Re: [mailop] Cyren status regularly flapping back to Suspicious

2021-07-08 Thread Florian Effenberger via mailop

Hello,

Alessandro Vesely via mailop wrote on 07.07.21 at 13:27:

So it's IPv4.  Talos[*] reports low email activity on it.  Do you send 
out DMARC reports and similar stuff?  I found that doing so increases my 
footprint and hence stabilizes reputation, albeit some point out that 
reports can be classified as spam...


indeed, the activity on the various IPs of mine is not that high. It's a 
bit higher on some, but in any case I'm not one of the big players with 
a large mail volume. :-)


I don't send out DMARC reports (yet), but the quality of the traffic 
should be good, i.e. the bounce ratio rather low. All are individual 
mailboxes from the educational sector, no newsletters or the like.


Luckily, thanks to this list, a kind person from Cyren poked me directly 
(thanks so much!) and in parallel, the recipient was excluding these IPs 
from their Cyren checking, so my current case at hand seems solved for 
the moment.


I'm trying to understand if the Cyren behaviour is expected and the 
recipient is just wrongly blocking the yellow IPs, or if actually the 
flapping back is due to "spammy neighbours" and can be mitigated. I'll 
report back if I have more insight.


That being said - thanks indeed, I appreciate how helpful and 
cooperative this list has been to me so far, although I'm fairly new here!


Florian
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


Re: [mailop] Cyren status regularly flapping back to Suspicious

2021-07-07 Thread Alessandro Vesely via mailop

On Tue 06/Jul/2021 20:28:16 +0200 Florian Effenberger via mailop wrote:

Alessandro Vesely via mailop wrote on 06.07.21 at 18:38:

I tried https://www.cyren.com/security-center/cyren-ip-reputation-check-gate 
and it says "No Risk" for 188.34.176.133 and "Please enter a valid IP" for 
2a01:4f8:c010:587c::1.  Is it the latter the one that gives you problems?


The IPv4 is one of the several IPs affected, indeed. I unblocked it again last 
week, but it likely will switch back after a while. Not sure if CYREN supports 
IPv6 - but the recipient's MX doesn't in any case, so it's not a workaround to 
deliver the mails either.



So it's IPv4.  Talos[*] reports low email activity on it.  Do you send out 
DMARC reports and similar stuff?  I found that doing so increases my footprint 
and hence stabilizes reputation, albeit some point out that reports can be 
classified as spam...


Best
Ale
--

[*] https://talosintelligence.com/reputation_center/lookup?search=188.34.176.133











___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


Re: [mailop] Cyren status regularly flapping back to Suspicious

2021-07-06 Thread Florian Effenberger via mailop

Hello,

thanks for the replies!

John Levine via mailop wrote on 05.07.21 at 18:59:


I believe the recipient's mail system is misconfigured.  If Cyren tags an IP
as yellow, they should soft fail with 450 so it can retry later.


That could be indeed helpful. I was reaching out to their postmaster 
already (recipient is a larger German city) to see if they can do 
something - a greylisting would be "fine", but the hard reject is an issue.


Alessandro Vesely via mailop wrote on 06.07.21 at 18:38:


I tried https://www.cyren.com/security-center/cyren-ip-reputation-check-gate and it says "No 
Risk" for 188.34.176.133 and "Please enter a valid IP" for 2a01:4f8:c010:587c::1.  
Is it the latter the one that gives you problems?


The IPv4 is one of the several IPs affected, indeed. I unblocked it 
again last week, but it likely will switch back after a while. Not sure 
if CYREN supports IPv6 - but the recipient's MX doesn't in any case, so 
it's not a workaround to deliver the mails either.


Florian
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


Re: [mailop] Cyren status regularly flapping back to Suspicious

2021-07-06 Thread Alessandro Vesely via mailop

On Mon 05/Jul/2021 14:45:30 +0200 Florian Effenberger via mailop wrote:


Their website lists the IP as yellow ("Suspicious"), with an explanation of 
"The IP has only recently started sending mails, and therefore still has an 
Unknown reputation".



I tried https://www.cyren.com/security-center/cyren-ip-reputation-check-gate 
and it says "No Risk" for 188.34.176.133 and "Please enter a valid IP" for 
2a01:4f8:c010:587c::1.  Is it the latter the one that gives you problems?



Best
Ale
--








___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


Re: [mailop] Cyren status regularly flapping back to Suspicious

2021-07-05 Thread John Levine via mailop
It appears that Florian Effenberger via mailop  said:
>Hello,
>
>I have some issues with the Cyren blocklist - one recipient's server is 
>bouncing mails back with
>
>550-5.7.1 This email was rejected because it violates our security policy
>550 5.7.1 CYREN IP reputation determined a medium risk associated with
>the sender address X.X.X.X. (in reply to DATA command)
>
>Their website lists the IP as yellow ("Suspicious"), with an explanation 
>of "The IP has only recently started sending mails, and therefore still 
>has an Unknown reputation".

I believe the recipient's mail system is misconfigured.  If Cyren tags an IP
as yellow, they should soft fail with 450 so it can retry later.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


Re: [mailop] Cyren status regularly flapping back to Suspicious

2021-07-05 Thread Renaud Allard via mailop



On 05/07/2021 14:45, Florian Effenberger via mailop wrote:

Hello,

I have some issues with the Cyren blocklist - one recipient's server is 
bouncing mails back with


550-5.7.1 This email was rejected because it violates our security policy
550 5.7.1 CYREN IP reputation determined a medium risk associated with
the sender address X.X.X.X. (in reply to DATA command)

Their website lists the IP as yellow ("Suspicious"), with an explanation 
of "The IP has only recently started sending mails, and therefore still 
has an Unknown reputation".




I am also getting the same thing, it seems I never get a reputation, 
while also being on many whitelists and being blacklisted nowhere. 
However, my mails are not being rejected but greylisted. So I am also 
interested in knowing how to get on their reputation list.




smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


[mailop] Cyren status regularly flapping back to Suspicious

2021-07-05 Thread Florian Effenberger via mailop

Hello,

I have some issues with the Cyren blocklist - one recipient's server is 
bouncing mails back with


550-5.7.1 This email was rejected because it violates our security policy
550 5.7.1 CYREN IP reputation determined a medium risk associated with
the sender address X.X.X.X. (in reply to DATA command)

Their website lists the IP as yellow ("Suspicious"), with an explanation 
of "The IP has only recently started sending mails, and therefore still 
has an Unknown reputation".


Unblocking on their website works like a charm and is effective within 
minutes. The status turns green ("No Risk"), with an explanation of 
"This IP address has not been used for sending Spam".


Some time ago, usually 2-3 weeks later, the status however flaps back to 
"Unknown", effectively blocking mails again. I then unblock again, just 
to get blocked again 2-3 weeks later.


I'd say the mail server is configured properly - PTR, A, , SPF, 
DKIM, DMARC all in place. Active DNSWL (!) listing, and no other 
listings anywhere. postmaster@ and abuse@ are reachable.


I have this effect on a few machines (mine and also colleagues under a 
different domain, but same hoster), including some without any outgoing 
mails, and one box where I'm the only user currently. Given the IP is 
from a big provider's netblock, I tend to assume that actually too few 
mail samples are with Cyren, and they therefore block again. Chicken and 
egg problem in the end, if I can't send mails, they can't get good 
samples...


Anyone has experiences with this, any way to contact them?

Thanks a lot,
Florian
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop