Re: [mailop] Barracuda Removal Request Failure

2024-07-30 Thread Alexandre Dangreau via mailop 
Hello, 

We have the same issue here since last week. 

 We tryed to send mail to the webmaster but received a maeler daemon.

If anyone have contact to inform them it will be appreciated. 


-- 
Alexandre Dangréau
Head of Trust & Safety 
VU.Ethics & Compliance 

__ 
This message was sent from OVH Groupe SAS, or one of its subsidiaries or 
affiliated entities, and is intended only for the sole use of the designated 
recipient(s). It may contain confidential and proprietary information. If you 
are not a designated recipient, you may not review, copy, use or distribute 
this message. If you received this message in error, please notify the sender 
by reply e-mail and delete this message. Thank you. 





Le 30/07/2024 17:38, « mailop au nom de Gellner, Oliver via mailop » 
mailto:mailop-boun...@mailop.org> au nom de 
mailop@mailop.org > a écrit :


On 30.07.2024 at 16:45 David Landers via mailop wrote:


> I am attempting to submit a removal request via BarracudaCentral 
> (https://www.barracudacentral.org/rbl/removal-request 
> ) and it appears to be 
> timing out or otherwise failing, as I am redirected to a "Internal Server 
> Error" page after a period of time.


Lookups to b.barracudacentral.org repeatedly end up in a timeout as well since 
yesterday. Sometimes they work for a few minutes, then they fail again.


--
BR Oliver



dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de > * 
www.dmTECH.de ;>
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier 
;>.
___
mailop mailing list
mailop@mailop.org 
https://list.mailop.org/listinfo/mailop 




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [spamhaus] de-listing requests successful, but only for a couple of days.

2024-03-15 Thread Alexandre Dangreau via mailop 
Hello, 

> there are other providers in the same price range which assign /64. 

The VPS/PCI price start at 4€ per month. Not sure you will be able to find 
server with /64 IPv6 at this price.

Due to this cheaper price, we had lots of spammers, and we put in place some 
specific rules for these services (e.g. : port 25 blocked). After putting in 
place this kind of restrictions on these services, we saw a huge decrease of 
spam report and the spammer doesn't moving to baremetal (start price 45€).

___
mailop mailing list
mailop@mailop.org 
https://list.mailop.org/listinfo/mailop 




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [spamhaus] de-listing requests successful, but only for a couple of days.

2024-03-15 Thread Alexandre Dangreau via mailop 
Hello, 

In fact, if you need a /64 IPv6 range you probably use the wrong service. For 
VPS and Public Cloud instances (PCI) the IPv6 range is shared with all the VM, 
so each VM (VPS or PCI) have one single IPv4 (/32) and one single IPv6 (/128).

Only baremetal have a dedicated /64 IPv6 range. The support team could help you 
to find a server corresponding to your needs.



-- 
Alexandre Dangréau
Head of Trust & Safety 
VU.Ethics & Compliance 
Twitter  | LinkedIn 
 | ovhcloud.com 
 

__ 
This message was sent from OVH Groupe SAS, or one of its subsidiaries or 
affiliated entities, and is intended only for the sole use of the designated 
recipient(s). It may contain confidential and proprietary information. If you 
are not a designated recipient, you may not review, copy, use or distribute 
this message. If you received this message in error, please notify the sender 
by reply e-mail and delete this message. Thank you.



Le 14/03/2024 17:59, « mailop au nom de Michael Grimm via mailop » 
mailto:mailop-boun...@mailop.org> au nom de 
mailop@mailop.org > a écrit :


Hi,


is there someone from Spamhaus reading this list?


I am getting listed almost on a daily basis on two IPv6 addresses of mine which 
happen to be part of OVH's address space (yes, I know). Both of my mailservers 
are serving a handful users, only (family).


Whenever that happens I am using Spamhaus' de-listing Website 
https://check.spamhaus.org/  and become 
automatically de-listed thereafter. Only until I become listed again, today two 
times within 6 hours.


Example Case ID and IPv6 addresses involved: 


2001:41d0:20a:800::464
ST4415112 
ST4413096


2001:41d0:701:1000::435d
ST4415103
ST4413113


Is there a way to make that de-listing more persistent?


Thanks in advance and regards,
Michael


___
mailop mailing list
mailop@mailop.org 
https://list.mailop.org/listinfo/mailop 




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)

2024-03-11 Thread Alexandre Dangreau via mailop 
Hello, 

Sorry for the delay, I was on leave. 

I see the issue is solved, but I’m interested of the solution you found. 

If an OVHcloud’s customer have any network issue, he can contact the support 
team. They know how to make network test to identify if it’s network issue 
(e.g. : peering) or other issue (e.g. : blacklist) and can escalade to the 
right team if needed. Did you contact the support team ? If yes, please provide 
me the ticketID and I’ll check what they did.


-- /n
Alexandre Dangréau
Head of Trust & Safety 
VU.Ethics & Compliance
M : +33 (0)669337320
https://twitter.com/ovhcloud | https://www.linkedin.com/company/ovhgroup/ | 
https://www.ovhcloud.com/fr/ 



__
This message was sent from OVH Groupe SAS, or one of its subsidiaries or 
affiliated entities, and is intended only for the sole use of the designated 
recipient(s). It may contain confidential and proprietary information. If you 
are not a designated recipient, you may not review, copy, use or distribute 
this message. If you received this message in error, please notify the sender 
by reply e-mail and delete this message. Thank you.


De : mailop  au nom de Graeme Fowler via mailop 

Répondre à : "mailop@mailop.org" 
Date : vendredi 8 mars 2024 à 18:54
À : "mailop@mailop.org" 
Objet : Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)

On 8 March 2024 17:04:36 Stefano Bagnara via mailop  wrote:
I just got an answer from them that the issue is fixed.
Thanks to everyone!

Thank you to you for doing the right thing.

I know everyone wants to smack down on OVH but ascribing actions such as those 
mentioned in this thread to an actor who may not be represented here is... 
unhelpful.

It does the posters, and ultimately the list, very few favours.

I also know that nature abhors a vacuum and we all want to get an explanation 
but my engineer's hat says "find the issue or report it to someone who can, and 
either fix it or get them to" rather than "speculate wildly based on your 
specific prejudices".

IOW: facts please, not speculation.

Thanks!

Graeme

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] OT re Munging was Re: Extortion spam from OVH-hosted *.sbs domains

2024-02-01 Thread Alexandre Dangreau via mailop 
Hello

To neutralize URL, lots of cyber-security company use the X-ARF format :

E.g. :
hxxps://domain[.]tld

It prevents miss click and accidental exposure of any kind of treat.

--
Alexandre Dangréau
Head of Trust & Safety
CLO - VU.Ethics & Compliance
Twitter | 
LinkedIn | 
ovhcloud.com

[signature_35426244]

__
This message was sent from OVH Groupe SAS, or one of its subsidiaries or 
affiliated entities, and is intended only for the sole use of the designated 
recipient(s). It may contain confidential and proprietary information. If you 
are not a designated recipient, you may not review, copy, use or distribute 
this message. If you received this message in error, please notify the sender 
by reply e-mail and delete this message. Thank you.


De : mailop  au nom de Michael Wise via mailop 

Répondre à : "mailop@mailop.org" 
Date : jeudi 1 février 2024 à 00:32
À : "Kevin A. McGrail" , "mailop@mailop.org" 

Objet : Re: [mailop] [EXTERNAL] OT re Munging was Re: Extortion spam from 
OVH-hosted *.sbs domains


Or just put a “ “ before each of the dots …

  mx .h .orku .sbs

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Kevin A. McGrail via 
mailop
Sent: Wednesday, January 31, 2024 9:44 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] OT re Munging was Re: Extortion spam from 
OVH-hosted *.sbs domains


Hi MailOp,

I thought I would send a note that emails about this topic with OVH and SBS 
domains have sometimes been going into spam because some emails mention URIs 
that are on blocklists.

At the Apache SpamAssassin project we typical discuss things with [] brackets 
or the word munge to avoid this issue.For example, mx.h.orku[.]sbs 
mx.h.orkumunge.sbs with the bolding added for extra emphasis.  This might help 
when people are discussing threat data.

Regards,
KAM
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

2024-01-29 Thread Alexandre Dangreau via mailop 
Hello, 

We received alert from spamcop for thoses IP.  It’s a new account created after 
the termination of the previous one who send *.sbs mail. Account closed. If you 
send report to mailto:ab...@ovh.net (or ab...@ovh.ca) , don’t hesitate to send 
to me the abuseID (abuse#ABCDEFG) or the mail address to use to send reports to 
us. 


-- 
Alexandre Dangréau
Head of Trust & Safety 


__
This message was sent from OVH Groupe SAS, or one of its subsidiaries or 
affiliated entities, and is intended only for the sole use of the designated 
recipient(s). It may contain confidential and proprietary information. If you 
are not a designated recipient, you may not review, copy, use or distribute 
this message. If you received this message in error, please notify the sender 
by reply e-mail and delete this message. Thank you.


De : mailop  au nom de Hans-Martin Mosner via mailop 

Répondre à : "mailop@mailop.org" 
Date : samedi 27 janvier 2024 à 23:03
À : "mailop@mailop.org" 
Objet : Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

Am 26.01.24 um 09:42 schrieb Simon Bressier via mailop:
Hi all, 

FYI Hans-Martin, I reached out to ovh team yesterday night to push your 
message, seems your abuse report has been processed by the proper team. No idea 
if they answered you, but at least, they have handled the report, and probably 
done the appropriate actions.
Actions maybe, appropriate probably not.
Today the spammers use .sbs domains on OVH IPs again:
mx.h.orku.sbs 51.68.81.175
mx.j.eown.sbs 51.89.230.64
mx.a.mykf.sbs 146.59.116.127
I can't see the content, as we refuse to accept anything from *.sbs at the 
moment, for good reasons.
Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

2024-01-29 Thread Alexandre Dangreau via mailop 
Hello, 

We have some rules to prevent SPAM, but we don't have any software access to 
the customer's server. Each customer is responsible of his use regarding the 
law and our term and condition. After receiving an abuse report, we let enough 
time for the customer to solve the issue, and if don't we take actions against 
his services.

To prevent out-coming SPAM, we use the VADE antispam engine. As all automatic 
detection it can exist false positive and false negative. The other way for us 
to know if a customer has a bad behavior is to receive abuse reports.

For this specific case, the report was received and handled at the same time 
you "escalate" the case on this ML. 

For next case, you can send me a direct message 😉


-- 
Alexandre Dangréau
Head of Trust & Safety 
VU.Ethics & Compliance 

 

__ 
This message was sent from OVH Groupe SAS, or one of its subsidiaries or 
affiliated entities, and is intended only for the sole use of the designated 
recipient(s). It may contain confidential and proprietary information. If you 
are not a designated recipient, you may not review, copy, use or distribute 
this message. If you received this message in error, please notify the sender 
by reply e-mail and delete this message. Thank you. 





Le 26/01/2024 20:16, « mailop au nom de Randolf Richardson, Postmaster via 
mailop » mailto:mailop-boun...@mailop.org> au nom 
de mailop@mailop.org > a écrit :


> According to Randolf Richardson, Postmaster via mailop 
> mailto:postmas...@inter-corporate.com>>:
> > I'm just chiming in here with some support for you because I know a 
> >few people who use OVH as well.
> >
> > Blocking on a case-by-case basis is the better approach so that 
> >legitimate (non-spamming) hosts aren't penalized.
> 
> When I look at my logs and see the amount of spam from OVH networks,
> it's just not worth the effort to try and pick out the trickle of
> non-spam.


Everyone has different experiences. When a network is a spam sewer 
that's dumping onto your systems, then blocking the entire network is 
certainly the more sensible option.


...and then making exceptions for the few who are "lost at sea on 
the wrong boat" in said network's polluted waters and who your users 
want/need to receive communications from. (It's terrible that the 
internet has come to this, and I remember a few people in NANAE, 
decades ago, predicting these types of problems.)


> If you want people to accept your mail, act like you do and send it
> from a network that doesn't gush spam.


I agree.


I remember setting up a Virtual Machine for a client on OVH many 
years ago. There were major limitations on OS installation, which 
was confirmed by their technical support, so we closed the account 
and chose a different provider. So, given that OVH runs a limited 
service (or maybe they don't do that anymore?), I'm surprised that 
they don't seem to be so stringent about their clients sending spam.


-- 
Postmaster - postmas...@inter-corporate.com 

Randolf Richardson, CNA - rand...@inter-corporate.com 

Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/ 




___
mailop mailing list
mailop@mailop.org 
https://list.mailop.org/listinfo/mailop 




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop