Re: [mailop] Docusign phishing campaign of the decade, brought to you by Microsoft?
It appears that Jarland Donnell via mailop said: >Hey friends, > >Do me a favor and search your logs for this domain: >SIBBERTLLC.onmicrosoft.com It's not just that subdomain. .onmicrosoft.com is free throwaway accounts and I've seen the Docusign phish from lots of them. It's kind of clever, they send a real Docusign document to the onmicrosoft address which they then configure to forward to the actual victims (us). R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] "451 Requested action aborted: local error in processing" when submitting email to ionos email services.
First of all, thanks for the multiple and detailed repsonses with error reports. Indeed, this is the missing link and we obviously underestimated the reachability problem we have here on our DNS service. We already set up a plan to fix the issue and are looking forward getting this solved. Thanks again and cheers Michael Am 12.12.2023 um 10:56 schrieb Tobias Herkula via mailop: This seems to be an issue on your site, I checked the logs and all the times we were not able to deliver mails to you the error we had was "temporary mx resolver error". Most likely root cause: "dns.hiskp.uni-bonn.de." does not answer queries via UDP, as you also have a couple of more systems answering fine, this would also explain why it sometimes works and sometimes not. / Tobias Herkula Senior Product Owner Mail Security Product Management Mail Transfer & Mail Security 1&1 Mail & Media GmbH Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 7666 Geschäftsführer: Alexander Charles, Dana Kraft, Thomas Ludwig, Dr. Michael Hagenau Member of United Internet Diese E-Mail kann vertrauliche und/oder gesetzlich geschützte Informationen enthalten. Wenn Sie nicht der bestimmungsgemäße Adressat sind oder diese E-Mail irrtümlich erhalten haben, unterrichten Sie bitte den Absender und vernichten Sie diese E-Mail. Anderen als dem bestimmungsgemäßen Adressaten ist untersagt, diese E-Mail zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient of this e-mail, you are hereby notified that saving, distribution or use of the content of this e-mail in any way is prohibited. If you have received this e-mail in error, please notify the sender and delete the e-mail. -Original Message- From: mailop On Behalf Of Michael Lang via mailop Sent: Tuesday, December 12, 2023 8:50 AM To: mailop@mailop.org Subject: [mailop] "451 Requested action aborted: local error in processing" when submitting email to ionos email services. Hi everybody, for approximately one year, we are receiving regular complaints from remote contacts having problems to ship email from a service like gmx.de, gmx.net, 1und1.de and similar in fact services hosted by ionos to our email domain (@hiskp.uni-bonn.de, MX=mx8.hiskp.uni-bonn.de). During submission of ionos customers to one of the ionos servers people eventually receive an error of type: 451 Requested action aborted: local error in processing We tried to track this error on our own and found out that this warning randomly appears and if a resubmit is tried a few seconds later, submission via ionos services works flawlessly. Guessing that this might be caused by the MX entry for our destination getting lost in the cache of ionos submission servers due to a to short TTL, we tried changing that in our DNS, but this did not change the scenario. We furthermore observed that mail systems obviously receiving heavier load than we do seem not to have this problem or it occurs very rarely. Anyway that is for now a wild guess from us. To us this appears as if the timeout checking DNS for the MX + A / records is too short, independant ot the TTL and it furthermore appears to be load dependant on the ionos servers. The same phaenomenon we regularly observe when mail from our site is shipped to ionos servers. Here emails regularly get deferred for several seconds with the same 451 error but are successfully acepted with code 250 a few seconds later. As access to intermediate and top layer domain servers is obviously beyond our administrational range, does anybody have an idea why this occurs really? Is there maybe a contact at ionos to subscribe our email service for flawless transport, such as e.g. at t-online.de? Is this problem known to anybody else and what did you do to fight it? With kind regards Michael ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailopBEGIN:VCARD VERSION:4.0 N:Lang;Michael;;; FN:Michael Lang EMAIL;PREF=1;TYPE=work:ml...@hiskp.uni-bonn.de TITLE:Dr. ORG:Rheinische Friedrich-Wilhelms-Universität Bonn;Helmholtz-Institut für Strahlen- und Kernphysik URL;TYPE=work:https://www.hiskp.uni-bonn.de ADR;TYPE=work:;;Nußallee 14-16;Bonn;NRW;53115;Deutschland TEL;TYPE=work;VALUE=TEXT:+49 228 73-2522 TEL;TYPE=fax;VALUE=TEXT:+49 228 73-2505 TZ:Europe/Berlin END:VCARD smime.p7s Description: Kryptografische S/MIME-Signatur ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] dnsbl.spam.fail
I also block most mail from Hetzner's network. It's not a vendetta, it's not extortion, it's purely practical. My time is not unlimited, the vast majority of the mail from that network is spam and if a tiny bit of real mail gets lost, so be it. It is not worth my time to make exceptions in my filtering rules. If you're the only user on the system, then sure, fine -- your mail, your choice, but in my case I have "normal" users, ... I also have normal users, and if they complain I make their mail work. But they've never complained about losing mail from Hetzner. They complain a lot about losing mail but it very rarely has to do with local blocks. More often it's either that the sender is taking a long time to get around to it, or don't send at all because their ESP decided not to send it. Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] "451 Requested action aborted: local error in processing" when submitting email to ionos email services.
