[mailop] TWC/RR/Spectrum contact?
Anyone know of a TWC/RR/Spectrum mail admin contact? Got a situation where they're temp failing: (host dnvrco-cmedge01.email.rr.com[69.134.155.135] refused to talk to me: 554 dnvrco-cmimta03 esmtp ESMTP server not available AUP#I-1000) On mails from one of my mail servers. Only mail coming from it is ecommerce physical product orders/invoices/shipping notifications, notifications of won IRL auctions, and various communications with our suppliers. No spam, no compromised/trojan mails, etc. Various sites and old docs from RR/TWC say to go to the TWC postmaster page, which doesn't exist anymore and redirects to an absolutely useless Spectrum mail page. Found delivery-supp...@postmaster.rr.com, so sent an e-mail to there yesterday, but haven't heard anything/gotten a response. No clue if anyone even bothers to read it. Thanks! -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Mailop cert - was Re: Admin: Gmail users of mailop suspended due to bounces.
On 4/29/2019 12:51 PM, Andrew C Aitchison via mailop wrote: I'm trying to alert the exim developers to the suggestions that people have made in this thread; but it would be easier to ask them to subscribe to mailop if the archive didn't have an expired certificate. I joined the exim-dev list and shared with them my setup, version, etc. Hopefully I can get them what they need to figure things out. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Admin: Gmail users of mailop suspended due to bounces.
On 4/29/2019 9:30 AM, Rich Kulawiec via mailop wrote: On Sun, Apr 28, 2019 at 11:33:07AM -0600, Brielle Bruns via mailop wrote: A slack channel would be cool regardless [...] No, it wouldn't. You might find it instructive to read their S-1 filing, referenced here: Slack Warns Investors It's a Target for Nation-State Hacking https://motherboard.vice.com/en_us/article/pajbj8/slack-warns-investors-its-a-target-for-nation-state-hacking which I strongly suspect is far more likely to be history than merely well-informed speculation. So is every other mail system, chat system, website, and frankly any other system on the Internet. Literally having anything connected to the Internet is a target for hacking - nation state or just script kiddie. IOW, I don't see how a discussion relating to mail topics would be of the level of importance to warranty totally avoiding a platform just because of potential nation state hacking. Literally every e-mail we've been sending back and forth is being hoovered up by various US based agencies (at the very least). -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Admin: Gmail users of mailop suspended due to bounces.
On 4/28/2019 5:20 AM, Simon Lyall via mailop wrote: On Sun, 28 Apr 2019, Simon Lyall via mailop wrote: Well since that email just triggered another round of bounces I've just updated mailop's mailman config to mung all email addresses (hopefully, this email is a test). Well the good news is that worked. The bad news is that gmail just bounced the daily digest so all those list members are now suspended. Maybe a slack channel would be easier. A slack channel would be cool regardless - though I can't remember if there's a limit on how many people can be on a free tier slack plan? -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Admin: Gmail users of mailop suspended due to bounces.
On 4/28/2019 9:56 AM, Bill Cole via mailop wrote: On 28 Apr 2019, at 2:19, Brielle Bruns wrote: On 4/27/2019 11:19 PM, Bill Cole wrote: Basically DKIM on my EXIM server is configured in the default way which Debian’s config file sets it up once you provide it with the necessary keys for signing. If it’s got something that they need to fix to make it behave better, I’m all for getting that together. I guess that means that Exim on Debian has matched one of the most famous "features" long touted for Exchange... You should be able to modify the header selection for signing in the Exim config and you should do so with thoughtfulness, rather than simply accepting a packager's defaults. Considering I've been using EXIM for... 15 years or so, and its always been well behaved in my setup, I've trusted their defaults for most things. In this case, I've manually overridden the default with from:to:subject:date based on some quick googling of what other people have used. We'll see if it has the desired effect. but that's a change in behavior that could be suggested to the EXIM developers to make it a bit more tolerant of what you are suggesting. Indeed. As an Exim user, you may wish to take this up with the developers or take ownership of your own configuration, as clearly they don't understand the DKIM spec. I have an absurd amount of customization in my setup - just this wasn't one of them due to having setup dkim to appease Google's filtering on short notice. For a long time, I refused to insert DKIM headers on the grounds it created situations like this. It does not need to create situations like THIS. THIS is the result of unwise choices by multiple parties, most significantly by Google. I'm _still_ grappling with another situation involving google putting my company's auction winner notifications w/ PDF attachments in the Spam folder. That system uses postfix instead of EXIM. My frustration with google's spam filtering grows by the day. A broader range of possible problems can be avoided by taking care to create robust signatures rather than fragile ones. But, you can thank certain large providers who make some hurdles if you don't have DKIM signed messages. This is still mostly limited to SMTP over IPv6, which I have not yet needed to resort to. DMARC elicits the same 'Fuck that' response from me. I implement something with regards to it only because I need mail to go through. I don't disagree. I do think it is most pragmatic to implement such things in ways that break less rather than trying to make the flaws stand out as chronic breakage. In the end, sane defaults should be the norm, but we all know that's a crapshoot. Lack of documentation on how the big guys handle mail ends up compounding issues... -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Admin: Gmail users of mailop suspended due to bounces.
On 4/27/2019 11:19 PM, Bill Cole wrote: Basically DKIM on my EXIM server is configured in the default way which Debian’s config file sets it up once you provide it with the necessary keys for signing. If it’s got something that they need to fix to make it behave better, I’m all for getting that together. I guess that means that Exim on Debian has matched one of the most famous "features" long touted for Exchange... You should be able to modify the header selection for signing in the Exim config and you should do so with thoughtfulness, rather than simply accepting a packager's defaults. I just went through the config, now that I'm back in front of a laptop. Debian's setup is very basic, no fluff, and relies on the defaults that are set by the developers. EXIM is generating that list based on RFC 4871 (Section 5.5 lists recommended). EXIM Doc - see dkim_sign_headers https://www.exim.or tg/exim-html-current/doc/html/spec_html/ch-dkim_and_spf.html Its a default config that is in all EXIM setups unless explicitly overriden otherwise. Sure, it looks like it may be overzealous in its inclusion, but that's a change in behavior that could be suggested to the EXIM developers to make it a bit more tolerant of what you are suggesting. For a long time, I refused to insert DKIM headers on the grounds it created situations like this. But, you can thank certain large providers who make some hurdles if you don't have DKIM signed messages. DMARC elicits the same 'Fuck that' response from me. I implement something with regards to it only because I need mail to go through. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] The utility of spam folders
Ahhh its... amusing, watching this thread go on, having run a DNSbl for a long time. *leans back in a rocking chair on her back porch* Pepperidge Farm 'members a time where DNSbl maintainers were crucified for not being 'open enough' about why IPs were listed. Or not being fast enough at responding to requests to remove. Or the many death threats. In all honesty, though, why isn't everyone threatening to burn down the CEOs house, kill them and their families, etc for 'overly aggressive filtering'? I mean, that was all the rage back in the early 2000s? Suddenly its perfectly okay for the big companies to do the exact same shit and noone bats an eyelash at it? *goes back to eating her delicious Milano cookies* On 4/24/2019 4:43 AM, Laura Atkins wrote: On 24 Apr 2019, at 11:21, Paul Smith <mailto:p...@pscs.co.uk>> wrote: On 24/04/2019 10:51, Laura Atkins wrote: You cut the portion of the previous post I was specifically responding to. Specifically this sentence: “[MS employees should] be able to guess if you're a probable spammer or a legitimate sender who's been caught out, and then be helpful or not based on that.” I was pointing out that it’s not that easy . And, given they're guessing, perhaps they guessed wrong. I wasn't suggesting that they unblock an IP address based on a 'guess', but that if the recent mail from that IP address looks legit, they could spend a bit more time on it, and maybe give the sending admin a bit more advice - eg 'your SPF records are wrong' or 'the IP address has a bad reputation, this is a link to how to resolve that' or something rather than their current useless 'not eligible for mitigation, now go away, and don't reply to this message' response. Ah. You’re new here. According to reports by MS employees the use of boilerplates is mandated by legal and nothing can be sent that is not pre-approved by the legal department. laura -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com <mailto:la...@wordtothewise.com> (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] QQ Postmaster
On 7/16/2018 3:46 PM, Vick Khera wrote: On Mon, Jul 16, 2018 at 2:43 PM, Udeme Ukutt <mailto:uukutt...@gmail.com>> wrote: Please can a QQ (China) postmaster (or someone that knows one) contact me off-list? Thanks. I'd be curious to know if you are successful. My recollection is they just don't care if you are outside of China. The last time I even bothered with e-mailing a China based provider, the response I got from them was (if my memory serves me correctly)... "We no spam! Spam no illegal!" I stopped caring about traffic from China about 30 seconds later. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] HELO *.*
On 6/11/2018 4:23 PM, Michael Wise via mailop wrote: Back in the day ... I'd be inclined to not accept mail from something HELOing with an IP literal where the connecting IP was not on our local network. An excuse can be made for a mail client. An actual mail server doing this doesn't belong on the Internet until they buy a clue. IMHO only, of course. You're not the only one who thinks along those lines. I'm glad by default exim does sanity checking of the HELO/EHLO responses. Does a good job in on itself blocking bots. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] HELO *.*
Been seeing an awful lot of these lately on one of my email servers (exim based): 2018-06-11 14:15:44 no host name found for IP address 157.25.104.90 2018-06-11 14:15:47 rejected HELO from [157.25.104.90]: syntactically invalid argument(s): *.* 2018-06-11 14:21:42 no host name found for IP address 185.221.172.140 2018-06-11 14:21:43 rejected HELO from [185.221.172.140]: syntactically invalid argument(s): *.* Anyone know if this is some sort of exploit or just the sign of a specific type of spambot? -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Bounces from outbound.protection.outlook.com
On 4/29/16 7:25 AM, Benoit Panizzon wrote: I am seeing in my logs some bounces messages (empty sender) from > various outbound.protection.outlook.com servers. All those bounce > messages are directed towards one specific email address which is > probably used as an envelope field in a spam run. > > Now my question is: if it comes from outbound servers for outlook.com, > shouldn't the mails also pass through some kind of inbound servers at > outlook.com? If that's the case, how comes that those messages which > surely have a wrong DMARC, SPF and DKIM pass through the incoming > gateways? We have exactly the same problem. We sometimes observe that some of our customers get DOSed by large volumes of outbound.protection.outlook.com bounces. The 'Attacker' apparently is a botnet (aka many different ip addresses) that fakes the sender@our-domain and sends very small emails to various non existing recipients hosted on outbound.protection.outlook.com servers. I had similar issues a few years ago with Cox.net. Their mail servers were bounce flooding my mail servers due to a Joe Job. Contacted them, and rather then fixing their mail servers so it wouldn't accept-then-bounce or blocking the source, they instead blacklisted my e-mail address. Companies need to get their shit together and solve the source of problems, not band-aid random things and pretend like its not going on in the first place. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] New method of blocking spam
On 1/21/16 1:45 PM, Marc Perkel wrote: Just to follow up on this. I'm in the process of improving the filter. But I have filed my provisional patent so i'm going to give you an overview of how it works. As someone who has been involved in spam fighting stuff since 1999 or so, hate to burst any kind of magical bubbles, but "been there, done that". Been doing whitelisting/blacklisting/scoring based on subject lines since 2003 or so using SpamAssassin. Not a new or particularly novel idea at all. Hell, there's whole multi-megabyte .cf files you can grab for SA that help with that kind of scoring. I'm trying to find that checklist that the spam fighting regulars used to post whenever someone is all excited about their end-game to spam filtering... Anyone remember a URL for it? SpamAssassin has been around since... 1997 I think in some form? You might be facing your patent being invalidated by prior art, unless you have some magic thing your doing that isn't what SA and other programs have been doing since the 90s in some manner. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] New method of blocking spam
On 1/22/16 9:24 AM, Neil Jenkins wrote: On Fri, 22 Jan 2016, at 11:01 AM, Brielle Bruns wrote: I'm trying to find that checklist that the spam fighting regulars used to post whenever someone is all excited about their end-game to spam filtering... Anyone remember a URL for it? http://craphound.com/spamsolutions.txt I presume. Yes! Thank you. I haven't had my coffee yet. :D -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop