[mailop] Admin: Thread end - SORBS help

All, This thread is getting a little abrasive and appears to just be the same arguments about DNSBLs in general and SORBS in particular that have been going on for many years. If fact, It would appear that we are coming up on the 20th anniversary of RBLs: http://sunsite.uakom.sk/sunworldon

Re: [mailop] AOL FBL

We thought about this but most of those are automated on the recip side and would be parsed and forgotten. Thanks. Lili > On Jan 9, 2017, at 9:48 PM, Rich Kulawiec wrote: > >> On Mon, Jan 09, 2017 at 03:18:06PM -0500, Lili Crowley via mailop wrote: >> This went live on the blog a couple of mont

Re: [mailop] AOL FBL

On Mon, Jan 09, 2017 at 03:18:06PM -0500, Lili Crowley via mailop wrote: > This went live on the blog a couple of months ago. Just in case, here it is > below. I suggest that you send this out to all of the registered feedback loop addresses, since (a) not everyone reads your blog and (b) not ever

Re: [mailop] Trying to work out cause of "Certificate rejected over TLS. (unknown protocol)" error

> I'm thinking that perhaps your cert is using SHA-(256|512) and > something better than 3DES for HMAC, and therefore the remote servers > are unable to work with the certificate as they don't have access to > the required crypto. I sincerely hope this is not the case, but > perhaps you can test th

Re: [mailop] Trying to work out cause of "Certificate rejected over TLS. (unknown protocol)" error

This error seems similar to one we observed earlier in an unrelated application. Long story short, one of our customers' SSL library was rejecting our certificates with vague certificate errors. The culprit was that the client SSL library was configured to honor the historic export restric

Re: [mailop] Trying to work out cause of "Certificate rejected over TLS. (unknown protocol)" error

> You may want to use this tool on your mail server(so it picks up the > same openssl version) to check what cyphers the mil server accepts: > https://testssl.sh/ I'm not sure how this would help. The problem occurs with them trying to send mail to us. I know what ciphers we offer, what I don't

[mailop] AOL FBL

This went live on the blog a couple of months ago. Just in case, here it is below. *If you are keying off our current address, that will be changing*. In order for AOL to begin to DKIM sign the Feedback Loop (FBL) mail that AOL sends to registered recipients, we need to change the sender name on

Re: [mailop] SORBS help

Vick Khera wrote: On Sat, Jan 7, 2017 at 7:04 PM, Michelle Sullivan > wrote: Therefore, I'm not even going to discuss the issue of 'problem solved within minutes' issue at this point as you will note the above covers where this is likely to be

Re: [mailop] SORBS help

I don't think that this is the best attitude for helping the email ecosystem (and I suppose this is what we all want to accomplish). I don't want to take anyone's side either because in the past I used to complain about some blacklists as well and I perfectly understand where we're coming from. But

Re: [mailop] False positive on spoofing

> The record does not permit messages to be sent through Office365. Should be fixed now, we'll see. Scott -Original Message- From: SM [mailto:s...@elandnews.com] Sent: Thursday, January 5, 2017 10:57 AM To: Scott E Bonacker CPA ; mailop@mailop.org Subject: Re: [mailop] False positive on

Re: [mailop] SORBS help

On Mon, Jan 9, 2017 at 9:11 AM, Kelly Molloy wrote: > I realize that doesn't fit with your narrative that DNSBL operators > care about nothing but punishing senders, but it is nonetheless true. > No, I was specific about SORBS, not all DNSBLs. ___ mail

Re: [mailop] Trying to work out cause of "Certificate rejected over TLS. (unknown protocol)" error

On Mon, 09 Jan 2017 14:48:19 +, Graeme Fowler said: > On 9 Jan 2017, at 14:08, Franck Martin via mailop wrote: > > Often, it is a problem of finding an acceptable cypher to both parties... I have to admit my first guess was that one end insisted on TLS 1.0 or later and the other end was ancie

Re: [mailop] Trying to work out cause of "Certificate rejected over TLS. (unknown protocol)" error

You may want to use this tool on your mail server(so it picks up the same openssl version) to check what cyphers the mil server accepts: https://testssl.sh/ Beware, I believe one connection is open for each cypher tested, the client offers only one cypher and see if the connection completes...

Re: [mailop] Trying to work out cause of "Certificate rejected over TLS. (unknown protocol)" error

On 9 Jan 2017, at 14:08, Franck Martin via mailop wrote: > Often, it is a problem of finding an acceptable cypher to both parties... ...after... > On Mon, Jan 9, 2017 at 4:21 AM, Robert Mueller > wrote: > So it turns out we'd actually encountered this problem before (Oc

Re: [mailop] SORBS help

On Mon, Jan 9, 2017 at 8:11 AM, Vick Khera wrote: >> > That makes sense if you get no response from the affected sender. However, > if they are able to show you how the problem was fixed then what's the > purpose? Especially when you already have reputation data for that sender > over long time pe

Re: [mailop] Trying to work out cause of "Certificate rejected over TLS. (unknown protocol)" error

The negotiation of STARTTLS is done in clear, so a packet capture will tell you where the problem is... Wireshark usually explains well what options are in the packets... Often, it is a problem of finding an acceptable cypher to both parties... Finally, make sure your firewall is not messing up w

Re: [mailop] SORBS help

On Thu, Jan 05, 2017 at 11:14:41PM -0500, Rob McEwen wrote: > If every IPv4 blacklist provider (including spamhaus) closed down tomorrow, > and every internally-run IPv4 blacklist stopped working... and the world's > spam filters then had to rely on ALL... OTHER... means/technologies for > blocking

Re: [mailop] SORBS help

On Sat, Jan 7, 2017 at 7:04 PM, Michelle Sullivan wrote: > Therefore, I'm not even going to discuss the issue of 'problem solved >> within minutes' issue at this point as you will note the above covers where >> this is likely to be true, as apposed to those (who we get on a regular >> basis) who

Re: [mailop] SORBS help

On Fri, Jan 6, 2017 at 9:01 PM, Noel Butler wrote: > People go away, businesses shutdown over weekends etc, so you need time > for them to find out they have a problem and resolve it. > > That makes sense if you get no response from the affected sender. However, if they are able to show you how t

[mailop] Symantec blocking list issue

Just wondering if there's a Symantec contact here or someone else that might know what's happening here. A number of our users are reporting that KPN (a Netherlands ISP) are rejecting our emails. An example in our logs a few minutes ago. 2017-01-09T07:22:13.671964-05:00 gateway1 postfix-forward/s

Re: [mailop] Trying to work out cause of "Certificate rejected over TLS. (unknown protocol)" error

> We've suddenly had a couple of reports from users about people sending > to them (e.g. sending from a remote service to our servers) failing and > bouncing with the error message: > > Certificate rejected over TLS. (unknown protocol) Just to update with more information. So it turns out we'd

Re: [mailop] UPC / Liberty Global: No retries after tempfail (greylisting)?

Hi, I know the Mail Admin at UPC Austria - these guys also manage the VirginMedia UK environment as well. Asked him to join mailop to respond directly but don't know if he will. Anyway this is all he sent me so far but asked for a comment on the greylist issue: We use and maintain the following