On 06.05.2024 at 19:22 K. M. Peterson via mailop wrote: The latest rejections, this morning, were from iCloud.com and indicated that the sending IP was on the Spamhaus BL list - with a link to query Spamhaus for more info. But the link returns that the IP "has no issues". Last week, however, I'd tangled with Spamhaus as a NDR from outlook.com<http://outlook.com> had a reference to my being on the Spamhaus CSS list. I requested removal, and I was unblocked again in a couple of hours. I used the "general" IP lookup at check.spamhaus.org<http://check.spamhaus.org> again today, and am again listed on the CSS list (only). I requested removal again, and it looks like I've been granted that.
But the question is why am I showing up? The CSS detail indicated that connections from my IP had been made with "technical values and unusual sending behaviors" - which is not very useful. There were three connections listed; checking logs all of these were to Gmail (all successful). I'm going to have to put together some sort of automated reporting of when I get blacklisted, but does anyone have any ideas what Google would have been unhappy about? Usual disclaimers: personal server, heavily monitored, fully patched, cloud instance, DMARC/DKIM/SPF aligned, 3 users, etc. Did you open a ticket with Spamhaus? With only three users it should be easy to pinpoint the offending connections, as long as it’s not a false positive by Spamhaus, which a ticket should clear up. The listing don’t necessarily have to be caused by regular emails that your server sent. It’s also possible that some kind backscatter triggered it. For example by rejecting/bouncing emails later on in the pipeline after they have been accepted in the first place. Or by using techniques like callback verification / sender address probes. P. S. There was another service I haven't heard of likely using Spamhaus as well, an outbound message held up last week for many hours with "relay=mx1.hc2706-39.iphmx.com<http://mx1.hc2706-39.iphmx.com>[216.71.137.79]:25, delay=4695, delays=4694/0.02/0.79/0, dsn=4.0.0, status=deferred (host mx1.hc2706-39.iphmx.com<http://mx1.hc2706-39.iphmx.com>[216.71.137.79] refused to talk to me: 554-esa6.hc2706-39.iphmx.com<http://554-esa6.hc2706-39.iphmx.com> 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.)" which is even less helpful. That seems to have been cleared at the time of the (first) Spamhaus CSS removal. iphmx.com is Ironport hosted mail exchange and currently goes by the marketing term „Cisco Cloud Email Security“. It is relying on a service named Talos Senderbase which is using different signals to rate incoming connections. Basically a listing at Spamhaus will have such a negative impact that the result is usually equal to being blacklisted on Ciscos systems and all of their customers as well. — BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
