[mailop] iCloud outage?

[Jarland Donnell via mailop]

Just a quick sanity check, are others seeing intermittent failure to 
reach iCloud servers? My logs are filled with:


450 Error connecting to 17.57.156.30. Unexpected socket close

I've been having trouble delivering mail to them for at least 12 hours. 
I hope it's not just me, but it would help to know if it is.


<3
Jarland
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?

[Bradley King via mailop]

No slowing at all from where I sit.

Over the last 24 hours on our platform -

1,070,934 SPAM messages from various *.onmicrosoft.com domains along with many 
other dodgy domains like ..com
I would suggest looking for MSFT IPs - not just an envelope of 
*.onmicrosoft.com and taking a look at what they are sending. Like us, you may 
just find a ton more spam from weird domains as described above.

This has been happening for months. Various subjects around Antivirus, Gift 
Cards, Bitcoin, Postal deliveries, Power Drills, Pillows, Doorbell Cameras, 
clean electricity and even Toothbrushes along with other malicious Phishing 
emails posing as banks etc... and then some..

Cheers,

Brad






17 January 2024 at 09:44, "Jarland Donnell via mailop"  
wrote:



> 
> Don't forget about Elon's New Heater!
> 
> We're seeing a bit of a reduction of complaints now from this. Are any 
> 
> others seeing it start to slow down as well? I'm hoping MS is getting 
> 
> better at fighting it, but it may just be that I have. I haven't quite 
> 
> gone as far as blocking them but I have added high spam scores, and even 
> 
> increased spam scores from all MS IPs.
> 
> On 2024-01-16 16:24, Russell Clemings via mailop wrote:
> 
> > 
> > Since exim_mainlog rolled over Saturday night, I see 332 successful
> > 
> >  incoming emails from onmicrosoft.com [2] and 52 spam rejects. Based on
> > 
> >  the subject lines, all of the successes were spam. So I've added
> > 
> >  "blacklist from *.onmicrosoft.com [2]" to spamassassin. I just hope
> > 
> >  people won't be too disappointed about missing out on their Dewalt
> > 
> >  Power Stations and their YETI 30-Oz. travel mugs.
> > 
> >  
> > 
> >  On Mon, Jan 15, 2024 at 10:30 AM Randolf Richardson, Postmaster via
> > 
> >  mailop  wrote:
> > 
> >  
> > 
> >  FWIW, after a log file review we are contemplating blocking
> > 
> > > 
> > > "azurewebsites.net [1]" as well as "@onmicrosoft.com [2]".
> > > 
> > >  
> > > 
> > >  Our logs are showing small quantities of SMTP traffic from
> > > 
> > >  "azurewebsites.net [1]" that are usually being blocked due to SPF
> > > 
> > >  failures, and usually sending to weird, nonsencial non-existent
> > > 
> > >  eMail
> > > 
> > >  addresses where the local-part is a series of randomly-selected
> > > 
> > >  letters and digits, sometimes intermixed with names of birds,
> > > 
> > >  furniture, food, vehicles, colours, etc., all of which are recipient
> > > 
> > >  
> > > 
> > >  addresses that don't exist and have never existed.
> > > 
> > >  
> > > 
> > >  I'm assuming it's a source of eMail debris from broken
> > > 
> > >  systems. I'm
> > > 
> > >  almost tempted to set up a honeypot to see whatever trash it's
> > > 
> > >  trying
> > > 
> > >  to spew out, but I'd rather do something more productive (like
> > > 
> > >  flossing my teeth).
> > > 
> > 
> >  Curious if others are coming to the same conclusion?
> > 
> > > 
> > > I'm currently leaning in a block-on-sight direction since
> > > 
> > >  I'm seeing
> > > 
> > >  zero legitimate eMail coming from hosts self-identifying as hosts in
> > > 
> > >  
> > > 
> > >  the "azurewebsites.net [1]" domain name in the HELO and EHLO
> > > 
> > >  commands.
> > > 
> > 
> >  Regards,
> > 
> >  Mark
> > 
> >  _
> > 
> >  L. Mark Stone, Founder
> > 
> >  North America's Leading Zimbra VAR/BSP/Training Partner
> > 
> >  For Companies With Mission-Critical Email Needs
> > 
> >  
> > 
> >  - Original Message -
> > 
> >  From: "Mark Alley via mailop" 
> > 
> >  To: "Andrew C Aitchison" 
> > 
> >  Cc: "mailop" 
> > 
> >  Sent: Sunday, January 14, 2024 6:30:22 PM
> > 
> >  Subject: Re: [mailop] Anyone else noticing an increase in spam
> > 
> > > 
> > > from Office365 distribution lists?
> > > 
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> >  Ah, yep, thanks for catching that typo.
> > 
> >  On 1/14/2024 4:56 PM, Andrew C Aitchison wrote:
> > 
> >  
> > 
> >  
> > 
> >  On Sun, 14 Jan 2024, Mark Alley via mailop wrote:
> > 
> >  
> > 
> >  
> > 
> >  BQ_BEGIN
> > 
> >  This is anecdotal, but I think it illustrates even at a smaller
> > 
> > > 
> > > scale the persistent problem Microsoft currently has with their
> > > 
> > >  tenancy.
> > > 
> > 
> >  
> > 
> >  I did some quick perusal of the last month's data from our email
> > 
> > > 
> > > logs, and out of a total of 22,473 external emails that contain a
> > > 
> > >  .onmicrosoft.com [2] subdomain in the RFC5322.FROM field -- 22,086
> > > 
> > >  were blocked because of various reasons:
> > > 
> > 
> >  
> > 
> >  * 21,228 spam
> > 
> >  * 1 malware
> > 
> >  * 759 phishing
> > 
> >  * 5 impostor
> > 
> >  * 93 "hard" failed SPF without a DMARC record since
> > 
> > > 
> > > onmicrosoft.com [2]
> > > 
> > 
> >  doesn't have one. (probably forwarded)
> > 
> >  
> > 
> >  387 "clean" emails were delivered successfully initially, and 151
> > 
> > > 
> > > of those initial delivers were then later 

Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?

[Michael Peddemors via mailop]

I think you have to start blocking them earlier that in Spam Assassin, 
if you want to make a difference..


If you block them at the SMTP layer, then maybe they give up.. or if you 
reject with a 4XX, maybe Microsoft might notice an increase in the 
queues (wishful thinking)


Also, if you check earlier, you can save a lot of overhead..

Only advantage of flagging it at the filtering level, is if you aren't 
100% certain it's all spam, then you can redirect it to the person's 
'spam' folders..


One note.. you say 'from onmicrosoft.com' .. do you mean the 
subdomain.onmicrosoft.com or @onmicrosoft.com, there is a slight 
difference...




On 2024-01-16 14:24, Russell Clemings via mailop wrote:
Since exim_mainlog rolled over Saturday night, I see 332 successful 
incoming emails from onmicrosoft.com  and 52 
spam rejects. Based on the subject lines, all of the successes were 
spam. So I've added "blacklist from *.onmicrosoft.com 
" to spamassassin. I just hope people won't be 
too disappointed about missing out on their Dewalt Power Stations and 
their YETI 30-Oz. travel mugs.


On Mon, Jan 15, 2024 at 10:30 AM Randolf Richardson, Postmaster via 
mailop mailto:mailop@mailop.org>> wrote:


 > FWIW, after a log file review we are contemplating blocking
"azurewebsites.net " as well as
"@onmicrosoft.com ".

         Our logs are showing small quantities of SMTP traffic from
"azurewebsites.net " that are usually
being blocked due to SPF
failures, and usually sending to weird, nonsencial non-existent eMail
addresses where the local-part is a series of randomly-selected
letters and digits, sometimes intermixed with names of birds,
furniture, food, vehicles, colours, etc., all of which are recipient
addresses that don't exist and have never existed.

         I'm assuming it's a source of eMail debris from broken
systems.  I'm
almost tempted to set up a honeypot to see whatever trash it's trying
to spew out, but I'd rather do something more productive (like
flossing my teeth).

 > Curious if others are coming to the same conclusion?

         I'm currently leaning in a block-on-sight direction since
I'm seeing
zero legitimate eMail coming from hosts self-identifying as hosts in
the "azurewebsites.net " domain name in
the HELO and EHLO commands.

