Re: [mailop] Looking for GoDaddy email/DNS contact

[frnkblk]

It's cleaned up now -- maybe it automatically happened after the aforementioned 
quarantine?

Thanks,

Frank 

-Original Message-
From: mailop  On Behalf Of Bill Cole
Sent: Friday, April 26, 2019 3:27 PM
To: mailop@mailop.org
Subject: Re: [mailop] Looking for GoDaddy email/DNS contact

On 25 Apr 2019, at 23:49, frnk...@iname.com wrote:

> We had a customer not renew their domain name (IRONINGENUITY.COM), but 
> upon
> expiration their MX records were left still pointing to us.  We're 
> looking
> for a way for that to get cleaned up (ideally null MX record, second 
> best is
> to reset to GoDaddy's default MX record for such domains), but since 
> the
> customer doesn't want to renew the domain, don't know really where to 
> turn.

I'm not seeing the problem...

$ host IRONINGENUITY.COM
Host IRONINGENUITY.COM not found: 3(NXDOMAIN)

$ host -t ns IRONINGENUITY.COM b.gtld-servers.net
Using domain server:
Name: b.gtld-servers.net
Address: 192.33.14.30#53
Aliases:

Host IRONINGENUITY.COM not found: 3(NXDOMAIN)



-- 
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Available For Hire: https://linkedin.com/in/billcole

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Looking for GoDaddy email/DNS contact

[frnkblk]

We had a customer not renew their domain name (IRONINGENUITY.COM), but upon
expiration their MX records were left still pointing to us.  We're looking
for a way for that to get cleaned up (ideally null MX record, second best is
to reset to GoDaddy's default MX record for such domains), but since the
customer doesn't want to renew the domain, don't know really where to turn.

Regards,

Frank


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Mandrill service outage

[frnkblk]

FYI:
https://www.mediapost.com/publications/article/331556/mailchimps-mandrill-ap
p-suffers-service-outage-c.html

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] No MX records for mail.mil

[frnkblk]

Looks to be a DNSsec issue ... please correct me if I have that wrong.

Frank

-Original Message-
From: Frank Bulk (frnk...@iname.com)  
Sent: Thursday, May 3, 2018 8:28 AM
To: 'mailop@mailop.org' (mailop@mailop.org) 
Subject: No MX records for mail.mil

I haven't investigated this thoroughly, but it seems like mail.mil is not
returning MX records from certain DNS resolvers. 

Frank


DNS server: 1.1.1.1 (Cloudflare DNS)

; <<>> DiG 9.7.3 <<>> MX mail.mil @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 49376
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mil.  IN  MX

;; Query time: 67 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu May  3 08:24:43 2018
;; MSG SIZE  rcvd: 26


DNS server: 1.0.0.1 (Cloudflare DNS)

; <<>> DiG 9.7.3 <<>> MX mail.mil @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39108
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mil.  IN  MX

;; Query time: 4171 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Thu May  3 08:24:47 2018
;; MSG SIZE  rcvd: 26


DNS server: 8.8.8.8 (Google DNS)

; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 29691
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mil.  IN  MX

;; Query time: 34 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu May  3 08:24:42 2018
;; MSG SIZE  rcvd: 26


DNS server: 8.8.4.4 (Google DNS)

; <<>> DiG 9.7.3 <<>> MX mail.mil @8.8.4.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27285
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mil.  IN  MX

;; Query time: 76 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Thu May  3 08:24:42 2018
;; MSG SIZE  rcvd: 26




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Email issues to outlook.com and hotmail.com this afternoon/evening

[frnkblk]

Thanks.  Most of them are "AS843".  I wish I knew what that meant.  Poking 
through those pending outbound messages in our queues, nothing seems sneaky or 
suspicious about them.  Hopefully they will eventually deliver.

Frank

-Original Message-
From: Benjamin BILLON  
Sent: Thursday, February 22, 2018 9:21 PM
To: frnk...@iname.com; mailop@mailop.org
Subject: RE: [mailop] Email issues to outlook.com and hotmail.com this 
afternoon/evening

Hi Frank, 

To answer the question: "not me", but any STMP reply that includes (AS[0-9]+) 
is related to spam detection/reputation issues.
Those "Server busy" without such codes can perfectly is that servers are, in 
fact, busy (so you should try again, maybe fallback a bit).

When talking with the support a few weeks back, we provided the proportion of 
each ASXXX numbers in our logs for a given IP/pool/client, as although I don't 
know what each code is about, that could help them spot something specific on 
their side (for the cases where I _know_ that there's no reason to consider the 
emails as spam).

Are you seeing many more "Server busy" without than with ASXXX ?

Hope that helps, 
--

Benjamin Billon

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of frnk...@iname.com
Sent: Thursday, 22 February, 2018 18:28
To: mailop@mailop.org
Subject: [mailop] Email issues to outlook.com and hotmail.com this 
afternoon/evening

Anyone else see email queued up to outlook.com and Hotmail.com domains?  It 
started around 5:30 pm U.S. Central and we're still seeing some issues.  

Here are some just some status logs from our email servers:

@outlook.com Site outlook.com (104.47.38.33) said after data sent:
452 4.3.1 Insufficient system resources (TSTE) 
[BL2NAM02HT002.eop-nam02.prod.protection.outlook.com]
[BL2NAM02FT001.eop-nam02.prod.protection.outlook.com]
@outlook.com ubad=-1386839216, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BL2NAM02FT028.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1678146736, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.28].
(AS843) [BN3NAM01FT001.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1390394544, Site (hotmail.com/104.47.45.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [CO1NAM04FT040.eop-NAM04.prod.protection.outlook.com]
@hotmail.com ubad=-1386839216, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.26].
(AS761) [BN3NAM01FT029.eop-nam01.prod.protection.outlook.com]
@msn.com ubad=-1386839216, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.27]. (AS843) 
[VE1EUR02FT061.eop-EUR02.prod.protection.outlook.com]
@msn.com ubad=-1386839216, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.20]. (AS843) 
[VE1EUR02FT047.eop-EUR02.prod.protection.outlook.com]
@outlook.com ubad=-1380134064, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BL2NAM02FT023.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1380134064, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.28].
(AS843) [BN3NAM01FT045.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1402289328, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BN3NAM01FT056.eop-nam01.prod.protection.outlook.com]
@outlook.com ubad=-1537227952, Site (outlook.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.28].
(AS761) [BN3NAM01FT003.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1537227952, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BN3NAM01FT047.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1377012912, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BN3NAM01FT006.eop-nam01.prod.protection.outlook.com]
@outlook.com ubad=-1514519728, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BL2NAM02FT017.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1396481200, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BN3NAM01FT033.eop-nam01.prod.protection.outlook.com]
@msn.com ubad=-1495354544, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.27]. (AS843) 
[VE1EUR02FT056.eop-EUR02.prod.protection.outlook.com]
@msn.com ubad=-1380134064, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.28]. (AS843) 

[mailop] Email issues to outlook.com and hotmail.com this afternoon/evening

[frnkblk]

Anyone else see email queued up to outlook.com and Hotmail.com domains?  It
started around 5:30 pm U.S. Central and we're still seeing some issues.  

Here are some just some status logs from our email servers:

@outlook.com Site outlook.com (104.47.38.33) said after data sent:
452 4.3.1 Insufficient system resources (TSTE)
[BL2NAM02HT002.eop-nam02.prod.protection.outlook.com]
[BL2NAM02FT001.eop-nam02.prod.protection.outlook.com]
@outlook.com ubad=-1386839216, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BL2NAM02FT028.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1678146736, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.28].
(AS843) [BN3NAM01FT001.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1390394544, Site (hotmail.com/104.47.45.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [CO1NAM04FT040.eop-NAM04.prod.protection.outlook.com]
@hotmail.com ubad=-1386839216, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.26].
(AS761) [BN3NAM01FT029.eop-nam01.prod.protection.outlook.com]
@msn.com ubad=-1386839216, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.27]. (AS843)
[VE1EUR02FT061.eop-EUR02.prod.protection.outlook.com]
@msn.com ubad=-1386839216, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.20]. (AS843)
[VE1EUR02FT047.eop-EUR02.prod.protection.outlook.com]
@outlook.com ubad=-1380134064, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BL2NAM02FT023.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1380134064, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.28].
(AS843) [BN3NAM01FT045.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1402289328, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BN3NAM01FT056.eop-nam01.prod.protection.outlook.com]
@outlook.com ubad=-1537227952, Site (outlook.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.28].
(AS761) [BN3NAM01FT003.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1537227952, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BN3NAM01FT047.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1377012912, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BN3NAM01FT006.eop-nam01.prod.protection.outlook.com]
@outlook.com ubad=-1514519728, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BL2NAM02FT017.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1396481200, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BN3NAM01FT033.eop-nam01.prod.protection.outlook.com]
@msn.com ubad=-1495354544, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.27]. (AS843)
[VE1EUR02FT056.eop-EUR02.prod.protection.outlook.com]
@msn.com ubad=-1380134064, Site (msn.com/104.47.6.33) said: 451
4.7.500 Server busy. Please try again later from [96.31.0.28]. (AS843)
[VE1EUR02FT036.eop-EUR02.prod.protection.outlook.com]
@hotmail.com ubad=-1398660272, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BN3NAM01FT058.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1678146736, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BN3NAM01FT001.eop-nam01.prod.protection.outlook.com]
@outlook.com ubad=-1503435952, Site (outlook.com/104.47.38.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.26].
(AS843) [BL2NAM02FT018.eop-nam02.prod.protection.outlook.com]
@hotmail.com ubad=-1678146736, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.20].
(AS843) [BN3NAM01FT001.eop-nam01.prod.protection.outlook.com]
@hotmail.com ubad=-1403702448, Site (hotmail.com/104.47.33.33)
said: 451 4.7.500 Server busy. Please try again later from [96.31.0.27].
(AS843) [BN3NAM01FT020.eop-nam01.prod.protection.outlook.com]

Frank


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Looks like GoDaddy is having email issues

[frnkblk]

Our outbound queues are draining now, down 37% from 10:56 pm U.S. Central, 
where it was the highest of the last 16 hours.

Frank

-Original Message-
From: Frank Bulk [mailto:frnk...@iname.com] 
Sent: Monday, September 25, 2017 11:59 AM
To: Anne P. Mitchell Esq. ; mailop@mailop.org
Subject: RE: [mailop] Looks like GoDaddy is having email issues

GoDaddy Support tweeted that the issue was resolved, but instead of:
421 p3plibsmtp02-14.prod.phx3.secureserver.net bizsmtp Temporarily 
rejected. Reverse DNS for 96.31.0.x failed. IB108  
we're seeing:
Open (72.167.238.32) Error 180sec (399 TCP Read failed (Err Code Zero 
after 180 seconds) 180 sec)
Open (68.178.213.203) Error 0sec (399 TCP Read failed (Connection was 
closed. after 0 seconds) 0 sec)
Site naturesedge-ds.com (72.167.238.32) said in response to MAIL FROM 
(452 4.1.0 ... temporary failure)

From our perspective they're getting flooded or there are still other issues 
going on.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Anne P. Mitchell 
Esq.
Sent: Monday, September 25, 2017 10:11 AM
To: mailop@mailop.org
Subject: Re: [mailop] Looks like GoDaddy is having email issues

This has been passed on to GoDaddy.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Comcast timeouts

[frnkblk]

Our spam filtering vendor also saw it in their outbound queues: 
https://edgewavecom.statuspage.io/

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brotman, Alexander
Sent: Wednesday, September 20, 2017 2:18 PM
To: mailop@mailop.org
Subject: Re: [mailop] Comcast timeouts

 

There was an issue with some backend systems, which I’ve been told are now 
resolved.  Things are still being cleaned up.

 

--

Alex Brotman

Sr. Engineer, Anti-Abuse

Comcast

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Russell Clemings
Sent: Wednesday, September 20, 2017 2:31 PM
To: mailop@mailop.org  
Subject: Re: [mailop] Comcast timeouts

 

I see nothing but timeouts from those two since 9 a.m. Eastern. Our server is 
in Maryland.

 

 

 

On Wed, Sep 20, 2017 at 11:15 AM, Eric Tykwinski  > wrote:

I’m seeing a bunch of timeouts on mx1.comcast.net   and 
mx2.comcast.net  

Tested from office and an OVH server to make sure it’s not regional.

Timeouts are sporadic, so delivery happens after a few tries.

 

Just want to let someone know if Comcast guys are reading.

 

Sincerely,

 

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300  

 


___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





 

-- 

===
Russell Clemings

 >
===

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone else email see email delays to cox.net today?

[frnkblk]

We saw email delivery delays to cox.net today, between 12:58 and 7:32 pm
(U.S. Central).  Our email server logged the following for each of them:
Site cox.net (68.6.19.3) said in response to MAIL FROM (452 4.1.0
ESMTP server temporarily not available - Refer to Error Codes section at
http://postmaster.cox.net/confluence/display/postmaster/Error+Codes for more
information.)"
Site cox.net (68.1.17.3) said in response to MAIL FROM (452 4.1.0
ESMTP server temporarily not available - Refer to Error Codes section at
http://postmaster.cox.net/confluence/display/postmaster/Error+Codes for more
information.)"
The web page doesn't address this specific issue (ESMTP server temporarily
not available), so I assume what it says at face value.

No hints of issues on Twitter or DownDetector.

Frank


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Email delivery to Yahoo! and Frontier (who also uses Yahoo! email)

[frnkblk]

We saw things clear up around 1:20 pm U.S. Central.  Whatever it was, it didn’t 
really show up in DownDetector, so end-user facing access was apparently OK.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Torsten Reinert 
via mailop
Sent: Thursday, July 13, 2017 1:33 PM
To: mailop@mailop.org
Subject: Re: [mailop] Email delivery to Yahoo! and Frontier (who also uses 
Yahoo! email)

 

Issues seem to be resolved. Our messages have gone out by now.

 

 

On Thu, Jul 13, 2017 at 11:16 AM, Torsten Reinert  > wrote:

Same here.

 

 

On Thu, Jul 13, 2017 at 9:50 AM, Tony Maszeroski via mailop  > wrote:

+1 - Yahoo queues bloating here as well.

These appear to be our top three problematic destinations:

mta6.am0.yahoodns.net  [98.136.216.25]
mta7.am0.yahoodns.net  [98.136.217.203]
mta7.am0.yahoodns.net  [98.138.112.33]

-tony

On 7/13/17 09:40, Tara Natanson wrote:
> Yes,  We have been seeing this as well and I have confirmed several
> other senders are seeing it too.  Same error.
>
> One person reported this error started appearing over the weekend.
>
> Tara Natanson
>
> On Thu, Jul 13, 2017 at 12:32 PM, Frank Bulk   
>  >> wrote:
>
> We're seeing outbound email queue up for yahoo.com  
>  and frontier.com   
>  and
> frontiernet.net    since 
> 7:50 am U.S.
> Central.  Our email server is logging
> "451 4.3.2 Internal error reading data"
>
> Frank
>
>
> ___
> mailop mailing list
> mailop@mailop.org     >
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 

>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org  
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>


___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





 

-- 



Torsten Reinert

Global Deliverability Manager

 

Email: tors...@groupon.com  

Groupon Inc. | www.groupon.com  

 





 

-- 



Torsten Reinert

Global Deliverability Manager

 

Email: tors...@groupon.com  

Groupon Inc. | www.groupon.com  

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Email issues to mx01.perfora.net?

[frnkblk]

Anyone else seeing delivery issues to mx01.perfora.net?  Sample logs/data
below:

Frank

Open (74.208.5.21) Error 181sec (399 TCP Read failed (Err Code Zero after
180 seconds) 180 sec)
ubad=14022638, Site (sibleypresby.church/74.208.5.21) said: 450 Requested
mail action not taken: mailbox unavailable
ubad=14022638, Site (firstcrc.com/74.208.5.21) said: 450 Requested mail
action not taken: mailbox unavailable

21.5.208.74.in-addr.arpa domain name pointer mx01.perfora.net.

IP: 74.208.5.21
Origin-AS: 8560
Prefix: 74.208.0.0/16
AS-Path: 6539 577 3356 8560
AS-Org-Name: ONEANDONE-AS Brauerstrasse 48
Org-Name: 1&1 Internet Inc.
Net-Name: 1AN1-NETWORK
Cache-Date: 1496904103
Latitude: 39.099730
Longitude: -94.578570
City: Kansas City
Region: Missouri
Country: United States
Country-Code: US


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] So, about this iOS10 unsubscribe feature...

[frnkblk]

Exactly. =)

This week was calm -- no alerts regarding our server queues about this issue.  
Perhaps it was just one spammer that had a non-working SMTP server.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Bill Cole
Sent: Thursday, May 25, 2017 7:15 PM
To: mailop@mailop.org
Subject: Re: [mailop] So, about this iOS10 unsubscribe feature...

On 22 May 2017, at 21:59, frnk...@iname.com wrote:

> Here are the domains that are currently in our server queues:
>
>   e.highwayhealth.org
>
>   e.everydown.org
>
>   e.thrivehealth.org
>
>   e.pro-associates.org
>
>   e.educationforourfuture.org
>
>   e.booktemplate.org
>
>   e.amicon.org
>
>   e.gatherit.org
>
> Note that none of these have an MX record.

Which is not itself a problem, since they all have A records. However, 
they all resolve to the same IP, 107.158.16.99, which does not answer on 
port 25.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Hotmail server(s) out of memory?

[frnkblk]

Thanks.  Last logged occurrence was 5:07 pm U.S. Central.

 

Frank

 

From: Michael Wise [mailto:michael.w...@microsoft.com] 
Sent: Friday, June 2, 2017 12:13 PM
To: Frank Bulk ; mailop@mailop.org
Subject: RE: [mailop] Hotmail server(s) out of memory?

 

 

Looks like the issue is being mitigated.

Our monitoring did catch it, apparently.

Past that, can’t say much. 

 

Thanks!

 

Aloha,

Michael.

-- 

Michael J Wise
Microsoft Corporation| Spam Analysis

"Your Spam Specimen Has Been Processed."

Got the   Junk 
Mail Reporting Tool ?

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Frank Bulk
Sent: Friday, June 2, 2017 7:36 AM
To: mailop@mailop.org  
Subject: [mailop] Hotmail server(s) out of memory?

 

Starting this morning at 8:44 am U.S. Central we saw this with two different 
customers of ours emailing Hotmail subs:

Site hotmail.com (104.44.194.235) said in response to MAIL FROM (452 Out of 
memory)

Site hotmail.com (104.44.194.236) said in response to MAIL FROM (452 Out of 
memory)

 

Regards,

 

Frank

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] So, about this iOS10 unsubscribe feature...

[frnkblk]

It appears to be the second -- some bulk mail sender has started sending mail 
with invalid Unsubscribe information and users that try to unsubscribe are 
generating queue noise.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Dave Warren
Sent: Monday, May 22, 2017 9:41 PM
To: mailop@mailop.org
Subject: Re: [mailop] So, about this iOS10 unsubscribe feature...

 

On Mon, May 22, 2017, at 18:59, frnk...@iname.com   
wrote:

Just starting last week we started seeing our outbound queues fill up with 
undeliverable client messages generated because of this one-click unsubscribe 
feature.  Since this Apple feature has been in place for over six months, I’m 
surprised we haven’t seen this until now.

 

Is the problem iOS 10 doing something wrong, or is it just some bulk mail 
sender has started sending mail with invalid Unsubscribe information and users 
that try to unsubscribe are generating queue noise?

 

I don't use the feature much myself on a day to day basis, but I did monkey 
with it a bit when it first came out and it seems to work as described.

 

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] So, about this iOS10 unsubscribe feature...

[frnkblk]

Just starting last week we started seeing our outbound queues fill up with 
undeliverable client messages generated because of this one-click unsubscribe 
feature.  Since this Apple feature has been in place for over six months, I’m 
surprised we haven’t seen this until now.

 

Here are the domains that are currently in our server queues:

  e.highwayhealth.org

  e.everydown.org

  e.thrivehealth.org

  e.pro-associates.org

  e.educationforourfuture.org

  e.booktemplate.org

  e.amicon.org

  e.gatherit.org

Note that none of these have an MX record.

 

How are others dealing with this? Just purging their outbound queues?

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Josh Nason
Sent: Thursday, September 15, 2016 3:27 PM
To: mailop 
Subject: [mailop] So, about this iOS10 unsubscribe feature...

 

Hi all -- I'm sure you've heard about the new iOS10 feature that highlights an 
unsubscribe at the top of bulk emails. I assumed it was only going to be active 
if a sender had list unsubscribe turned on, but was mistaken. 

 

However, the prompt I get saying 'Mail will send a message from (my email) to 
unsubscribe from this mailing list.'

 

Anyone know where that message is going to be sent to? I assume the reply 
address, but am unclear and can't seem to find documentation on it.


 

-- 

     
   
  

Josh Nason / Email Reputation Manager  
     
 +1 603-289-1244 | @JoshNason 
 

Email is hot! This is why 

  it's the original form of social media.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF record

[frnkblk]

Same here -- many of my customers, for example those who go to O365, aren't
aware of the implications when they add Microsoft's suggested SPF record,
and then wonder why some emails (originated from a non-O365 system) aren't
being received.  Fortunately our helpdesk is very attuned to these issues
and can suggest tweaks to their SPF record to resolve the issue.

Frank

-Original Message-
From: SM [mailto:s...@elandnews.com] 
Sent: Sunday, May 21, 2017 10:25 AM
To: frnk...@iname.com; mailop@mailop.org
Cc: Kurt Jaeger 
Subject: RE: [mailop] SPF record

Hi Frank,
At 06:52 21-05-2017, frnk...@iname.com wrote:
>Do you think the sending domain was not aware of that when they 
>wrote the policy?

I have come across cases where the sending domain was not aware of 
the impact of its SPF policy.  That does not mean that sending 
domains are not aware of what will happen because of their policies.

Regards,
-sm 




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF record

[frnkblk]

sm,

Do you think the sending domain was not aware of that when they wrote the 
policy?

Frank 

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of SM
Sent: Sunday, May 21, 2017 8:13 AM
To: Kurt Jaeger ; mailop@mailop.org
Subject: Re: [mailop] SPF record

Hi Kurt,
At 05:25 21-05-2017, Kurt Jaeger wrote:
>Can you tell more about this ? Why is '-all' bad ?

You are assuming that when the message is delivered to the receiver, 
it will see a connection from the sending IP address.

Regards,
-sm   


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

[frnkblk]

Neil,

 

Thanks for sharing with ExactTarget.

 

Are you saying that checking the box on our commercial spam filtering system’s 
“check SPF” feature, which quarantines messages that have SPF failures (-all), 
was a poor decision on my part?  

 

I don’t understand what DMARC has to do with this – a sender who implements an 
SPF record should not the assume the receiver has also implemented DMARC 
checking.  Let me remind everyone again – a message was sent to us from an IP 
address that was outside the range of the SPF record for that sending email 
address’s domain, and the SPF record told us to discard the message.  I really 
don’t understand why I’m being blamed for not delivering the message.  If the 
sender wanted a different behavior they should have used a “~all”.  I feel I 
already went above and beyond the call of duty by contacting dozens and dozens 
of senders who had incomplete SPF records.  It just turns out that I didn’t 
have a contact at Travelocity.

 

Regards,

 

Frank

 

From: Neil Schwartzman [mailto:spamfighter...@icloud.com] 
Sent: Saturday, May 20, 2017 10:58 AM
To: frnk...@iname.com
Cc: Brandon Long ; mailop ; John Levine 

Subject: Re: [mailop] Many SPF failures lately

 

Yeah. I did let exact target know.

 

I work supporting a userbase probably a few hundred million the size of yours, 
and I can tell you, in my world. knowingly, blithely dropping legitimate email 
is likely a firing offense.

 

I suggest you may wish to avail yourself of deep knowledge of DMARC 
technologies so you can actual insight into what senders intend you to do in 
light of their declarations.

--

Neil Schwartzman

spamfigh...@gmail.com  

Tel.: +1 (514) 629-6345


On May 20, 2017, at 11:31,  > 
 > wrote:

I guess it depends on how our customers forward to the email account provided 
by us.  I’m sure that there are some messages that we do block due to 
forwarding, but when I manually examined four weeks of SPF-based blocks, I 
don’t recall seeing one example.  You’re very much right that waiting for 
feedback from end-users is very much incomplete. 

 

We do not do policy enforcement purely based on SPF unless it is a ”-all”.  For 
all others it’s part of the spam analysis mix.

 

If someone does know the mail operator/group for Travelocity, perhaps they can 
be alerted to the issue I raised.  

 

Frank

 

From: Brandon Long [mailto:bl...@google.com] 
Sent: Saturday, May 20, 2017 1:56 AM
To: Frank Bulk  >
Cc: John Levine  >; mailop 
 >
Subject: Re: [mailop] Many SPF failures lately

 

Is forwarding mail something your users never do?  Or do you think the sender 
should be able to specify that the mail can't be forwarded?

 

With the exception of a pure -all record, policy enforcement based purely on 
spf is a poor choice.  Maybe, depending on your users, it won't raise the fp 
rate that much.  OTOH, if you just reject without letting in a fraction, how do 
you even know what your fp rate is?  Waiting for feedback from your users that 
they're missing messages they may not even know they should have gotten is a 
poor way to measure effectiveness.

 

Brandon

 

On May 19, 2017 9:34 PM,  > wrote:

John,

I'm a bit bewildered -- these aren't random strangers, they're the actual
sender.  Am I supposed to second-guess the sender's instructions?  If I have
to second-guess every sender's "-all" then I have to have another layer of
subjective analysis -- currently manual, in my situation.

Frank


-Original Message-
From: John R Levine [mailto:jo...@taugh.com  ]
Sent: Friday, May 19, 2017 7:22 PM
To: frnk...@iname.com  
Cc: mailop@mailop.org  
Subject: RE: [mailop] Many SPF failures lately

> Yet the senders, via their SPF records with a "-all", told me to reject
those messages. As MTA's, we're doing what the send told us to do.

I don't know about you, but I do not blindly follow instructions from
random strangers.  It rarely leads to good outcomes.

> For my users, I have the quaint idea that I should try and deliver the
> mail that they obviously want.

Regards,
John Levine, jo...@taugh.com  , Taughannock Networks, 
Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly



___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org  

Re: [mailop] Many SPF failures lately

[frnkblk]

I guess it depends on how our customers forward to the email account provided 
by us.  I’m sure that there are some messages that we do block due to 
forwarding, but when I manually examined four weeks of SPF-based blocks, I 
don’t recall seeing one example.  You’re very much right that waiting for 
feedback from end-users is very much incomplete. 

 

We do not do policy enforcement purely based on SPF unless it is a ”-all”.  For 
all others it’s part of the spam analysis mix.

 

If someone does know the mail operator/group for Travelocity, perhaps they can 
be alerted to the issue I raised.  

 

Frank

 

From: Brandon Long [mailto:bl...@google.com] 
Sent: Saturday, May 20, 2017 1:56 AM
To: Frank Bulk 
Cc: John Levine ; mailop 
Subject: Re: [mailop] Many SPF failures lately

 

Is forwarding mail something your users never do?  Or do you think the sender 
should be able to specify that the mail can't be forwarded?

 

With the exception of a pure -all record, policy enforcement based purely on 
spf is a poor choice.  Maybe, depending on your users, it won't raise the fp 
rate that much.  OTOH, if you just reject without letting in a fraction, how do 
you even know what your fp rate is?  Waiting for feedback from your users that 
they're missing messages they may not even know they should have gotten is a 
poor way to measure effectiveness.

 

Brandon

 

On May 19, 2017 9:34 PM,  > wrote:

John,

I'm a bit bewildered -- these aren't random strangers, they're the actual
sender.  Am I supposed to second-guess the sender's instructions?  If I have
to second-guess every sender's "-all" then I have to have another layer of
subjective analysis -- currently manual, in my situation.

Frank


-Original Message-
From: John R Levine [mailto:jo...@taugh.com  ]
Sent: Friday, May 19, 2017 7:22 PM
To: frnk...@iname.com  
Cc: mailop@mailop.org  
Subject: RE: [mailop] Many SPF failures lately

> Yet the senders, via their SPF records with a "-all", told me to reject
those messages. As MTA's, we're doing what the send told us to do.

I don't know about you, but I do not blindly follow instructions from
random strangers.  It rarely leads to good outcomes.

> For my users, I have the quaint idea that I should try and deliver the
> mail that they obviously want.

Regards,
John Levine, jo...@taugh.com  , Taughannock Networks, 
Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly



___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

[frnkblk]

I looked at the last week of blocked email from Travelocity.com and found just 
one blocked message.

It was a flight change email from traveloc...@e.travelocity.com with a source 
IP of 66.244.67.50.

fbulk@frankb-PC:/mnt/c/Users/fbulk$ dig TXT e.travelocity.com +short
"spf2.0/pra include:cust-senderid.exacttarget.com -all"
"v=spf1 include:cust-spf.exacttarget.com -all"
fbulk@frankb-PC:/mnt/c/Users/fbulk$ dig TXT cust-spf.exacttarget.com +short
"v=spf1 ip4:64.132.92.0/24 ip4:64.132.88.0/23 ip4:66.231.80.0/20 
ip4:68.232.192.0/20 ip4:199.122.120.0/21 ip4:207.67.38.0/24 " 
"ip4:207.67.98.192/27 ip4:207.250.68.0/24 ip4:209.43.22.0/28 
ip4:198.245.80.0/20 ip4:136.147.128.0/20 ip4:136.147.176.0/20 ip4:13.111.0.0/18 
-all"
fbulk@frankb-PC:/mnt/c/Users/fbulk$

Besides cust-spf-exacttarget.com having some extra quotes in their SPF record, 
you can see that 66.244.67.50 is not in the above SPF record(s).

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Carl Byington
Sent: Friday, May 19, 2017 11:55 AM
To: mailop@mailop.org
Subject: Re: [mailop] Many SPF failures lately

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Fri, 2017-05-19 at 03:49 -0500, frnk...@iname.com wrote:
> Most well-known cuplprit is Travelocity and their flight change
> notifications.

The only travelocity mail I see here is from
traveloc...@ac.travelocity.com via 192.161.140.0/24. Are the flight
change notifications from some other system?

ac.travelocity.com CNAME -> travelocity.neolane.net
travelocity.neolane.net TXT -> redirect p140.neolane.net
p140.neolane.net TXT "v=spf1 ip4:192.161.140.0/24 -all"

Even if spf fails, we would accept those based on the DKIM signature by
ac.travelocity.com which is listed in our local policy database.


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlkfI0oACgkQL6j7milTFsF0QgCfU/e06B6EOZ9sOLGOUX+HBtpV
X1UAnjCwr/FwQXA3jbew/nHT1IVC2apB
=Iv5/
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

[frnkblk]

Yet the senders, via their SPF records with a "-all", told me to reject those 
messages. As MTA's, we're doing what the send told us to do.

Frank

-Original Message-
From: John Levine [mailto:jo...@taugh.com] 
Sent: Friday, May 19, 2017 9:56 AM
To: mailop@mailop.org
Cc: frnk...@iname.com
Subject: Re: [mailop] Many SPF failures lately

In article <002401d2d07c$de401730$9ac04590$@iname.com> you write:
>I turned on SPF checking on our incoming email server about two or three 
>months and notified
>domain holders who were sending legitimate email from bad IPs, and there, too, 
>some fixed up
>their SPF records, but the majority didn't do anything.  So we keep rejecting 
>those emails.  Most
>of them tend to be from auto-notify systems (bank statements, receipts for 
>purchases from online
>stores, etc).  The recipients don't complain to the sender because they're not 
>aware they were
>supposed to get an email, and since a human didn't send it, there's no one on 
>the sending side
>chasing it down.  Most well-known cuplprit is Travelocity and their flight 
>change notifications. 
>Too bad the travelers aren't getting notified.

I must say I'm glad that I'm not one of your mail users.

For my users, I have the quaint idea that I should try and deliver the
mail that they obviously want.

R's,
John



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

[frnkblk]

We have an automated SPF checking system in place for clients/partners/vendors 
and auto-notify them of invalid/malformed SPF records every three weeks.  The 
responsive ones got them fixed up, but I still have three die-hards that 
haven't made any changes.  Their domains are low-volume, so they probably 
haven't had a palpable issue.

I turned on SPF checking on our incoming email server about two or three months 
and notified domain holders who were sending legitimate email from bad IPs, and 
there, too, some fixed up their SPF records, but the majority didn't do 
anything.  So we keep rejecting those emails.  Most of them tend to be from 
auto-notify systems (bank statements, receipts for purchases from online 
stores, etc).  The recipients don't complain to the sender because they're not 
aware they were supposed to get an email, and since a human didn't send it, 
there's no one on the sending side chasing it down.  Most well-known cuplprit 
is Travelocity and their flight change notifications.  Too bad the travelers 
aren't getting notified.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Orlitzky
Sent: Tuesday, May 16, 2017 8:20 AM
To: mailop@mailop.org
Subject: Re: [mailop] Many SPF failures lately

On 05/15/2017 12:34 PM, D'Arcy Cain wrote:
>
> My personal preference is to just bounce it and make them fix their 
> records but it is becoming a support problem because the senders are not 
> reading the bounce message which explains the problem and has a link to 
> a page with more detail.  They simply contact our users saying that it 
> must be our problem.
> 

I usually respond with something like "the administrator of the sending
system told us to reject this message, you'll have to take it up with
him." Then if you ever hear from that guy, tell him to delete the SPF
record completely.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] HB spike from Yahoo?

[frnkblk]

Not sure this this is related: 
http://www.express.co.uk/life-style/science-technology/758307/BT-Mail-Down-Email-Address-BT-Internet-Not-Working

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Alberto Miscia via 
mailop
Sent: Tuesday, January 24, 2017 12:06 PM
To: mailop@mailop.org
Subject: [mailop] HB spike from Yahoo?

 

Hi,

We are seeing a strange spike in hard bounces from Yahoo!, reported also for 
accounts that should work.

"smtp;554 delivery error: dd This user doesn't have a yahoo.com 
  account"

 

Does anyone else see the same?

 

Thanks

 

Alberto Miscia | Head of Deliverability & Compliance | MailUp

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Lack of TLS 1.1/1.2 support on Apple email products

[frnkblk]

Bill,

Thanks for bringing up all those points.  While perhaps the practical 
implications of the TLS1.0's brokenness may not be as applicable to email, it 
doesn't mean ESPs should automatically be satisfied with the status quo.  If 
most vendors have found a way to implement TLS 1.1 and 1.2 then it's not 
unreasonable to expect an industry giant such as Apple to participate.

Based on our own experience and what I've read so far, it appears that if Apple 
stepped in line the percentage of clients that can't support TLS 1.0 with 
fallback to clear text would be very small.  When we turned TLS 1.0 off on our 
webmail server we got a few calls from customers, but our helpdesk was not 
ashamed to encourage our customers to try another browser and/or upgrade their 
OS to address the issue.  As I may have mentioned earlier, it didn't hurt that 
a regional bank did the same with their online banking page ... come to think 
of it, we may have had more calls from customers about the bank's web page than 
our webmail.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Bill Cole
Sent: Saturday, June 25, 2016 3:38 PM
To: mailop@mailop.org
Subject: Re: [mailop] Lack of TLS 1.1/1.2 support on Apple email products

On 24 Jun 2016, at 23:24, frnk...@iname.com wrote:

> I want to disable it for the reasons that Eric spelled out. TLS 1.0 is 
> broken, so if we turn it off on websites, shouldn't we turn it off for 
> all protocols?

Can you explain how exactly TLS 1.0 is broken in ways that are relevant 
for email? What is the attack model where a TLS 1.0 weakness is relevant 
to any facet of email other than end-user HTTPS-based access? Can you 
see how one might protect against such attacks short of disabling TLS 
1.0?

As for the relevance of this to PCI-DSS compliance: There are many 
people making money from selling a weak and oversimplified understanding 
of that standard to others who think it is beyond their capacity to 
understand and so never bother trying to read it. If a PCI "expert" 
claims you must disable TLS 1.0 for SMTP to be compliant, make him give 
you a specific citation. Read that whole section with all the fine print 
before firing him. (HINT: Appendix 2 is the critical part, where the 
phrase "Risk Mitigation and Migration Plan" is used heavily)

> Not that we promise our customers end-to-end encryption for all their 
> e-mail messages and handling,

Good call. No one passing mail too and from the Internet at large can 
keep such a promise and provide mail service customers will actually pay 
for and rely on.

> but I'd like to take advantage of the standards that are already out 
> there for web browsing.

Mail is different. Really. You can allow for people running the latest 
software to use the latest protocols without requiring that everyone do 
so. All the relevant RFCs say SMTP falls back to cleartext if 
negotiating encryption fails. IMAP and SMTP authentication standards 
offer mechanisms that are safe over unencrypted transport, and many 
clients will fall back to using those *silently* if they can't make TLS 
work. Require encryption, and you eliminate interoperability with many 
SMTP servers. Limit encryption to the latest and greatest protocols but 
still allow cleartext fallback, and you get back some of those 
cleartext-only senders but lose senders who won't ever try cleartext and 
can't do better than TLS 1.0. I won't even try to explain the morass of 
limiting ciphersuites: the corner cases there are too complex. If you 
want an exhaustive explanation for why NOT to make a mail server overly 
restrictive  (and how far is reasonable to go) go hunting for Viktor 
Dukhovni's many discussions of the issue on the Postfix mailing lists.

> And I think we could, if it weren't for Apple's mail products.

That is probably false. It's certainly false for MOST mail systems. 
There's a lot of old software in widespread use. Do you want mail 
servers on EL6-family distributions to fall back to cleartext when 
talking to you? People still clinging to Windows 7? How about people 
with service-subsidized Android 4 phones whose contracts aren't done? 
What is your view on interop with FreeBSD 9? How about people behind an 
idiotically configured (i.e. default configured) Cisco ASA or PIX 
firewall? There's a LOT of software out there linked to OpenSSL 0.9.8 
and a bit less to 1.0.0, both of which had their final patch releases in 
12/2015 and support nothong newer than TLS 1.0. Note that anyone running 
on those final versions with default build options and prudent 
configurations should be safe from known TLS 1.0 vulnerabilities. The 
precise wording of PCI-DSS 3.2 arguably would exempt those releases, 
since their TLS 1.0 implementations differ in important ways from "early 
TLS" (a squishy phrase PCI-DSS seems fond of...)

There are sound reasons for nominally closed and controlled environments 
to use nothing older than TLS 1.2, but to do so you need 

Re: [mailop] Email issues with Microsoft?

[frnkblk]

We saw this start to ramp up around 8:20 am (U.S. Central) and about an hour
later messages were predominately getting delayed, yet even now a few do get
delivered from time to time.  

Someone on the outages listserv posted about this, too.
(https://puck.nether.net/pipermail/outages/2016-June/009214.html)

Frank

-Original Message-
From: Frank Bulk (frnk...@iname.com) [mailto:frnk...@iname.com] 
Sent: Thursday, June 30, 2016 10:01 AM
To: 'mailop@mailop.org' (mailop@mailop.org) 
Subject: Email issues with Microsoft?

We're seeing multiple Microsoft-hosted domains having difficulty getting our
email.

@hsitire.com  Open (207.46.163.170) Error
4sec (399 TCP Read failed (Connection reset by peer after 4 seconds) 4 sec)
@animalhealthinternational.comOpen (207.46.163.170) Error
4sec (399 TCP Read failed (Connection reset by peer after 4 seconds) 4 sec)
@midwestwheel.com ubad=13799805, Site
(midwestwheel.com/207.46.163.170) said: 451 4.3.2 Temporary server error.
Please try again later ATTR2
@pamhc.orgOpen (207.46.163.170) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@hsitire.com  Open (207.46.163.170) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@kingsleybank.com Open (207.46.163.170) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@moc-fv.k12.ia.us Open (207.46.163.138) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@dordt.eduOpen (207.46.163.138) Error
1sec (421 4.3.2 The maximum number of concurrent server connections has
exceeded a per-source limit, closing transmission channel
(BN1AFFO11FD020.protection.gbl))
@nimanranch.com   Open
(207.46.163.138) Error 1sec (421 4.3.2 The maximum number of concurrent
server connections has exceeded a limit, closing transmission channel
(BN1AFFO11FD040.protection.gbl))
@hsitire.com  Open (207.46.163.138) Error
4sec (399 TCP Read failed (Connection reset by peer after 4 seconds) 4 sec)
@dordt.eduOpen (207.46.163.138) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)

Frank


138.163.46.207.in-addr.arpa domain name pointer
mail-bn14138.inbound.protection.outlook.com.

IP: 207.46.163.138
Origin-AS: 8075
Prefix: 207.46.128.0/17
AS-Path: 31019 8075
AS-Org-Name: Microsoft Corporation
Org-Name: Microsoft Corporation
Net-Name: MICROSOFT-GLOBAL-NET
Cache-Date: 1467291365
Latitude: 47.682900
Longitude: -122.120900
City: Redmond
Region: Washington
Country: United States
Country-Code: US


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Email issues with Microsoft?

[frnkblk]

We're seeing multiple Microsoft-hosted domains having difficulty getting our
email.

@hsitire.com  Open (207.46.163.170) Error
4sec (399 TCP Read failed (Connection reset by peer after 4 seconds) 4 sec)
@animalhealthinternational.comOpen (207.46.163.170) Error
4sec (399 TCP Read failed (Connection reset by peer after 4 seconds) 4 sec)
@midwestwheel.com ubad=13799805, Site
(midwestwheel.com/207.46.163.170) said: 451 4.3.2 Temporary server error.
Please try again later ATTR2
@pamhc.orgOpen (207.46.163.170) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@hsitire.com  Open (207.46.163.170) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@kingsleybank.com Open (207.46.163.170) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@moc-fv.k12.ia.us Open (207.46.163.138) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)
@dordt.eduOpen (207.46.163.138) Error
1sec (421 4.3.2 The maximum number of concurrent server connections has
exceeded a per-source limit, closing transmission channel
(BN1AFFO11FD020.protection.gbl))
@nimanranch.com   Open
(207.46.163.138) Error 1sec (421 4.3.2 The maximum number of concurrent
server connections has exceeded a limit, closing transmission channel
(BN1AFFO11FD040.protection.gbl))
@hsitire.com  Open (207.46.163.138) Error
4sec (399 TCP Read failed (Connection reset by peer after 4 seconds) 4 sec)
@dordt.eduOpen (207.46.163.138) Error
3sec (399 TCP Read failed (Connection reset by peer after 3 seconds) 3 sec)

Frank


138.163.46.207.in-addr.arpa domain name pointer
mail-bn14138.inbound.protection.outlook.com.

IP: 207.46.163.138
Origin-AS: 8075
Prefix: 207.46.128.0/17
AS-Path: 31019 8075
AS-Org-Name: Microsoft Corporation
Org-Name: Microsoft Corporation
Net-Name: MICROSOFT-GLOBAL-NET
Cache-Date: 1467291365
Latitude: 47.682900
Longitude: -122.120900
City: Redmond
Region: Washington
Country: United States
Country-Code: US


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] More issues with cableone.net today (repeat of March 16 and May 12)

[frnkblk]

Sounds like Synacor (who hosts cableone.net) has had issues again.  From our
email server logs:
Open (64.8.70.47) Error 0sec (421 4.3.4 allocated resources
exceeded)
Open (64.8.70.47) Error 4sec (399 TCP Read failed (Connection reset
by peer after 4 seconds) 4 sec)

First log entry shows up Saturday evening at 7:08 pm (Central) and last one
was Sunday evening at 6:23 pm.  There were deliveries in between, and I'm
not sure if three hours of clean deliveries is long enough to consider the
issue resolved.

Frank


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Connection failures to Hotmail domains

[frnkblk]

Finally has a chance to look at my logs … looking at error count over time (all 
U.S. Central) I see the following:

 

Server 1:

  1 25 12:3

  1 25 12:4

  4 25 13:1

 22 25 13:2

 22 25 13:3

 24 25 13:4

 31 25 13:5

 18 25 14:0

  8 25 14:1

 16 25 14:2

  5 25 14:3

 19 25 14:4

 15 25 14:5

 18 25 15:0

  7 25 15:1

  6 25 15:2

  4 25 15:3

 11 25 15:4

  2 25 15:5

  8 25 16:0

  9 25 16:1

  6 25 16:2

  7 25 16:3

  9 25 16:4

  6 25 16:5

  4 25 17:0

 

Server 2:

  2 25 12:4

  1 25 13:0

 14 25 13:1

 10 25 13:2

 24 25 13:3

 20 25 13:4

 11 25 13:5

 11 25 14:0

 19 25 14:1

 11 25 14:2

  9 25 14:3

 12 25 14:4

 14 25 14:5

  7 25 15:0

  8 25 15:1

 16 25 15:2

  8 25 15:3

 17 25 15:4

 17 25 15:5

  7 25 16:0

 12 25 16:1

 12 25 16:2

 27 25 16:3

 13 25 16:4

 18 25 16:5

  4 25 17:0

 

So it’s off its peak, but not resolved.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jaren Angerbauer
Sent: Wednesday, May 25, 2016 3:50 PM
To: Michael Wise 
Cc: mailop 
Subject: Re: [mailop] Connection failures to Hotmail domains

 

Thanks Mike.  If you can, any update you receive (and can disclose) would be 
greatly appreciated.




--Jaren

 

 

 

On Wed, May 25, 2016 at 2:29 PM, Michael Wise via mailop  > wrote:


Oh yeah, we're aware.
Hearing some reports that the issue may have been mitigated, but until I hear 
anything from Inside the House, can't really comment except to say ... PRI:0, 
being worked on as I type. But not by me, as I have no insight into the inner 
workings.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org 
 ] On Behalf Of Al Iverson
Sent: Wednesday, May 25, 2016 1:19 PM
To: mailop  >
Subject: Re: [mailop] Connection failures to Hotmail domains

You're not alone. It's quite widespread. Multiple folks have talked to 
Microsoft people about the issue, they are aware.

Regards,
Al

--
Al Iverson
https://na01.safelinks.protection.outlook.com/?url=www.aliverson.com 

 
=01%7c01%7cmichael.wise%40microsoft.com%7c0a5ec58b131c4c5a5f2708d384dad364%7c72f988bf86f141af91ab2d7cd011db47%7c1=aAsiNeE1mgSCmbWOUv3P%2b9YXhGHv2v45p1LBMnD%2bdJs%3d

(312)725-0130  


On Wed, May 25, 2016 at 3:08 PM, Keenan Tims  > wrote:
> I'm seeing 90+% of our connection attempts to the MXes for
> 'hotmail.com  ' and other Hotmail domains 
> (mx[1-4].hotmail.com  ) are
> either timing out (30s) or getting connection refused since ~11:00am
> PDT. Anyone else seeing this? I've tested from a few off-net points
> and am seeing the same. Mail is starting to pile up in our queues in
> quantity. Given the scale of what this appears to be I assume the team
> is already hard at work on it, but the lack of mention here concerns
> me, so sorry for the noise if this is too obvious for the list ;-).
>
> Our primary outbound relays are within 64.253.128.0/19 
>  
>
> Here are a couple representative logs:
>
> 2016-05-25T12:55:19.470647-07:00 skaro postfix/smtp[6486]: connect to
> mx1.hotmail.com  [65.55.37.104]:25: Connection timed 
> out
> 2016-05-25T12:55:49.504155-07:00 skaro postfix/smtp[6486]: connect to
> mx1.hotmail.com  [207.46.8.167]:25: Connection timed 
> out
> 2016-05-25T12:55:49.513775-07:00 skaro postfix/smtp[6486]: connect to
> mx2.hotmail.com  [65.55.33.119]:25: Connection refused
> 2016-05-25T12:56:19.550093-07:00 skaro postfix/smtp[6486]: connect to
> mx1.hotmail.com  [134.170.2.199]:25: Connection timed 
> out
> 2016-05-25T12:56:49.583216-07:00 skaro postfix/smtp[6486]: connect to
> mx1.hotmail.com  [65.54.188.110]:25: Connection timed 
> out
> 2016-05-25T12:56:49.585566-07:00 skaro postfix/smtp[6486]: 3F2D5FFC9B:
> to= >, relay=none, 
> delay=120,
> delays=0.17/0/120/0, dsn=4.4.1, status=deferred (connect to mx1.hotmail.com 
>  [65.54.188.110]:25:
> Connection timed out)
>
> 2016-05-25T12:59:32.971606-07:00 skaro postfix/smtp[5033]: connect to
> mx3.hotmail.com 

Re: [mailop] Humor of the day

[frnkblk]

FYI, we did see more delivery issues to 98.139.171.245 for other Yahoo! hosted 
email domains, with our email server logging:
(98.139.171.245) said in response to MAIL FROM (451 4.3.2 Internal 
error reading data)

I saw first one at 10:30 am and last one was 7:36 pm (U.S. Central), so it's 
possible that that it's not over.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of frnk...@iname.com
Sent: Tuesday, May 03, 2016 12:38 PM
To: mailop@mailop.org
Subject: [mailop] Humor of the day

When connecting to this email host 

telnet 98.139.171.245 25
Trying 98.139.171.245...
2016 May  3 12:17:20 10.18.120.197 BCMSDK - unit 0 L3_ENTRY_IPV6_UNICAST
entry 1487 parity error
2016 May  3 12:17:20 10.18.120.197 BCMSDK - Unit 0: mem:
2103=L3_ENTRY_IPV6_UNICAST blkoffset:9
2016 May  3 12:17:20 10.18.120.197 BCMSDK - Unit 0: CACHE_RESTORE:
L3_ENTRY_IPV6_UNICAST[2103] blk: ipipe0 index: 1487 : [0][0]
Connected to 98.139.171.245.
Escape character is '^]'.
220 mta1014.biz.mail.bf1.yahoo.com ESMTP ready
HELO node5.premieronline.net
250 mta1014.biz.mail.bf1.yahoo.com



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF check overly stringent?

[frnkblk]

Is this worth bringing up to the appropriate IETF group?  Perhaps it could be 
errata for RFC 7208 Section 5.4?

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Steve Atkins
Sent: Friday, April 29, 2016 12:18 PM
To: mailop 
Subject: Re: [mailop] SPF check overly stringent?


> On Apr 29, 2016, at 9:52 AM, Frank Bulk  wrote:
> 
> We're helping a customer (sigiowa.com) who's having issues sending emails to
> the USDA.  Our email server logs this:
>   Site usda.gov (2a01:111:f400:7c10::10) said after data sent: 450
> 4.7.26 Service does not accept messages sent over IPv6
> [2607:fe28:0:4000::20] unless they pass either SPF or DKIM validation
> (message not signed)
> 
> Just this morning I changed their SPF record from this:
>   "v=spf1 mx ip4:96.31.0.0/24 ip6:2607:fe28:0:1000::/64
> ip6:2607:fe28:0:4000::/64 ~all"
> to this:
>   "v=spf1 ip4:96.31.0.0/24 ip6:2607:fe28:0:4000::20
> ip6:2607:fe28:0:1000::/64 ip6:2607:fe28:0:4000::/64 ~all"
> 
> I added in ip6:2607:fe28:0:4000::20 because I'm wondering if the USDA's
> system doesn't properly identify the sending IP of 2607:fe28:0:4000::20 as
> part of 2607:fe28:0:4000::/64.  I also removed 'mx' because this tool
> (http://vamsoft.com/support/tools/spf-policy-tester) was failing on pulling
> the  for each of the domain's four MX records.  Try the vamsoft site
> with 2607:fe28:0:4000::20 and to see how sigiowa.com
> used to fail.

http://tools.wordtothewise.com/spf/check/premieronline.net

... looks fine to me.

> 
> Is Vamsoft's check too stringent?

More like "broken" - but I can see how RFC 7208 might make them think it's 
correct behaviour if they didn't think about real-world use of DNS.

>  Does it seriously matter that it can't
> find the  for the domain's four MX records?  Shouldn't an SPF check for
> the domain's MX records just look for an A or ?

Cheers,
  Steve



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF check overly stringent?

[frnkblk]

Thanks, I see same thing test right now, I’ll report it.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Kurt Andersen (b)
Sent: Friday, April 29, 2016 12:40 PM
To: Steve Atkins 
Cc: mailop 
Subject: Re: [mailop] SPF check overly stringent?

 

On Fri, Apr 29, 2016 at 10:33 AM, Kurt Andersen (b)  > wrote:

 

On Fri, Apr 29, 2016 at 10:17 AM, Steve Atkins  > wrote:


> On Apr 29, 2016, at 9:52 AM, Frank Bulk   > wrote:
>
>  I also removed 'mx' because this tool
> (http://vamsoft.com/support/tools/spf-policy-tester) was failing on pulling
> the  for each of the domain's four MX records.  Try the vamsoft site
> with 2607:fe28:0:4000::20 and to see how sigiowa.com  
> used to fail.
>
> Is Vamsoft's check too stringent?

More like "broken" - but I can see how RFC 7208 might make them think it's 
correct behaviour if they didn't think about real-world use of DNS.

>  Does it seriously matter that it can't
> find the  for the domain's four MX records?  Shouldn't an SPF check for
> the domain's MX records just look for an A or ?

 

Using Kitterman's test framework at http://www.kitterman.com/spf/validate.html 
it looks like it only tries the  lookups if the connecting IP is IPv6.  
With the python SPF library, it will mark the results as "ambiguous" if it 
stumbles on the MX method that doesn't authorize any IPv6 addresses. 

 

Checking with yet another online tester (http://tools.bevhost.com/spf/ - cited 
by openspf.org  ), it doesn't seem to handle IPv6 ranges 
properly, or misinterprets the void lookup failure as a softfail.

 

--Kurt 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF check overly stringent?

[frnkblk]

Steve,

Thanks for your feedback.

Seems that the Word to Wise SPF checking tool skips "2607:fe28:0:4000::20" when 
I check sigiowa.com.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Steve Atkins
Sent: Friday, April 29, 2016 12:18 PM
To: mailop 
Subject: Re: [mailop] SPF check overly stringent?


> On Apr 29, 2016, at 9:52 AM, Frank Bulk  wrote:
> 
> We're helping a customer (sigiowa.com) who's having issues sending emails to
> the USDA.  Our email server logs this:
>   Site usda.gov (2a01:111:f400:7c10::10) said after data sent: 450
> 4.7.26 Service does not accept messages sent over IPv6
> [2607:fe28:0:4000::20] unless they pass either SPF or DKIM validation
> (message not signed)
> 
> Just this morning I changed their SPF record from this:
>   "v=spf1 mx ip4:96.31.0.0/24 ip6:2607:fe28:0:1000::/64
> ip6:2607:fe28:0:4000::/64 ~all"
> to this:
>   "v=spf1 ip4:96.31.0.0/24 ip6:2607:fe28:0:4000::20
> ip6:2607:fe28:0:1000::/64 ip6:2607:fe28:0:4000::/64 ~all"
> 
> I added in ip6:2607:fe28:0:4000::20 because I'm wondering if the USDA's
> system doesn't properly identify the sending IP of 2607:fe28:0:4000::20 as
> part of 2607:fe28:0:4000::/64.  I also removed 'mx' because this tool
> (http://vamsoft.com/support/tools/spf-policy-tester) was failing on pulling
> the  for each of the domain's four MX records.  Try the vamsoft site
> with 2607:fe28:0:4000::20 and to see how sigiowa.com
> used to fail.

http://tools.wordtothewise.com/spf/check/premieronline.net

... looks fine to me.

> 
> Is Vamsoft's check too stringent?

More like "broken" - but I can see how RFC 7208 might make them think it's 
correct behaviour if they didn't think about real-world use of DNS.

>  Does it seriously matter that it can't
> find the  for the domain's four MX records?  Shouldn't an SPF check for
> the domain's MX records just look for an A or ?

Cheers,
  Steve



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Hotmail connection errors

[frnkblk]

We saw this in small part today, starting at 10:45 am (Central), and clearing 
up by 6:36 pm.  Our email server logged this;

399 TCP Read failed (Connection reset by peer after 32 seconds)

Across several MXes.

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tara Natanson
Sent: Wednesday, April 06, 2016 11:42 AM
To: mailop 
Subject: [mailop] Hotmail connection errors

 

Hello, 

 

For about the last hour we have seen a huge spike in connection errors and 
timeouts at Hotmail MXs.  They are holding connections open for a long time and 
then simply timing out.  Spread across entire netblock.  

 

Anyone else seeing similar? 

 

Tara Natanson 

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Email to hickorytech.net delayed

[frnkblk]

Since 9:11 pm (U.S. Central) we've been seeing our queue to hickortyech.net
(now owned by Consolidated Communications) backup with messages like this
logged on our email server:
Site (hickorytech.net/192.86.64.40) said: 451 4.3.0
: Temporary lookup failure
with IPs 192.86.64.40, .41, and .42

A small spurt delivered just after 1 am, but other than that, the messages
are getting deferred.

Anyone else seeing this, and know if Consolidated is aware?  I see no
indication on downdetector, twitter, or facebook. I believe IBM's Lotus Live
handles this for them.

Frank



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail red open padlock composing message

[frnkblk]

You can also try: https://sslanalyzer.comodoca.com/
Just append ":25" to the host.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tim Bray
Sent: Friday, April 01, 2016 3:58 AM
To: Kirk MacDonald ; mailop@mailop.org
Subject: Re: [mailop] Gmail red open padlock composing message

On 31/03/16 17:38, Kirk MacDonald wrote:
> With thanks to Google for pushing the cause, I implemented STARTTLS
> functionality on my org’s MX (as well as outbound SMTP with
> opportunistic STARTTLS).


Firstly - well done for doing it.   Everybody should be enabling TLS.

Did you test the install?

You have TLS, but there are some issues with your setup:

https://ssl-tools.net/mailservers/corp.eastlink.ca

So you need to disable the RC4 cipher.  Everybody suggests it is insecure.

Also you don't support the correct ciphers for Perfect Forward Secrecy.


I'm not sure whether this affects whether google shows the padlock or
not.  Best practice is to get it fixed.

I think ssl-tools.net is the best test for TLS mailservers.  You can
test your mail sending as well.


For webservers, use https://www.ssllabs.com/ssltest/ to test.  There is
also a tool to help make good configs at
https://mozilla.github.io/server-side-tls/ssl-config-generator/

What I've realised over the last year or so is that SSL/TLS isn't
something you can just fiddle with until it works.  If you want it
secure, across all browsers, it needs some work.

https://www.feistyduck.com/books/bulletproof-ssl-and-tls/  is an
excellent book.


Tim

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] TLS/SSL DROWN attack with respect to email servers

[frnkblk]

Now this isn’t email servers, but in terms of websites, ~9% of surveyed sites 
support it: https://www.trustworthyinternet.org/ssl-pulse/ 

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brandon Long via 
mailop
Sent: Wednesday, March 02, 2016 7:30 PM
To: Franck Martin 
Cc: Matthew Huff ; mailop@mailop.org
Subject: Re: [mailop] TLS/SSL DROWN attack with respect to email servers

 

I thought that POODLE required a specific type of fallback that tended to be 
browser specific (ie, prevent a tls connection, forcing the browser to fall 
back to a ssl3 connection), do any smtp servers actually do that?

 

looks like we're down to small enough ssl3 we could disable it, though.  Almost 
all of our ssl3 comes from badoo.com  , never heard of it.

 

Who hasn't already disabled ssl2?  I'm kind of shocked at their numbers.

 

Brandon

(not a security expert)

 

On Wed, Mar 2, 2016 at 4:09 PM, Franck Martin via mailop  > wrote:

Disable SSLv3 too, because of Poodle.

 

We will need to get rid of RC4, unfortunately this is the only cypher some old 
exchange machines understand. Also falling back to clear text from STARTTLS is 
more and more frowned upon.

 

On Wed, Mar 2, 2016 at 1:45 PM, Matthew Huff  > wrote:

If your mail server still is advertising SSLv2, you SSL private key may be 
vulnerable.

https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack

What's worse, if you are using a wildcard cert, then any other server that is 
using the same cert can be trivially decrypted even if that server is only 
using TLS1.2 and strong cyphers.

I know that there are a number of broken email servers that will bounce mail if 
TLS is negotiated but they can't negotiate older SSL  or weaker cyphers, but 
it's probably a good idea to either: 1) Disable TLS, or 2) Disable SSLv2


Matthew Huff | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC   | Phone: 914-460-4039  
aim: matthewbhuff| Fax:   914-694-5669  



___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

 


___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spike in "554 Transaction failed" from Microsoft properties

[frnkblk]

Thanks for the additional data points -- so it isn't just me.

What's nasty is that the messages are kicked back to the sender, not just 
delayed.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Frank Bulk
Sent: Friday, February 05, 2016 5:27 PM
To: mailop@mailop.org
Subject: [mailop] Spike in "554 Transaction failed" from Microsoft properties

Today we had an abnormal number of messages that failed to deliver to
Microsoft properties due to "554 Transaction failed".

We had 31 today, but only 6 over the previous 7 days.

Now some are email blasts from churches, so perhaps they are emailing
specific content, but I don't know what the "554 Transaction failed" means.

Frank

Here's a sanitized list from today:

 5 08:52:28.00 [104824074] Failed 
 18208 <000501d16024$d63bafa0$82b30ee0$@net> "Site
hotmail.com (207.46.8.167) said in response to MAIL FROM (554 Transaction
failed)"
 5 08:55:19.00 [104824142] Failed  
183286 <56B4B7C3.49.03428@GERRIT-PC> "Site msn.com (207.46.8.167) said
in response to MAIL FROM (554 Transaction failed)"
 5 09:07:09.00 [104825044] Failed  "[127.0.0.1]
Site hotmail.com (207.46.8.199) said in response to MAIL FROM (554
Transaction failed)"
 5 12:05:35.00 [104837331] Failed 
"[199.120.69.25] Site live.com (207.46.8.167) said in response to MAIL FROM
(554 Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 14:37:36.00 [104845849] Failed  "[127.0.0.1]
Site hotmail.com (65.55.33.135) said in response to MAIL FROM (554
Transaction failed)"
 5 15:22:22.00 [104848164] Failed  "[127.0.0.1] Site
hotmail.com (207.46.8.167) said in response to MAIL FROM (554 Transaction
failed)"
 5 15:22:22.00 [104848164] Failed  "[127.0.0.1] Site
hotmail.com (207.46.8.167) said in response to MAIL FROM (554 Transaction
failed)"
 5 15:22:22.00 [104848164] Failed  "[127.0.0.1] Site
hotmail.com (207.46.8.167) said in response to MAIL FROM (554 Transaction
failed)"
 5 16:05:03.00 [104849737] Failed 
 14868
<002e01d16061$42762bf0$c76283d0$@siebrechtcpas.com> "Site hotmail.com
(207.46.8.167) said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM (554 Transaction failed)"
 5 16:36:01.00 [104850620] Failed  
30429  "Site msn.com (207.46.8.167)
said in response to MAIL FROM 

[mailop] Yahoo issues this evening?

[frnkblk]

We saw some of this in our logs tonight:

Site yahoo.com (98.136.217.203) said in response to MAIL FROM (451 4.3.2
Internal error reading data)
Site yahoo.com (66.196.118.36) said in response to MAIL FROM (451 4.3.2
Internal error reading data)
Site yahoo.com (66.196.118.37) said in response to MAIL FROM (451 4.3.2
Internal error reading data)
Site yahoo.com (63.250.192.46) said in response to MAIL FROM (451 4.3.2
Internal error reading data)
Site yahoo.com (98.138.112.35) said in response to MAIL FROM (451 4.3.2
Internal error reading data)
Site yahoo.com (98.138.112.38) said in response to MAIL FROM (451 4.3.2
Internal error reading data)

Started around 8:15 pm (Central) in earnest.

Anyone else see this?

Frank


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] crippling gmail rate limit

[frnkblk]

I'd recommend that rather than forward messages to Google that you have
those Google accounts POP the messages from smokva.net.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Petar
Bogdanovic
Sent: Thursday, December 10, 2015 9:44 AM
To: mailop@mailop.org
Subject: [mailop] crippling gmail rate limit

Hi,

On the 6. of december, all google MTAs started rate limiting deliveries
from our MTA (dig mx smokva.net) to gmail- and gapps for work users:

Our system has detected an unusual rate of unsolicited mail
originating from your IP address. To protect our users from spam,
mail sent from your IP address has been temporarily rate limited.
Please visit https://support.google.com/mail/answer/81126 to review
our Bulk Email Senders Guidelines.

The sending domain in question hosts a handful of users, most of them
forwarding all their messages to gmail.  During the past 7 days, this
domain has successfully delivered 45 messages to google MTAs.

Based on the envelope sender addresses it is very likely that the vast
mojority these messages were ham.


I contacted google through their on-line form but am not holding my
breath.  The queue is still growing and the first queued messages are
approaching max. queue lifetime (5d).

Any ideas are welcome.

A few technical details:  The sending MTA, when forwarding, used to
rewrite envelope senders (because that's what seemed reasonable in an
SPF world) but I have disabled that practice based on google's own
recommendations.  Outgoing messages are not DKIM signed, the MTA's IP
is listed in dnswl (which is a whitelist) and absent in any public
blacklist.


Thanks,

Petar Bogdanovic


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Email backed up to cableone.net

[frnkblk]

I'm pleasantly surprised -- the CableOne NOC responded in less than ten
minutes, acknowledging the issue and indicating they have already contacted
their vendor.  From the response, it appears that intra-domain email is
working for their customers.

Frank

-Original Message-
From: Frank Bulk (frnk...@iname.com) [mailto:frnk...@iname.com] 
Sent: Tuesday, November 24, 2015 8:43 PM
To: 'mailop@mailop.org' (mailop@mailop.org) 
Subject: Email backed up to cableone.net

Anyone else seeing email backed up to cableone.net? 

We're seeing "421 4.3.4 allocated resources exceeded".

Regards,

Frank


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Hotmail/Microsoft Contact Available?

[frnkblk]

We alias all the abuse addresses for the domains we host to our ISP abuse 
account ... we get very little spam.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Matthew Newton
Sent: Tuesday, September 15, 2015 7:27 AM
To: David Hofstee 
Cc: mailop@mailop.org
Subject: Re: [mailop] Hotmail/Microsoft Contact Available?

On Tue, Sep 15, 2015 at 09:49:50AM +0200, David Hofstee wrote:
> I’m not sure why you cannot have an autoresponder behind the
> abuse@/postmaster@ with a link in it, to a ticket, containing
> the info sent in the first place. See abuse.io for example.

I got ~2,000 spam mails to our abuse address in the last three
months - so about 8,000 a year. I get about one legitimate mail per year.

I'm sure that doesn't easily scale when you get to the size of the
big mail providers, especially as you're more likely to get spam
to that address in the first place.

> The rest is just ‘resistance’ in being able to solve issues.

I am not saying I agree with not having a proper abuse@ address, I
just understand why they might be reluctant to. They certainly
shouldn't feed it into a system that blindly responds to what is
usually going to be a forged sender.

But if you're big enough to host millions of mailboxes, you should
also be responsible enough to have staff to run all aspects of the
system, which includes standard ways of reporting problems such as
abuse@.

Matthew


-- 
Matthew Newton, Ph.D. 

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, 

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

[mailop] FW: [outages] gmail delay

[frnkblk]

FYI

 

From: Outages [mailto:outages-boun...@outages.org] On Behalf Of Grant Ridder 
via Outages
Sent: Tuesday, June 09, 2015 2:09 PM
To: outa...@outages.org
Subject: [outages] gmail delay

 



6/9/15, 11:33 AM

We're investigating reports of an issue with Gmail. We will provide more 
information shortly.
Users will notice email delivery delays affecting both inbound and outbound 
messages.

 

http://www.google.com/appsstatus#hl=en 
http://www.google.com/appsstatus#hl=env=issuesid=1iid=3b91c66f543f19c5bbca670b3d918d7f
 v=issuesid=1iid=3b91c66f543f19c5bbca670b3d918d7f

 

-Grant

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop