Re: [mailop] iCloud outage?
On 2024-01-17 08:47, Jarland Donnell via mailop wrote: Just a quick sanity check, are others seeing intermittent failure to reach iCloud servers? My logs are filled with: 450 Error connecting to 17.57.156.30. Unexpected socket close I've been having trouble delivering mail to them for at least 12 hours. I hope it's not just me, but it would help to know if it is. Seeing the same from multiple icloud IPs: 17.42.251.62 17.57.156.30 17.57.154.33 17.57.152.5 17.57.155.34 Connection gets cut randomly. I see it happening on banner/ehlo/mail/rcpt But some other ips work, so mails do get delivered eventually. Looking at my logs this seems to be a long-running issue with icloud, but at a much smaller scale than now. I've got 30 days worth of logs and I can see these errors happening throughout the whole timespan, though at a much smaller scale; just a handful of errors per day. The current larger issues seem to have started around 2024-01-16 20:00 UTC -- BR/Mvh. Dan Malm, Systems Engineer, group.one ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Microsoft JMRP not sending ARF?
Hi, I've just updated my FBL parsing in preparation of using https://www.rfc-editor.org/rfc/rfc9477 and while doing that checked if Microsofts JMRP could send reports in ARF format instead of attachments so I could remove any special-case parsing just for Microsoft... But to my surprise in my settings it was already set to ARF but that's not the format I'm getting the reports in... There are 3 different settings available with the following results when I change to them: ARF - FBL reports are sent as attachments (not ARF) Attachment - No FBL reports are sent at all Original Message - The original message is sent to the complaint feedback email address Anyone else have the same experience or am I just special? Anyone have a way to wrangle MS to actually send ARF? -- BR/Mvh. Dan Malm, Systems Engineer, group.one ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [EXTERNAL] Re: Abuse AUTH from Microsoft outlook IP space
Hi Tarun, While your mitigation has reduced the amount of authentications I see, it's only a partial fix. So far today (since 00:00 UTC) I count: 111000 connections deferred before AUTH 554000 successful authentications 712 emails successfully sent The amount of successful AUTH has been fairly consistent at ~1200-1400 per minute since around 2023-08-16 09:30 UTC On 2023-08-18 00:53, Tarun Singh via mailop wrote: Hello, Thanks for reporting the issue. I can confirm that we are aware of the issue, and it is mitigated for now. There was a change in SMTP authentication flow which inadvertently caused excessive retries as a result. The mitigation was applied yesterday so you should see the traffic going down, if you are seeing otherwise, please let me know. Apologies for any false alarms it may have caused on your end. Please let me know if you have any questions. Thanks Tarun Singh -Original Message- From: mailop On Behalf Of Sebastian Nielsen via mailop Sent: Monday, August 14, 2023 3:48 AM To: 'Mailing List' Subject: [EXTERNAL] Re: [mailop] Abuse AUTH from Microsoft outlook IP space My tought is that some features are only accessible for authenticated users, so it would want to authenticate and see what the server have to offer, before it decides "not fine" and quits. Or it could be that it always connects and tries that the password is correct everytime you open the Outlook Mobile client. So it can inform if the password had been changed. -Ursprungligt meddelande----- Från: Dan Malm via mailop Skickat: den 14 augusti 2023 11:51 Till: mailop@mailop.org Ämne: Re: [mailop] Abuse AUTH from Microsoft outlook IP space Could be mobile connections being proxied, yes. But if it was due to not liking the features (which I'm quite certain has not changed on our end) wouldn't it be more logical to quit after HELO/EHLO rather than AUTH? On 2023-08-14 11:08, Sebastian Nielsen via mailop wrote: Could it also be their outlook for mobile connections, where the connection fails for some other reason, like the server don't like the features supported? It seems to use some sort of proxy, where outlook's server connects to the server in question instead of a direct connection from the phone to server. -Ursprungligt meddelande----- Från: Dan Malm via mailop Skickat: den 14 augusti 2023 11:06 Till: mailop@mailop.org; ab...@microsoft.com Ämne: [mailop] Abuse AUTH from Microsoft outlook IP space Hi, Since Friday I'm seeing a rather extreme amount of SMTP AUTH requeusts from the same IPv6 IP space that outlook.com uses when sending emails on behalf of customers that have added an "external" address to sync and send from to their outlook account. The AUTH uses valid credentials for the accounts but just hangs up after AUTH. The amount of connections seems to increase daily. For the last 24h I have ~11M AUTH requests but only ~5K mails actually sent from the 2603:1026::/32 range. I also see some similar patterns from the other ranges that seems to send outlook mail: 2603:1036::/32, 2603:1046::/32, 2603:1056::/32 but the bulk of it is from the 1026 one. Anyone from MS listening that would like to comment? ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- BR/Mvh. Dan Malm, Systems Engineer, one.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Abuse AUTH from Microsoft outlook IP space
Could be mobile connections being proxied, yes. But if it was due to not liking the features (which I'm quite certain has not changed on our end) wouldn't it be more logical to quit after HELO/EHLO rather than AUTH? On 2023-08-14 11:08, Sebastian Nielsen via mailop wrote: Could it also be their outlook for mobile connections, where the connection fails for some other reason, like the server don't like the features supported? It seems to use some sort of proxy, where outlook's server connects to the server in question instead of a direct connection from the phone to server. -Ursprungligt meddelande- Från: Dan Malm via mailop Skickat: den 14 augusti 2023 11:06 Till: mailop@mailop.org; ab...@microsoft.com Ämne: [mailop] Abuse AUTH from Microsoft outlook IP space Hi, Since Friday I'm seeing a rather extreme amount of SMTP AUTH requeusts from the same IPv6 IP space that outlook.com uses when sending emails on behalf of customers that have added an "external" address to sync and send from to their outlook account. The AUTH uses valid credentials for the accounts but just hangs up after AUTH. The amount of connections seems to increase daily. For the last 24h I have ~11M AUTH requests but only ~5K mails actually sent from the 2603:1026::/32 range. I also see some similar patterns from the other ranges that seems to send outlook mail: 2603:1036::/32, 2603:1046::/32, 2603:1056::/32 but the bulk of it is from the 1026 one. Anyone from MS listening that would like to comment? ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Abuse AUTH from Microsoft outlook IP space
On 2023-08-14 11:05, Jaroslaw Rafa via mailop wrote: Dnia 14.08.2023 o godz. 10:42:53 Dan Malm via mailop pisze: Do you have AUTH turned on on port 25? Why? Or are they accessing the submission port? I don't think anything i wrote suggested this was relating port 25... They're connecting to port 465 to a system that is solely used for outbound mail. Inbound MX:es have different hostnames and IPs. -- BR/Mvh. Dan Malm, Systems Engineer, one.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Abuse AUTH from Microsoft outlook IP space
Hi, Since Friday I'm seeing a rather extreme amount of SMTP AUTH requeusts from the same IPv6 IP space that outlook.com uses when sending emails on behalf of customers that have added an "external" address to sync and send from to their outlook account. The AUTH uses valid credentials for the accounts but just hangs up after AUTH. The amount of connections seems to increase daily. For the last 24h I have ~11M AUTH requests but only ~5K mails actually sent from the 2603:1026::/32 range. I also see some similar patterns from the other ranges that seems to send outlook mail: 2603:1036::/32, 2603:1046::/32, 2603:1056::/32 but the bulk of it is from the 1026 one. Anyone from MS listening that would like to comment? -- BR/Mvh. Dan Malm, Systems Engineer, one.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] New to mass mailings
On 5/6/23 17:28, H via mailop wrote: I am new to doing mass mailings to customers and leads - not spam - and am looking for some introduction how to interpret different types of rejection messages so we can improve our success rate etc. Many mailbox providers do at least some things "their own way" so there's no catch-all one-stop for all messages and codes. But a good start for what the different status codes (should) mean is https://www.iana.org/assignments/smtp-enhanced-status-codes/smtp-enhanced-status-codes.xhtml SMTP error from remote server for RCPT TO command, host: xxx.mail.protection.outlook.com (104.47.51.202) reason: 550 5.7.1 Service unavailable, Client host [74.208.4.197] blocked using Customer Block list AS(1420) [AM7EUR03FT040.eop-EUR03.prod.protection.outlook.com 2023-05-05T06:31:14.035Z 08DB4D3079BE1687] That IP is in at least 15 blacklists: https://multirbl.valli.org/lookup/74.208.4.197.html As others have said: If you share your outbound IP with others you share your IP reputation with others. So you will get penalized because your neighbors are spammers. Self hosting is not necessarily the cure for this though as (especially with the "too big to fail" crowd) there might instead be _too_few_ mails coming from your IP to build a reputation which might impact your deliverability to inbox. -- BR/Mvh. Dan Malm, Systems Engineer, one.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] How to address Microsoft if spaming Office365 customers cause collateral damage for other Office365 customers sharing the same IP?
On 3/31/23 21:05, Simon Arlott via mailop wrote: On 30/03/2023 16:48, Michael Peddemors via mailop wrote: Now, if you could get EVERYONE to block them for a day, or find some other way to hit their pocket books, maybe we could see some relief. Co-ordinate deferring all email from them for a 30 hour period (UTC 00:00 to UTC 32:00, so that it covers a full day in the US) on specific days of the week? By not blocking email you avoid causing too much collateral damage, Microsoft will just appear to be slow at delivery some of the time. That should have a visible impact on their outgoing mail queue, right? Too frequent retries might be a bit of a problem, but that'll affect them too. I made this suggestion at a M3AAWG session last year, but people seemed to enjoy still having their jobs too much to jump on the idea... ;) -- BR/Mvh. Dan Malm, Systems Engineer, one.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] sender domain reputation
On 3/22/23 23:32, Bill Cole via mailop wrote: It may be worth noting that pw has a particularly notable position, as it was one of the earliest demonstrators of how a registry can sabotage a TLD. They decided to market their "Pro Web" domains by making them free and returnable for a while when first introduced. This was jumped on by a few spamming operations who basically drenched the TLD in a vat of reputational sewage that will likely NEVER wash off, all in about a week almost exactly 10 years ago. Even worse, the event apparently gave other TLD hucksters the idea of launching in the same way, dooming a handful of other gTLDs (and pimped-out ccTLDs like pw) to a lifetime of crap deliverability. And then we have freenom, still giving away .tk, .ml, .ga, .cf and .gq domains for free... I don't block those TLDs, but they spew out enough spam that they go directly to the spam folder. -- BR/Mvh. Dan Malm, Systems Engineer, one.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft postmaster/delist request?
On 2/2/23 11:12, MRob via mailop wrote: Hello, In the past when I had server which got on Microsoft internal blocklist you could follow the link provided in the reject msg to find a postmaster form to request de-list after cleanup of problems. I think the link was on this page https://sendersupport.olc.protection.outlook.com/pm/troubleshooting.aspx#errors But no longer. Why did Microsoft take away de-list request form? How do we notify problem is cleared so request to be de-listed? Link is still there... http://go.microsoft.com/fwlink/?LinkID=614866 Or if the issue is with M365 it's https://sender.office.com/ -- BR/Mvh. Dan Malm, Systems Engineer, one.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Massive bounce report campaign
On 2022-11-23 10:39, Cyril - ImprovMX via mailop wrote: Blocking the recipient had the effect that we don't accept emails for them anymore, so anyone sending an email via ImprovMX to one of their domain will have a 5xx response on the RCPT command. That was our initial strategy, the default when we block an account: we let the sender know the email wasn't accepted. But in this case, I realized one thing: It's possible that the sender could retry, increasing the number of connections at every new bounce. So I've updated the policy on this specific account to accept but silently drop any emails for them. Silently dropping the mails seems like a bad strategy to me. That would mean you accept DATA and waste your bandwidth and processing power on those. If there was no reaction on you returning a 5XX then my strategy would be to return a 4XX. If the 70K connections per minute actually translates to 70K unique emails per minute then a defer queue rising by 70K per minute should be at a scale that I expect gets noticed even by Microsoft. -- BR/Mvh. Dan Malm, Systems Engineer, One.com OpenPGP_0x328258BA5141B0F4.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Anyone else seeing email backed up to Microsoft -- only IPv6
On 2022-10-25 18:56, Andreas S. Kerber via mailop wrote: @hotmail.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=41706, relay=hotmail-com.olc.protection.outlook.com. [IPv6:2a01:111:f400:7e8a:0:0:0:33], dsn=4.7.500, reply=451 4.7.500 Server busy. Please try again later from [2a01:111:e400:7e8f::47]. (AS750) [BN7NAM10FT103.eop-nam10.prod.protection.outlook.com] Quite a lot of mail queuing up already. Anybody know what's going on over there? As far as I can tell it's just some form of greylisting, but with a bad message. I have ~800 mails in queue for MS with the "Server busy" message and the oldest one is from ~40m ago. Older than that is all delivered. -- BR/Mvh. Dan Malm, Systems Engineer, One.com OpenPGP_0x328258BA5141B0F4.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] The oligopoly has won.
On 14/09/2022 9:24 pm, Renaud Allard via mailop wrote: Even "spam folder" is a bad idea. If it's spam, reject it with 5XX. You can never be sure people will look in the spam folder. And if they do check it, why should it be there in the first place, email could as well land in inbox, that's one less action to take to see your mails. I disagree hard on that one. We used to reject mails flagged as spam by our filters and it was wildly unpopular. Implementing delivery to a spam folder was very much welcomed by most users (though ofc you can't please everyone... We got some complaints, but far less than we got for rejecting) Spam filters are fallible. They *will* produce false positives. When those false positives results in plane tickets and hotel bookings etc being rejected then that's not a good system... Much better to stick them in a spam folder so that the user can find them if needed. On 2022-09-14 12:29, Mark Foster via mailop wrote: (OpenSRS) did nothing useful with the 5xx error and the consequence would've been very disruptive for a service I have a strong interest in, Yup... That sure sounds like the OpenSRS i'm familiar with... ;) -- BR/Mvh. Dan Malm, Systems Engineer, One.com OpenPGP_0x328258BA5141B0F4.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] HR 8160 and SB 4409: The "You're not allowed to run political campaign email through your spam filter" act
On 2022-07-30 21:07, Jarland Donnell via mailop wrote: I think in this case we all know what they're doing and you've hit it dead on. They're targeting Gmail and they're not really interested in anyone else. But the only way you can get gmail to "use a filtering algorithm to apply a label" would be for yourself to "take action to apply such a label" by creating a filter yourself... Gmail doesn't apply labels to spam, it places the spam in your spam folder. -- BR/Mvh. Dan Malm, Systems Engineer, One.com OpenPGP_0x328258BA5141B0F4.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Delivery and DNS issues for Microsoft / m365
On 2022-07-06 13:22, Emil Stahl Pedersen via mailop wrote: Seems like mails are coming through now. Our queues have been declining since 10:30 UTC. Mostly the same here. I still see a few "Temporary server error. Please try again later ATTR2" errors and also some "ATTR5" ones. But I currently have only 60 mails to outlook.com MX recipients in queue rather than 1500. -- BR/Mvh. Dan Malm, Systems Engineer, One.com OpenPGP_0x328258BA5141B0F4.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Delivery and DNS issues for Microsoft / m365
Hi, We're seeing a lot of DNS errors for *.mail.protection.outlook.com at the moment. NS lookup for mail.protection.outlook.com resolves to two hostnames that in turn resolve to the same IP. What IP they both resolves to varies over time, and one or more of those IPs doesn't respond at all on port 53, so whenever the non working IP is cached we can't lookup MX records for m365 customers for a while. The DNS servers we can reach also don't support edns or qname minimization... And when DNS doesn't fail we have a lot of deliveries respond with: Temporary server error. Please try again later ATTR2 [GV0CHE01FT017.eop-che01.prod.protection.outlook.com I'm assuming we're not the only ones seeing these problems at the moment? https://portal.office.com/servicestatus lists issues with outlook.com but the description there doesn't seem to fit what I'm seeing. -- BR/Mvh. Dan Malm, Systems Engineer, One.com OpenPGP_0x328258BA5141B0F4.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Who Do You Recommend for Small Business Regular (Non-Bulk) Email?
On 2022-03-02 16:40, Anne Mitchell via mailop wrote: If a small business (say less than 10 people, hosts their website at their registrar's free hosting service, or Square or Wix) were to come to you and ask you from where they should send their one-to-one regular business correspondence email, who would you recommend? one.com. (I might be slightly biased though) -- BR/Mvh. Dan Malm, Systems Engineer, One.com OpenPGP_0x328258BA5141B0F4.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] blocked by microsoft
On 2022-01-03 22:48, Mary via mailop wrote: Hello everyone, Is there anyone at Microsoft who can help me understand why my IP is blocked? In my experience, no there's not. I've sent emails to del...@messaging.microsoft.com without success. I've never tried this. Did they respond at all? I've opened an issue with https://sender.office.com/ without success. This is the only method that works in my experience, but it only works for IPs where that URL is actually mentioned in the 5XX response. I've only seen that whenever I've started sending from new IPs that may have been used to host websites at some point before I got them. I've received an issue number SRX1533558542ID but nobody can explain what is going on, or how to remove the block. While I will always open an issue any time MS blocks an IP I'm not sure doing so actually helps at all. The process usually goes like this: 1: Open ticket, provide examples of error messages MS server gives 2: Get response saying they can't see any reason why mails are not delivered 3: Reopen ticket, provide additional examples of errors messages with current timestamps 4: Get response saying someone will investigate 5: Get response saying they've fixed something and it will take up to 24h to take effect 6: Wait 24+h, nothing will be fixed, reopen ticket and provide additional examples of errors messages with current timestamps 7: goto 2 Then after pretty much exactly 1, 2 or maybe 3 weeks after the issues started the problem will go away, no matter where in the above process you are. i.e. the ban was for X weeks and has now expired and the "support" was just wasting your time because they probably don't have the power/access to actually solve anything and no real means of escalating anything to anyone that do have that power. Maybe there's a magic word you have to say to get the issue escalated to someone that can actually do anything, but if there is I haven't managed to figure out what it is... -- BR/Mvh. Dan Malm, Systems Engineer, One.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] RFCs on quoted pairs in From:?
On 2021-01-27 13:40, Thomas Walter via mailop wrote: > While playing with this I noticed that Thunderbird shows the full header > field without quotes and replies go to the first address - even though I > thought that is just the "name/description/comment" part? Are you sure it's not just that the replies goes to whatever is in the Reply-to header? -- BR/Mvh. Dan Malm, Systems Engineer, One.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] openssl on Ubuntu 20.04 - implications for email
On 2021-01-07 14:54, Dan Malm via mailop wrote: > On 2021-01-06 18:36, Brandon Long via mailop wrote: >> Does the above mean that it will fail DKIM keys less than 2048 will >> fail? That's likely the larger issue. > That's a good question. I don't handle any < 2048 bit DKIM keys on any > Ubuntu 20.04 server (yet) so can't give an answer to that right away at > least... But now I'm curious to test... At least opendkim is unaffected: ~$ opendkim -t test.eml opendkim: test.eml: verification (s=u4jjphktzexxbsq57tnqrg6e3m4pl3ta, d=slack.com, 1024-bit key) succeeded -- BR/Mvh. Dan Malm, Systems Engineer, One.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] openssl on Ubuntu 20.04 - implications for email
On 2021-01-06 20:10, Tim Bray via mailop wrote: > My thoughts are `time for mail operators to pull their fingers out and > upgrade`. Because we are really saying `upgrade to something less than > 8 years old` I fully agree. The state of TLS in the mail world is quite sad and it would be great if we could all agree on actually keeping our systems up to date... The problem is that it's not a system that I or you control that need updating, it's someone else's. And our business model is not "internet compliance police" it's providing a service that (among other things...) delivers emails that our customers want to send, and as long as the big giants in the industry are not the ones initiating this type of change, the reaction from customers whose mail we can't deliver will usually be one of "I don't care about security", "I'm just sending a picture of my cat so security doesn't matter for this particular mail" or "but (gmail|hotmail|yahoo) could send mails to this address perfectly fine so why can't you?" The day gmail stops delivering to servers with legacy SSL I'll be happy to do the same. On 2021-01-06 18:36, Brandon Long via mailop wrote: > Does the above mean that it will fail DKIM keys less than 2048 will > fail? That's likely the larger issue. That's a good question. I don't handle any < 2048 bit DKIM keys on any Ubuntu 20.04 server (yet) so can't give an answer to that right away at least... But now I'm curious to test... -- BR/Mvh. Dan Malm, Systems Engineer, One.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] openssl on Ubuntu 20.04 - implications for email
Hi, Canonical have decided to have decided to ship Ubuntu with a openssl binary compiled with the seclevel option set to 2 as default: "Security level set to 112 bits of security. As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. In addition to the level 1 exclusions any cipher suite using RC4 is also prohibited. SSL version 3 is also not allowed. Compression is disabled." https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1864689 https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level This might have some implications for anyone running a mail server on Ubuntu as smtp delivery to recipients with a "legacy" SSL configuration will break with SSL errors like for example: "SSL routines:tls_process_ske_dhe:dh key too small" Just thought I'd spare others some troubleshooting in case you run in to this, and see if anyone else have any thoughts on it. :) -- BR/Mvh. Dan Malm, Systems Engineer, One.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] open RBL and RHSBL lists these days?
On 2020-12-14 20:48, Mary via mailop wrote: > no false positives > - uceprotect.net > My take on uceprotect is that they are very happy to list IPs for the slightest transgressions, very hard to get unlisted from if you ever get listed, and provides inaccurate data on why listings occurred. So using uceprotect I'd expect a lot of false positives. They also charge for delistings. Not something I'd recommend. -- BR/Mvh. Dan Malm, Systems Engineer, One.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Outlook having troubles today?
Hi, Anyone else seeing issues with deliveries to outlook.com and subsequent mail.protection.outlook.com hosted domains? Looks like it started around 06:50 UTC. On some deliveries after I send EHLO things goes silent and I timeout after 300s with loglines like this in my mta (Halon): Temporarily failed delivery to (retry 0) in 300.107s: Network error: Read timeout (300s) waiting for data (EHLO) I noticed due to concurrency limits I've set up so my queue with unsent mails to outlook started to rise quite quickly when all slots were taken by hanging connections... A vast majority of the hanging connections are to 104.47.5.36 and 104.47.0.36 with deliveries to other IPs in their ranges going fine... -- BR/Mvh. Dan Malm, Systems Engineer, One.com pEpkey.asc Description: application/pgp-keys ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] How to report an account (not message) to gmail?
Hi, We've had an outbreak of compromised accounts where someone, apart from just using the accounts to send spam, has added a forward to a gmail account to intercept all the users mails. https://support.google.com/mail/contact/abuse?hl=en requires reporting a message, and that's not the issue here... So anyone got any suggestion on how to report that type of abuse to gmail? Brandon? :) -- BR/Mvh. Dan Malm, Systems Engineer, One.com pEpkey.asc Description: application/pgp-keys ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [EXTERNAL] What's Microsoft's S3150 block list and where do I go to request removal?
On 2020-09-09 10:53, Laura Atkins via mailop wrote: > “This” was a link to Open a ticket for Hotmail... > Referring to "links" using background color works quite poorly when your recipients read their mail in text/plain... :) -- BR/Mvh. Dan Malm, Systems Engineer, One.com pEpkey.asc Description: application/pgp-keys ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Skynet.be / proximus.be contact
Hi, Is there anyone from Skynet.be / proximus.be on this list or anyone that can facilitate a contact? I'm not getting any response through their normal contact methods to try and get an ip delisted. -- BR/Mvh. Dan Malm, Systems Engineer, One.com pEpkey.asc Description: application/pgp-keys ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Odd IP range block, contact at Avis/abg.com/IBM?
Hi, For a long time we've seen quite an odd IP range block causing issues for us to deliver our customers mails to abg.com (Avis Budget Group). The IPs of our outbound mail servers are not blocked, but 46.30.211.0/24, where the DNS servers for our outbound mail servers are located, is. We can't properly resolve any domains behind ns1.bol.cendant.com (170.225.12.166) and ns2.bol.cendant.com (170.225.12.170) from any addresses inside 46.30.211.0/24 while address in other ranges appear to be working fine. From an mtr trace it looks like the traffic stops just after 170.225.24.101. 46.30.211.0/24 is not a range where any customer traffic goes out, nor is any customer data hosted inside that range so I'm a bit puzzled as to what could have caused that range to be blocked. So, does anyone on list have a contact at either Avis or IBM (170.224.0.0/14 belongs to IBM-COMMERCIAL) that you think could help us clear this up I'd be very happy if you could get me in contact with them. -- BR/Mvh. Dan Malm, Systems Engineer, One.com signature.asc Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] openspf.org down
On 2019-05-13 19:20, Alessandro Vesely via mailop wrote: > On Fri 03/May/2019 16:49:44 +0200 Jonathan Leroy - Inikup via mailop wrote: >> Le jeu. 2 mai 2019 à 11:54, lukn via mailop a écrit : >>> does anyone have some (shareable) insight? speculations? >> >> https://answers.launchpad.net/pypolicyd-spf/+question/678947#comment-0 >> >> "The server behind the openspf.org web site had a disaster late last >> week and is being resurrected. It should be back in a few days." > > Still down after 2 months. > > https://www.getmailbird.com/what-spf-resources-are-available-now-that-openspf-org-is-gone/ > > Best > Ale > So, given that we might not expect it to come back... Does anyone have / know of any resource like the http://openspf.org/Why? page? BR/Mvh. Dan Malm, Systems Engineer, One.com signature.asc Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] 421 4.7.0 [TSS04] meaning ?
Not too much help here but... https://www.iana.org/assignments/smtp-enhanced-status-codes/smtp-enhanced-status-codes.xhtml X.7.0 Other or undefined security status Associated basic status code: 220, 235, 450, 454, 500, 501, 503, 504, 530, 535, 550 "Something related to security caused the message to be returned, and the problem cannot be well expressed with any of the other provided detail codes. This status code may also be used when the condition cannot be further described because of security policies in force." A simple google search gives you an answer from yahoo though, given that the part of the defer message you omitted was "Messages from x.x.x.x temporarily deferred due to user complaints": https://forums.yahoo.net/t5/Delivery-errors-5xx-and-421/421-4-7-0-TSS04-Messages-from-lt-IP-gt-temporarily-deferred-due/m-p/557541/highlight/true#M5737 BR/Mvh. Dan Malm, Systems Engineer, One.com On 2018-11-07 11:19, Mathieu Marnat via mailop wrote: > Hi folks, > > > On some of our IPs we get a lot of 421 4.7.0 [TSS04] SMTP responses from > Yahoo. > > I cannot get a clear explanation from them and I see that this error code is > not listed in their official SMTP error code table. > > It seems to be a newly implemented error code and since they already had > error codes about complaints or unusual traffic what does this one could mean > ? More details would be helpful. > > > Regards, > > > Mathieu. > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > signature.asc Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Microsoft blocklists are secret - how to comply with microsofts technical requirements?
Hi, We had similar issues about a month ago (mentioned on this list) where all our MX:es in a /24 where heavily ratelimited, i.e. over 99% of mails to outlook.com were deferred. In this case, as it was our MX:es it was forwarded email and autoreplies that were effected by it. The frustrating response we got from microsofts sender "support" was exactly the same as you got. "we do not have the liberty to discuss the nature of the block" and "I would suggest that you review and comply with Outlook.com's technical standards" Michael Wise recommended the following some time after our incident: On Thu, 28 Jun 2018 19:25:12 +, Michael Wise via mailop wrote: >If you start to see 4xx deferrals (esp. 3113, 3114, 3115, 3150, ) from the >Hotmail/Outlook/et al data centers, you should know that the IP has been >throttled, and one would be well advised, given that situation, to STOP all >sending until at least the top of the hour, plus a few minutes. And if the >deferrals continue with THAT traffic, it is strongly suggested that one hold >off on any sending from that IP for at least 24 hours. Bottom line is, right >now, if you start seeing 4xx deferrals from HotMail on a given IP, you >should stop sending immediately if you at all possibly can as it may affect >the IPs reputation. But in general, if when you connect to a given mail >server, all you are seeing is deferrals, you should 1) notice, and 2) back >off. BR/Mvh. Dan Malm, Systems Engineer, One.com On 2018-10-08 09:28, Philippe Bonvin via mailop wrote:> Ho yes we were confronted to the same problem as you. It started in December last year for us. > > Short answer: there is no way out. > > This is a game of changing IP addresses to relay for Microsoft only which never ends. > > Wait a few days, the blocked IP will be allowed again without any reason. > > > It is at a point that I strongly suspect that Microsoft does it strategically to gain more customers. > > "You cannot send email to us ? Become a customer, we know how to send emails." > > > > From: mailop on behalf of Benoit Panizzon > Sent: Monday, October 8, 2018 08:46 > To: mailop@mailop.org > Subject: [mailop] Microsoft blocklists are secret - how to comply with microsofts technical requirements? > > Hi List > > Now I am sort of baffled, after a lengthy email exchange about the > blocklist case, Microsoft states: > > "As previously stated, your IP(157.161.12.54) is mitigated at this time. > I do apologize, but I am unable to provide any details about this > situation since we do not have the liberty to discuss the nature of the > block. > > At this point, I would suggest that you review and comply with > Outlook.com's technical standards. This information can be found at > https://postmaster.live.com/pm/postmaster.aspx; > > Why is Microsoft not telling which email, or which event from our > server caused this specific ip to get blacklisted for all of their email > services (Outlook365, Hotmail etc)? > > If I follow the link to the technical standards again I get to very > vague and generic information I feel is intended for an enduser, not > for an ISP. > > I don't know what we do or did wrong which caused Microsoft to put that > IP on the blacklist, so this could happen again any time which just > leaves a bad feeling. > > Did other ISP also deal with this problem? > > Mit freundlichen Grüssen > > -Benoît Panizzon- > -- > I m p r o W a r e A G-Leiter Commerce Kunden > __ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 PrattelnFax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > __ > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > [EDSI-Tech Sarl]<http://www.edsi-tech.com> > Philippe Bonvin, Directeur, Ing. MSc. in Computer Science, IPMA, eMBA > EDSI-Tech Sàrl<http://www.edsi-tech.com> > EPFL Innovation Park, Batiment C, 1015 Lausanne, Suisse | Téléphone: +41 (0) 21 566 14 15, poste 99 > > Disclaimer: > This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this information, be advised that you have received this email in error and that any usage, disclosure, distribution, copying of the information or any part of it in any form whatsoever is strictly prohibited. > If you have received this email in error please notify the EDSI-Tech helpdesk by phone on +41 21 566 14 15 and then d
[mailop] Outlook SNDS. Ratelimited or blocked by RIPE?
Hi! I've been trying to add our IP ranges to a new SNDS account for over a week now with no luck. I keep getting the same error message: "Unable to identify any responsible addresses for that range. Please request a different range, using the following specific reasons as guidance: - - Sorry, whois.ripe.net will not let us do any more lookups today. Please come back and try again tomorrow" This keeps happening every day I try, no matter what time of day, so I'm thinking either there's a different error than the one shown, or ripe has severely ratelimitied (or outright blocked) SNDS.. Either way, do we have anyone on list that can look into this or refer me to someone who can? -- BR/Mvh. Dan Malm, Systems Engineer, One.com signature.asc Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Rambler.ru 20 seconds connection delay
On 04/09/2018 04:23 AM, John Levine wrote: > Simple theory: there are similar delays after EHLO and MAIL FROM, so > they seem to be severly overloaded. Don't take it personally. That's > why your mail server can do a zillion connections at once. As I saw a bunch of joomla sites with unprotected (or poorly protected) account registration pages being abused to try and bomb rambler.ru addresses this morning this theory sounds valid... -- BR/Mvh. Dan Malm, Systems Engineer, One.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs
Hi I'm seeing an extreme amount of SMTP authentications (over 600/s) from the microsoft owned 40.101.0.0/16 range on my customer SMTP servers. It's just auth, with valid credentials, and then it disconnects right after so no attempts to send any mails have been done for the vast majority of these connections. A small amount of valid mails are being sent from this range though. HELO indicates it's from outlook.com. So seems like their system for sending with your own domain through external servers has gone a bit haywire... I've sent ab...@microsoft.com a mail about it, but I'm a bit curious if anyone else is seeing the same? -- BR/Mvh. Dan Malm, Systems Engineer, One.com signature.asc Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Problems updating AOL fbl email/id
Hi! Have anyone on the list any experience with updating your FBL-ID address with AOL? And if so, how did you do it? I've tried updating it multiple times at https://postmaster.aol.com/fbl-request over the course of about 2 weeks and whatever I do AOL keeps sending the reports to the old address and not the new one... I've tried both filling in the old and the new address in the first FBL-ID field. I do get the confirmation mail with link to abuse@ every time and I get a positive response when using the confirmation link. Am I missing a secret handshake or knock somewhere? ;) -- BR/Mvh. Dan Malm, Systems Engineer, One.com signature.asc Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] BT Internet Blocks
Hi If what you're asking is if we're publishing DMARC records for all our customers domain, then the answer is both yes we do, and no we don't. We publish DMARC if the customers have added DMARC themselves (we're a shared hosting provider. Customers can add the DNS records they wish to have). We do not automatically add DMARC or SPF records to any domain as that will affect email delivery if they use any other servers to send email (as many do). But we do publish DKIM keys and DKIM sign as there are no adverse effects from that. The domains affected by the "Too many messages" issues we see are exclusively domains that have either: - no SPF records - SPF records that does not include our mail servers - broken/invalid SPF records The defer always comes after the MAIL FROM command. @Andrew: You say "I have confirmed there is no issues with spf" what SPF is that? From my experience the SPF record refered to in the "Too many messages" error is the SPF record of the domain in the MAIL FROM command and nothing else. So the SPF for mimecast.com wouldn't matter if you send from @yourcustomer.tld We've tried contacting btinternet (@postmaster and support) on several occasions as this is a reoccurring issue with them, but the only answer we've been able to get is that the sender address should have SPF. -- BR/Mvh. Dan Malm, Systems Engineer, One.com On 11/09/2017 10:40 AM, Renaud Allard via mailop wrote: > Hello, > > Do you publish DMARC records? It might help to set those up if you > haven't already. > > Best Regards > > On 09/11/17 10:28, Sidsel Jensen wrote: >> Hi Andrew >> >> We also face problems escalating issues through >> postmas...@btinternet.com <mailto:postmas...@btinternet.com> :-/ >> If you do manage to get hold of them - please share how ;-) >> >> We currently have a pile of mails to btinternet being with stuck in >> queue due to the same Defer msg that you get. >> >> Is there a good way to get an relatively new sending-IPs validated >> with btinternet? >> Our IPs have been warmed up nicely and when checking with >> senderscore.com <http://senderscore.com> the score is 98 >> >> Our problem is that not all our customers have an SPF record, we do >> DKIM sign everything though. >> >> Kind Regards, >> Sidsel Jensen >> Systems Engineer @ One.com <http://One.com> >> s...@one.com <mailto:s...@one.com> >> >> >>> On 9 Nov 2017, at 01.35, Andrew Gosney <agos...@mimecast.com >>> <mailto:agos...@mimecast.com>> wrote: >>> >>> >>> Hi all, >>> Is anyone from BT on this forum or has anyone had any experience >>> escalating issues with BT? I’ve been going back and forth with >>> postmaster for weeks with no resolution. >>> Our issue is we keep receiving the following rejections: >>> -/Too many messages (1.5.6.2) on 2017/10/27 01:10:05 BST from >>> un-validated IP address:. Please add a SPF record for the domain to >>> your DNS or ask your Broadband Provider / Domain Registrar to do >>> this, we will be unable to deliver email until this is done due to >>> the volume of email being sent from this IP address. Guide for bulk >>> senderswww.bt.com/bulksender <http://www.bt.com/bulksender>/ >>> // >>> -/Policy (1.3.6.1) Too much SPAM received from on 2017/10/27 08:32:20 >>> BST, if you share a mail server consider moving to a dedicated mail >>> server not sending SPAM. Guide for bulk senderswww.bt.com/bulksender >>> <http://www.bt.com/bulksender>/ >>> I have confirmed there is no issues with spf and all other bulk >>> sender requirements are ok and our IP isn’t on any of the blacklists >>> BT utilize. >>> Any assistance would be appreciated. >>> Thanks >>> >>> >>> Andrew Gosney m: +61 407 840 584 www.mimecast.com >>> <http://www.mimecast.com/> >>> Senior Messaging Security Analyst (L3) p: +61 3 9017 5101 >>> Address clickhere <http://www.mimecast.com/About-us/Contact-us/> >>> >>> <117110900353702143.png> <https://www.mimecast.com/> >>> >>> >>> >>> <117110900353701343.png> >>> <https://eu-api.mimecast.com/s/click/XujAZpejvFW2OIhYbUKIG8G8eadBhBYHqUU0CY6ijKpIvsA2rp9pU7GHB_JgyofWFgWJEhhyJQ1PLlw1w2KjFWDppXNz3-X16PEPA8bOUKAWJc5nfDW5Xtc_-DZ1BpuvAT98NFyGuqds5eWGcWBzOvVhXQjb3XmOjeI-84TR90l3R3RfIstQX-SH6NjR2fpr7h-Ue-zbJbcqoXdYh6kYPQ> >>> >>> >>> >>> <117110900353701143.gif>
Re: [mailop] BT blacklist
On 10/03/2017 11:54 AM, Darryl Hall wrote: > > I’ve had reports of emails going to BT recipients are being rejected. > Hi, My experience with BT is that you will need to have SPF records set up for the sender domain if you want to deliver somewhat reliably to BT. For domains without SPF you can get deferred with the message: 421 Too many messages (1.5.7.2) on 2017/10/03 13:39:53 BST from un-validated IP address: INSERT-IP-HERE Please add a SPF record for the domain INSERT-DOMAIN-HERE to your DNS or ask your Broadband Provider / Domain Registrar to do this, we will be unable to deliver email until this is done due to the volume of email being sent from this IP address. Guide for bulk senders www.bt.com/bulksender I suspect this does not solely depend on volume but also on IP reputation (internal to BT, not any RBL) as I've had this happen for only some of the IPs in a cluster where all IPs have been delivering similar volumes towards BT accounts and none are listen in RBLs. -- BR/Mvh. Dan Malm, Systems Engineer, One.com signature.asc Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