Looks like dns.hiskp.uni-bonn.de isn't reachable or responding, which could explain the intermittent nature. Graeme On 12 December 2023 07:57:48 Michael Lang via mailop wrote: Hi everybody, for approximately one year, we are receiving regular complaints from remote contacts having problems to ship email from a service like gmx.de, gmx.net, 1und1.de and similar in fact services hosted by ionos to our email domain (@hiskp.uni-bonn.de, MX=mx8.hiskp.uni-bonn.de). During submission of ionos customers to one of the ionos servers people eventually receive an error of type: 451 Requested action aborted: local error in processing We tried to track this error on our own and found out that this warning randomly appears and if a resubmit is tried a few seconds later, submission via ionos services works flawlessly. Guessing that this might be caused by the MX entry for our destination getting lost in the cache of ionos submission servers due to a to short TTL, we tried changing that in our DNS, but this did not change the scenario. We furthermore observed that mail systems obviously receiving heavier load than we do seem not to have this problem or it occurs very rarely. Anyway that is for now a wild guess from us. To us this appears as if the timeout checking DNS for the MX + A / records is too short, independant ot the TTL and it furthermore appears to be load dependant on the ionos servers. The same phaenomenon we regularly observe when mail from our site is shipped to ionos servers. Here emails regularly get deferred for several seconds with the same 451 error but are successfully acepted with code 250 a few seconds later. As access to intermediate and top layer domain servers is obviously beyond our administrational range, does anybody have an idea why this occurs really? Is there maybe a contact at ionos to subscribe our email service for flawless transport, such as e.g. at t-online.de? Is this problem known to anybody else and what did you do to fight it? With kind regards Michael ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] "451 Requested action aborted: local error in processing" when submitting email to ionos email services.
Am 12.12.2023 um 09:56:00 Uhr schrieb Tobias Herkula via mailop: > Most likely root cause: "dns.hiskp.uni-bonn.de." does not answer > queries via UDP, It also doesn't answer tcp queries, but replies to ICMPv6 echo request. Sadly, I also don't get an ICMP error message for that. Check the firewall settings. The other DNS servers for that zone seem to work. Shouldn't the DNS resolver on foreign sites be able to handle that? ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] "451 Requested action aborted: local error in processing" when submitting email to ionos email services.
This seems to be an issue on your site, I checked the logs and all the times we were not able to deliver mails to you the error we had was "temporary mx resolver error". Most likely root cause: "dns.hiskp.uni-bonn.de." does not answer queries via UDP, as you also have a couple of more systems answering fine, this would also explain why it sometimes works and sometimes not. / Tobias Herkula Senior Product Owner Mail Security Product Management Mail Transfer & Mail Security 1&1 Mail & Media GmbH Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 7666 Geschäftsführer: Alexander Charles, Dana Kraft, Thomas Ludwig, Dr. Michael Hagenau Member of United Internet Diese E-Mail kann vertrauliche und/oder gesetzlich geschützte Informationen enthalten. Wenn Sie nicht der bestimmungsgemäße Adressat sind oder diese E-Mail irrtümlich erhalten haben, unterrichten Sie bitte den Absender und vernichten Sie diese E-Mail. Anderen als dem bestimmungsgemäßen Adressaten ist untersagt, diese E-Mail zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient of this e-mail, you are hereby notified that saving, distribution or use of the content of this e-mail in any way is prohibited. If you have received this e-mail in error, please notify the sender and delete the e-mail. -Original Message- From: mailop On Behalf Of Michael Lang via mailop Sent: Tuesday, December 12, 2023 8:50 AM To: mailop@mailop.org Subject: [mailop] "451 Requested action aborted: local error in processing" when submitting email to ionos email services. Hi everybody, for approximately one year, we are receiving regular complaints from remote contacts having problems to ship email from a service like gmx.de, gmx.net, 1und1.de and similar in fact services hosted by ionos to our email domain (@hiskp.uni-bonn.de, MX=mx8.hiskp.uni-bonn.de). During submission of ionos customers to one of the ionos servers people eventually receive an error of type: 451 Requested action aborted: local error in processing We tried to track this error on our own and found out that this warning randomly appears and if a resubmit is tried a few seconds later, submission via ionos services works flawlessly. Guessing that this might be caused by the MX entry for our destination getting lost in the cache of ionos submission servers due to a to short TTL, we tried changing that in our DNS, but this did not change the scenario. We furthermore observed that mail systems obviously receiving heavier load than we do seem not to have this problem or it occurs very rarely. Anyway that is for now a wild guess from us. To us this appears as if the timeout checking DNS for the MX + A / records is too short, independant ot the TTL and it furthermore appears to be load dependant on the ionos servers. The same phaenomenon we regularly observe when mail from our site is shipped to ionos servers. Here emails regularly get deferred for several seconds with the same 451 error but are successfully acepted with code 250 a few seconds later. As access to intermediate and top layer domain servers is obviously beyond our administrational range, does anybody have an idea why this occurs really? Is there maybe a contact at ionos to subscribe our email service for flawless transport, such as e.g. at t-online.de? Is this problem known to anybody else and what did you do to fight it? With kind regards Michael ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] dnsbl.spam.fail
Am 12.12.2023 um 07:37 schrieb Kirill Miazine via mailop: But we're getting off-topic, my initial post triggered by discovery of the "new" dnsbl.spam.fail list, which I never had experienced earlier, and that question has been answered. For the record, I reached out to Domeneshop yesterday. Over the years there have been a handful of individuals/companies who have decided to block our ranges, or even our entire ASN. After reaching out, about half of them were willing to discuss the situation and then remove the blocks. I'm hoping Domeneshop will be one of them. Kind regards Bastiaan van den Berg ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] "451 Requested action aborted: local error in processing" when submitting email to ionos email services.
Hi everybody, for approximately one year, we are receiving regular complaints from remote contacts having problems to ship email from a service like gmx.de, gmx.net, 1und1.de and similar in fact services hosted by ionos to our email domain (@hiskp.uni-bonn.de, MX=mx8.hiskp.uni-bonn.de). During submission of ionos customers to one of the ionos servers people eventually receive an error of type: 451 Requested action aborted: local error in processing We tried to track this error on our own and found out that this warning randomly appears and if a resubmit is tried a few seconds later, submission via ionos services works flawlessly. Guessing that this might be caused by the MX entry for our destination getting lost in the cache of ionos submission servers due to a to short TTL, we tried changing that in our DNS, but this did not change the scenario. We furthermore observed that mail systems obviously receiving heavier load than we do seem not to have this problem or it occurs very rarely. Anyway that is for now a wild guess from us. To us this appears as if the timeout checking DNS for the MX + A / records is too short, independant ot the TTL and it furthermore appears to be load dependant on the ionos servers. The same phaenomenon we regularly observe when mail from our site is shipped to ionos servers. Here emails regularly get deferred for several seconds with the same 451 error but are successfully acepted with code 250 a few seconds later. As access to intermediate and top layer domain servers is obviously beyond our administrational range, does anybody have an idea why this occurs really? Is there maybe a contact at ionos to subscribe our email service for flawless transport, such as e.g. at t-online.de? Is this problem known to anybody else and what did you do to fight it? With kind regards Michael BEGIN:VCARD VERSION:4.0 EMAIL;PREF=1:ml...@hiskp.uni-bonn.de FN:Michael Lang ORG:Helmholtz-Institut für Strahlen- und Kernphysik\, Rheinische Friedrich- Wilhelms-Universität Bonn;CBELSA/TAPS Hardware Coordinator / HISKP IT Coord inator TITLE:Dr. N:Lang;Michael;;; ADR:;;Nußallee 14-16;Bonn;Nordrhein-Westfalen;53115;Bundesrepublik Deutschl and TEL;TYPE=work;VALUE=TEXT:+49 228 73 2522 TEL;TYPE=fax;VALUE=TEXT:+49 228 73 2505 URL;TYPE=work;VALUE=URL:https://www.hiskp.uni-bonn.de X-MOZILLA-HTML;VALUE=BOOLEAN:FALSE UID:dc66649f-1c6e-46ae-912b-4206278f569b END:VCARD smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop