and TLS 1.2, we tried turning off TLS 1.0 on our
> email servers.  That generally worked out fine for webmail, but Apple
> users couldn’t use SMTP, POP3, or IMAP, resulting in a lot of helpdesk
> calls.  We ended turning TLS 1.0 back on.
>

Unless you're sending card numbers or track data by email why would you 
need to disable TLSv1.0 on a mail server for PCI?

~Seth

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] More issues with cableone.net today (repeat of March 16 and May 12)

[frnkblk]

Sounds like Synacor (who hosts cableone.net) has had issues again.  From our
email server logs:
Open (64.8.70.47) Error 0sec (421 4.3.4 allocated resources
exceeded)
Open (64.8.70.47) Error 4sec (399 TCP Read failed (Connection reset
by peer after 4 seconds) 4 sec)

First log entry shows up Saturday evening at 7:08 pm (Central) and last one
was Sunday evening at 6:23 pm.  There were deliveries in between, and I'm
not sure if three hours of clean deliveries is long enough to consider the
issue resolved.

Frank


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Connection failures to Hotmail domains

[frnkblk]

Finally has a chance to look at my logs … looking at error count over time (all 
U.S. Central) I see the following:

 

Server 1:

  1 25 12:3

  1 25 12:4

  4 25 13:1

 22 25 13:2

 22 25 13:3

 24 25 13:4

 31 25 13:5

 18 25 14:0

  8 25 14:1

 16 25 14:2

  5 25 14:3

 19 25 14:4

 15 25 14:5

 18 25 15:0

  7 25 15:1

  6 25 15:2

  4 25 15:3

 11 25 15:4

  2 25 15:5

  8 25 16:0

  9 25 16:1

  6 25 16:2

  7 25 16:3

  9 25 16:4

  6 25 16:5

  4 25 17:0

 

Server 2:

  2 25 12:4

  1 25 13:0

 14 25 13:1

 10 25 13:2

 24 25 13:3

 20 25 13:4

 11 25 13:5

 11 25 14:0

 19 25 14:1

 11 25 14:2

  9 25 14:3

 12 25 14:4

 14 25 14:5

  7 25 15:0

  8 25 15:1

 16 25 15:2

  8 25 15:3

 17 25 15:4

 17 25 15:5

  7 25 16:0

 12 25 16:1

 12 25 16:2

 27 25 16:3

 13 25 16:4

 18 25 16:5

  4 25 17:0

 

So it’s off its peak, but not resolved.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jaren Angerbauer
Sent: Wednesday, May 25, 2016 3:50 PM
To: Michael Wise 
Cc: mailop 
Subject: Re: [mailop] Connection failures to Hotmail domains

 

Thanks Mike.  If you can, any update you receive (and can disclose) would be 
greatly appreciated.




--Jaren

 

 

 

On Wed, May 25, 2016 at 2:29 PM, Michael Wise via mailop mailto:mailop@mailop.org> > wrote:


Oh yeah, we're aware.
Hearing some reports that the issue may have been mitigated, but until I hear 
anything from Inside the House, can't really comment except to say ... PRI:0, 
being worked on as I type. But not by me, as I have no insight into the inner 
workings.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org 
 ] On Behalf Of Al Iverson
Sent: Wednesday, May 25, 2016 1:19 PM
To: mailop mailto:mailop@mailop.org> >
Subject: Re: [mailop] Connection failures to Hotmail domains

You're not alone. It's quite widespread. Multiple folks have talked to 
Microsoft people about the issue, they are aware.

Regards,
Al

--
Al Iverson
https://na01.safelinks.protection.outlook.com/?url=www.aliverson.com 

 
&data=01%7c01%7cmichael.wise%40microsoft.com%7c0a5ec58b131c4c5a5f2708d384dad364%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=aAsiNeE1mgSCmbWOUv3P%2b9YXhGHv2v45p1LBMnD%2bdJs%3d

(312)725-0130  


On Wed, May 25, 2016 at 3:08 PM, Keenan Tims mailto:kt...@stargate.ca> > wrote:
> I'm seeing 90+% of our connection attempts to the MXes for
> 'hotmail.com  ' and other Hotmail domains 
> (mx[1-4].hotmail.com  ) are
> either timing out (30s) or getting connection refused since ~11:00am
> PDT. Anyone else seeing this? I've tested from a few off-net points
> and am seeing the same. Mail is starting to pile up in our queues in
> quantity. Given the scale of what this appears to be I assume the team
> is already hard at work on it, but the lack of mention here concerns
> me, so sorry for the noise if this is too obvious for the list ;-).
>
> Our primary outbound relays are within 64.253.128.0/19 
>  
>
> Here are a couple representative logs:
>
> 2016-05-25T12:55:19.470647-07:00 skaro postfix/smtp[6486]: connect to
> mx1.hotmail.com  [65.55.37.104]:25: Connection timed 
> out
> 2016-05-25T12:55:49.504155-07:00 skaro postfix/smtp[6486]: connect to
> mx1.hotmail.com  [207.46.8.167]:25: Connection timed 
> out
> 2016-05-25T12:55:49.513775-07:00 skaro postfix/smtp[6486]: connect to
> mx2.hotmail.com  [65.55.33.119]:25: Connection refused
> 2016-05-25T12:56:19.550093-07:00 skaro postfix/smtp[6486]: connect to
> mx1.hotmail.com  [134.170.2.199]:25: Connection timed 
> out
> 2016-05-25T12:56:49.583216-07:00 skaro postfix/smtp[6486]: connect to
> mx1.hotmail.com  [65.54.188.110]:25: Connection timed 
> out
> 2016-05-25T12:56:49.585566-07:00 skaro postfix/smtp[6486]: 3F2D5FFC9B:
> to=mailto:indra_...@hotmail.com> >, relay=none, 
> delay=120,
> delays=0.17/0/120/0, dsn=4.4.1, status=deferred (connect to mx1.hotmail.com 
>  [65.54.188.110]:25:
> Connection timed out)
>
> 2016-05-25T12:59:32.971606-07:00 skaro postfix/smtp[5033]: connect to
> mx3.hotmail.com  [65.55.37.72]:25: Connection timed 
> out
> 2016-05-25T12:59:32.995152-07:00 skaro postfix/smtp[5033]: connect to
> mx4.hotmail.c

Re: [mailop] Connection failures to Hotmail domains

[frnkblk]

We saw the same thing too, just too busy dealing with the fallout of a 
lightning strike.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Keenan Tims
Sent: Wednesday, May 25, 2016 3:09 PM
To: mailop@mailop.org
Subject: [mailop] Connection failures to Hotmail domains

I'm seeing 90+% of our connection attempts to the MXes for 'hotmail.com' 
and other Hotmail domains (mx[1-4].hotmail.com) are either timing out 
(30s) or getting connection refused since ~11:00am PDT. Anyone else 
seeing this? I've tested from a few off-net points and am seeing the 
same. Mail is starting to pile up in our queues in quantity. Given the 
scale of what this appears to be I assume the team is already hard at 
work on it, but the lack of mention here concerns me, so sorry for the 
noise if this is too obvious for the list ;-).

Our primary outbound relays are within 64.253.128.0/19

Here are a couple representative logs:

2016-05-25T12:55:19.470647-07:00 skaro postfix/smtp[6486]: connect to 
mx1.hotmail.com[65.55.37.104]:25: Connection timed out
2016-05-25T12:55:49.504155-07:00 skaro postfix/smtp[6486]: connect to 
mx1.hotmail.com[207.46.8.167]:25: Connection timed out
2016-05-25T12:55:49.513775-07:00 skaro postfix/smtp[6486]: connect to 
mx2.hotmail.com[65.55.33.119]:25: Connection refused
2016-05-25T12:56:19.550093-07:00 skaro postfix/smtp[6486]: connect to 
mx1.hotmail.com[134.170.2.199]:25: Connection timed out
2016-05-25T12:56:49.583216-07:00 skaro postfix/smtp[6486]: connect to 
mx1.hotmail.com[65.54.188.110]:25: Connection timed out
2016-05-25T12:56:49.585566-07:00 skaro postfix/smtp[6486]: 3F2D5FFC9B: 
to=, relay=none, delay=120, delays=0.17/0/120/0, 
dsn=4.4.1, status=deferred (connect to 
mx1.hotmail.com[65.54.188.110]:25: Connection timed out)

2016-05-25T12:59:32.971606-07:00 skaro postfix/smtp[5033]: connect to 
mx3.hotmail.com[65.55.37.72]:25: Connection timed out
2016-05-25T12:59:32.995152-07:00 skaro postfix/smtp[5033]: connect to 
mx4.hotmail.com[65.54.188.126]:25: Connection refused
2016-05-25T13:00:03.033047-07:00 skaro postfix/smtp[5033]: connect to 
mx2.hotmail.com[207.46.8.167]:25: Connection timed out
2016-05-25T13:00:33.066589-07:00 skaro postfix/smtp[5033]: connect to 
mx4.hotmail.com[207.46.8.199]:25: Connection timed out
2016-05-25T13:00:33.076153-07:00 skaro postfix/smtp[5033]: connect to 
mx2.hotmail.com[65.55.33.119]:25: Connection refused
2016-05-25T13:00:33.080762-07:00 skaro postfix/smtp[5033]: 25B4FFFC00: 
to=, relay=none, delay=91, 
delays=0.78/0/90/0, dsn=4.4.1, status=deferred (connect to 
mx2.hotmail.com[65.55.33.119]:25: Connection refused)

2016-05-25T13:02:08.167728-07:00 skaro postfix/smtp[7967]: connect to 
mx4.hotmail.com[65.55.37.88]:25: Connection timed out
2016-05-25T13:02:08.177325-07:00 skaro postfix/smtp[7967]: connect to 
mx4.hotmail.com[65.55.37.120]:25: Connection refused
2016-05-25T13:02:38.208945-07:00 skaro postfix/smtp[7967]: connect to 
mx1.hotmail.com[65.54.188.72]:25: Connection timed out
2016-05-25T13:03:08.242467-07:00 skaro postfix/smtp[7967]: connect to 
mx1.hotmail.com[207.46.8.167]:25: Connection timed out
2016-05-25T13:03:38.275974-07:00 skaro postfix/smtp[7967]: connect to 
mx3.hotmail.com[207.46.8.199]:25: Connection timed out
2016-05-25T13:03:38.278894-07:00 skaro postfix/smtp[7967]: 7DA71FFC4D: 
to=, relay=none, delay=3265, 
delays=3145/0/120/0, dsn=4.4.1, status=deferred (connect to 
mx3.hotmail.com[207.46.8.199]:25: Connection timed out)

Keenan

Stargate Connections AS19171


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Humor of the day

[frnkblk]

FYI, we did see more delivery issues to 98.139.171.245 for other Yahoo! hosted 
email domains, with our email server logging:
(98.139.171.245) said in response to MAIL FROM (451 4.3.2 Internal 
error reading data)

I saw first one at 10:30 am and last one was 7:36 pm (U.S. Central), so it's 
possible that that it's not over.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of frnk...@iname.com
Sent: Tuesday, May 03, 2016 12:38 PM
To: mailop@mailop.org
Subject: [mailop] Humor of the day

When connecting to this email host 

telnet 98.139.171.245 25
Trying 98.139.171.245...
2016 May  3 12:17:20 10.18.120.197 BCMSDK - unit 0 L3_ENTRY_IPV6_UNICAST
entry 1487 parity error
2016 May  3 12:17:20 10.18.120.197 BCMSDK - Unit 0: mem:
2103=L3_ENTRY_IPV6_UNICAST blkoffset:9
2016 May  3 12:17:20 10.18.120.197 BCMSDK - Unit 0: CACHE_RESTORE:
L3_ENTRY_IPV6_UNICAST[2103] blk: ipipe0 index: 1487 : [0][0]
Connected to 98.139.171.245.
Escape character is '^]'.
220 mta1014.biz.mail.bf1.yahoo.com ESMTP ready
HELO node5.premieronline.net
250 mta1014.biz.mail.bf1.yahoo.com



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Humor of the day

[frnkblk]

When connecting to this email host 

telnet 98.139.171.245 25
Trying 98.139.171.245...
2016 May  3 12:17:20 10.18.120.197 BCMSDK - unit 0 L3_ENTRY_IPV6_UNICAST
entry 1487 parity error
2016 May  3 12:17:20 10.18.120.197 BCMSDK - Unit 0: mem:
2103=L3_ENTRY_IPV6_UNICAST blkoffset:9
2016 May  3 12:17:20 10.18.120.197 BCMSDK - Unit 0: CACHE_RESTORE:
L3_ENTRY_IPV6_UNICAST[2103] blk: ipipe0 index: 1487 : [0][0]
Connected to 98.139.171.245.
Escape character is '^]'.
220 mta1014.biz.mail.bf1.yahoo.com ESMTP ready
HELO node5.premieronline.net
250 mta1014.biz.mail.bf1.yahoo.com



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF check overly stringent?

[frnkblk]

Is this worth bringing up to the appropriate IETF group?  Perhaps it could be 
errata for RFC 7208 Section 5.4?

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Steve Atkins
Sent: Friday, April 29, 2016 12:18 PM
To: mailop 
Subject: Re: [mailop] SPF check overly stringent?


> On Apr 29, 2016, at 9:52 AM, Frank Bulk  wrote:
> 
> We're helping a customer (sigiowa.com) who's having issues sending emails to
> the USDA.  Our email server logs this:
>   Site usda.gov (2a01:111:f400:7c10::10) said after data sent: 450
> 4.7.26 Service does not accept messages sent over IPv6
> [2607:fe28:0:4000::20] unless they pass either SPF or DKIM validation
> (message not signed)
> 
> Just this morning I changed their SPF record from this:
>   "v=spf1 mx ip4:96.31.0.0/24 ip6:2607:fe28:0:1000::/64
> ip6:2607:fe28:0:4000::/64 ~all"
> to this:
>   "v=spf1 ip4:96.31.0.0/24 ip6:2607:fe28:0:4000::20
> ip6:2607:fe28:0:1000::/64 ip6:2607:fe28:0:4000::/64 ~all"
> 
> I added in ip6:2607:fe28:0:4000::20 because I'm wondering if the USDA's
> system doesn't properly identify the sending IP of 2607:fe28:0:4000::20 as
> part of 2607:fe28:0:4000::/64.  I also removed 'mx' because this tool
> (http://vamsoft.com/support/tools/spf-policy-tester) was failing on pulling
> the  for each of the domain's four MX records.  Try the vamsoft site
> with 2607:fe28:0:4000::20 and to see how sigiowa.com
> used to fail.

http://tools.wordtothewise.com/spf/check/premieronline.net

... looks fine to me.

> 
> Is Vamsoft's check too stringent?

More like "broken" - but I can see how RFC 7208 might make them think it's 
correct behaviour if they didn't think about real-world use of DNS.

>  Does it seriously matter that it can't
> find the  for the domain's four MX records?  Shouldn't an SPF check for
> the domain's MX records just look for an A or ?

Cheers,
  Steve



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF check overly stringent?

[frnkblk]

Thanks, I see same thing test right now, I’ll report it.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Kurt Andersen (b)
Sent: Friday, April 29, 2016 12:40 PM
To: Steve Atkins 
Cc: mailop 
Subject: Re: [mailop] SPF check overly stringent?

 

On Fri, Apr 29, 2016 at 10:33 AM, Kurt Andersen (b) mailto:kb...@drkurt.com> > wrote:

 

On Fri, Apr 29, 2016 at 10:17 AM, Steve Atkins mailto:st...@blighty.com> > wrote:


> On Apr 29, 2016, at 9:52 AM, Frank Bulk   > wrote:
>
>  I also removed 'mx' because this tool
> (http://vamsoft.com/support/tools/spf-policy-tester) was failing on pulling
> the  for each of the domain's four MX records.  Try the vamsoft site
> with 2607:fe28:0:4000::20 and to see how sigiowa.com  
> used to fail.
>
> Is Vamsoft's check too stringent?

More like "broken" - but I can see how RFC 7208 might make them think it's 
correct behaviour if they didn't think about real-world use of DNS.

>  Does it seriously matter that it can't
> find the  for the domain's four MX records?  Shouldn't an SPF check for
> the domain's MX records just look for an A or ?

 

Using Kitterman's test framework at http://www.kitterman.com/spf/validate.html 
it looks like it only tries the  lookups if the connecting IP is IPv6.  
With the python SPF library, it will mark the results as "ambiguous" if it 
stumbles on the MX method that doesn't authorize any IPv6 addresses. 

 

Checking with yet another online tester (http://tools.bevhost.com/spf/ - cited 
by openspf.org  ), it doesn't seem to handle IPv6 ranges 
properly, or misinterprets the void lookup failure as a softfail.

 

--Kurt 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF check overly stringent?

[frnkblk]

Steve,

Thanks for your feedback.

Seems that the Word to Wise SPF checking tool skips "2607:fe28:0:4000::20" when 
I check sigiowa.com.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Steve Atkins
Sent: Friday, April 29, 2016 12:18 PM
To: mailop 
Subject: Re: [mailop] SPF check overly stringent?


> On Apr 29, 2016, at 9:52 AM, Frank Bulk  wrote:
> 
> We're helping a customer (sigiowa.com) who's having issues sending emails to
> the USDA.  Our email server logs this:
>   Site usda.gov (2a01:111:f400:7c10::10) said after data sent: 450
> 4.7.26 Service does not accept messages sent over IPv6
> [2607:fe28:0:4000::20] unless they pass either SPF or DKIM validation
> (message not signed)
> 
> Just this morning I changed their SPF record from this:
>   "v=spf1 mx ip4:96.31.0.0/24 ip6:2607:fe28:0:1000::/64
> ip6:2607:fe28:0:4000::/64 ~all"
> to this:
>   "v=spf1 ip4:96.31.0.0/24 ip6:2607:fe28:0:4000::20
> ip6:2607:fe28:0:1000::/64 ip6:2607:fe28:0:4000::/64 ~all"
> 
> I added in ip6:2607:fe28:0:4000::20 because I'm wondering if the USDA's
> system doesn't properly identify the sending IP of 2607:fe28:0:4000::20 as
> part of 2607:fe28:0:4000::/64.  I also removed 'mx' because this tool
> (http://vamsoft.com/support/tools/spf-policy-tester) was failing on pulling
> the  for each of the domain's four MX records.  Try the vamsoft site
> with 2607:fe28:0:4000::20 and to see how sigiowa.com
> used to fail.

http://tools.wordtothewise.com/spf/check/premieronline.net

... looks fine to me.

> 
> Is Vamsoft's check too stringent?

More like "broken" - but I can see how RFC 7208 might make them think it's 
correct behaviour if they didn't think about real-world use of DNS.

>  Does it seriously matter that it can't
> find the  for the domain's four MX records?  Shouldn't an SPF check for
> the domain's MX records just look for an A or ?

Cheers,
  Steve



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Hotmail connection errors

[frnkblk]

Probably not related, but we had a few of these today, first one at 8:16 am 
(Central), last one at 2:30 pm: 

ubad=-1, Site (redacted.domain/207.46.163.170) said: 451 4.3.2 Temporary server 
error. Please try again later ATTR2

 

We saw these IPs involved:

207.46.163.138

207.46.163.170

207.46.163.215

   207.46.163.247

2a01:111:f400:7c09::11

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Wise
Sent: Monday, April 11, 2016 3:43 PM
To: mailop 
Subject: Re: [mailop] Hotmail connection errors

 

 

Sorry for the delay…

I have been informed that:

 

“ The change has been fully deployed.

“ Our expectation is they should not see 5.4.0 anymore.

“ However, they might see  a few ‘5.5.4 Transaction Failed’ error …

 

How is it going now?

5.4.0 and 5.5.4 … are we seeing a lot less / none?

 

Otherwise, Happy Monday! (or something) :)

 

Aloha,

Michael.

-- 

Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the  
 Junk Mail 
Reporting Tool ?

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of frnk...@iname.com 
 
Sent: Wednesday, April 6, 2016 10:32 PM
To: 'Tara Natanson' mailto:tar...@natanson.net> >; mailop 
mailto:mailop@mailop.org> >
Subject: Re: [mailop] Hotmail connection errors

 

We saw this in small part today, starting at 10:45 am (Central), and clearing 
up by 6:36 pm.  Our email server logged this;

399 TCP Read failed (Connection reset by peer after 32 seconds)

Across several MXes.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tara Natanson
Sent: Wednesday, April 06, 2016 11:42 AM
To: mailop mailto:mailop@mailop.org> >
Subject: [mailop] Hotmail connection errors

 

Hello, 

 

For about the last hour we have seen a huge spike in connection errors and 
timeouts at Hotmail MXs.  They are holding connections open for a long time and 
then simply timing out.  Spread across entire netblock.  

 

Anyone else seeing similar? 

 

Tara Natanson 

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Hotmail connection errors

[frnkblk]

We saw this in small part today, starting at 10:45 am (Central), and clearing 
up by 6:36 pm.  Our email server logged this;

399 TCP Read failed (Connection reset by peer after 32 seconds)

Across several MXes.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tara Natanson
Sent: Wednesday, April 06, 2016 11:42 AM
To: mailop 
Subject: [mailop] Hotmail connection errors

 

Hello, 

 

For about the last hour we have seen a huge spike in connection errors and 
timeouts at Hotmail MXs.  They are holding connections open for a long time and 
then simply timing out.  Spread across entire netblock.  

 

Anyone else seeing similar? 

 

Tara Natanson 

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Email to hickorytech.net delayed

[frnkblk]

Delivery resumed at 7:42 pm (Central) and our queue is now drained.

Never heard anything back from my own contacts or tweets.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of frnk...@iname.com
Sent: Sunday, April 03, 2016 12:18 PM
To: mailop@mailop.org
Subject: [mailop] Email to hickorytech.net delayed

Since 9:11 pm (U.S. Central) we've been seeing our queue to hickortyech.net
(now owned by Consolidated Communications) backup with messages like this
logged on our email server:
Site (hickorytech.net/192.86.64.40) said: 451 4.3.0
: Temporary lookup failure
with IPs 192.86.64.40, .41, and .42

A small spurt delivered just after 1 am, but other than that, the messages
are getting deferred.

Anyone else seeing this, and know if Consolidated is aware?  I see no
indication on downdetector, twitter, or facebook. I believe IBM's Lotus Live
handles this for them.

Frank



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Email to hickorytech.net delayed

[frnkblk]

Since 9:11 pm (U.S. Central) we've been seeing our queue to hickortyech.net
(now owned by Consolidated Communications) backup with messages like this
logged on our email server:
Site (hickorytech.net/192.86.64.40) said: 451 4.3.0
: Temporary lookup failure
with IPs 192.86.64.40, .41, and .42

A small spurt delivered just after 1 am, but other than that, the messages
are getting deferred.

Anyone else seeing this, and know if Consolidated is aware?  I see no
indication on downdetector, twitter, or facebook. I believe IBM's Lotus Live
handles this for them.

Frank



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail red open padlock composing message

[frnkblk]

You can also try: https://sslanalyzer.comodoca.com/
Just append ":25" to the host.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tim Bray
Sent: Friday, April 01, 2016 3:58 AM
To: Kirk MacDonald ; mailop@mailop.org
Subject: Re: [mailop] Gmail red open padlock composing message

On 31/03/16 17:38, Kirk MacDonald wrote:
> With thanks to Google for pushing the cause, I implemented STARTTLS
> functionality on my org’s MX (as well as outbound SMTP with
> opportunistic STARTTLS).


Firstly - well done for doing it.   Everybody should be enabling TLS.

Did you test the install?

You have TLS, but there are some issues with your setup:

https://ssl-tools.net/mailservers/corp.eastlink.ca

So you need to disable the RC4 cipher.  Everybody suggests it is insecure.

Also you don't support the correct ciphers for Perfect Forward Secrecy.


I'm not sure whether this affects whether google shows the padlock or
not.  Best practice is to get it fixed.

I think ssl-tools.net is the best test for TLS mailservers.  You can
test your mail sending as well.


For webservers, use https://www.ssllabs.com/ssltest/ to test.  There is
also a tool to help make good configs at
https://mozilla.github.io/server-side-tls/ssl-config-generator/

What I've realised over the last year or so is that SSL/TLS isn't
something you can just fiddle with until it works.  If you want it
secure, across all browsers, it needs some work.

https://www.feistyduck.com/books/bulletproof-ssl-and-tls/  is an
excellent book.


Tim

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail red open padlock composing message

[frnkblk]

Anyone aware of email servers that take the approach that CloudFlare has, which 
is not allow the lowest common denominator or cleartext to be used if there’s a 
better/more-secure cipher, but still support the old stuff (in CloudFlare’s 
case, SHA-1) if that’s all it can do?

https://blog.cloudflare.com/sha-1-deprecation-no-browser-left-behind/

I think most would agree it’s better to accept receiving email from Exchange 
servers using RC4 than clear text, but that we should be aiming for TLSv1.1 or 
greater.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Eric Henson
Sent: Friday, April 01, 2016 12:07 PM
To: mailop@mailop.org
Subject: Re: [mailop] Gmail red open padlock composing message

 

http://blogs.technet.com/b/exchange/archive/2015/07/27/exchange-tls-amp-ssl-best-practices.aspx

 

Exchange 2003 is out of support.

Exchange 2007 support ends 4/11/2017.

Exchange 2010 and later best practice is to disable RC4 and SSLv3. 

 

I’d say it may be best to leave RC4 enabled until 4/11/2017, but my PCI 
scanning vendor disagrees.

 

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Franck Martin via 
mailop
Sent: Friday, April 1, 2016 11:27 AM
To: Kirk MacDonald
Cc: mailop@mailop.org  ; Tim Bray
Subject: Re: [mailop] Gmail red open padlock composing message

 

RC4 is a conundrum, it is about the only cypher you can negotiate with old 
MS-Exchange, so if you disable it, then the email will go in clear text. Which 
one is better? Clear text or RC4? Or too bad for old mail servers?

 

PFS or Elliptic ciphers are asymmetric in implementation, so you need to check 
what's negotiated as a sender and as a receiver.

 

Finally it seems some systems do not fall back anymore, if you initiate 
STARTTLS and can't negotiate it, then you can't send email in clear text.

 

And then look at SMTP STS

 

On Fri, Apr 1, 2016 at 6:00 AM, Kirk MacDonald mailto:kirk.macdon...@corp.eastlink.ca> > wrote:

Whoops, I fully intended to audit the available ciphers; clearly I missed doing 
that. Should be OK now.

Tragically, PFS is not (yet) supported on the TLS mechanism I am making use of. 
I hope to be able to change that in the somewhat near future.


-Original Message-
From: Tim Bray [mailto:t...@kooky.org  ]
Sent: Friday, April 01, 2016 5:58 AM
To: Kirk MacDonald mailto:kirk.macdon...@corp.eastlink.ca> >; mailop@mailop.org 
 
Subject: Re: [mailop] Gmail red open padlock composing message

On 31/03/16 17:38, Kirk MacDonald wrote:
> With thanks to Google for pushing the cause, I implemented STARTTLS
> functionality on my org’s MX (as well as outbound SMTP with
> opportunistic STARTTLS).


Firstly - well done for doing it.   Everybody should be enabling TLS.

Did you test the install?

You have TLS, but there are some issues with your setup:

https://ssl-tools.net/mailservers/corp.eastlink.ca

So you need to disable the RC4 cipher.  Everybody suggests it is insecure.

Also you don't support the correct ciphers for Perfect Forward Secrecy.


I'm not sure whether this affects whether google shows the padlock or
not.  Best practice is to get it fixed.

I think ssl-tools.net   is the best test for TLS 
mailservers.  You can
test your mail sending as well.


For webservers, use https://www.ssllabs.com/ssltest/ to test.  There is
also a tool to help make good configs at
https://mozilla.github.io/server-side-tls/ssl-config-generator/

What I've realised over the last year or so is that SSL/TLS isn't
something you can just fiddle with until it works.  If you want it
secure, across all browsers, it needs some work.

https://www.feistyduck.com/books/bulletproof-ssl-and-tls/  is an
excellent book.


Tim
___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Yahoo DMARC changes

[frnkblk]

Are you taking that approach because the workaround is less than ideal?  
Otherwise the current “workaround” could be the new standard.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Vick Khera
Sent: Tuesday, March 22, 2016 8:54 PM
To: mailop 
Subject: Re: [mailop] Yahoo DMARC changes

 

 

On Tue, Mar 22, 2016 at 7:52 PM, Steve Atkins mailto:st...@blighty.com> > wrote:

So if you've been doing anything special with forwarders or mailing lists for 
yahoo.com  

 

it's probably a good idea to do it for their other domains too in the next few 
days.

 

When Y! first set up p=reject on their main domain, we built our system's 
evasive maneuvers to work around it to be domain independent. Our systems do a 
DNS lookup for the DMARC record and if they find p=reject or p=quarantine and 
we do not sign using their From address in the domain, we automatically enable 
the workarounds to avoid falling in the trap. No manual configuration necessary.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Email delivery issues to yahoo.com

[frnkblk]

Thanks.  By 2:30 pm (U.S. Central) our outbound queues were essentially drained.

 

Frank

 

From: cverv...@apple.com [mailto:cverv...@apple.com] 
Sent: Sunday, March 20, 2016 3:11 PM
To: Frank Bulk 
Cc: stevem ; Alarig Le Lay ; 
mailop@mailop.org
Subject: Re: [mailop] Email delivery issues to yahoo.com

 

>From my perspective they started digging out a few hours ago, our delivery 
>rate has increased and the queues are dropping. 

 

Chris

 

On Mar 20, 2016, at 12:20 PM, Frank Bulk mailto:frnk...@iname.com> > wrote:

 

I checked Twitter and the web and I couldn't find one Yahoo statement or 
acknowledgement on the issue, though there was one fb comments from someone who 
had talked to tech support and the agent didn't know when the issue would be 
resolved.

 



 

Frank

 

-Original Message-
From: mailop [  
mailto:mailop-boun...@mailop.org] On Behalf Of stevem
Sent: Sunday, March 20, 2016 12:53 PM
To: Alarig Le Lay <  ala...@swordarmor.fr>
Cc:   mailop@mailop.org
Subject: Re: [mailop] Email delivery issues to   yahoo.com

 

Yep, we're seeing it too. I'm sure they're aware, but if someone has a

contact there, a nudge may be in order.

 

Thanks,

 

stevem

  craigslist.org

postmaster

 

 

On Sun, Mar 20, 2016 at 04:21:31PM UTC, Alarig Le Lay shaped the electrons like 
this:

> On Sun Mar 20 09:04:41 2016, Frank Bulk wrote:

> > Since 7:12 am (U.S. Central) we've been seeing "451 4.3.2 Internal error

> > reading data" being logged on our email server when sending to  
> >  yahoo.com

> > email addresses, such that we now have email queued up to  
> >  yahoo.com.  It's

> > across a number of Yahoo MX records.  Not much of anything has delivered

> > since 7:30 am.

> > 

> > Anyone else seeing the same?

> > 

> > Frank

> 

> I’m also seeing this from Europe.

> 

> -- 

> alarig

 

 

 

> ___

> mailop mailing list

>   mailop@mailop.org

>   
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

 

 

___

mailop mailing list

  mailop@mailop.org

  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
  mailop@mailop.org
  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Email issue with Synacor?

[frnkblk]

Our queues are all caught up.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Frank Bulk
Sent: Wednesday, March 16, 2016 3:56 PM
To: 'Brett Schenker' ; Vick Khera 
Cc: mailop@mailop.org
Subject: Re: [mailop] Email issue with Synacor?

 

Thanks.  The CableOne NOC responded to me a little while ago and said they are 
bringing this to the attention of their email provider (which appears to be 
Synacor).

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brett Schenker
Sent: Wednesday, March 16, 2016 1:35 PM
To: Vick Khera mailto:vi...@khera.org> >
Cc: mailop@mailop.org  
Subject: Re: [mailop] Email issue with Synacor?

 

Yes, seeing the same, but it's only a portion of what we're sending.

 

On Wed, Mar 16, 2016 at 2:14 PM, Vick Khera mailto:vi...@khera.org> > wrote:

 

On Wed, Mar 16, 2016 at 1:23 PM, Frank Bulk mailto:frnk...@iname.com> > wrote:

Anyone else seeing the same?


Yes, for some of it. It looks like more is going through than not going through.


___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




-- 

Brett Schenker
Man of Many Things, Including
5B Consulting - http://www.5bconsulting.com
Graphic Policy - http://www.graphicpolicy.com

Twitter - http://twitter.com/bhschenker
LinkedIn - http://www.linkedin.com/in/brettschenker

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] TLS/SSL DROWN attack with respect to email servers

[frnkblk]

Now this isn’t email servers, but in terms of websites, ~9% of surveyed sites 
support it: https://www.trustworthyinternet.org/ssl-pulse/ 

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brandon Long via 
mailop
Sent: Wednesday, March 02, 2016 7:30 PM
To: Franck Martin 
Cc: Matthew Huff ; mailop@mailop.org
Subject: Re: [mailop] TLS/SSL DROWN attack with respect to email servers

 

I thought that POODLE required a specific type of fallback that tended to be 
browser specific (ie, prevent a tls connection, forcing the browser to fall 
back to a ssl3 connection), do any smtp servers actually do that?

 

looks like we're down to small enough ssl3 we could disable it, though.  Almost 
all of our ssl3 comes from badoo.com  , never heard of it.

 

Who hasn't already disabled ssl2?  I'm kind of shocked at their numbers.

 

Brandon

(not a security expert)

 

On Wed, Mar 2, 2016 at 4:09 PM, Franck Martin via mailop mailto:mailop@mailop.org> > wrote:

Disable SSLv3 too, because of Poodle.

 

We will need to get rid of RC4, unfortunately this is the only cypher some old 
exchange machines understand. Also falling back to clear text from STARTTLS is 
more and more frowned upon.

 

On Wed, Mar 2, 2016 at 1:45 PM, Matthew Huff mailto:mh...@ox.com> > wrote:

If your mail server still is advertising SSLv2, you SSL private key may be 
vulnerable.

https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack

What's worse, if you are using a wildcard cert, then any other server that is 
using the same cert can be trivially decrypted even if that server is only 
using TLS1.2 and strong cyphers.

I know that there are a number of broken email servers that will bounce mail if 
TLS is negotiated but they can't negotiate older SSL  or weaker cyphers, but 
it's probably a good idea to either: 1) Disable TLS, or 2) Disable SSLv2


Matthew Huff | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC   | Phone: 914-460-4039  
aim: matthewbhuff| Fax:   914-694-5669  



___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

 


___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spike in "554 Transaction failed" from Microsoft properties

[frnkblk]

Thanks for the additional data points -- so it isn't just me.

What's nasty is that the messages are kicked back to the sender, not just 
delayed.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Frank Bulk
Sent: Friday, February 05, 2016 5:27 PM
To: mailop@mailop.org
Subject: [mailop] Spike in "554 Transaction failed" from Microsoft properties

Today we had an abnormal number of messages that failed to deliver to
Microsoft properties due to "554 Transaction failed".

We had 31 today, but only 6 over the previous 7 days.

Now some are email blasts from churches, so perhaps they are emailing
specific content, but I don't know what the "554 Transaction failed" means.

Frank

Here's a sanitized list from today:

 5 08:52:28.00 [104824074] Failed 
 18208 <000501d16024$d63bafa0$82b30ee0$@net> "Site
hotmail.com (207.46.8.167) said in response to MAIL FROM (554 Transaction
failed)"
 5 08:55:19.00 [104824142] Failed  
183286 <56B4B7C3.49.03428@GERRIT-PC> "Site msn.com (207.46.8.167) said
in response to MAIL FROM (554 Transaction failed)"
 5 09:07:09.00 [104825044] Failed  "[127.0.0.1]
Site hotmail.com (207.46.8.199) said in response to MAIL FROM (554
Transaction failed)"
 5 12:05:35.00 [104837331] Failed 
"[199.120.69.25] Site live.com (207.46.8.167) said in response to MAIL FROM
(554 Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 15:22:22.00 [104848164] Failed  "[127.0.0.1] Site
hotmail.com (207.46.8.167) said in response to MAIL FROM (554 Transaction
failed)"
 5 15:22:22.00 [104848164] Failed  "[127.0.0.1] Site
hotmail.com (207.46.8.167) said in response to MAIL FROM (554 Transaction
failed)"
 5 15:22:22.00 [104848164] Failed  "[127.0.0.1] Site
hotmail.com (207.46.8.167) said in response to MAIL FROM (554 Transaction
failed)"
 5 16:05:03.00 [104849737] Failed 
 14868
<002e01d16061$42762bf0$c76283d0$@siebrechtcpas.com> "Site hotmail.com
(207.46.8.167) said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:39:21.00 [104851087] Failed  "Site hotmail.com
(65.55.33.119) said in response to MAIL FROM (554 Transaction failed)"
 5 07:03:14.00 [77653425] Failed  "Site
hotmail.com (207.46.8.167) said in response to MAIL FROM (554 Transaction
failed)"
 5 07:40:00.00 [77656936] Failed 
 34580 <296D38C852174BC5B12D4E5793282601@OwnerHP>
"Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 08:56:32.00 [77661751] Failed  "[127.0.0.1] Site
hotmail.com (65.55.33.135) said in response to MAIL FROM (554 Transaction
failed)"
 5 10:22:55.00 [77667788] Failed 
 114439
<008401d16031$76fc8660$64f59320$@siouxpreme.com> "Site hotmail.com
(207.46.8.167) said in response to MAIL FROM (554 Transaction failed)"
 5 10:36:01.00 [77668409] Failed  "Site live.com
(65.55.33.135) said in response to MAIL FROM (554 Transaction failed)"
 5 11:30:16.00 [77671573] Failed  "Site live.com
(207.46.8.167) said in response to MAIL FROM (554 Transaction failed)"
 5 11:33:03.00 [77671830] Failed 
 98021 <000f01d1603b$3d61c690$b82553b0$@net> "Site
ho

[mailop] Yahoo issues this evening?

[frnkblk]

We saw some of this in our logs tonight:

Site yahoo.com (98.136.217.203) said in response to MAIL FROM (451 4.3.2
Internal error reading data)
Site yahoo.com (66.196.118.36) said in response to MAIL FROM (451 4.3.2
Internal error reading data)
Site yahoo.com (66.196.118.37) said in response to MAIL FROM (451 4.3.2
Internal error reading data)
Site yahoo.com (63.250.192.46) said in response to MAIL FROM (451 4.3.2
Internal error reading data)
Site yahoo.com (98.138.112.35) said in response to MAIL FROM (451 4.3.2
Internal error reading data)
Site yahoo.com (98.138.112.38) said in response to MAIL FROM (451 4.3.2
Internal error reading data)

Started around 8:15 pm (Central) in earnest.

Anyone else see this?

Frank


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] crippling gmail rate limit

[frnkblk]

I'd recommend that rather than forward messages to Google that you have
those Google accounts POP the messages from smokva.net.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Petar
Bogdanovic
Sent: Thursday, December 10, 2015 9:44 AM
To: mailop@mailop.org
Subject: [mailop] crippling gmail rate limit

Hi,

On the 6. of december, all google MTAs started rate limiting deliveries
from our MTA (dig mx smokva.net) to gmail- and gapps for work users:

Our system has detected an unusual rate of unsolicited mail
originating from your IP address. To protect our users from spam,
mail sent from your IP address has been temporarily rate limited.
Please visit https://support.google.com/mail/answer/81126 to review
our Bulk Email Senders Guidelines.

The sending domain in question hosts a handful of users, most of them
forwarding all their messages to gmail.  During the past 7 days, this
domain has successfully delivered 45 messages to google MTAs.

Based on the envelope sender addresses it is very likely that the vast
mojority these messages were ham.


I contacted google through their on-line form but am not holding my
breath.  The queue is still growing and the first queued messages are
approaching max. queue lifetime (5d).

Any ideas are welcome.

A few technical details:  The sending MTA, when forwarding, used to
rewrite envelope senders (because that's what seemed reasonable in an
SPF world) but I have disabled that practice based on google's own
recommendations.  Outgoing messages are not DKIM signed, the MTA's IP
is listed in dnswl (which is a whitelist) and absent in any public
blacklist.


Thanks,

Petar Bogdanovic


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Email backed up to cableone.net

[frnkblk]

CableOne NOC contacted me to check ... by which times our outbound queue for 
cableone.net was already empty.  Issues appears to have been resolved by their 
partner, Synacor.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of frnk...@iname.com
Sent: Tuesday, November 24, 2015 8:50 PM
To: mailop@mailop.org
Subject: Re: [mailop] Email backed up to cableone.net

I'm pleasantly surprised -- the CableOne NOC responded in less than ten
minutes, acknowledging the issue and indicating they have already contacted
their vendor.  From the response, it appears that intra-domain email is
working for their customers.

Frank

-Original Message-
From: Frank Bulk (frnk...@iname.com) [mailto:frnk...@iname.com] 
Sent: Tuesday, November 24, 2015 8:43 PM
To: 'mailop@mailop.org' (mailop@mailop.org) 
Subject: Email backed up to cableone.net

Anyone else seeing email backed up to cableone.net? 

We're seeing "421 4.3.4 allocated resources exceeded".

Regards,

Frank


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Email backed up to cableone.net

[frnkblk]

I'm pleasantly surprised -- the CableOne NOC responded in less than ten
minutes, acknowledging the issue and indicating they have already contacted
their vendor.  From the response, it appears that intra-domain email is
working for their customers.

Frank

-Original Message-
From: Frank Bulk (frnk...@iname.com) [mailto:frnk...@iname.com] 
Sent: Tuesday, November 24, 2015 8:43 PM
To: 'mailop@mailop.org' (mailop@mailop.org) 
Subject: Email backed up to cableone.net

Anyone else seeing email backed up to cableone.net? 

We're seeing "421 4.3.4 allocated resources exceeded".

Regards,

Frank


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Delivery issues to sbcglobal.net

[frnkblk]

@ATTCares confirmed it was affecting Yahoo mail, too.  My queues cleared up
around 9 pm Central.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Frank Bulk
Sent: Tuesday, November 10, 2015 5:42 PM
To: 'Jay Hennigan' ; mailop@mailop.org
Subject: Re: [mailop] Delivery issues to sbcglobal.net

I'm betting more likely Yahoo (https://downdetector.com/status/yahoo-mail),
as Yahoo does handle/frontend some of AT&T's email.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jay Hennigan
Sent: Tuesday, November 10, 2015 4:39 PM
To: mailop@mailop.org
Subject: Re: [mailop] Delivery issues to sbcglobal.net

On 11/10/15 10:58 AM, Frank Bulk wrote:
> We're seeing delivery issues to sbcglobal.net since 9 am U.S. Central.
>
> Two log items are:
>   Open (144.160.159.21) Error 9sec (399 TCP Read failed (Connection
> refused after 0 seconds) 0 sec)
>   Site sbcglobal.net (144.160.159.21) said in response to MAIL FROM
> (451 4.1.8 Client IP address 96.31.0.20 does not resolve.flph400.Fix
reverse
> DNS.For more information email postmas...@prodigy.net)
>
> And yes, 96.31.0.20 does have a PTR. =)

Could be related to AT&T outage.

https://downdetector.com/status/att/map

--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Hotmail/Microsoft Contact Available?

[frnkblk]

We alias all the abuse addresses for the domains we host to our ISP abuse 
account ... we get very little spam.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Matthew Newton
Sent: Tuesday, September 15, 2015 7:27 AM
To: David Hofstee 
Cc: mailop@mailop.org
Subject: Re: [mailop] Hotmail/Microsoft Contact Available?

On Tue, Sep 15, 2015 at 09:49:50AM +0200, David Hofstee wrote:
> I’m not sure why you cannot have an autoresponder behind the
> abuse@/postmaster@ with a link in it, to a ticket, containing
> the info sent in the first place. See abuse.io for example.

I got ~2,000 spam mails to our abuse address in the last three
months - so about 8,000 a year. I get about one legitimate mail per year.

I'm sure that doesn't easily scale when you get to the size of the
big mail providers, especially as you're more likely to get spam
to that address in the first place.

> The rest is just ‘resistance’ in being able to solve issues.

I am not saying I agree with not having a proper abuse@ address, I
just understand why they might be reluctant to. They certainly
shouldn't feed it into a system that blindly responds to what is
usually going to be a forged sender.

But if you're big enough to host millions of mailboxes, you should
also be responsible enough to have staff to run all aspects of the
system, which includes standard ways of reporting problems such as
abuse@.

Matthew


-- 
Matthew Newton, Ph.D. 

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, 

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

[mailop] FW: [outages] gmail delay

[frnkblk]

FYI

 

From: Outages [mailto:outages-boun...@outages.org] On Behalf Of Grant Ridder 
via Outages
Sent: Tuesday, June 09, 2015 2:09 PM
To: outa...@outages.org
Subject: [outages] gmail delay

 



6/9/15, 11:33 AM

We're investigating reports of an issue with Gmail. We will provide more 
information shortly.
Users will notice email delivery delays affecting both inbound and outbound 
messages.

 

http://www.google.com/appsstatus#hl=en 

 &v=issue&sid=1&iid=3b91c66f543f19c5bbca670b3d918d7f

 

-Grant

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Anyone else experiencing problems with yahoo?

[frnkblk]

We’re seeing none of that.   It’s all delivering to all Yahoo MTAs just fine, 
though we’re not hitting 98.138.112.33 very often.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tim Bosserman
Sent: Wednesday, May 06, 2015 4:20 PM
To: mailop@mailop.org
Subject: [mailop] Anyone else experiencing problems with yahoo?

 

We have over 40,000 emails in our queues destined to yahoo.com 
 . We’re getting errors like this:

(delivery temporarily suspended: lost connection with mta5.am0.yahoodns.net 
 [98.138.112.33] while sending RCPT TO)

Is anybody else seeing anything similar? It’s not a single MTA. We’re seeing 
that from all the Yahoo MTAs right now.

​

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop