Re: [mailop] Sent my first spam in 26 years
On Thursday 13/04/2023 at 8:15 pm, Jarland Donnell via mailop wrote: Did you get any samples of the spam campaign? Most of the ones I've seen in the last few weeks appear to be more computer viruses (stealing credentials from the user's systems), and I've had all of zero blacklistings for the ones that got past me even for several hours. I have a copy of the joe-job, and my buddy whose account was used for the spam got bounces. The former has an attached PDF that I didn't analyze, and the latter appeared to be run-of-the-mill spam. Well, that's encouraging... for my current situation, at least. I've gotten blacklisted several times (by providers, not public RBLs) for no (good) reason. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Gmail SMTP timeouts
Are you running exim? I have the following in my config, which seems to help the issue: # disable TCP fast open for gsmtp servers, due to a kernel bug; the bug was supposedly # fixed in 5.18, but it seems there's still some quirkiness with gmail without this # setting # # https://www.chromosphere.co.uk/2022/06/01/googles-tcp-fast-open-breaks-exim-delivery/ # https://forum.hestiacp.com/t/gmail-smtp-timeout-after-sending-data-block-connection-timed-out/4745/75 # https://github.com/myvesta/vesta/commit/c7aa6ec7494bc3b7ac4885182383c1bf88692c1b hosts_try_fastopen = !*.l.google.com : !*.googlemail.com : * Good luck, -- Alex ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Sent my first spam in 26 years
Did you get any samples of the spam campaign? Most of the ones I've seen in the last few weeks appear to be more computer viruses (stealing credentials from the user's systems), and I've had all of zero blacklistings for the ones that got past me even for several hours. On 2023-04-13 18:16, Peter E. Fry via mailop wrote: Got a couple user accounts compromised. One was used to send a spam, killed after it hit the quota (100). I happened to be sitting on the server logs, trying to pin down the very odd joe-job done using information from one account when the other blew up in my face, so I was able to kill them immediately. I don't appear to be in any RBLs... yet... I've done the basic work on my equipment, of course -- hopefully I don't have any more holes. Y'all got any recommendations for public space cleanup work, so to speak? Side note: One compromised account has a likely vector; the other is a mystery, which is disturbing. Other side note: Had my open relay exploited in 1997. Peter E. Fry ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Sent my first spam in 26 years
Got a couple user accounts compromised. One was used to send a spam, killed after it hit the quota (100). I happened to be sitting on the server logs, trying to pin down the very odd joe-job done using information from one account when the other blew up in my face, so I was able to kill them immediately. I don't appear to be in any RBLs... yet... I've done the basic work on my equipment, of course -- hopefully I don't have any more holes. Y'all got any recommendations for public space cleanup work, so to speak? Side note: One compromised account has a likely vector; the other is a mystery, which is disturbing. Other side note: Had my open relay exploited in 1997. Peter E. Fry ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] agilitylive.com publishing empty SPF record
To clarify - /legitimate /mail getting rejected. I have not seen any malicious messages from these IP's, this seems to be a recent change in their DNS according to securitytrails. On 4/13/2023 12:22 PM, Mark Alley wrote: Any Kofax reps or someone who knows the owners of agilitylive.com on list? It appears they've recently published an empty SPF record with a hardfail policy and an (incorrectly) placed DMARC policy of reject. Lots of mail getting rejected from them because of their SPF record. IP Addresses they're sending from currently are 83.138.154.43 and 134.213.118.100. Thanks, Mark Alley ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] agilitylive.com publishing empty SPF record
Any Kofax reps or someone who knows the owners of agilitylive.com on list? It appears they've recently published an empty SPF record with a hardfail policy and an (incorrectly) placed DMARC policy of reject. Lots of mail getting rejected from them because of their SPF record. IP Addresses they're sending from currently are 83.138.154.43 and 134.213.118.100. Thanks, Mark Alley ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Outlook.com: missing data in SNDS + IPs blocked on Apr 06
I also show no data for the 6th, but no blocking here (granted, we are a very high traffic single IP sender). On Thu, Apr 13, 2023 at 11:33 AM Fernando MM via mailop wrote: > Hi, > > On Apr 06 we detected that 28 IPs were blocked in Outlook.com, all with > the following error: > > 550 5.7.1 Unfortunately, messages from [185.103.9.41] weren't sent. Please > contact your Internet service provider since part of their network is on > our block list (S3150). You can also refer your provider to > http://mail.live.com/mail/troubleshooting.aspx#errors. > > > Although some of the blocked IPs were new, most of them were in use by the > same customers for years without issues. Part of them didn't had a single > spam report or spam trap hit in the last 3-6 months. > > After making sure that these servers weren't compromised, I opened tickets > at https://olcsupport.office.com/ and, after escalation, the response was > that the IPs didn't qualify for mitigation at this time or that there were > "changes in email sending volume" ( there weren't, the volume hasn't > changed since we have limits for each IP/customer to avoid these issues ) > > Today I noticed that the data on Apr 06 in missing in SNDS. All other > dates are showing up, just Apr 06 is missing. > > I was wondering if anyone else experienced similar issues on Apr 06 with > missing data on SNDS or a high number of IPs getting blocked? > > Thanks. > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Outlook.com: missing data in SNDS + IPs blocked on Apr 06
Hi, On Apr 06 we detected that 28 IPs were blocked in Outlook.com, all with the following error: 550 5.7.1 Unfortunately, messages from [185.103.9.41] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. Although some of the blocked IPs were new, most of them were in use by the same customers for years without issues. Part of them didn't had a single spam report or spam trap hit in the last 3-6 months. After making sure that these servers weren't compromised, I opened tickets at https://olcsupport.office.com/ and, after escalation, the response was that the IPs didn't qualify for mitigation at this time or that there were "changes in email sending volume" ( there weren't, the volume hasn't changed since we have limits for each IP/customer to avoid these issues ) Today I noticed that the data on Apr 06 in missing in SNDS. All other dates are showing up, just Apr 06 is missing. I was wondering if anyone else experienced similar issues on Apr 06 with missing data on SNDS or a high number of IPs getting blocked? Thanks. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
