Re: [mailop] Exchange (and GSuite?) versus open source - was Re: The oligopoly has won.

[Matthias Leisi via mailop]

>> The open source eco-system has failed to produce useful alternatives to 
>> Outlook/Exchange(Online) or GSuite.
> 
> Never having had to use either in anger, or had the perspective of an SMB,
> what is missing from the open source offerings ?

Calendar. Calendar delegation. Calendar sharing. 

Delegtion of access to mailboxes. 

Access to shared mailboxes (I know that Dovecot handles that, but how many 
Dovecot admins know that and can manage it in  a scalable way?)

> As far as I can see Exchange does some calendaring which only works with 
> Outlook
> and which has always looked like the tail wagging the dog from my perspective
> (why would I change my entire mail system to use a calendaring system ?).

Because people do not want mail, they want mail and calendar and authentication 
and access and delegation, and integration with their business apps and their 
mobile devices …

Yes, Exchange is awfully poor in how it handles this and how you have to manage 
it. (And GSuite is not really better. And Apple has a lot to catch up to.) 
Overall, the state of affairs is truly awful. It’s so awful that even I have to 
admit that Microsoft is doing it better than anybody else and that you should 
definitely migrate your collaboration to Microsoft.

And yes, I’m painfully aware that Microsoft commercially has no problems to use 
their market power and to leverage licensing terms *just* to the point where it 
starts to hurt *really* bad. But all other competitors, including open source 
alternatives, have failed miserably.

— Matthias

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Matthias Leisi via mailop]

> What I’ve said elsewhere is that what consumers, enterprises, and SMBs all 
> need is a healthy selection of services from which to choose.  The problem 
> with the entry costs is that you have to be able to leverage a cloud 
> infrastructure to play these days.  That’s not cheap.

The main issue is not really „cheap“. As I see it, as an SMB around the world, 
you really only have two choices: MS365 or Google. Microsofts licensing makes 
self-hosting impractical, and Google is more or less the only (non-self-hosted) 
alternative, from a mass-market perspective. 

The open source eco-system has failed to produce useful alternatives to 
Outlook/Exchange(Online) or GSuite. These are the two reasons why the oligopoly 
has won: inferior solutions and very precisely targetted licensing terms (did 
you ever try to license a Windows server on a cloud infrastructure to run your 
own Exchange? ha, good luck with that…)

— Matthias

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] X-MS-Exchange-CrossTenant-* headers gone?

[Matthias Leisi via mailop]

Apparently ExchangeOnline is not adding the X-MS-Exchange-CrossTenant-* headers 
any more. Lots of fun if you have tools in your outbound mail flow that 
interact with multiple MS365 tenants and separates them based on the 
X-MS-Exchange-CrossTenant-id header (amongst other use cases). 

So far we’ve seen it with customers hosted in the german MS365 cloud, but not 
with customers in the swiss cloud. Any other observations?

— Matthias

-- 
Matthias Leisi
Katzenrütistrasse 68, 8153 Rümlang
Mobile +41 79 377 04 43
matth...@leisi.net



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?

[Matthias Leisi via mailop]

>> How would it know the difference if it was Thunderbird, or the user?
> 
> You can guess by timing.
> 
> If the message is moved to spam folder immediately after being fetched by
> client, then it is an automated filter action. If there is at least a few
> seconds delay, then it is probably the user manually moving the message into
> spam folder (the user needs some time to look at least at the subject of
> the message and click the appropriate button).

The mail client with its local spam filter may not be connected at the time the 
message arrives in the inbox. It may come online at a later point and move 
messages to the spam folder with considerable delay.

— Matthias

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Haraka status? Exim the only choice? (v Postfix)

[Matthias Leisi via mailop]

> I used Postfix along time but my experience is that it is incredible 
> difficult to implement custom logic especially across the different 
> binaries/processes it uses to fulfil a mail delivery transaction. Its 
> designed in the "unix philosophy" and has good performance - great but 
> Postfix devs normally react hostile if asked for advanced features that 
> require tracking meta-information about messages across Postfix processes. 
> Its only the RFC compliant mail message state that persisting through the 
> entire transaction, nothing more. Milters can be injected but have 
> limitations and I get headaches from the configuration system. I shouldn't 
> complain too hard tho, because I'm grateful for how solid and secure and 
> bulletproof it has been. Thank you team Postfix.
> 
> But I want more power and customization not only generic mailserver.

For sticking with Postfix, have a look at https://fuglu.org/ 


— Matthias

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Delivery problem on Microsoft e-mail (code 250 but does not receive)

[Matthias Leisi via mailop]

Does it produce a bounce? 

We see cases where eg Recipient verification on MS365 customers simply does not 
work (apparently depending on which cluster they are hosted). Instead of 
rejecting with some 5xx it will bounce later.

— Matthias

Von meinem iPhone gesendet

> Am 20.10.2020 um 12:45 schrieb Daniele Rossi via mailop :
> 
>  Hi,
> 
> we try to send to Microsoft Account and we receive this message:
> 
> Queued mail for delivery -> 250 2.1.5
> The problem is that the mail does not arrive either in spam or in the inbox.
> This happens for most of our ip's.
> 
> Can anyone explain this abnormal behavior to me?
> 
> 
> 
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Matthias Leisi via mailop]

> S/MIME offers more traditional digital signatures using CA signed 
> certificates.  I would
> not call that widely deployed, I certainly have never seen it from any 
> marketing/transactional
> mail, maybe once or twice from a medical insurance company.  Support in mail 
> clients is
> fairly widely deployed, possibly more so than DKIM.

Webmail is usually poor in properly showing signature verification. 

One big provider which starts with a „G“ seems to silently ignore attachments 
with „Content-Type: application/pkcs7-signature". :)

(Everything works as it should when accessed over IMAP, no problem there.)

— Matthias


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Pinging Mimecast

[Matthias Leisi via mailop]

Mimecast is apparently sending from 185.58.84.0/24 (specifically  
eu-smtp-delivery-42.mimecast.com / 185.58.84.42). This is not included in what 
customers apparently have in their SPF records 
("include:eu._netblocks.mimecast.com" and 
"include:us._netblocks.mimecast.com“), with the obvious result.

— Matthias

-- 
Matthias Leisi
Katzenrütistrasse 68, 8153 Rümlang
Mobile +41 79 377 04 43
matth...@leisi.net
Skype matthias.leisi


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Post-processing Journal-Mails coming from O365, forwardedMail

[Matthias Leisi via mailop]

> there is a feature in O365 that forwards mails (in/out/both..) to an 
> archive-mailbox for long-term archiving.
> 
> We grab this mails via pop. However our available mail-readers (Thunderbird, 
> Kopano) show the original mail as attachment.
> 
This is the „envelope wrapper“ format. It contains the _final_ recipient(s) of 
the email (eg after aliasing, distribution list expansion etc), and contains 
the original email - headers and body - unchanged. The advantage is that the 
archiving process does not need to do any of the logic Exchange does (no 
further LDAP lookups etc).

> This makes it very hard for handling/searching/reading of these mails.
> 
> Are there any tools available to just have the attachment that is the real 
> and original mail?
> 
These messages are typically read by an email archiving solution (mailpiler, 
mailarchiva, cryoserver, mailstore etc) for long-term storage, full-text search 
and other features.

— Matthias

-- 
Matthias Leisi
Katzenrütistrasse 68, 8153 Rümlang
Mobile +41 79 377 04 43
matth...@leisi.net
Skype matthias.leisi

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Recipient verification / MS365 inconsistent?

[Matthias Leisi via mailop]

For some of our clients who use MS365, we noticed that recipient verification 
_sometimes_ fails (actually, it fails more than it succeeds). What I mean by 
„fail“ (lightly edited for privacy reasons):

> > (EHLO and STARTTLS ...)
> < 220 2.0.0 SMTP server ready
> > EHLO (ourserver)
> < 250 DB5EUR01FT011.mail.protection.outlook.com Hello [91.208.173.165]
> > MAIL FROM: 
> > RCPT TO: <(random non-existing email address)@(customer)>
> > DATA
> > [..]
> > .
> < 250 2.6.0 <159424516309.19130.7744779654254529...@quar04.cleanmail.ch> 
> [InternalId=15603616188757, Hostname=DB7PR03MB3804.eurprd03.prod.outlook.com] 
> 9393 bytes in 0.135, 67.925 KB/sec Queued mail for delivery

This obviously produces a bounce later on. 

By „succeed“, I would expect a 5xx response after the RCPT TO, which happens in 
maybe 1 in 10 cases, but we have not found a real pattern.

According to docs, verification of RCPT TO should be enabled by setting the 
domain as „authoritative“ on MS365 (this setting has been confirmed).

Delivery to existing accounts works as expected.

Anybody else noticed this behaviour? 

— Matthias

-- 
Matthias Leisi
Katzenrütistrasse 68, 8153 Rümlang
Mobile +41 79 377 04 43
matth...@leisi.net
Skype matthias.leisi


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] DNSxL lookups IPv6 - one /128 per DNS query

[Matthias Leisi via mailop]

At dnswl.org, we collect (DNS) logs to identify abusers of our service. During 
last week, the logs increased by a factor of 10 (usually this is pretty stable, 
going up an down a few percents), so we thought we’d investigate. And we found 
something new (to us). 

From one particular IPv6 range, each and every DNS query was sent from a unique 
IPv6 /128, and every /128 seen was used exactly once.

Since we do not correlate source and question of DNS queries received (for 
privacy reasons), we can not tell what exactly was being asked. We can work 
around this issue in a number of ways (by blocking them from our DNS servers, 
excluding them from the log aggregation etc), so no direct harm here. However, 
if such behaviour becomes more widespread, it may have a number of collateral 
effects (for DNS caches, in log handling, in reputation management systems etc).

Is this something others have seen as well (either on the DNSxL lookup side, or 
in SMTP connections)? 

— Matthias

-- 
Matthias Leisi
Katzenrütistrasse 68, 8153 Rümlang, Switzerland
Mobile +41 79 377 04 43
matth...@leisi.net
Skype matthias.leisi


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] No SMTP-Auth in Office365 Mailflow Connectors - seriously Microsoft?

[Matthias Leisi via mailop]

Experienced this as well. Customer mentioned this, and I did not believe him 
until I checked myself… 

— Matthias

> Am 14.06.2019 um 14:42 schrieb Stefan Bauer via mailop :
> 
> Hi,
> 
> can anyone confirm that I'm just blind or that this is not possible with 
> Microsofts Exchange Online (Office365) cloud solutions?
> 
> This works fine in all on-premise installations. I can not specify 
> username/password for smtp authentication nor any certs.
> 
> I just want to set outgoing mails to smarthosts with authentication.
> 
> Any MS admin around that can elaborate on this?
> 
> I'm baffled.
> 
> Stefan
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



smime.p7s
Description: S/MIME cryptographic signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Matthias Leisi]

>> My question is, "What Mailchimp spam problem?" Where's data? All I see
>> is useless bombastic complaining that belongs on NANAE or SPAM-L, not
>> here.
> 
> Ok, there is a point here which I did not consider enough.
> 
> I did not collect any numbers about emails send by mailchimp to our
> email platform.

According to dnswl.org  magnitude data*, Mailchimp is one of 
the large sources of email, just behind Microsoft/Google, and ahead of Amazon, 
Sendgrid, Facebook, ExactTarget, Yahoo, LinkedIn and Twitter. 

Of those, ExactTarget and Facebook have the highest „spamminess“ score (an 
internal number considering volume of email and volume of complaints/RBL hits 
etc); Mailchimp is relatively „clean“. On the other hand, we see *many* 
spamtrap hits from all email marketing senders. 

And I mean *many*. Spamtraps that returned 5xx for years. Spamtraps that never 
„engaged“ or „opened“ or „inboxed“. Spamtraps that never „subscribed“ (ey, some 
are even Message-Ids scraped from Usenet!).

And *a lot* of what email marketers send is silently disposed of in spamfilters 
(dropped, quarantined, whatever). 

I looked deeper into our data at dnswl.org  over the past 
few weeks. More and more I get the impression that hardly any "email marketers" 
have a "clean list", or even care about it. 

I believe there are some dirty facts around the whole „email marketing“ thing 
which people with better data than me should uncover.

— Matthias

* We do not directly observe SMTP traffic, but only the DNS traffic. Due to 
caching etc our data is slightly distorted and over-estimates small senders. 
However the magnitude data still shows the relative size of senders.



smime.p7s
Description: S/MIME cryptographic signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Should mail servers publish IPv6 MX records? Could this harm your spam filtering?

[Matthias Leisi]

> If the industry had moved to a reputation model, it would be easier to 
> discuss "how bad is it" and whether it's bad enough to block at IP time, or 
> whether you mix it into your spam score.

Isn’t this what postscreen_dnsbl_sites is doing, for example?

> Will SMTP be the last hold-out on IPv4?

At dnswl.org , IPv6 by volume was 0.06% over the past three 
days, and 1.34% of the netranges we list are IPv6. (Yes, that includes a lot of 
small-ish site which use our data and which may have lower adoption of IPv6 
than larger recipients.)

— Matthias

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Should mail servers publish IPv6 MX records? Could this harm your spam filtering?

[Matthias Leisi]

> Isn't the simplest way to handle this is to treat IPv6 at the /64 or smaller 
> level? 

There is no broad consensus yet on where IPv6 reputation should be attached to. 
Cheap hosting providers handing out individual /128s to customers…

Discovery protocols to find the „right“ prefix length to query in a particular 
situation have not resulted in tangible results. 

— Matthias


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Weird problems with mitigation at Hotmail/Outlook

[Matthias Leisi]

> Am 11.01.2018 um 23:17 schrieb Michael Wise via mailop :
> 
>  
> Our reputation system has a *LONG* memory.
> And I'm sure it's not alone.

It’s not alone at all. dnswl.org  has a *very* long memory. 
Oldest history entry in the internal blacklist (DNSWL Id 666) is 

[postgres@dnswl]# select dnswlid, histdate from tblhistory where dnswlid = 666 
order by histid limit 1;
 dnswlid |  histdate
-+-
 666 | 2010-11-20 17:35:39

The oldest history overall which still exists:

[postgres@dnswl]# select dnswlid, histdate from tblhistory order by histid asc 
limit 1;
 dnswlid |  histdate
-+-
 | 2006-12-19 19:33:36

— Matthias

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

[Matthias Leisi]

Benoit,

> Therefore, the sender must be identifiable. If the sender is not
> identifiable, the ISP of the sender must provide the identity of the
> sender.

On what legal theory is this based on? 

> Art. 8 Right to information
> https://www.admin.ch/opc/en/classified-compilation/19920153/index.html#a8 
> 

The best course of action you may find here is to define the provider as the 
„controller of a data file“, if he will not identify the actual controller to 
you. At most, you will get the information about when your email address was 
added to the providers’ database. 

> Art. 82 Communication of data to identify nuisance calls and unfair
> mass advertising
> https://www.admin.ch/opc/en/classified-compilation/20063267/index.html#a82 
> 

This only applies to telecommunications services providers as defined in 
ordinance (and the telecommuncations law). OFCOM has a list of all registered 
telecomuncations services providers. It does *not* apply to anybody else. Yes, 
this is a gigantic loophole, and I spoke out against it during the consultation 
process.  But you can’t just make up stuff.

> Bundesgesetz gegen den unlauteren Wettbewerb (unfortunately not
> translated by admin.ch)
> https://www.admin.ch/opc/de/classified-compilation/19860391/index.html 
> 

The unfair competition law (Art 3 lit o and s) is nice, but hardly relevant. A 
single spam(mer) will usually not pass the threshold of „to threaten the 
economic well-being“. Yes, another gigantic loophole. 

Even leaving jurisdiction issues aside, you will have a hard time to legally 
force a provider to reveal the identity of the spammer. I’m sorry that I don’t 
have better news.

— Matthias

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Checkpoint firewall/spam appliance..

[Matthias Leisi]

> That said... large ramp up in spam over the last 7 days... last night ramping 
> up over 10 times the previous 7 days... scrambling for bandwidth atm... all 
> my servers are maxing out and a month ago they were idle and I was getting 
> questions about whether I needed so many (now I  need at least double!)

We see an increase at dnswl.org, although not that much. Some servers see +10%, 
others +40%. Abuse reports / spamtrap hits have also gone up considerably since 
yesterday, but this is not a reliable indicator of overall activity in our case 
due to generally large day-to-day changes.

— Matthias


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail throttles anyway

[Matthias Leisi]

> Am 04.02.2016 um 22:41 schrieb Brandon Long :
> That's what I think is the case, indeed. Hetzner is the provider.
> 
> It is a netblock quota you're hitting, yes.  As we see more and larger hit 
> and run spam jobs from previously unknown or low volume IPs and netblocks, 
> the low volume senders are caught in the cross fire.

At dnswl.org  we’ve seen an increased number of spam sources 
at Hetzner over the past few weeks. We do not see mail content, just DNS 
lookups (other than through a couple of spamtraps), but there seems to be a 
pattern to it: „new“ IP, using Hetzner’s default rDNS, starting with large 
volumes per IP right away, IPs scattered around Hetzner netblocks „randomly“. 

> I'll ping the spam team about the messaging again, saying IP is definitely 
> wrong there.  And I can ping them about better handling about this, they've 
> made some improvements recently, but it's a hard problem.

Reputation by AS is indeed non-trivial. It works well for most ASes, but for 
"tightly packed" ASes such as for large hosters, it’s usefulness is limited.

— Matthias


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Ex-post-facto spam complaints, a possible UI problem / other mitigation

[Matthias Leisi]

> I wonder if anyone has done an actual analysis of what people are
> thinking when they do this. Is it an accident? Is it not understanding
> what the "Report spam" button means or is for? Impatience and a just
> "get these emails out of my sight" type mentality? Just general
> confusion?

Or just simple errors? I personally made such an error a couple of days ago 
(slightly different setup, but still similar enough): Scanning through a spam 
folder for false positives, marking true spam in bulk with the intent to remove 
them. Instead of „Really Delete“, I click on „Not Spam“, and *poosh* I have 
~150 spams in my Inbox. 

I sincerely hope that the spam filter does not learn from my „not spam“ actions…

What this should show: Even people who should know what they are doing make the 
occasional mistake. Multiply by a couple of 100k users - and you realize that 
maybe you should only use a log function of user input to finetune your filters.

— Matthias



smime.p7s
Description: S/MIME cryptographic signature
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop