Re: [mailop] Things to do on a Sunday, when there is an atmospheric river.. Investigate 'code200 UAB'
On 2022-10-30 at 15:17 -0700, Michael Peddemors via mailop wrote: > Can anyone give insight into this company? > > They have an IMMENSE amount of IP space from PSI/Cogent.. > > (Someone might like to look into this from Cogent's end) > > Their website (https://www.code200.global/contact) has no real > company information, and Google shows a Lithunian company by that > name with 17 employees. The website also claim they are based in Lithuania. Interestingly, these "IT experts" with "clients all over the world", that provide "dedicated hosting and cloud", chose to make and host their website with... wix. > But almost all of that IP space is active, with either > PTR > naming conventions of code200.global .. > > Oct 30 09:02:51 be msd[3651510]: CONN: 38.79.219.120 -> 25 GeoIP = > [US] > PTR = code200.global OS = Linux 2.2.x-3.x > Oct 30 09:02:51 be msd[3651510]: HELO command received, args: > code200.global > Oct 30 09:02:52 be msd[3651510]: MAIL command received, args: > FROM: > > Doing list washing.. > > ... or.. > > 38.128.158.229x1prd-ol-25ad6o.sourcexnet.com > 38.128.158.231x1prd-ol-6n0jkp.unsignedstatic.com > 38.128.158.233x1prd-ol-hf8c87.spaceisstupid.com > 38.128.158.235x1prd-ol-fc0xdw.marketdatax.com > > They advertise that they are selling internet connections for $19.95 > and hosting, but this doesn't appear to be the case.. > > Oct 30 11:46:08 be msd[4182031]: CONN: 149.100.189.246 -> 25 GeoIP = > [IT] PTR = prd-ol-5sp9th.froyogogo.com OS = Linux 2.2.x-3.x > Oct 30 11:46:09 be msd[4182031]: HELO command received, args: > prd-ol-5SP9TH.froyogogo.com > Oct 30 11:46:09 be msd[4182031]: MAIL command received, args: > FROM: > > You will recall that name from a while back in out reports.. > > This seems to be someone trying to prove they have justification for > IP space, but this is simply huge swaths of IP space used to slow > roll list washing it appears.. > > Any one else have comments on them? I have a few hits from them. Being really small, that is noticeable by itself. They seem to be doing the checks by pairs. At almost the same time, they check the expected mailbox from one ip address, then a second ip requests a made up mailbox in the same domain with a random alphanumeric local part of 13 characters (in order to compare with a non-existing mailbox, apparently). Interestingly, they use esmtps for the fake address but smtp (HELO with no STARTTLS) for the real one. In one case, the email used was tied to a company, and code200 check was followed 3 weeks later by a mail from them using salesforce ip space (they had not sent anything for months). I can only conclude that they contracted code200 for listwashing. In addition to PTRs of code200.global, the rdns (performed today) of the ip addresses they used show: - prd-ol-XX.maillistclean.com - prd-ol-XX.froyogogo.com - prd-ol-XX.megamx.net where XX are (random?) alphanumeric codes. (both the HELO name and MAIL FROM domain were code200.global, not the prd-ol one) whois show these ranges to still belong to "Code 200, UAB" on different US cities. Regards ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [EXTERNAL] Recommendations for host with good IP reputation or use external SMTP?
Ian Evans via mailop skrev den 2022-10-31 01:51: But going back to my original question: are there far better places to host a postfix server than Digitalocean? https://www.irccloud.com/pastebin/f9H1aoy5/pregreet%20bots ask custommer support at DO to help there custommer not abuse a ip that have no mx or a record for any maildomains at all, the pregreet list is collected from my spamtrap server if it was just DO, it would not be so hard to find better mailserver hosting, but as you see in my pastebin its not just DO :( ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Recommendations for host with good IP reputation or use external SMTP?
I personally have good luck with IONOS hosting for $10/month. When I first started I had problems with AT but I was able to resolved and since it's been quiet. I see a lot of crap plus pop3/smtp/imap login attempts from Digital Ocean for what it's worth. I have my actual mail server at home and use the host instance as a smart host to relay email in and out bound. Lyle On 10/30/22 18:35, Ian Evans via mailop wrote: I've been hosting my site and small postfix server (me and the missus are the only accts) on Digitalocean since 2013. Recently emails sent to a friend have started being rejected by Vadesecure, which is used by their domain. That's really the only problem I've had with deliveries in all this time. DO admits their IP reputation sucks and so won't intervene with vadesecure on behalf of my IP. My friend is literally the only acct I have problems sending to and I realize I could just use this gmail account, but this has become more of project because I just want my self-hosted email server to be 100%. I'm new to this list, so is there a thread in the archives that might discuss VPS hosts with clean IPs? Is it better to use an external SMTP provider whose whole biz is having clean IPs? Thanks for any pointers. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [EXTERNAL] Recommendations for host with good IP reputation or use external SMTP?
On Mon, 31 Oct 2022, 01:00 Ian Evans via mailop, wrote: > On Sun, Oct 30, 2022 at 8:46 PM Brotman, Alex > wrote: > > > > Did you ask if it's your IP, or the whole /24 or subnet? > > > > Could the target system exempt your IP? > [snip] > > > -Original Message- > > > From: Ian Evans > > > Sent: Sunday, October 30, 2022 8:44 PM > > > To: Brotman, Alex > > > Subject: Re: [EXTERNAL] [mailop] Recommendations for host with good IP > > > reputation or use external SMTP? > > > > > > On Sun, Oct 30, 2022 at 8:18 PM Brotman, Alex < > alex_brot...@comcast.com> > > > wrote: > > > > > > > > Is it your dedicated IP? Why not escalate to Vade yourself? > > > > > > Yes, it's a dedicated IP which I've had since 2013. I filled in the > removal request > > > form with Vade but they require intervention from the hosting > provider. the > > > NOC/Abuse team at digitalocean wrote back today and basically said > they don't > > > vouch for or recommend their service for email servers and don't > intervene with > > > DNSBLs. In other words, they know some of their clients are shady but > as long as > > > the cheque clears... > > > > > > So that's where I am. > > Right now ,I've just gone through their IP removal form and specified > my IP. I'll try and see if I can find an email contact on their site > to actually correspond with a human and find out more. > > But going back to my original question: are there far better places to > host a postfix server than Digitalocean? > > Thanks for your speedy replies. I hope you've had a good weekend. > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop Short answer - almost anywhere that's not a hosting barn or cloud provider. Probably not Hetzner/Linode/Vultr/LeaseWeb/OVH etc. I have hosted smaller mixed use business and personal email servers with Mythical Beasts for some years (one via them acquiring a smaller VPS provider, others directly) and they're great. Very knowledgeable technical people who have helped with some IP reputation issues early on in my tenure (6+ years ago) when I migrated in. No issues with a new server I span up for a customer a couple of years ago, I typically run Postfix & Dovecot on dual stack IPv4/6 CentOS with full DMARC/DKIM/SPF and PTRs on the sending IPs which is good practice and and satisfies larger operators' requirements (notably Gmail). Portfast is also an oft-recommended provider, discussed in threads passim. Both MB and Portfast are UK providers which may influence your choice. Stateside, Dreamhost also offer VPS and dedicated services which you may be interested in. I've had a shared hosting account with them for many years which I use for numerous projects and sites, their shared email platform is now quite good (ingress and egress heuristic and anti spam filtering via their integration with mailchannels). Generally very good customer support, though no business SLAs and occasionally if a severe issue affects you with many customers, it can take a little while to resolve. This has been vanishingly rare in the 10+ years I've been a customer. They did recently migrate my entire web and email hosting after a networking/cluster upgrade went pear-shaped, after I provided some detailed logs from my side they did periodically keep me informed until it was fixed. I'm sure others will recommend other good providers who are still friendly towards self-hosters. Cheers Chris ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [EXTERNAL] Recommendations for host with good IP reputation or use external SMTP?
On Sun, Oct 30, 2022 at 8:46 PM Brotman, Alex wrote: > > Did you ask if it's your IP, or the whole /24 or subnet? > > Could the target system exempt your IP? [snip] > > -Original Message- > > From: Ian Evans > > Sent: Sunday, October 30, 2022 8:44 PM > > To: Brotman, Alex > > Subject: Re: [EXTERNAL] [mailop] Recommendations for host with good IP > > reputation or use external SMTP? > > > > On Sun, Oct 30, 2022 at 8:18 PM Brotman, Alex > > wrote: > > > > > > Is it your dedicated IP? Why not escalate to Vade yourself? > > > > Yes, it's a dedicated IP which I've had since 2013. I filled in the removal > > request > > form with Vade but they require intervention from the hosting provider. the > > NOC/Abuse team at digitalocean wrote back today and basically said they > > don't > > vouch for or recommend their service for email servers and don't intervene > > with > > DNSBLs. In other words, they know some of their clients are shady but as > > long as > > the cheque clears... > > > > So that's where I am. Right now ,I've just gone through their IP removal form and specified my IP. I'll try and see if I can find an email contact on their site to actually correspond with a human and find out more. But going back to my original question: are there far better places to host a postfix server than Digitalocean? Thanks for your speedy replies. I hope you've had a good weekend. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [EXTERNAL] Recommendations for host with good IP reputation or use external SMTP?
[sorry responded to Alex directly and forgot to cc the list] Yes, it's a dedicated IP which I've had since 2013. I filled in the removal request form with Vade but they require intervention from the hosting provider. the NOC/Abuse team at digitalocean wrote back today and basically said they don't vouch for or recommend their service for email servers and don't intervene with DNSBLs. In other words, they know some of their clients are shady but as long as the cheque clears... So that's where I am. On Sun, Oct 30, 2022 at 8:18 PM Brotman, Alex wrote: > > Is it your dedicated IP? Why not escalate to Vade yourself? > > -- > Alex Brotman > Sr. Engineer, Anti-Abuse & Messaging Policy > Comcast > > > -Original Message- > > From: mailop On Behalf Of Ian Evans via mailop > > Sent: Sunday, October 30, 2022 7:35 PM > > To: mailop@mailop.org > > Subject: [EXTERNAL] [mailop] Recommendations for host with good IP > > reputation or use external SMTP? > > > > I've been hosting my site and small postfix server (me and the missus are > > the > > only accts) on Digitalocean since 2013. > > > > Recently emails sent to a friend have started being rejected by Vadesecure, > > which is used by their domain. That's really the only problem I've had with > > deliveries in all this time. DO admits their IP reputation sucks and so > > won't > > intervene with vadesecure on behalf of my IP. > > > > My friend is literally the only acct I have problems sending to and I > > realize I could > > just use this gmail account, but this has become more of project because I > > just > > want my self-hosted email server to be 100%. > > > > I'm new to this list, so is there a thread in the archives that might > > discuss VPS > > hosts with clean IPs? Is it better to use an external SMTP provider whose > > whole > > biz is having clean IPs? > > > > Thanks for any pointers. > > ___ > > mailop mailing list > > mailop@mailop.org > > https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!CQl3mc > > HX2A!GBcPeIW9E9XJkd2aUC-QyWmagZzOvjE_9yX-Zf0x-sNoAj1Vz- > > w0LoWC9tSmNvIFCf2YR8k413gkuyl2W94$ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [EXTERNAL] Recommendations for host with good IP reputation or use external SMTP?
Is it your dedicated IP? Why not escalate to Vade yourself? -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast > -Original Message- > From: mailop On Behalf Of Ian Evans via mailop > Sent: Sunday, October 30, 2022 7:35 PM > To: mailop@mailop.org > Subject: [EXTERNAL] [mailop] Recommendations for host with good IP > reputation or use external SMTP? > > I've been hosting my site and small postfix server (me and the missus are the > only accts) on Digitalocean since 2013. > > Recently emails sent to a friend have started being rejected by Vadesecure, > which is used by their domain. That's really the only problem I've had with > deliveries in all this time. DO admits their IP reputation sucks and so won't > intervene with vadesecure on behalf of my IP. > > My friend is literally the only acct I have problems sending to and I realize > I could > just use this gmail account, but this has become more of project because I > just > want my self-hosted email server to be 100%. > > I'm new to this list, so is there a thread in the archives that might discuss > VPS > hosts with clean IPs? Is it better to use an external SMTP provider whose > whole > biz is having clean IPs? > > Thanks for any pointers. > ___ > mailop mailing list > mailop@mailop.org > https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!CQl3mc > HX2A!GBcPeIW9E9XJkd2aUC-QyWmagZzOvjE_9yX-Zf0x-sNoAj1Vz- > w0LoWC9tSmNvIFCf2YR8k413gkuyl2W94$ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Recommendations for host with good IP reputation or use external SMTP?
