[mailop] Virbl shutting down

[Hetzner Blacklist Support]

I haven't seen this mentioned anywhere else, so for those who haven't
heard yet, Virbl is shutting down.

From their (now static) website: "The Virbl DNSBL-zone was emptied and
will be removed all together at a moment further on in the future.
Please remove any DNSBL-lookups against 'virbl.dnsbl.bit.nl' from your
e-mail configurations."

https://virbl.bit.nl/

Kind regards

Bastiaan van den Berg

Blacklist Manager

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen / Germany
Tel: +49 9831 505167
Fax: +49 9831 5053
www.hetzner.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] AOL Service unavailable on connect

[Derek Diget]

Anyone else seeing connection issues to AOL?  Saturday morning (EST) we 
started getting


421 mtaig-maa03.mx.aol.com Service unavailable - try again later

on the initial connection where the responding AOL hostname varies.

From what we can tell we haven't seen a dramatic change in mail flow to AOL 
and when I look up our sending IPs[1] they have a "Good" reputation at 
AOL.  I opened a AOL Postmaster ticket Saturday evening and got the 
initial "ticket opened" message, but haven't heard anything more.  At the 
same time I stopped delivery attempts to AOL.


I hand tested connections Sunday and this morning and I am still getting 
the same connection response.  Delivery to all other sites/domains seem 
fine, so any help from within AOL would be greatly appreciated.


Thanks.

1:  smtp.wmich.edu [141.218.1.42] - user SUBMIT
mailgw.wmich.edu [141.218.1.51] - out-bound relay

--
***
Derek DigetOffice of Information Technology
Western Michigan University - Kalamazoo  Michigan  USA - www.wmich.edu/
***

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AOL Service unavailable on connect

[Lili Crowley via mailop]

Responding offline

thanks

Lili Crowley
AOL Postmaster


On Mon, Jan 23, 2017 at 10:29 AM, Derek Diget 
wrote:

>
> Anyone else seeing connection issues to AOL?  Saturday morning (EST) we
> started getting
>
> 421 mtaig-maa03.mx.aol.com Service unavailable - try again later
>
> on the initial connection where the responding AOL hostname varies.
>
> From what we can tell we haven't seen a dramatic change in mail flow to
> AOL and when I look up our sending IPs[1] they have a "Good" reputation at
> AOL.  I opened a AOL Postmaster ticket Saturday evening and got the initial
> "ticket opened" message, but haven't heard anything more.  At the same time
> I stopped delivery attempts to AOL.
>
> I hand tested connections Sunday and this morning and I am still getting
> the same connection response.  Delivery to all other sites/domains seem
> fine, so any help from within AOL would be greatly appreciated.
>
> Thanks.
>
> 1:  smtp.wmich.edu [141.218.1.42] - user SUBMIT
> mailgw.wmich.edu [141.218.1.51] - out-bound relay
>
> --
> ***
> Derek DigetOffice of Information Technology
> Western Michigan University - Kalamazoo  Michigan  USA - www.wmich.edu/
> ***
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AOL Service unavailable on connect

[Vick Khera]

On Mon, Jan 23, 2017 at 10:29 AM, Derek Diget 
wrote:

> Anyone else seeing connection issues to AOL?  Saturday morning (EST) we
> started getting
>
> 421 mtaig-maa03.mx.aol.com Service unavailable - try again later
>
> on the initial connection where the responding AOL hostname varies.
>
>
I see that from our ticketing system (auto-ack of new ticket). Our bulk
senders don't have any AOL backlog.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AOL Service unavailable on connect

[Jim Popovitch]

On Mon, Jan 23, 2017 at 10:29 AM, Derek Diget
 wrote:
>
> Anyone else seeing connection issues to AOL?  Saturday morning (EST) we
> started getting
>
> 421 mtaig-maa03.mx.aol.com Service unavailable - try again later
>

Yep,


~$ mailq
Queue ID- --Size-- ---Arrival Time --Sender/Recipient--
3v6VYJ2sZpz1vdw  11396 Mon Jan 23 12:12:04 users-boun...@netcoolusers.org
(host mailin-01.mx.aol.com[152.163.0.68] refused to talk to me: 421
mtaig-aad03.mx.aol.com Service unavailable - try again later)
   xxx...@aol.com

3v5tbl151Yz1vg5  14271 Sun Jan 22 12:12:03 users-boun...@netcoolusers.org
(host mailin-01.mx.aol.com[152.163.0.99] refused to talk to me: 421
mtaig-aae03.mx.aol.com Service unavailable - try again later)
   ...@aol.com

3v5tbm10Hlz2V2r  12347 Sun Jan 22 12:12:04 users-boun...@netcoolusers.org
(host mailin-03.mx.aol.com[152.163.0.100] refused to talk to me: 421
mtaig-aad01.mx.aol.com Service unavailable - try again later)
   xxx...@aol.com

3v6VYL2Fwtz2V4H  12588 Mon Jan 23 12:12:06 users-boun...@netcoolusers.org
(host mailin-02.mx.aol.com[152.163.0.100] refused to talk to me: 421
mtaig-aam04.mx.aol.com Service unavailable - try again later)
   xxx...@aol.com

-- 57 Kbytes in 4 Requests.



BTW, mailop.org (chilli.nosignal.org) your SSL cert is still broken:

  "There are issues with the site's certificate chain
(net::ERR_CERT_DATE_INVALID)."



-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AOL Service unavailable on connect

[David]

On 2017-01-23 8:29 AM, Derek Diget wrote:


Anyone else seeing connection issues to AOL?  Saturday morning (EST) we
started getting

421 mtaig-maa03.mx.aol.com Service unavailable - try again later

on the initial connection where the responding AOL hostname varies.


We're seeing pretty mixed results, even to the same destination. We seem 
to be getting more success than failures so far.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AOL Service unavailable on connect

[Lili Crowley via mailop]

We are working on an issue here that is causing this problem.

Stay tuned.

Thanks

Lili Crowley
AOL Postmaster


On Mon, Jan 23, 2017 at 11:17 AM, Jim Popovitch  wrote:

> On Mon, Jan 23, 2017 at 10:29 AM, Derek Diget
>  wrote:
> >
> > Anyone else seeing connection issues to AOL?  Saturday morning (EST) we
> > started getting
> >
> > 421 mtaig-maa03.mx.aol.com Service unavailable - try again later
> >
>
> Yep,
>
>
> ~$ mailq
> Queue ID- --Size-- ---Arrival Time --Sender/Recipient--
> 3v6VYJ2sZpz1vdw  11396 Mon Jan 23 12:12:04
> users-boun...@netcoolusers.org
> (host mailin-01.mx.aol.com[152.163.0.68] refused to talk to me: 421
> mtaig-aad03.mx.aol.com Service unavailable - try again later)
>xxx...@aol.com
>
> 3v5tbl151Yz1vg5  14271 Sun Jan 22 12:12:03
> users-boun...@netcoolusers.org
> (host mailin-01.mx.aol.com[152.163.0.99] refused to talk to me: 421
> mtaig-aae03.mx.aol.com Service unavailable - try again later)
>...@aol.com
>
> 3v5tbm10Hlz2V2r  12347 Sun Jan 22 12:12:04
> users-boun...@netcoolusers.org
> (host mailin-03.mx.aol.com[152.163.0.100] refused to talk to me: 421
> mtaig-aad01.mx.aol.com Service unavailable - try again later)
>xxx...@aol.com
>
> 3v6VYL2Fwtz2V4H  12588 Mon Jan 23 12:12:06
> users-boun...@netcoolusers.org
> (host mailin-02.mx.aol.com[152.163.0.100] refused to talk to me: 421
> mtaig-aam04.mx.aol.com Service unavailable - try again later)
>xxx...@aol.com
>
> -- 57 Kbytes in 4 Requests.
>
>
>
> BTW, mailop.org (chilli.nosignal.org) your SSL cert is still broken:
>
>   "There are issues with the site's certificate chain
> (net::ERR_CERT_DATE_INVALID)."
>
>
>
> -Jim P.
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AOL Service unavailable on connect

[Jim Popovitch]

On Mon, Jan 23, 2017 at 11:52 AM, Lili Crowley  wrote:
> We are working on an issue here that is causing this problem.

I see it as resolved now, Thank you Lili and TeamAOL.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AOL Service unavailable on connect

[Lili Crowley via mailop]

Good news! Thanks for the update!

Lili Crowley
AOL Postmaster


On Mon, Jan 23, 2017 at 12:52 PM, Jim Popovitch  wrote:

> On Mon, Jan 23, 2017 at 11:52 AM, Lili Crowley 
> wrote:
> > We are working on an issue here that is causing this problem.
>
> I see it as resolved now, Thank you Lili and TeamAOL.
>
> -Jim P.
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Dealing with "454 TLS not available issues" (Aruba.it)

[Stefano Bagnara]

We recently enabled starttls to every destination (announcing the starttls
extension).

We now see a lot of "454 4.3.3 TLS not available due to temporary reason"
in reply to the STARTTLS by a big B2B italian provider named Aruba. We
usually are able to send the email after 2-3-5 attempts, so this is not
causing "failures" but mainly delay, but randomness could even cause
permanent failures.

Now, I read a forum where someone said Google try TLS delivery for 1 day,
then they switch to plain text delivery if the delivery didn't happen in
the first 24 hours.

What do other senders do? Is this "try TLS for a while then switch to plain
text" a best practice or just something "invented" by Google? Or do you use
whitelist/blacklist in order to decide valid TLS destinations?

I also have similar messages by other targets, but thet are very low
volume, so I didn't investigate them:
- 454 4.7.0 TLS not available due to local problem
- 454 4.3.0 TLS not available due to local problem
- 454 TLS currently unavailable
- 454 TLS missing certificate: error:02001002:system library:fopen:No such
file or directory (#4.3.0) )

Stefano

PS: this is my first post and www mailop org is not working right now so
I've not been able to check the "posting guidelines" to see if this kind of
message is allowed or not in this list.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AOL Service unavailable on connect

[Derek Diget]

On Mon, 23 Jan 2017 at 12:52 -, Jim Popovitch wrote:
=>On Mon, Jan 23, 2017 at 11:52 AM, Lili Crowley  
wrote:
=>> We are working on an issue here that is causing this problem.
=>
=>I see it as resolved now, Thank you Lili and TeamAOL.

+579 to that! (messages we had queued up. :)


-- 
***
Derek DigetOffice of Information Technology
Western Michigan University - Kalamazoo  Michigan  USA - www.wmich.edu/
***

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Dealing with "454 TLS not available issues" (Aruba.it)

[Andris Reinman]

Having STARTTLS on by default is a good idea but you do need to have a fallback 
in place as there's quite a lot of problematic servers:

* you need to trust self signed certificates, it doesn’t make much sense to go 
with plaintext if certificate is not valid
* incompatible cipher suites (ie. servers using RC4 or worse)
* servers advertising but not actually allowing to use STARTTLS
* servers not advertising but actually supporting STARTTLS
* servers where STARTTLS is availbale but disabled by state/operator/mitm, 
usually you see  in the place where STARTTLS should be
* etc.

My personal favourite being a server that during TLS handshake, after it had 
received client side cipher list, ended the connection with no response 
whatsoever. Did not even finish the handshake, just closed the connection. If 
the cipher suite was ok for the server, then everything worked, if not then the 
connection was lost immediatelly after initiating the TLS handshake.

Anyway we always try STARTTLS first and if it fails for whatever reason then 
immediatelly reconnect and send without using STARTTLS. There’s no grace 
period. We plan to start supporting DANE and probably STS which would change 
how TLS is handled but for now is purely opportunistic.

Best regards,
Andris Reinman
Zone Meida
https://github.com/zone-eu/zone-mta 


> On 23. jaan 2017, at 20:15, Stefano Bagnara  wrote:
> 
> We recently enabled starttls to every destination (announcing the starttls 
> extension).
> 
> We now see a lot of "454 4.3.3 TLS not available due to temporary reason" in 
> reply to the STARTTLS by a big B2B italian provider named Aruba. We usually 
> are able to send the email after 2-3-5 attempts, so this is not causing 
> "failures" but mainly delay, but randomness could even cause permanent 
> failures.
> 
> Now, I read a forum where someone said Google try TLS delivery for 1 day, 
> then they switch to plain text delivery if the delivery didn't happen in the 
> first 24 hours.
> 
> What do other senders do? Is this "try TLS for a while then switch to plain 
> text" a best practice or just something "invented" by Google? Or do you use 
> whitelist/blacklist in order to decide valid TLS destinations?
> 
> I also have similar messages by other targets, but thet are very low volume, 
> so I didn't investigate them:
> - 454 4.7.0 TLS not available due to local problem
> - 454 4.3.0 TLS not available due to local problem
> - 454 TLS currently unavailable
> - 454 TLS missing certificate: error:02001002:system library:fopen:No such 
> file or directory (#4.3.0) )
> 
> Stefano
> 
> PS: this is my first post and www mailop org is not working right now so I've 
> not been able to check the "posting guidelines" to see if this kind of 
> message is allowed or not in this list.
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Dealing with "454 TLS not available issues" (Aruba.it)

[Brandon Long via mailop]

Note that information about Google is about 3 years out of date, we no
longer fall back to unencrypted.

Your best bet for important domains you care about it to try and contact
their admins to fix it.

Other than that, it's basically up to your policies what to do... well, and
what your software can do.

For us, the numbers were small enough to not be worth potentially sending
the mail in the clear.

Brandon

On Jan 23, 2017 10:21 AM, "Stefano Bagnara"  wrote:

> We recently enabled starttls to every destination (announcing the starttls
> extension).
>
> We now see a lot of "454 4.3.3 TLS not available due to temporary reason"
> in reply to the STARTTLS by a big B2B italian provider named Aruba. We
> usually are able to send the email after 2-3-5 attempts, so this is not
> causing "failures" but mainly delay, but randomness could even cause
> permanent failures.
>
> Now, I read a forum where someone said Google try TLS delivery for 1 day,
> then they switch to plain text delivery if the delivery didn't happen in
> the first 24 hours.
>
> What do other senders do? Is this "try TLS for a while then switch to
> plain text" a best practice or just something "invented" by Google? Or do
> you use whitelist/blacklist in order to decide valid TLS destinations?
>
> I also have similar messages by other targets, but thet are very low
> volume, so I didn't investigate them:
> - 454 4.7.0 TLS not available due to local problem
> - 454 4.3.0 TLS not available due to local problem
> - 454 TLS currently unavailable
> - 454 TLS missing certificate: error:02001002:system library:fopen:No such
> file or directory (#4.3.0) )
>
> Stefano
>
> PS: this is my first post and www mailop org is not working right now so
> I've not been able to check the "posting guidelines" to see if this kind of
> message is allowed or not in this list.
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Odd spamcop glitch

[John Levine]

According to my logs, Spamcop listed 69.25.202.114 for a while yesterday.

That led to great merriment, since that's Blue State Digital and mail
from mainstream political groups went into spamtraps that tested the
URLs, some of which were "Click here to donate now with your preregistered
credit card!"  Oops.

I see a few other IPs in the same /25 listed.  Since they're political
mailers I am sure there is some spam for the usual political reasons,
but the false positives are awful.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Odd spamcop glitch

[Valdis . Kletnieks]

On 23 Jan 2017 21:30:20 +, "John Levine" said:

> That led to great merriment, since that's Blue State Digital and mail
> from mainstream political groups went into spamtraps that tested the
> URLs, some of which were "Click here to donate now with your preregistered
> credit card!"  Oops.

OK, I'll bite.  How did the mail end up at a spamtrap address in the first
place?  Somebody maliciously signed the address up for a mailing list?  Or some
other failure mode?


pgppvCDnIC97w.pgp
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Dealing with "454 TLS not available issues" (Aruba.it)

[Franck Martin via mailop]

Seems to me the system is may be trying to verify the certificate? It may
be checking the revoking list?

But yes I would try to contact Aruba to get some info, may be someone on
the list has a contact there?

On Mon, Jan 23, 2017 at 11:42 AM, Brandon Long via mailop  wrote:

> Note that information about Google is about 3 years out of date, we no
> longer fall back to unencrypted.
>
> Your best bet for important domains you care about it to try and contact
> their admins to fix it.
>
> Other than that, it's basically up to your policies what to do... well,
> and what your software can do.
>
> For us, the numbers were small enough to not be worth potentially sending
> the mail in the clear.
>
> Brandon
>
> On Jan 23, 2017 10:21 AM, "Stefano Bagnara"  wrote:
>
>> We recently enabled starttls to every destination (announcing the
>> starttls extension).
>>
>> We now see a lot of "454 4.3.3 TLS not available due to temporary reason"
>> in reply to the STARTTLS by a big B2B italian provider named Aruba. We
>> usually are able to send the email after 2-3-5 attempts, so this is not
>> causing "failures" but mainly delay, but randomness could even cause
>> permanent failures.
>>
>> Now, I read a forum where someone said Google try TLS delivery for 1 day,
>> then they switch to plain text delivery if the delivery didn't happen in
>> the first 24 hours.
>>
>> What do other senders do? Is this "try TLS for a while then switch to
>> plain text" a best practice or just something "invented" by Google? Or do
>> you use whitelist/blacklist in order to decide valid TLS destinations?
>>
>> I also have similar messages by other targets, but thet are very low
>> volume, so I didn't investigate them:
>> - 454 4.7.0 TLS not available due to local problem
>> - 454 4.3.0 TLS not available due to local problem
>> - 454 TLS currently unavailable
>> - 454 TLS missing certificate: error:02001002:system library:fopen:No
>> such file or directory (#4.3.0) )
>>
>> Stefano
>>
>> PS: this is my first post and www mailop org is not working right now so
>> I've not been able to check the "posting guidelines" to see if this kind of
>> message is allowed or not in this list.
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Odd spamcop glitch

[Dave Warren]

On Mon, Jan 23, 2017, at 17:57, valdis.kletni...@vt.edu wrote:
> On 23 Jan 2017 21:30:20 +, "John Levine" said:
> 
> > That led to great merriment, since that's Blue State Digital and mail
> > from mainstream political groups went into spamtraps that tested the
> > URLs, some of which were "Click here to donate now with your preregistered
> > credit card!"  Oops.
> 
> OK, I'll bite.  How did the mail end up at a spamtrap address in the first
> place?  Somebody maliciously signed the address up for a mailing list? 
> Or some other failure mode?

It could just as easily be poor bounce-handling or an inability to take
no for an answer; politicians love to sell or otherwise distribute
addresses, even ones that have been explicitly unsubscribed and also
bounced for a substantial period of time.

My uninformed guess would be that someone got cute, imported a years-old
list from a past campaign as valid confirmed subscribers and got what
they deserved.

But maybe that's just my personal experience.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop