Hello Chris
On 2019-03-29 at 19:03 -0500, Chris Boyd wrote:
> The other odd thing is that primary.us.email.fireeyecloud.com is not listed
> as an MX for the receiving domain.
Knowing Fireeye products and given the hostname, seems a cloud instance
of a Fireeye solution for filtering malicious emails.
Their MTA will pass it to that service for eg. executing the attachments
on a sandbox, before it goes back to the mail store.
> Had an odd transient bounce from an email server that’s used for a small
> consulting company. The email server is low volume, and hosted on AWS. Bounce
> message is:
>
> host primary.us.email.fireeyecloud.com[165.254.91.98]
> said: 550 5.5.4 ETP212 Your DNS .com is listed by Newexist. -
We had the same error message (only from a different geo subdomain)
briefly on February.
It said that the outgoing MTA was "listed by Newexist", whose name seems
to suggest it was a blacklist for new domains. However, neither the MTA
dns (the listed one), nor other domains in the mail headers or smtp
envelope were new.
The affected messages were completely alike many others sent daily to
those recipients. And when we reported the error to the company
(expecting that same bounce), it was already gone.
Making a wild guess, I imagine that it is an internal dnsbl which, in
the unlikely case that there is a timeout during the check, incorrectly
fails closed, incorrectly flagging the entry as listed.
Like Chris, I would find nice to have more data if anyone knows more
about Newexist.
Best regards
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
