Re: [mailop] Strange mail delivery from microsoft
It appears that Klaus Ethgen via mailop said: >Well, it is for a reason. Microsoft is one of the most prominent spam >sender. I don't want that they try to deliver mar...@ethgen.ch or >k...@ethgen.ch, they do not exist as well as all that other spammers. Well, yeah, they send me almost as much spam as Gmail does. I'm not sure what point you are making. I hope you are aware that MS, like Google, provides mail hosting for vast numbers of companies. There is way more mail coming from MS servers than hotmail.com or outlook.com, just like there is way more coming from Gmail than from gmail.com. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Strange mail delivery from microsoft
Am Di den 20. Jun 2023 um 3:21 schrieb Ángel via mailop: > I blame them by using a big amount of IPs to deliver mails even for > > the same mail and for giving a host for malicious hosts that try to > > get spam out. I blame them also for doing connections that are > > absolute not needed and a wast of bandwidth. > > Microsoft spreading their connection attempts through a large amount of > IP addresses seems precisely suited for someone limiting the number of > connections/mails by IP, as you are doing. Well, it is for a reason. Microsoft is one of the most prominent spam sender. I don't want that they try to deliver mar...@ethgen.ch or k...@ethgen.ch, they do not exist as well as all that other spammers. Unfortunately there are few people still have their main mail on hotmail. Otherwise I would block them completely as I do with digitalocean. > > Moreover, the mail server is a low trafic server so 10/hour should be > > ok for the most delivery systems. > > I get 2-4 mails from 40.92.* **per day** I even less. But have major connections from them trying to deliver spam. Gruß Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C signature.asc Description: PGP signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Strange mail delivery from microsoft
On 2023-06-19 at 07:01 +0100, Klaus Ethgen wrote: > Am Mo den 19. Jun 2023 um 6:33 schrieb Hans-Martin Mosner: > > I'm inclined to repeat what I said before: If your setup breaks > > mail consistently, it's likely your setup that's to blame. Others > > seem to be able > > to receive Outlook mail just fine. Microsoft didn't ask you to > > implement an arbitrary connection rate limit, > > Well, they do some kind. They host attacking hosts. As mentioned before, I don't think they are using for hosting third- party servers. They may host mailboxes for malicious customers, though. I blame them by using a big amount of IPs to deliver mails even for > the same mail and for giving a host for malicious hosts that try to > get spam out. I blame them also for doing connections that are > absolute not needed and a wast of bandwidth. Microsoft spreading their connection attempts through a large amount of IP addresses seems precisely suited for someone limiting the number of connections/mails by IP, as you are doing. > Moreover, the mail server is a low trafic server so 10/hour should be > ok for the most delivery systems. I get 2-4 mails from 40.92.* **per day** From spam mailboxes, though. Interestingly, I don't see those in the msbl Regards ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Strange mail delivery from microsoft
Am Mo den 19. Jun 2023 um 6:33 schrieb Hans-Martin Mosner via mailop: > I'm inclined to repeat what I said before: If your setup breaks mail > consistently, it's likely your setup that's to blame. Others seem to be able > to receive Outlook mail just fine. Microsoft didn't ask you to implement an > arbitrary connection rate limit, Well, they do some kind. They host attacking hosts. Moreover, the mail server is a low trafic server so 10/hour should be ok for the most delivery systems. > blaming them for your inability to receive > mails from their customers isn't really appropriate. There are enough actual > faults Microsoft can be blamed for :-) I blame them by using a big amount of IPs to deliver mails even for the same mail and for giving a host for malicious hosts that try to get spam out. I blame them also for doing connections that are absolute not needed and a wast of bandwidth. Gruß Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C signature.asc Description: PGP signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Strange mail delivery from microsoft
Am 19.06.23 um 06:36 schrieb Klaus Ethgen via mailop: I have some update.. Greylisting was not the problem I had/have with microsoft. Your original mail sounded a little different. However, upon re-reading it is possible that you activated greylisting in response to the previous perceived attacks (this might be a foreign language subtleties issue, we both don't have english as our primary language). Due to ongoing attacks (especially also from big clouds like microsoft) I have a limit of 10 connections per IP and hour. That seems not enough for microsoft to deliver 1 or 2 mails per days relyable. Ok, so you're doing something that you didn't mention before. 10 connections per IP and hour is a bad idea if you want to receive mail. What a shity provider! I'm inclined to repeat what I said before: If your setup breaks mail consistently, it's likely your setup that's to blame. Others seem to be able to receive Outlook mail just fine. Microsoft didn't ask you to implement an arbitrary connection rate limit, blaming them for your inability to receive mails from their customers isn't really appropriate. There are enough actual faults Microsoft can be blamed for :-) Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Strange mail delivery from microsoft
I have some update.. Greylisting was not the problem I had/have with microsoft. Due to ongoing attacks (especially also from big clouds like microsoft) I have a limit of 10 connections per IP and hour. That seems not enough for microsoft to deliver 1 or 2 mails per days relyable. What a shity provider! Gruß Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C signature.asc Description: PGP signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Strange mail delivery from microsoft
On 2023-06-18 at 17:53 +0100, Klaus Ethgen wrote: > Hi, > > I have tighten my firewall a bit and seen many attacks from Microsoft > (40.92.0.0/16). They contact once from a IP and then never again. If I > greylist them, the will try to deliver from a different address which > gets greylisted again and so on. hotmail.com claims it delivers email from the whole 40.92.0.0/15: > spf.protection.outlook.com. 600 IN TXT "v=spf1 ip4:40.92.0.0/15... which seems completely overkill (maybe they want to keep the ability to serve a customer per ip?), specially since they also use many other ranges (full list below) but if they used that address space for anything other than their own email hosts they would be giving a free spf pass for those, so anything from there must be coming from their "official" MTAs. In which case, I don't think it makes much sense to graylist them. Regards $ spfwalk hotmail.com | sort -n 2a01:111:f400::/48 2a01:111:f403::/49 2a01:111:f403:8000::/50 2a01:111:f403:c000::/51 2a01:111:f403:f000::/52 40.107.0.0/16 40.92.0.0/15 52.100.0.0/14 65.54.121.120/29 65.54.190.0/24 65.54.241.0/24 65.54.51.64/26 65.54.61.64/26 65.55.111.0/24 65.55.113.64/26 65.55.116.0/25 65.55.126.0/25 65.55.174.0/25 65.55.178.128/27 65.55.234.192/26 65.55.238.129/26 65.55.238.129/26 65.55.33.64/28 65.55.34.0/24 65.55.52.224/27 65.55.78.128/25 65.55.81.48/28 65.55.90.0/24 65.55.94.0/25 70.37.151.128/25 94.245.112.0/27 94.245.112.10/31 104.47.0.0/17 111.221.112.0/21 111.221.23.128/25 111.221.26.0/27 111.221.66.0/25 111.221.69.128/25 157.55.0.192/26 157.55.11.0/25 157.55.1.128/26 157.55.157.128/25 157.55.2.0/25 157.55.225.0/25 157.55.49.0/25 157.55.61.0/24 157.55.9.128/25 157.56.232.0/21 157.56.240.0/20 157.56.24.0/25 157.56.248.0/21 207.46.116.128/29 207.46.117.0/24 207.46.132.128/27 207.46.198.0/25 207.46.200.0/27 207.46.4.128/25 207.46.50.192/26 207.46.50.224 207.46.58.128/25 207.68.169.173/30 207.68.176.0/26 207.68.176.96/27 213.199.161.128/27 213.199.177.0/26 ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Strange mail delivery from microsoft
Dnia 18.06.2023 o godz. 19:30:26 Hans-Martin Mosner via mailop pisze: > > Greylisting is something that only makes sense when dealing with > very braindead ratware on hijacked home network connections. That's exactly what greylisting is supposed to do. That "very braindead ratware" once (when greylisting was invented) accounted for huge percentage of spam. Now *maybe* it's not the case anymore, so *maybe* greylisting is not so important. I deliberately say "maybe" - I'm not sure... As for OP's original question, just exclude the IP range of these Microsoft servers (or domain, if they have a common rDNS domain) from greylisting. Most greylisting software should be able to do that. It needs to be done with various other services that retry from different IP as well. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Strange mail delivery from microsoft
Klaus Ethgen via mailop skrev den 2023-06-18 18:53: I have tighten my firewall a bit and seen many attacks from Microsoft (40.92.0.0/16). They contact once from a IP and then never again. If I greylist them, the will try to deliver from a different address which gets greylisted again and so on. use greylist /32 for ipv4, and /64 for ipv6, with microsoft there is no ipv6 senders maybe change greylist time to one single hour aswell, so urls is listed at accept time Could you please tell me how to handle that broken mail delivery? It triggers all, my mailserver attack filter as well as greylisting. change greylist to /32 for ipv4, i cant think of a better way to help microsoft servers :) Unfortunately I have some contacts on hotmail. Otherwise I would not care about. not news for me ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Strange mail delivery from microsoft
Am 18.06.23 um 18:53 schrieb Klaus Ethgen via mailop: Hi, I have tighten my firewall a bit and seen many attacks from Microsoft (40.92.0.0/16). Attacks or mail delivery attempts? They contact once from a IP and then never again. If I greylist them, the will try to deliver from a different address which gets greylisted again and so on. How do you reject them? Using a 4xx temp error? Or some other mechanism, such as closing the connection prematurely? If you do it in the firewall, it might do something else than a normal greylisting mailserver would. Microsoft's outgoing mailservers might try to distinguish between greylisting hosts and unreachable hosts, preferring to retry from a completely different IP when hosts are unreachable, under the assumption that it might be a routing issue. Could you please tell me how to handle that broken mail delivery? It triggers all, my mailserver attack filter as well as greylisting. If it consistently breaks valid mail, it's probably your side that's broken :-) Greylisting is something that only makes sense when dealing with very braindead ratware on hijacked home network connections. Any real outgoing MX, whether operated by legitimate organizations or by spammers, will retry and thus defeat the intent of greylisting. I would just drop greylisting from the list of effective anti-spam measures. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Strange mail delivery from microsoft
Hi, I have tighten my firewall a bit and seen many attacks from Microsoft (40.92.0.0/16). They contact once from a IP and then never again. If I greylist them, the will try to deliver from a different address which gets greylisted again and so on. Could you please tell me how to handle that broken mail delivery? It triggers all, my mailserver attack filter as well as greylisting. Unfortunately I have some contacts on hotmail. Otherwise I would not care about. Regards Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C signature.asc Description: PGP signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
