Re: [mailop] Sendgrid spam of the day

[Luke via mailop]

For clarification, it has been 12 years. But point taken. Thanks.

On Wed, Oct 20, 2021 at 6:01 PM Michael Orlitzky via mailop <
mailop@mailop.org> wrote:

> On Wed, 2021-10-20 at 10:46 -0700, Luke wrote:
> > Thanks, John. The account in question is being looked at as we speak.
> > It should be terminated shortly.
> >
> > Michael, do you have an example of a 4xx we aren't properly handling?
> > Would love to take a look and adjust handling.
> >
>
> Are you finally going to stop allowing the same criminals to sign up
> and send the same textbook scams from the same obviously-forged domains
> after two years? If not, then I prefer the status quo.
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day

[Michael Orlitzky via mailop]

On Wed, 2021-10-20 at 10:46 -0700, Luke wrote:
> Thanks, John. The account in question is being looked at as we speak.
> It should be terminated shortly.
> 
> Michael, do you have an example of a 4xx we aren't properly handling?
> Would love to take a look and adjust handling.
> 

Are you finally going to stop allowing the same criminals to sign up
and send the same textbook scams from the same obviously-forged domains
after two years? If not, then I prefer the status quo.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DKIM+DMARC at t-online.de (Deutsche Telekom's ISP branche)

[Florian.Kunkel--- via mailop]

Hi Stefano,

> do you have any update about this DMARC enforcement "experiment" @t-
> online.de ?


as advertised before ...
/
worst come first
Expect this procedure to hit you the earlier, the more traffic we are already 
used to reject from your infrastructure.
\

did we miss to take you on into our early adopters program ?-)

Cheers!
Florian
 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day

[Luke via mailop]

Thanks, John. The account in question is being looked at as we speak. It
should be terminated shortly.

Michael, do you have an example of a 4xx we aren't properly handling? Would
love to take a look and adjust handling.

Luke

On Wed, Oct 20, 2021 at 5:08 AM Michael Orlitzky via mailop <
mailop@mailop.org> wrote:

> On 2021-10-19 16:41:40, John R Levine via mailop wrote:
> > Fake USPS spam, sent to my father who I am pretty sure has not ordered
> anything
> > lately since he is dead.
>
> Tragically, we lose most of these because they still haven't figured
> out how to retry a 4xx.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Locally hosted anti-spam solution recommendations?

[Michael Peddemors via mailop]

Hey Ken,

Can't believe you didn't include 'MagicMail' in that list of on-premise 
email servers ;)


Since it has built in spam-protection, no need for another filtering 
device in front.


Frankly, spam protection belongs 'in' the email server, IMHO..

-- Michael --

PS, may be time to put up a new list of email servers and mail filtering 
appliances somewhere for people who ask these types of questions, rather 
than everyone pitching their services on the list.


The Wikipedia data seems woefully out of date.

On 2021-10-20 10:32 a.m., Ken O'Driscoll via mailop wrote:

Hi Otto,

For frontends, and if you don't mind a bit of hacking, take a look at MailCow 
(https://mailcow.email/) and Modoboa(https://modoboa.org/en/). They will sit in 
front of an open-source mail application stack and provide quarantine and 
allow-list control for end users.

For on-premise all-in-one solutions, look at Zimbra (https://www.zimbra.com/) 
or Open-Xchange (https://www.open-xchange.com/).

I have no personal experience of any of these, they were all potential 
solutions a client was testing a while ago. Their business case was different 
to your one, but similar situation with current vendor EOL.

And I'm assuming you want open-source. If you don't, there a plenty of fine 
filtering appliances that have user-level control.

Ken.


-Original Message-
From: mailop  On Behalf Of Otto J. Makela via
mailop
Sent: Wednesday 20 October 2021 14:49
To: mailop@mailop.org
Subject: [mailop] Locally hosted anti-spam solution recommendations?

We're currently running Roaring Penguin CanIT as our mail frontend, and
have been given an end-of-life notice from the new owners:
https://go.zixcorp.com/index.php/email/emailWebview?md_id=21715

So, now we're looking for a good frontend with antispam functions.

CanIT is a set of open source software (Sendmail, Spamassassin,
blocklists, ClamAV, opendkim etc) packaged with a nice web gui interface
to control it all on a locally hosted Linux server.

And that's basically what we'd also need to replace it.

Some random cloud hosting spam solution is not a viable option, we're a
Finnish government owned contractor. Also we need to know (if need be)
what happened to each and every email coming and going, not "perhaps our
proprietary spam system ate it, we won't tell you"
as so many of these cloud solutions seem to be.

Any recommendations?

--
/* * * Otto J. Makela  * * * * * * * * * */
   /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
  /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
/* * * Computers Rule 0100 01001011 * * * * * * */
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Locally hosted anti-spam solution recommendations?

[Ken O'Driscoll via mailop]

Hi Otto,

For frontends, and if you don't mind a bit of hacking, take a look at MailCow 
(https://mailcow.email/) and Modoboa(https://modoboa.org/en/). They will sit in 
front of an open-source mail application stack and provide quarantine and 
allow-list control for end users.

For on-premise all-in-one solutions, look at Zimbra (https://www.zimbra.com/) 
or Open-Xchange (https://www.open-xchange.com/). 

I have no personal experience of any of these, they were all potential 
solutions a client was testing a while ago. Their business case was different 
to your one, but similar situation with current vendor EOL. 

And I'm assuming you want open-source. If you don't, there a plenty of fine 
filtering appliances that have user-level control.

Ken.

> -Original Message-
> From: mailop  On Behalf Of Otto J. Makela via
> mailop
> Sent: Wednesday 20 October 2021 14:49
> To: mailop@mailop.org
> Subject: [mailop] Locally hosted anti-spam solution recommendations?
> 
> We're currently running Roaring Penguin CanIT as our mail frontend, and
> have been given an end-of-life notice from the new owners:
> https://go.zixcorp.com/index.php/email/emailWebview?md_id=21715
> 
> So, now we're looking for a good frontend with antispam functions.
> 
> CanIT is a set of open source software (Sendmail, Spamassassin,
> blocklists, ClamAV, opendkim etc) packaged with a nice web gui interface
> to control it all on a locally hosted Linux server.
> 
> And that's basically what we'd also need to replace it.
> 
> Some random cloud hosting spam solution is not a viable option, we're a
> Finnish government owned contractor. Also we need to know (if need be)
> what happened to each and every email coming and going, not "perhaps our
> proprietary spam system ate it, we won't tell you"
> as so many of these cloud solutions seem to be.
> 
> Any recommendations?
> 
> --
>/* * * Otto J. Makela  * * * * * * * * * */
>   /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
>  /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
> /* * * Computers Rule 0100 01001011 * * * * * * */
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day (John R Levine)

[Michael Peddemors via mailop]

For the record, it was and still is SendGrid that can't seem to get a 
handle on compromised accounts, used for phishing, but after the long 
success with that platform, other ESP's are being targeted as well.


Eg...

Received: from o53.p38.mailjet.com (HELO o53.p38.mailjet.com) 
(185.250.237.53)

From: No_reply Server 
Subject: De-activation notice for 

If you are an ESP, and you leak phishing or malware, you WILL end up on 
an RBL.. there is no 'too big to block' get out of jail free for these 
kinds of issues, and you generally have the budget to do a better job.


And if you REALLY can't get a handle on it, don't be afraid to consult 
an outside source.. if the rest of the world can detect those, you 
should be able to do it before it leaves your infrastructure.


I don't think anyone has too much sympathy given the valuation of ESP's 
these days..


Yes, for some email providers, they MIGHT get it in the ear when their 
user can't get their favorite newsletter from a shared service, but 
there is more understanding now that ESP's have to do more.


On 2021-10-20 6:18 a.m., Edgaras | SENDER via mailop wrote:
This is more widespread than just Sendgrid. We noticed an increase in 
various "postal service" phishing / scam attempts in the past couple of 
months, and they try to impersonate not only USPS, buth DHL (in German 
and English languages), Royal Mail, La Poste (French) and some others.


Most accounts that attempt this sort of scam are registered via various 
VPN services' ranges, however we noticed a few that were registered 
directly from IP addresses in Morocco. They are also trying email / 
password combinations from public leaks to try and take over legitimate 
accounts.


If anyone is interested in sharing knowledge about this gang and working 
on prevention together, reach me off list, as these list messages are 
public.



Sender  Edgar Vaitkevičius, founder / CEO
ed...@sender.net 


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Locally hosted anti-spam solution recommendations?

[Bill Cole via mailop]

On 2021-10-20 at 09:49:24 UTC-0400 (Wed, 20 Oct 2021 16:49:24 +0300)
Otto J. Makela via mailop 
is rumored to have said:

> We're currently running Roaring Penguin CanIT as our mail frontend,
> and have been given an end-of-life notice from the new owners:
> https://go.zixcorp.com/index.php/email/emailWebview?md_id=21715
>
> So, now we're looking for a good frontend with antispam functions.
>
> CanIT is a set of open source software (Sendmail, Spamassassin,
> blocklists, ClamAV, opendkim etc) packaged with a nice web gui
> interface to control it all on a locally hosted Linux server.

CanIT also (at least historically) has included MIMEDefang with a bespoke 
mimedefang-filter and unspecified other modifications.

The existing open source MIMEDefang project has moved to the McGrail Foundation 
and it is in an active maintenance mode. I am a member of the PMC for the 
project. We have released v2.85 recently with some updates, but as a mature 
project there's not a grand vision for radical change at the moment.

Diane Skoll (former proprietor of Roaring Penguin and primary author of 
MIMEDefang) is working on a separate project forked from MIMEDefang called 
Mailmunge. She is doing the daunting work of radically 
refactoring/reimplementing MD in a more robust and modern style, focused on the 
core functionality and maintainability/testability. She also offers her 
services for setting MM up.

> And that's basically what we'd also need to replace it.

What would be missing if you replace CanIT with MD or MM and the other open 
source tools would be the web admin interface. If you can live without that, 
you should be able to replace CanIT simply.

> Some random cloud hosting spam solution is not a viable option,
> we're a Finnish government owned contractor. Also we need to know
> (if need be) what happened to each and every email coming and going,
> not "perhaps our proprietary spam system ate it, we won't tell you"
> as so many of these cloud solutions seem to be.
>
> Any recommendations?

MD or MM is quite capable of detailed logging and auditable deterministic 
behavior.   I would expect that
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Problem with yahoo blacklist

[Lili Crowley via mailop]

Hi Marko-

Please contact me off list.

Thanks!

On Tue, Oct 19, 2021 at 1:28 PM Marko Poturica via mailop 
wrote:

> Hi,
>
>
>
> We have problems with yahoo IP blacklist. Our company fixed problems with
> spam, but communication with yahoo admins is slow.
>
> Can someone help with delist? Because two IP’s, all oour IP ranges are
> blocked by yahoo.
>
>
>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__list.mailop.org_listinfo_mailop=DwIGaQ=sWW_bEwW_mLyN3Kx2v57Q8e-CRbmiT9yOhqES_g_wVY=5Ps6gqx3JusivGVI-U9_l6qlVACXvsBn54y9pSHmSYw=wS2bu412OHZVCeK0UMUBWgfXmVORioEHwwi4CWZHlAM=i3ecgEcLjF9zt8TkNUyHRLXSfPJO5R5ZiKSwdn8UWNs=
>
-- 
Lili Crowley

she/her
Postmaster
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Locally hosted anti-spam solution recommendations?

[Otto J. Makela via mailop]

We're currently running Roaring Penguin CanIT as our mail frontend,
and have been given an end-of-life notice from the new owners:
https://go.zixcorp.com/index.php/email/emailWebview?md_id=21715

So, now we're looking for a good frontend with antispam functions.

CanIT is a set of open source software (Sendmail, Spamassassin,
blocklists, ClamAV, opendkim etc) packaged with a nice web gui
interface to control it all on a locally hosted Linux server.

And that's basically what we'd also need to replace it.

Some random cloud hosting spam solution is not a viable option,
we're a Finnish government owned contractor. Also we need to know
(if need be) what happened to each and every email coming and going,
not "perhaps our proprietary spam system ate it, we won't tell you"
as so many of these cloud solutions seem to be.

Any recommendations?

-- 
   /* * * Otto J. Makela  * * * * * * * * * */
  /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
 /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
/* * * Computers Rule 0100 01001011 * * * * * * */
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day (John R Levine)

[Edgaras | SENDER via mailop]

This is more widespread than just Sendgrid. We noticed an increase in
various "postal service" phishing / scam attempts in the past couple of
months, and they try to impersonate not only USPS, buth DHL (in German and
English languages), Royal Mail, La Poste (French) and some others.

Most accounts that attempt this sort of scam are registered via various VPN
services' ranges, however we noticed a few that were registered directly
from IP addresses in Morocco. They are also trying email / password
combinations from public leaks to try and take over legitimate accounts.

If anyone is interested in sharing knowledge about this gang and working on
prevention together, reach me off list, as these list messages are public.


[image: Sender] Edgar Vaitkevičius, founder / CEO
ed...@sender.net
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid spam of the day

[Michael Orlitzky via mailop]

On 2021-10-19 16:41:40, John R Levine via mailop wrote:
> Fake USPS spam, sent to my father who I am pretty sure has not ordered 
> anything 
> lately since he is dead.

Tragically, we lose most of these because they still haven't figured
out how to retry a 4xx.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop