subject:"\[mailop\] \[EXTERNAL\] Re\: Strange mail delivery from microsoft"

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

2023-06-20 Thread John Levine via mailop

It appears that Mike Hillyer via mailop  said:
>There is nothing broken about it, any large-scale sending environment has 
>pools of IP addresses for deliveries, and when a message comes
>out of the delayed queue it is typically loaded back into the pool, where it 
>is randomly assigned to an IP for its delivery attempt.

Right.  In my greylister I accept any retry from the same /24 which seems to 
work well enough.

Anyone who expects retries from the identical IP doesn't have a very
clear idea about how large mail systems work.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

2023-06-20 Thread Benny Pedersen via mailop


Jay Hennigan via mailop skrev den 2023-06-20 17:46:

On 6/19/23 13:55, Michael Wise via mailop wrote:
If you're using GreyListing, know that a given email will not be 
coming from the same IP address twice.


The outgoing IP address is randomized for ... reasons.


Because if you reuse the same IP address, your legs will sink through
the snow past your knees?


later users will create a iglo :)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

2023-06-20 Thread Jay Hennigan via mailop


On 6/19/23 13:55, Michael Wise via mailop wrote:
If you're using GreyListing, know that a given email will not be coming 
from the same IP address twice.


The outgoing IP address is randomized for ... reasons.


Because if you reuse the same IP address, your legs will sink through 
the snow past your knees?


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

2023-06-20 Thread Michael Rathbun via mailop

On Tue, 20 Jun 2023 10:26:22 -0400, Bill Cole via mailop 
wrote:

>> That is absolutely ignorant to tell the people that you do mail in a
>> broken way and tell them it is for a reason, you don't want to tell.
>
>Sharing an outbound queue amongst many different machines is not 
>"broken" in any way. There may or may not be rock-solid simple 
>explanations for *WHY* that approach was chosen, but it is entirely a 
>local issue of purely local concern. There is no RFC asserting that 
>retries after a transient rejection should come from the same cliuent 
>IP.

One rock-solid simple explanation is that, for a multi-IP sending instance,
random IP selection in the routing rule delivers more reliably than binding a
particular message to the VMTA that first attempted to send it.  Sometimes
quirky things happen, and we will see that the customer delivers to Y! or
Hotmail et al. on three of their four IPs without incident, and sees zero
complaints and an open rate varying between 35% and 55%.  The remaining IP
enjoys complete blockage for $REASONS.

The brokenness is introduced by giving a false response at the first knock.

mdr
-- 
 "There are no laws here, only agreements."  
-- Masahiko

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

2023-06-20 Thread Mike Hillyer via mailop

There is nothing broken about it, any large-scale sending environment has pools 
of IP addresses for deliveries, and when a message comes out of the delayed 
queue it is typically loaded back into the pool, where it is randomly assigned 
to an IP for its delivery attempt.

The only time you should be seeing the same IP from a large-scale sending 
environment is if the tenant is using a single dedicated IP. If that tenant has 
multiple dedicated IPs, they will likely be used in a pool again.

And biggest spam provider? The reason most global statistics are done on a 
per-capita basis is because otherwise a large country like China would be the 
top in every category. What matters is what percentage of the population is in 
a certain demographic, so of course Microsoft has a non-trivial amount of 
malicious messages, they send an extremely large amount of mail. The more 
important question is what percentage of it is spam, and what they are doing 
about it.

Microsoft isn't some deceptive organization with a target market of spammers, 
it's a collection of people acting in good faith and doing their best to deal 
with a significant challenge, show a little empathy rather than treat them like 
the spam reaching your network is some kind of malicious plot.

Mike

-Original Message-
From: mailop  On Behalf Of Klaus Ethgen via mailop
Sent: Tuesday, June 20, 2023 2:45 AM
To: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

Am Mo den 19. Jun 2023 um 21:55 schrieb Michael Wise via mailop:
> If you're using GreyListing, know that a given email will not be coming from 
> the same IP address twice.
> 
> The outgoing IP address is randomized for ... reasons.

I substitute "no".

That is absolutely ignorant to tell the people that you do mail in a broken way 
and tell them it is for a reason, you don't want to tell.

On the same time being one of the biggest spam provider.

Gruß
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

2023-06-20 Thread Bill Cole via mailop


On 2023-06-20 at 02:45:04 UTC-0400 (Tue, 20 Jun 2023 07:45:04 +0100)
Klaus Ethgen via mailop 
is rumored to have said:


Am Mo den 19. Jun 2023 um 21:55 schrieb Michael Wise via mailop:
If you're using GreyListing, know that a given email will not be 
coming from the same IP address twice.


The outgoing IP address is randomized for ... reasons.


I substitute "no".

That is absolutely ignorant to tell the people that you do mail in a
broken way and tell them it is for a reason, you don't want to tell.


Sharing an outbound queue amongst many different machines is not 
"broken" in any way. There may or may not be rock-solid simple 
explanations for *WHY* that approach was chosen, but it is entirely a 
local issue of purely local concern. There is no RFC asserting that 
retries after a transient rejection should come from the same cliuent 
IP.


Greylisting, in contrast, is designed as breakage. It is breakage that 
is handled well by the most common behaviors of small to medium sized 
sending systems, but those behaviors are purely a matter of convenience. 
Greylisting is an intrinsically heuristic practice, because you need to 
adapt it to what works rather than having some standard spec that you 
can count on interoperating.



On the same time being one of the biggest spam provider.


Which is a direct consequence of what they've done to become the biggest 
commercial mailbox provider.


Microsoft has no history of doing what non-paying non-customers think 
they should do, especially if it possible for them to perceive such 
deadbeats to be competitors. If you run a mail server, Microsoft will at 
some point treat you as a competitor rather than as a partner. Do not 
expect anything else.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

2023-06-20 Thread Klaus Ethgen via mailop

Am Mo den 19. Jun 2023 um 21:55 schrieb Michael Wise via mailop:
> If you're using GreyListing, know that a given email will not be coming from 
> the same IP address twice.
> 
> The outgoing IP address is randomized for ... reasons.

I substitute "no".

That is absolutely ignorant to tell the people that you do mail in a
broken way and tell them it is for a reason, you don't want to tell.

On the same time being one of the biggest spam provider.

Gruß
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

2023-06-19 Thread Michael Rathbun via mailop

On Mon, 19 Jun 2023 20:55:19 +, Michael Wise via mailop
 wrote:

>If you're using GreyListing, know that a given email will not be coming from 
>the same IP address twice.
>
>The outgoing IP address is randomized for ... reasons.

Most of our customers will look the same.  We don't got to show you no
stinkin'reasons.  Although, depending upon the number of IPs, and the requeue
backoff, it might happen more than once.

mdr
-- 
 "There are no laws here, only agreements."  
-- Masahiko

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

2023-06-19 Thread Michael Wise via mailop



If you're using GreyListing, know that a given email will not be coming from 
the same IP address twice.

The outgoing IP address is randomized for ... reasons.



This is the same for both our Enterprise as well as Consumer offerings.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Benny Pedersen via mailop
Sent: Sunday, June 18, 2023 11:06 AM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Strange mail delivery from microsoft



Klaus Ethgen via mailop skrev den 2023-06-18 18:53:

> I have tighten my firewall a bit and seen many attacks from Microsoft

> (40.92.0.0/16). They contact once from a IP and then never again. If I

> greylist them, the will try to deliver from a different address which

> gets greylisted again and so on.



use greylist /32 for ipv4, and /64 for ipv6, with microsoft there is no

ipv6 senders



maybe change greylist time to one single hour aswell, so urls is listed

at accept time



> Could you please tell me how to handle that broken mail delivery? It

> triggers all, my mailserver attack filter as well as greylisting.



change greylist to /32 for ipv4, i cant think of a better way to help

microsoft servers :)



> Unfortunately I have some contacts on hotmail. Otherwise I would not

> care about.



not news for me



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailop=05%7C01%7Cmichael.wise%40microsoft.com%7C376b1a41f51d4eb788c308db70270b0b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638227085351365846%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=wERsfUyDMpMUUp2hBUv3MTcb2ekXd9xj5RK8ZGsBeJo%3D=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

9 matches

Site Navigation

Mail list logo

Footer information