Re: [mailop] SMTP AUTH harassment

On 17/07/2021 21:13, Slavko via mailop wrote: Please, i want ask others if are these (mostly) Brasil attempts know to others too or am i "special" target? In case you don't know about it already, have a look at https://www.abuseipdb.com/ . Some people have scripts to report things like auth a

Re: [mailop] mail.ru broke mailing lists

On 12/07/2021 12:00, Jaroslaw Rafa via mailop wrote: They required SMTP AUTH for all messages received on port 25 with the sender from their domain and rejected the messages if the session was not authenticated. A crazy idea, but they did exactly this. I do this.  For a corporate email system

Re: [mailop] mail.ru broke mailing lists

On 19.07.21 10:56, Tim Bray via mailop wrote: I do this.  For a corporate email system is makes a lot of sense.   I shouldn't be receiving email externally with a From: domain which is local. As long as your users don't have an external mailbox which gets forwarded to the local one. In that

Re: [mailop] mail.ru broke mailing lists

Dnia 19.07.2021 o godz. 09:56:06 Tim Bray via mailop pisze: > > On 12/07/2021 12:00, Jaroslaw Rafa via mailop wrote: > >They required SMTP AUTH for all messages > >received on port 25 with the sender from their domain and rejected the > >messages if the session was not authenticated. A crazy idea,

Re: [mailop] SMTP AUTH harassment

Hi, Dňa Mon, 19 Jul 2021 00:34:40 +0100 Tim Bray via mailop napísal: > I didn't really get on with fail2ban.  I do have it running, but it > pulls very little for exim. > > I did write my own script to follow the exim mainlog with a bunch of > regexp and drop IP addresses into ipset.   (task

Re: [mailop] SMTP AUTH harassment

On 2021-07-18 9:46 p.m., Patrick via mailop wrote: Wow. A fake auth module would seem to invite spam storms. Which for some might be handle-able and a good way to learn interactively with botnets? Has anyone implemented such a thing? Thanks! I've been doing it for at least 5 years. When a co

Re: [mailop] mail.ru broke mailing lists

On 19/07/2021 10:16, Thomas Walter via mailop wrote: On 19.07.21 10:56, Tim Bray via mailop wrote: I do this.  For a corporate email system is makes a lot of sense.   I shouldn't be receiving email externally with a From: domain which is local. As long as your users don't have an external ma

[mailop] Online.no (Telenor) deferred SMTP message

Hi all, We see below Online.no deferred SMTP message. Anyone know what this means? to=, relay=mx.online.no[193.213.115.10]:25, delay=406, delays=406/0/0.08/0, dsn=4.7.0, status=deferred (host mx.online.no[193.213.115.10] *refused to talk to me: 421 4.7.0 Not allowed.*) Hope to hear from you or O

Re: [mailop] Online.no (Telenor) deferred SMTP message

> 19. jul. 2021 kl. 15:12 skrev Victor Roemgens via mailop : > > Hi all, > > We see below Online.no deferred SMTP message. Anyone know what this means? > > to=mailto:x...@online.no>>, relay=mx.online.no > [193.213.115.10]:25, delay=406, delays=406/0/0.08/0, > dsn=4.7.0,

Re: [mailop] SMTP AUTH harassment

Hi, Dňa Sun, 18 Jul 2021 13:56:18 -0400 Bill Cole via mailop napísal: > > The only usable way seems to be GoiIP blocking countries, but i > > afraid that it is wrong way. > > Why? Hard to describe it in English for me, but i will try. I consider blocking access by country as discriminating

[mailop] sbcgobal.net/prodigy.net misconfigured server?

An email I tried to send there returned with: : host al-ip4-mx-vip2.prodigy.net[144.160.235.144] said: 550 5.7.1 Connections not accepted from servers without a valid sender domain.alph752 Fix reverse DNS for 173.228.157.53 (in reply to MAIL FROM command) For me, a reverse lookup on

[mailop] SPF-Reject

Dear MailOps, I am considering rolling out a p=Reject policy at my company and before I did that I wanted to see where we are at as industry. >From what I have seen most everyone is still using p=Quarantine which is fine, >but I would like to move forward with the p-Reject unless p=quarantine

Re: [mailop] DMARC -Reject

I just realized I had fat fingered before I corrected the subject line. I am sorry about that everyone I had meant DMARC instead of SPF Get Outlook for iOS From: mailop on behalf of Samual Carman via mailop Sent: Monday, July 19, 2021 5:17:

Re: [mailop] SMTP AUTH harassment

On 2021-07-19 at 17:27:58 UTC-0400 (Mon, 19 Jul 2021 23:27:58 +0200) Slavko via mailop is rumored to have said: Hi, Dňa Sun, 18 Jul 2021 13:56:18 -0400 Bill Cole via mailop napísal: The only usable way seems to be GoiIP blocking countries, but i afraid that it is wrong way. Why? Hard to

Re: [mailop] SMTP AUTH harassment

On 2021-07-18 at 22:29 -0400, John Levine via mailop wrote: > > I do wish it were easier to report and kill the drop boxes, though. > > It would be nice if regasignsd...@yahoo.com went away. I was only visited by that on July 9th. Others like mx-server.org are much more persistent here. Here ar

Re: [mailop] DMARC Reject

It appears that Samual Carman via mailop said: >-=-=-=-=-=- >-=-=-=-=-=- > >I am considering rolling out a p=Reject policy at my company and before I did >that I wanted to see where we are at as industry. Different operators publish different policies. In the IETF group where we are working on

Re: [mailop] DMARC Reject

As it stands from what I seen in the DMARC logs I am not aware of any group trying to use are domain names but as a PUD that is a concern I have I could just leave it at p= quarantine and wait to see if I actually see if things pop off on the two domains we use -Original Message- From

Re: [mailop] DMARC Reject

Remember that when you publish p=reject, you're saying your mail is very UNimportant. If there's any doubt that a message is really from you, don't deliver it, throw it away. This makes sense if you are Paypal, you're phished 24/7/365, and your mail only says "something happened, look at your

Re: [mailop] SMTP AUTH harassment

On 2021-07-19 at 23:27 +0200, Slavko wrote: > Hi, > > Dňa Sun, 18 Jul 2021 13:56:18 -0400 Bill Cole: > > > > The only usable way seems to be GoiIP blocking countries, but i > > > afraid that it is wrong way. > > > > Why? > > Hard to describe it in English for me, but i will try. > > I consid