This morning I found this: 421-4.7.0 This mail is unauthenticated, which poses a security risk to the 421-4.7.0 sender and Gmail users, and has been blocked. The sender must 421-4.7.0 authenticate with at least one of SPF or DKIM. For this message, DKIM 421-4.7.0 checks did not pass and SPF check for [tana.it] did not pass with ip: 421-4.7.0 [94.198.96.74]. The sender should visit 421-4.7.0 https://support.google.com/mail/answer/81126#authentication for 421 4.7.0 instructions on setting up authentication. d9-20020a05640208c900b00504b18d24f8si586620edz.362 - gsmtp
I changed SPF recently (after changing ISP), while DKIM signing remained the same. I attach the message. Best Ale --
--- Begin Message ---Dear Abuse Team The following abusive behavior from IP address under your constituency 191.36.158.106 has been detected: 2023-04-21 04:19:25 CEST, 191.36.158.106, old decay: 21600, prob: 3.13%, SMTP auth dictionary attack, target 192.168.1.254:465 191.36.158.106 was caught 6 times since Mon Mar 27 20:36:17 2023 original data from the mail log: 2023-04-21 04:19:21 CEST courieresmtpd: started,ip=[191.36.158.106],port=[43433] 2023-04-21 04:19:25 CEST courieresmtpd: error,relay=191.36.158.106,port=43433,msg="535 Authentication failed.",cmd: AUTH PLAIN abuse This data is transmitted in the hope that it may help sanitizing hosts connected to the Internet. Please feel free to forward it to whomever it may concern. This is an automated report. No thank-you messages are needed. Data in this message is an automatic extraction from the log files. Legend: https://www.tana.it/firewall_info.html See also: https://www.abuseipdb.com/check/191.36.158.106 Recipient(s) found in https://rdap.lacnic.net/rdap/ip/191.36.158.106
--- End Message ---
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