It appears you’ve come to the right place if you run a two user email server and want to stick it to the man. From: mailop on behalf of Ian Evans via mailop Date: Sunday, October 30, 2022 at 7:40 PM To: mailop@mailop.org Subject: [mailop] Recommendations for host with good IP reputation or use external SMTP? I've been hosting my site and small postfix server (me and the missus are the only accts) on Digitalocean since 2013. Recently emails sent to a friend have started being rejected by Vadesecure, which is used by their domain. That's really the only problem I've had with deliveries in all this time. DO admits their IP reputation sucks and so won't intervene with vadesecure on behalf of my IP. My friend is literally the only acct I have problems sending to and I realize I could just use this gmail account, but this has become more of project because I just want my self-hosted email server to be 100%. I'm new to this list, so is there a thread in the archives that might discuss VPS hosts with clean IPs? Is it better to use an external SMTP provider whose whole biz is having clean IPs? Thanks for any pointers. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Recommendations for host with good IP reputation or use external SMTP?
I've been hosting my site and small postfix server (me and the missus are the only accts) on Digitalocean since 2013. Recently emails sent to a friend have started being rejected by Vadesecure, which is used by their domain. That's really the only problem I've had with deliveries in all this time. DO admits their IP reputation sucks and so won't intervene with vadesecure on behalf of my IP. My friend is literally the only acct I have problems sending to and I realize I could just use this gmail account, but this has become more of project because I just want my self-hosted email server to be 100%. I'm new to this list, so is there a thread in the archives that might discuss VPS hosts with clean IPs? Is it better to use an external SMTP provider whose whole biz is having clean IPs? Thanks for any pointers. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Things to do on a Sunday, when there is an atmospheric river.. Investigate 'code200 UAB'
They are validating addresses using incomplete SMTP dialogs. Either nullroute or block at the MAIL FROM stage, so they don't even get to check whether RCPT TO would be accepted. Cheers, Hans-Martin Am 30. Oktober 2022 23:23:51 schrieb Michael Peddemors via mailop : Can anyone give insight into this company? They have an IMMENSE amount of IP space from PSI/Cogent.. (Someone might like to look into this from Cogent's end) Their website (https://www.code200.global/contact) has no real company information, and Google shows a Lithunian company by that name with 17 employees. But almost all of that IP space is active, with either PTR naming conventions of code200.global .. Oct 30 09:02:51 be msd[3651510]: CONN: 38.79.219.120 -> 25 GeoIP = [US] PTR = code200.global OS = Linux 2.2.x-3.x Oct 30 09:02:51 be msd[3651510]: HELO command received, args: code200.global Oct 30 09:02:52 be msd[3651510]: MAIL command received, args: FROM: Doing list washing.. ... or.. 38.128.158.229x1prd-ol-25ad6o.sourcexnet.com 38.128.158.231x1prd-ol-6n0jkp.unsignedstatic.com 38.128.158.233x1prd-ol-hf8c87.spaceisstupid.com 38.128.158.235x1prd-ol-fc0xdw.marketdatax.com They advertise that they are selling internet connections for $19.95 and hosting, but this doesn't appear to be the case.. Oct 30 11:46:08 be msd[4182031]: CONN: 149.100.189.246 -> 25 GeoIP = [IT] PTR = prd-ol-5sp9th.froyogogo.com OS = Linux 2.2.x-3.x Oct 30 11:46:09 be msd[4182031]: HELO command received, args: prd-ol-5SP9TH.froyogogo.com Oct 30 11:46:09 be msd[4182031]: MAIL command received, args: FROM: You will recall that name from a while back in out reports.. This seems to be someone trying to prove they have justification for IP space, but this is simply huge swaths of IP space used to slow roll list washing it appears.. Any one else have comments on them? -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Things to do on a Sunday, when there is an atmospheric river.. Investigate 'code200 UAB'
Can anyone give insight into this company? They have an IMMENSE amount of IP space from PSI/Cogent.. (Someone might like to look into this from Cogent's end) Their website (https://www.code200.global/contact) has no real company information, and Google shows a Lithunian company by that name with 17 employees. But almost all of that IP space is active, with either PTR naming conventions of code200.global .. Oct 30 09:02:51 be msd[3651510]: CONN: 38.79.219.120 -> 25 GeoIP = [US] PTR = code200.global OS = Linux 2.2.x-3.x Oct 30 09:02:51 be msd[3651510]: HELO command received, args: code200.global Oct 30 09:02:52 be msd[3651510]: MAIL command received, args: FROM: Doing list washing.. ... or.. 38.128.158.229x1prd-ol-25ad6o.sourcexnet.com 38.128.158.231x1prd-ol-6n0jkp.unsignedstatic.com 38.128.158.233x1prd-ol-hf8c87.spaceisstupid.com 38.128.158.235x1prd-ol-fc0xdw.marketdatax.com They advertise that they are selling internet connections for $19.95 and hosting, but this doesn't appear to be the case.. Oct 30 11:46:08 be msd[4182031]: CONN: 149.100.189.246 -> 25 GeoIP = [IT] PTR = prd-ol-5sp9th.froyogogo.com OS = Linux 2.2.x-3.x Oct 30 11:46:09 be msd[4182031]: HELO command received, args: prd-ol-5SP9TH.froyogogo.com Oct 30 11:46:09 be msd[4182031]: MAIL command received, args: FROM: You will recall that name from a while back in out reports.. This seems to be someone trying to prove they have justification for IP space, but this is simply huge swaths of IP space used to slow roll list washing it appears.. Any one else have comments on them? -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Only Yahoo deferring mail
Thanks for the link. Server has been on this same IP Address for at least 15 years. I've opened a ticket yesterday with Yahoo on that link, I don't know how often it's monitored, I just submitted another one asking for an update. Of course, users are starting to notice that their emails are not going through to yahoo since they're getting failed delivery notices, which causes them to create test emails, which increases the number in the queue waiting to be delivered to Yahoo T code is TSS04 67.195.228.106 15:44:56 Client session <<< 421 4.7.0 [TSS04] Messages from 66.151.17.22 temporarily deferred due to unexpected volume or user complaints - 4.16.55.1; see https://postmaster.yahooinc.com/error-codes Thanks, Nate On 10/29/2022 1:03 PM, Al Iverson via mailop wrote: Go submit a ticket here - https://senders.yahooinc.com/contact I assume there's a TS04 code in that error message. It is indeed likely due to user complaints, but they have something of a hair trigger for IPs not known to them. They ought to be able to get you sorted out. Assuming you have a limited number of DKIM domains in play, register them all with the Yahoo feedback loop. Find info on that same website. The Yahoo FBL is DKIM-based. It's meant for big bulk senders, but I suspect it may give you a modest boost when it comes to reputation. More importantly, you'll be able to see which goober is complaining about legit mail. Assuming you're very low volume and not an ESP/CRM platform, you're probably wondering where should FBL complaints go? In my case, I just have them sent to an alias at my domain that for now comes to me for manual review. With the intent that if it grows too big to handle, I can redirect the alias to automation later. It works fine; I get the occasional complaint about a jazz newsletter I send out and I just manually unsubscribe anyone who complains. Is this new? Yahoo does adjust filters regularly but overall this kind of issue/process is not really anything new. This isn't futile; it's easily fixable. It can just feel a bit overwhelming or unfair for smaller or hobby senders. Regards, Al Iverson On Sat, Oct 29, 2022 at 10:39 AM Nate Burke via mailop wrote: I know it may be futile, but I thought I'd ask. Starting late Tuesday afternoon, Yahoo has started deferring all email from my server. All other internet domains are fine except for yahoo properties. There was no increase of mail from my server that I can find. The only messages in the outbound queue are waiting to be delivered to Yahoo, and are all legitimate messages. And there's only about 160 of them. The Yahoo error is just 'Messages from 66.151.xx.xx temporarily deferred due to unexpected volume or user complaints' There was no increase in mail volume on Tuesday before this error started. All IPv4 traffic SPF/DKIM seem to be functioning properly. I get the daily report from Yahoo DMARC and it reports that the Server IP Address passes SPF/DKIM Did Yahoo institute a new policy this week that I've missed setting up? Thanks, Nate Burke Blast Communications ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Anyone else seeing email backed up to Microsoft -- only IPv6
A friend with contacts at Microsoft says: The IPv6 rejection is well understood, a postmortem is being done on why a configuration change was made by the networking team on the 25th without the appropriate notification or rings for verification. Evidently at Microsoft, quality is still job 1.1. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop