Re: [mailop] problems sending to gmail

2017-01-27 Thread Wosotowsky, Adam 

Assuming everything structural is working correctly as you indicated below, the 
problem might be with your domain name.  .cc is perhaps the most abused TLD 
there is, so much so that google doesn't even return search results if they're 
.cc domains.  Many anti-spam systems will reject a mail outright if it contains 
a .cc domain, as the false positive to malicious ratio makes it an easy choice.

--adam


From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Andreas Blaha
Sent: Friday, January 27, 2017 4:18 AM
To: mailop@mailop.org
Subject: [mailop] problems sending to gmail

Dear all,
Firstly, hello to all, I am new to this list and not too experienced in 
explaining technicalities as well.

I face the following problem:
I am running a mail server using postfix and dovecot, set up multidomain, 
sending IPv4 and IPv6 (whatever shouts first, seems to be chosen randomly), and 
all seems to work fine. I have set up SPF, DKIM and DMARC, all tests state that 
nothing is wrong but emails sent to gmail.com users are landing in their spam 
folder. I checked RBL listings - nothing, I have set up a TXT record in my DNS 
for google-site-verification, still the same.
Does anyone have an idea what else could cause this behaviour?

The main domain is fortytwo.cc.

Any advise would be highly appreciated!

If more information is required please let me know.

Many thanks in advance

Andy


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spamhaus and Spamcop Blacklisting

2016-09-13 Thread Wosotowsky, Adam 

DROP generally indicates that the IP range is or has been hijacked.  Getting 
off it is requires the actual owner to update their ownership records.

--adam

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Rupesh Gohil
Sent: Tuesday, September 13, 2016 9:23 AM
To: Suresh Ramasubramanian 
Cc: mailop@mailop.org
Subject: Re: [mailop] Spamhaus and Spamcop Blacklisting

Yes email marketer having those IPs. Is it really hard to come out from Drop? - 
Email Marketer has 20 to 25 Spamtraps and these spamtraps has been removed now.

Yes these is something we have in our mind to write them what actions we have 
taken to stop bad data and spamtraps.

Any suggestions or thoughts on this?

Many thanks,


On Tue, Sep 13, 2016 at 2:17 PM, Suresh Ramasubramanian 
mailto:ops.li...@gmail.com>> wrote:
They seem to host an email marketer that is causing detects on CSS, SBL and 
then Spamcop.   And god help us, also Spamhaus DROP.  Which is not the easiest 
list to get into.

What are you going to tell them, that the marketer is legitimate and 
advertising for legitimate companies?

Or that they follow best practices in email marketing / have implemented best 
practices?


From: Rupesh Gohil mailto:rupeshgo...@gmail.com>>
Date: Tuesday, 13 September 2016 at 6:34 PM
To: Suresh Ramasubramanian mailto:ops.li...@gmail.com>>
Cc: mailto:mailop@mailop.org>>
Subject: Re: [mailop] Spamhaus and Spamcop Blacklisting

Hi Suresh,

These are the IPs - 103.60.218.0/24- I am about to 
write detail explanation to them regarding issues and how we have dealt with 
them.

Previously it was under CSS listing - As of now no CSS but still these IPs are 
in SBL.

Looking forward to hear from you.

Many thanks,
Rupesh

On Tue, Sep 13, 2016 at 12:07 PM, Suresh Ramasubramanian 
mailto:ops.li...@gmail.com>> wrote:
Fixing whatever problem actually caused the listing first might be an 
interesting thing to do, before you open a ticket seeking a response.   And 
which IP is this?

From: mailop mailto:mailop-boun...@mailop.org>> on 
behalf of Rupesh Gohil mailto:rupeshgo...@gmail.com>>
Date: Tuesday, 13 September 2016 at 4:26 PM
To: mailto:mailop@mailop.org>>
Subject: [mailop] Spamhaus and Spamcop Blacklisting

What is the process of Spamhaus and Spamcop delisting?

I have gone thorough both website with my accounts and ticket also created for 
delisting, It's now more than 10 days now with no feedback.

Is that any contact number to call Spamhaus and Spamcop team to explain whole 
situation?

Just wondering if they have dedicated numbers?



--
Rupesh Gohil



--
Rupesh Gohil
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google: Increase in false positives?

2016-09-02 Thread Wosotowsky, Adam 

That is correct.  With IPv6 coming into implementation this moves the problem 
from the intractable problem of identifying infected IP addresses, to the 
tractable problem of identifying good and bad domains and detecting deviation 
from the norm.  It allows you to trash spam that fails basic checking and 
reduce your primary problem to domain reputation and dealing with compromised 
accounts on trusted domains.  It has never been claimed that it was a silver 
bullet to rid the world of spam (many snowshoe spammers already pass spf and 
dkim checks), but it does keep the combat arena out of the swamp.

--adam



From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Aaron C. de Bruyn
Sent: Friday, September 2, 2016 12:36 PM
To: Renaud Allard 
Cc: mailop@mailop.org
Subject: Re: [mailop] Google: Increase in false positives?

On Fri, Sep 2, 2016 at 1:39 AM, Renaud Allard via mailop 
mailto:mailop@mailop.org>> wrote:
On 09/02/2016 10:28 AM, Brandon Long via mailop wrote:
> The spam team would love to send all unauthed mail to the spam label or
> even reject it (they call it no auth no entry).
>

IMHO, that would be a good idea. If one big player does it, no-one can
ignore it, so this enables the others to do it.

On that note, wouldn't that just 'move the problem'?  If we waved our magic 
wands and made all e-mail require SPF, DKIM, and DMARC or it goes to junk, a 
mail server compromise would lead to a bunch of spam that was SPF-allowed, 
DKIM-signed, and DMARC-policy-acceptable.  And we'd still have spam in our 
inbox.  ;)

-A
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Cisco PIX Mailguard Oddity

2016-05-09 Thread Wosotowsky, Adam 

> From: Steve Atkins
> 
> Yes they can, but I've seen PIXes inexplicably get into a state where they
> reject everything.
> 

Just to pile on with all the other email experts, smtp_f*ckup is the worst 
"feature" ever implemented on a "security" device.  Not only does it kill your 
ability to do TLS, but since the system is trying to packet inspect everything 
it is really easy to overload the firewall, which will cause it to start 
randomly dropping packets.  Once this starts happening the connections go into 
tcp retry, which increases network load significantly, which causes more lost 
packets, which causes more retries, etc.  Delivering a piece of mail with a 
200k attachment on a moderately busy day is probably a coin-flip as to whether 
it gets through.  

If you have a firewall with that setting on the network, then 95% of all email 
delivery issues are due to it.  It is not even worth investigating anything 
else while it is there, killing your network and forcing your mail to plaintext 
transfer.  It would be like freaking out over a stubbed toe while bleeding out 
from a gunshot wound.  

--adam



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Latest TLD issues..

2016-04-26 Thread Wosotowsky, Adam 

> From: Michael Peddemors
> 
> But again, it isn't the registrar that should be blamed, unless of course the
> domains are being registered with stolen or forged information and credit
> cards..
> 
> It is the companies that let them set up shop that should be complicit..
> 

In this case you can blame the registrar, as this one registers over 10k 
domains a month, and they're 100% spam.  

--adam



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] DKIM signing domain selection (RFC 5863 section 2.3) question

2016-02-10 Thread Wosotowsky, Adam 

Without DMARC, DKIM is anti-modification, not anti-spoofing.  DKIM is there to 
say that a message has not been modified from the time that the DKIM header was 
added until it was authenticated by the recipient.  It doesn't need to match 
the from address (think yahoo, gmail, Hotmail, etc that send outbound mail for 
thousands of domains), just as hostnames in your SPF record are not limited to 
the "from" domain.  

Once DMARC comes into the picture then the domain owner can enforce the use of 
only an authorized dkim signing key for the domain, which functionally works as 
anti-spoofing, but there is no requirement for from domain alignment there 
either (once again, think yahoo, etc).

--adam

> -Original Message-
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Doug
> Brenner
> Sent: Wednesday, February 10, 2016 12:46 PM
> To: mailop@mailop.org
> Subject: [mailop] DKIM signing domain selection (RFC 5863 section 2.3)
> question
> 
> RFC 5863 section 2.3, "Choosing the Signing Domain Name", discusses
> using multiple domains to separate different email streams, e.g., marketing
> vs. transactional.
> 
> I'm curious about experiences of doing this when the RFC5822.From and/or
> RFC5821.From domain(s) are the parent.
> 
> For example, say I send email with header,
> 
>   From: m...@example.com
> 
> and DKIM sign with d=bulk.example.com.
> 
> I know the DKIM RFC says the "signing identity specified by the DKIM
> signature is not required to match an address in any particular header
> field", however, it's really up the recipients in the end.
> 
> Is anyone doing this to separate email streams and create different DKIM
> domain reputations?
> 
> What "real-world" impact does it have when the header domain and DKIM
> domain don't match? (In particular, when the header domain is the parent
> as above.)
> 
> Is it worth the effort to setup this type of environment instead of just
> putting everything under the example.com domain?
> 
> I'm sure some sites are dealing with this by changing the From address to
> use a matching DKIM domain, but when you're dealing with a university
> where everyone wants to use the parent, sub-domains are likely to happen.
> 
> If you can point me to resources or a better discussion list, that's fine too.
> Thanks.
> --
> Doug Brenner, UNIX System Administrator
> Information Technology Services, The University of Iowa
> +1 319 467 1625 / doug-bren...@uiowa.edu / doug.bren...@gmail.com
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mcafee misconfigured DNS on MXLogic IP addresses

2015-11-23 Thread Wosotowsky, Adam 



I'll get it looked at. 

--adam


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Drew Weaver
Sent: Monday, November 23, 2015 10:44 AM
To: Drew Weaver ; 'mailop@mailop.org' 

Subject: Re: [mailop] Mcafee misconfigured DNS on MXLogic IP addresses

This particular issue has been resolved silently without anyone contacting me 
so I am guessing it was a result of me posting here.

There are other IPs that also suffer the same issue.

Another example is: 

p02c11m061.mxlogic.net  is supposed to be 208.65.144.235 but it isn't.

Can whomever is lurking here from MXLogic/McAfee please check all of the 
hostnames you are using for helo to make sure they resolve?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Drew Weaver
Sent: Friday, November 20, 2015 10:51 AM
To: 'mailop@mailop.org' 
Subject: [mailop] Mcafee misconfigured DNS on MXLogic IP addresses

Earlier this week they started delivering email to us from a server that 
indicates that it's hostname is mxl144v237.mxlogic.net and it's IP address is 
208.65.144.237

The problem is mxl144v237.mxlogic.net isn't a valid hostname, which results in:

maillog:Nov 20 10:31:36 localhost postfix/smtpd[22058]: warning: 
208.65.144.237: hostname mxl144v237.mxlogic.net verification failed: Name or 
service not known maillog:Nov 20 10:31:38 localhost postfix/smtpd[22090]: 
warning: 208.65.144.237: hostname mxl144v237.mxlogic.net verification failed: 
Name or service not known maillog:Nov 20 10:31:45 localhost 
postfix/smtpd[22091]: warning: 208.65.144.237: hostname mxl144v237.mxlogic.net 
verification failed: Name or service not known maillog:Nov 20 10:31:47 
localhost postfix/smtpd[22095]: warning: 208.65.144.237: hostname 
mxl144v237.mxlogic.net verification failed: Name or service not known 
maillog:Nov 20 10:32:18 localhost postfix/smtpd[22058]: warning: 
208.65.144.237: hostname mxl144v237.mxlogic.net verification failed: Name or 
service not known maillog:Nov 20 10:32:37 localhost postfix/smtpd[22080]: 
warning: 208.65.144.237: hostname mxl144v237.mxlogic.net verification failed: 
Name or service not known

Sooo anyone who has this particular check configured in Postfix has been null 
routing email for the last week or so.




___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop