On 2022-01-11 11:04 a.m., Mark G Thomas via mailop wrote:
Here's an example from one ticket, however I'm more looking for whether
there is anything I can do to facilitate improving this overall, then
starting trying to intervene about (many!) specific tickets and IPs. I
would be happy to help with more details off-list, if so requested. I
also could relay suggestions or procedural instructions to our support
group.
redac...@enlogic.gr: host
enlogic-gr.mail.protection.outlook.com[104.47.17.74]
said: 550 5.7.511 Access denied, banned sender[172.104.233.127]. To request
removal from this list please forward this message to
del...@messaging.microsoft.com. For more information please go to
http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
[DB8EUR05FT065.eop-eur05.prod.protection.outlook.com] (in reply to RCPT TO
command)
Mark
No comments on Linode spamming, but looking at this, have to comment.
host enlogic.gr
enlogic.gr has address 172.105.85.167
enlogic.gr mail is handled by 0 enlogic-gr.mail.protection.outlook.com
host 172.104.233.127
127.233.104.172.in-addr.arpa domain name pointer extmail.enlogic.gr
If microsoft thinks that the email server for that domain is their
infrastructure, why would they accept any email from outside MS with
that domain, if it isn't authenticated.
The rejection message looks pretty clear.. banned sender.
What is the address in the MAIL FROM, it looks liek @enlogic.gr?
host -t TXT enlogic.gr
enlogic.gr descriptive text "v=spf1 include:_spf.google.com
ip4:37.99.196.61 ip4:62.38.2.0/24 ip4:172.104.233.127
include:spf.protection.outlook.com -all"
enlogic.gr descriptive text "MS=EB2F0AF170CC8CEB57C60C387F3DEA591B9B84F0"
I don't think you would get a response quickly from MS, if they think
they are authoritive for the email domain. Anyone can put up a PTR
record or MAIL FROM forging a domain on their networks. I get it that
you think the SPF record indicates that mail should be accepted from
that IP, but SPF saying it is okay, isn't the same thing as it being
okay. There are many other checks that can take precedence.
(Since they basically allow SPF from any of the Google IP's, easy to run
forgeries on those google cloud IPs ;)
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