 > Regards,
 > Mark
 > _
 > L. Mark Stone, Founder
 > North America's Leading Zimbra VAR/BSP/Training Partner
 > For Companies With Mission-Critical Email Needs
 >
 > - Original Message -
 > From: "Mark Alley via mailop" mailto:mailop@mailop.org>>
 > To: "Andrew C Aitchison" mailto:and...@aitchison.me.uk>>
 > Cc: "mailop" mailto:mailop@mailop.org>>
 > Sent: Sunday, January 14, 2024 6:30:22 PM
 > Subject: Re: [mailop] Anyone else noticing an increase in spam
from Office365 distribution lists?
 >
 >
 >
 > Ah, yep, thanks for catching that typo.
 > On 1/14/2024 4:56 PM, Andrew C Aitchison wrote:
 >
 >
 > On Sun, 14 Jan 2024, Mark Alley via mailop wrote:
 >
 >
 > BQ_BEGIN
 > This is anecdotal, but I think it illustrates even at a smaller
scale the persistent problem Microsoft currently has with their
tenancy.
 >
 > I did some quick perusal of the last month's data from our email
logs, and out of a total of 22,473 external emails that contain a
.onmicrosoft.com  subdomain in the
RFC5322.FROM field -- 22,086 were blocked because of various reasons:
 >
 > * 21,228 spam
 > * 1 malware
 > * 759 phishing
 > * 5 impostor
 > * 93 "hard" failed SPF without a DMARC record since
onmicrosoft.com 
 > doesn't have one. (probably forwarded)
 >
 > 387 "clean" emails were delivered successfully initially, and 151
of those initial delivers were then later retroactively classified
as being spam or phishing.
 >
 > So even at this scale, we're left with a minutia of ~0.01%
 >
 >
 >
 > 236/22473 ~= 1%
 >
 >
 > BQ_BEGIN
 > "legitimate" emails, most of which are from misconfigured
Exchange Online mailboxes or Office365 groups from various businesses.
 >
 > So, YMMV widely, but for most organizations, as John said,
definitely not going to be missing /too /much. Most of what I see
that's legitimate in our traffic would be 3 or 4 specific subdomain
additions to a safelist from the hypothetical block rule, and that
would be it.
 >
 > - Mark Alley
 >
 > BQ_END
 >
 >
 > BQ_END
 >
 > ___
 > mailop mailing list
 > 

Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?

[Jarland Donnell via mailop]

Don't forget about Elon's New Heater!

We're seeing a bit of a reduction of complaints now from this. Are any 
others seeing it start to slow down as well? I'm hoping MS is getting 
better at fighting it, but it may just be that I have. I haven't quite 
gone as far as blocking them but I have added high spam scores, and even 
increased spam scores from all MS IPs.


On 2024-01-16 16:24, Russell Clemings via mailop wrote:

Since exim_mainlog rolled over Saturday night, I see 332 successful
incoming emails from onmicrosoft.com [2] and 52 spam rejects. Based on
the subject lines, all of the successes were spam. So I've added
"blacklist from *.onmicrosoft.com [2]" to spamassassin. I just hope
people won't be too disappointed about missing out on their Dewalt
Power Stations and their YETI 30-Oz. travel mugs.

On Mon, Jan 15, 2024 at 10:30 AM Randolf Richardson, Postmaster via
mailop  wrote:


FWIW, after a log file review we are contemplating blocking

"azurewebsites.net [1]" as well as "@onmicrosoft.com [2]".

Our logs are showing small quantities of SMTP traffic from
"azurewebsites.net [1]" that are usually being blocked due to SPF
failures, and usually sending to weird, nonsencial non-existent
eMail
addresses where the local-part is a series of randomly-selected
letters and digits, sometimes intermixed with names of birds,
furniture, food, vehicles, colours, etc., all of which are recipient

addresses that don't exist and have never existed.

I'm assuming it's a source of eMail debris from broken
systems.  I'm
almost tempted to set up a honeypot to see whatever trash it's
trying
to spew out, but I'd rather do something more productive (like
flossing my teeth).


Curious if others are coming to the same conclusion?


I'm currently leaning in a block-on-sight direction since
I'm seeing
zero legitimate eMail coming from hosts self-identifying as hosts in

the "azurewebsites.net [1]" domain name in the HELO and EHLO
commands.


Regards,
Mark
_
L. Mark Stone, Founder
North America's Leading Zimbra VAR/BSP/Training Partner
For Companies With Mission-Critical Email Needs

- Original Message -
From: "Mark Alley via mailop" 
To: "Andrew C Aitchison" 
Cc: "mailop" 
Sent: Sunday, January 14, 2024 6:30:22 PM
Subject: Re: [mailop] Anyone else noticing an increase in spam

from Office365 distribution lists?




Ah, yep, thanks for catching that typo.
On 1/14/2024 4:56 PM, Andrew C Aitchison wrote:


On Sun, 14 Jan 2024, Mark Alley via mailop wrote:


BQ_BEGIN
This is anecdotal, but I think it illustrates even at a smaller

scale the persistent problem Microsoft currently has with their
tenancy.


I did some quick perusal of the last month's data from our email

logs, and out of a total of 22,473 external emails that contain a
.onmicrosoft.com [2] subdomain in the RFC5322.FROM field -- 22,086
were blocked because of various reasons:


* 21,228 spam
* 1 malware
* 759 phishing
* 5 impostor
* 93 "hard" failed SPF without a DMARC record since

onmicrosoft.com [2]

doesn't have one. (probably forwarded)

387 "clean" emails were delivered successfully initially, and 151

of those initial delivers were then later retroactively classified
as being spam or phishing.


So even at this scale, we're left with a minutia of ~0.01%



236/22473 ~= 1%


BQ_BEGIN
"legitimate" emails, most of which are from misconfigured Exchange

Online mailboxes or Office365 groups from various businesses.


So, YMMV widely, but for most organizations, as John said,

definitely not going to be missing /too /much. Most of what I see
that's legitimate in our traffic would be 3 or 4 specific subdomain
additions to a safelist from the hypothetical block rule, and that
would be it.


- Mark Alley

BQ_END


BQ_END

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


--
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


--

===
Russell Clemings

===

Links:
--
[1] http://azurewebsites.net
[2] http://onmicrosoft.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] [UPDATE] Changes to Validity Reputation Data Through DNS

[Tom Bartel via mailop]

Hello Mailops Community,

Following is an update on the changes at Validity regarding public query
access for reputation data in DNS. We're finalizing the implementation
(including in Spam Assassin) and similar to Spamhaus DQS, we'll use the
response code 127.255.255.255 to indicate excessive querying.  Any
questions and/or feedback, LMK.

Thanks,

Tom

Dear Mailops Community,


We wanted to send you a quick reminder of the upcoming changes to accessing
Validity reputation data through DNS.



Starting March 1, 2024, we will allow up to 10,000 requests per user over a
30-day time period. After the 10,000 requests, users must create a
MyValidity account to continue using this free service. Upon the creation
of a MyValidity account, you will receive continued access to queries
through Spam Assassin



Sign up for an account 



If you have any questions, please visit our FAQ here
.



Best regards,

Validity Data Services

-- 
Phone: 303.517.9655
Website: https://bartelphoto.com
Instagram: https://instagram.com/bartel_photo

"Life's most persistent and urgent question is, 'What are you doing for
others?'" - Martin Luther King Jr.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?

[Russell Clemings via mailop]

Since exim_mainlog rolled over Saturday night, I see 332 successful
incoming emails from onmicrosoft.com and 52 spam rejects. Based on the
subject lines, all of the successes were spam. So I've added "blacklist
from *.onmicrosoft.com" to spamassassin. I just hope people won't be too
disappointed about missing out on their Dewalt Power Stations and their
YETI 30-Oz. travel mugs.

On Mon, Jan 15, 2024 at 10:30 AM Randolf Richardson, Postmaster via mailop <
mailop@mailop.org> wrote:

> > FWIW, after a log file review we are contemplating blocking "
> azurewebsites.net" as well as "@onmicrosoft.com".
>
> Our logs are showing small quantities of SMTP traffic from
> "azurewebsites.net" that are usually being blocked due to SPF
> failures, and usually sending to weird, nonsencial non-existent eMail
> addresses where the local-part is a series of randomly-selected
> letters and digits, sometimes intermixed with names of birds,
> furniture, food, vehicles, colours, etc., all of which are recipient
> addresses that don't exist and have never existed.
>
> I'm assuming it's a source of eMail debris from broken systems.
> I'm
> almost tempted to set up a honeypot to see whatever trash it's trying
> to spew out, but I'd rather do something more productive (like
> flossing my teeth).
>
> > Curious if others are coming to the same conclusion?
>
> I'm currently leaning in a block-on-sight direction since I'm
> seeing
> zero legitimate eMail coming from hosts self-identifying as hosts in
> the "azurewebsites.net" domain name in the HELO and EHLO commands.
>
> > Regards,
> > Mark
> > _
> > L. Mark Stone, Founder
> > North America's Leading Zimbra VAR/BSP/Training Partner
> > For Companies With Mission-Critical Email Needs
> >
> > - Original Message -
> > From: "Mark Alley via mailop" 
> > To: "Andrew C Aitchison" 
> > Cc: "mailop" 
> > Sent: Sunday, January 14, 2024 6:30:22 PM
> > Subject: Re: [mailop] Anyone else noticing an increase in spam from
> Office365 distribution lists?
> >
> >
> >
> > Ah, yep, thanks for catching that typo.
> > On 1/14/2024 4:56 PM, Andrew C Aitchison wrote:
> >
> >
> > On Sun, 14 Jan 2024, Mark Alley via mailop wrote:
> >
> >
> > BQ_BEGIN
> > This is anecdotal, but I think it illustrates even at a smaller scale
> the persistent problem Microsoft currently has with their tenancy.
> >
> > I did some quick perusal of the last month's data from our email logs,
> and out of a total of 22,473 external emails that contain a .
> onmicrosoft.com subdomain in the RFC5322.FROM field -- 22,086 were
> blocked because of various reasons:
> >
> > * 21,228 spam
> > * 1 malware
> > * 759 phishing
> > * 5 impostor
> > * 93 "hard" failed SPF without a DMARC record since onmicrosoft.com
> > doesn't have one. (probably forwarded)
> >
> > 387 "clean" emails were delivered successfully initially, and 151 of
> those initial delivers were then later retroactively classified as being
> spam or phishing.
> >
> > So even at this scale, we're left with a minutia of ~0.01%
> >
> >
> >
> > 236/22473 ~= 1%
> >
> >
> > BQ_BEGIN
> > "legitimate" emails, most of which are from misconfigured Exchange
> Online mailboxes or Office365 groups from various businesses.
> >
> > So, YMMV widely, but for most organizations, as John said, definitely
> not going to be missing /too /much. Most of what I see that's legitimate in
> our traffic would be 3 or 4 specific subdomain additions to a safelist from
> the hypothetical block rule, and that would be it.
> >
> > - Mark Alley
> >
> > BQ_END
> >
> >
> > BQ_END
> >
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://list.mailop.org/listinfo/mailop
> >
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://list.mailop.org/listinfo/mailop
>
>
> --
> Postmaster - postmas...@inter-corporate.com
> Randolf Richardson, CNA - rand...@inter-corporate.com
> Inter-Corporate Computer & Network Services, Inc.
> Vancouver, British Columbia, Canada
> https://www.inter-corporate.com/
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>


-- 
===
Russell Clemings
>
===
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Gellner, Oliver via mailop]

> On 16.01.2024 at 22:16 Atro Tossavainen via mailop wrote:
>
> 
>>> https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108
>> Thanks for this; I wasn't familiar with Talos Intelligence. Do they publish
>> a blocklist?
>
> Paying users only. Paying users include the Finnish government's
> internal outsourcing center (Valtori) and Telia (our largest telco).
> Their error messages are shit, you don't even know where to look:
>
> /var/log/old/maillog-20220410.gz
>
> Apr  7 12:47:44 mail postfix/smtp[11896]: 52E23100EBBCA: 
> to=, relay=mail.cm.telia.net[80.74.207.118]:25, 
> delay=0.54, delays=0.09/0/0.14/0.31, dsn=5.0.0, status=bounced (host 
> mail.cm.telia.net[80.74.207.118] said: 554 Your access to this mail system 
> has been rejected due to poor reputation of a domain used in message transfer 
> (in reply to end of DATA command))

As a side note because our replies overlapped: This specific error message at 
the end of DATA is not about a low Senderbase Reputation Score, which I 
mentioned in my other reply. It refers to a domain which Talos considers not 
trustworthy, usually located in the From or Reply-To header. So it’s not about 
the MTA IP address, which the thread starters problem originally was about.

—
BR Oliver


dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Gellner, Oliver via mailop]

On 16.01.2024 at 17:25 Mark Fletcher via mailop wrote:


On Mon, Jan 15, 2024 at 4:19 PM Randolf Richardson, Postmaster via mailop 
mailto:mailop@mailop.org>> wrote:

You'll likely be interested in the reputation score, which is
presently showing as "Poor" for that IP address (66.175.222.108):

Reputation Lookup || Cisco Talos Intelligence Group

https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108


Thanks for this; I wasn't familiar with Talos Intelligence. Do they publish a 
blocklist?

Talos has a blocklist, but AFAIK it’s only available to paying Cisco customers. 
It replies to queries with a so called Senderbase Reputation Score (SBRS) 
between +10 (best) and -10 (worst). The Talos website which you linked to gives 
a rough estimation of this SBRS by grouping the values into the categories 
„Good“, „Neutral“ or „Poor“.

The SBRS is influenced by data collected by Talos, however also by listings on 
other blocklists, as you have observed. If an IP address is listed by Spamhaus 
or the like, its SBRS will automatically decrease.

There used to be a public DNSBL at rf.senderbase.org, but I believe Cisco shut 
this down sometime in the past.

—
BR Oliver

dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Atro Tossavainen via mailop]

> > https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108
> >
> Thanks for this; I wasn't familiar with Talos Intelligence. Do they publish
> a blocklist?

Paying users only. Paying users include the Finnish government's
internal outsourcing center (Valtori) and Telia (our largest telco).
Their error messages are shit, you don't even know where to look:

/var/log/old/maillog-20220410.gz

Apr  7 12:47:44 mail postfix/smtp[11896]: 52E23100EBBCA: 
to=, relay=mail.cm.telia.net[80.74.207.118]:25, 
delay=0.54, delays=0.09/0/0.14/0.31, dsn=5.0.0, status=bounced (host 
mail.cm.telia.net[80.74.207.118] said: 554 Your access to this mail system has 
been rejected due to poor reputation of a domain used in message transfer (in 
reply to end of DATA command))

It was only by accident that I was able to find out what it was, and
when I did, I also managed to find out that said "poor reputation"
involved Cisco having believed urlscan.io's misassessment that the
Roundcube webmail software on a server is indicative of...

...drum roll...

* PHISHING AGAINST THE GENERIC BRAND OF EMAIL *

which caused Cisco to list all Roundcube servers everywhere.

I shit you not.

This was soon two years ago, but you don't make a fuckup like that
when you're one of the largest companies in the business.

And their error messages continue to suck every bit as much AFAIK.

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Randolf Richardson, Postmaster via mailop]

> On Mon, Jan 15, 2024 at 4:19PM Randolf Richardson, Postmaster via mailop <
> mailop@mailop.org> wrote:
> 
> > You'll likely be interested in the reputation score, which is
> > presently showing as "Poor" for that IP address (66.175.222.108):
> >
> > Reputation Lookup || Cisco Talos Intelligence Group
> >
> > https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108
>
> Thanks for this; I wasn't familiar with Talos Intelligence. Do they publish
> a blocklist?

Not that I'm aware of.  (It would be great if they did.)

> Spamhaus lifted their block last night. That caused the Talos reputation
> score for us to change to Good. I hope to keep it there.

Excellent!  I'm glad this is resolved now.

Being listed in a popular DNSBL is never fun, but the good thing 
about DNSBLs like Spamhaus.org's is that they're clear on their 
policies and they have a great (and very long-standing) reputation 
for being fair and professional in their dealings with people.

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: Yahoo! error-codes page seems broken

[Marcel Becker via mailop]

On Tue, Jan 16, 2024 at 9:33 AM Tim Starr via mailop 
wrote:

> https://senders.yahooinc.com/smtp-error-codes/
>
> I think they have the wrong URL in the bounce. Will report to Yahoo.
>

Thanks. We already know. Sometimes things break. Will fix.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo! error-codes page seems broken

[Tim Starr via mailop]

Yahoo says they're aware & working on it.

-Tim

On Tue, Jan 16, 2024 at 11:25 AM Andy Smith via mailop 
wrote:

> Hi,
>
> While trying to debug:
>
> <[redacted]@yahoo.co.uk>: host mx-eu.mail.am0.yahoodns.net[188.125.72.74]
> said:
> 554 5.7.9 Message not accepted for policy reasons. See
> https://postmaster.yahooinc.com/error-codes (in reply to end of
> DATA command)
>
> I and others note that https://postmaster.yahooinc.com/error-codes
> just redirects to a page that simply says "Cannot GET /error-codes".
>
> Though as regards the actual NDR, i think it will be a result of
> our user forwarding email into Yahoo!, because the address we sent to
> was a personal domain.
>
> Thanks,
> Andy
>
> --
> https://bitfolk.com/ -- No-nonsense VPS hosting
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [Lists] Yahoo! error-codes page seems broken

[Francis Baker via mailop]

Did it maybe change? The header links to: 
https://senders.yahooinc.com/smtp-error-codes/

> On Jan 16, 2024, at 11:59 AM, 'Andy Smith via mailop' via Mailing Lists 
>  wrote:
> 
> Hi,
> 
> While trying to debug:
> 
> <[redacted]@yahoo.co.uk>: host mx-eu.mail.am0.yahoodns.net[188.125.72.74] 
> said:
>554 5.7.9 Message not accepted for policy reasons. See
>https://postmaster.yahooinc.com/error-codes (in reply to end of
>DATA command)
> 
> I and others note that https://postmaster.yahooinc.com/error-codes
> just redirects to a page that simply says "Cannot GET /error-codes".
> 
> Though as regards the actual NDR, i think it will be a result of
> our user forwarding email into Yahoo!, because the address we sent to
> was a personal domain.
> 
> Thanks,
> Andy
> 
> -- 
> https://bitfolk.com/ -- No-nonsense VPS hosting
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Mailing Lists" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to lists+unsubscr...@francispbaker.com.
> To view this discussion on the web visit 
> https://groups.google.com/a/francispbaker.com/d/msgid/lists/Zaa11ThschiBbJ3x%40mail.bitfolk.com.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo! error-codes page seems broken

[Tim Starr via mailop]

I had that happen to me yesterday, but I was able to get there from the
main page:

https://senders.yahooinc.com/smtp-error-codes/

I think they have the wrong URL in the bounce. Will report to Yahoo.

-Tim

On Tue, Jan 16, 2024 at 11:25 AM Andy Smith via mailop 
wrote:

> Hi,
>
> While trying to debug:
>
> <[redacted]@yahoo.co.uk>: host mx-eu.mail.am0.yahoodns.net[188.125.72.74]
> said:
> 554 5.7.9 Message not accepted for policy reasons. See
> https://postmaster.yahooinc.com/error-codes (in reply to end of
> DATA command)
>
> I and others note that https://postmaster.yahooinc.com/error-codes
> just redirects to a page that simply says "Cannot GET /error-codes".
>
> Though as regards the actual NDR, i think it will be a result of
> our user forwarding email into Yahoo!, because the address we sent to
> was a personal domain.
>
> Thanks,
> Andy
>
> --
> https://bitfolk.com/ -- No-nonsense VPS hosting
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Yahoo! error-codes page seems broken

[Andy Smith via mailop]

Hi,

While trying to debug:

<[redacted]@yahoo.co.uk>: host mx-eu.mail.am0.yahoodns.net[188.125.72.74] said:
554 5.7.9 Message not accepted for policy reasons. See
https://postmaster.yahooinc.com/error-codes (in reply to end of
DATA command)

I and others note that https://postmaster.yahooinc.com/error-codes
just redirects to a page that simply says "Cannot GET /error-codes".

Though as regards the actual NDR, i think it will be a result of
our user forwarding email into Yahoo!, because the address we sent to
was a personal domain.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Mark Fletcher via mailop]

On Mon, Jan 15, 2024 at 4:19 PM Randolf Richardson, Postmaster via mailop <
mailop@mailop.org> wrote:

>
> You'll likely be interested in the reputation score, which is
> presently showing as "Poor" for that IP address (66.175.222.108):
>
> Reputation Lookup || Cisco Talos Intelligence Group
>
> https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108
>
>
Thanks for this; I wasn't familiar with Talos Intelligence. Do they publish
a blocklist?

Spamhaus lifted their block last night. That caused the Talos reputation
score for us to change to Good. I hope to keep it there.

Thanks,
Mark
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop