Hi,
Vsevolod Stakhov via mailop wrote on 21.10.24 at 21:56:
In fact, Rspamd itself could do that downgrade, meaning setting CTE to
7bit and recoding all relevant parts to qp/base64 (depending on their
content) before DKIM signing. It is all perfectly doable with the
existing Rspamd Lua API I s
Nothing to see here folks.. let's move along..
Well, to be truthful you asked for advice.. so .. first of all, this
appears to be standard botnet activity, probably from compromised IoT
and CPE equipment.. there are many similar attempts, eg if it was from
Chinese telecoms, a lot is actually c
It appears that Peter N. M. Hansteen via mailop said:
>which begs the question, what to do you do to the ones that get thrown into
>the table?
My MTA does fake auth. If you try to do SMTP AUTH, it always succeds and then I
route the message to a spam trap. Mostly the messages are short, just eno
According to Alexander Robohm via mailop :
>I completely agree in the absence of internationalized mail. I guess the
>best course of action is to support 8BITMIME, but to use it if and only
>if it is needed to support SMTPUTF8. ...
It is quite common to have non-ASCII character sets in the bodie
Dňa 21. októbra 2024 20:36:23 UTC používateľ Vsevolod Stakhov via mailop
napísal:
>There are many clear advantage of emails over homing pigeons if we talk about
>communications. Could you please demonstrate what are the advantages of 8 bit
>mime? Yes, it saves some small fraction of the traffi
On 21 Oct 2024, at 20:37, Peter N. M. Hansteen wrote:
>> which begs the question, what to do you do to the ones that get thrown into
>> the table?
So, I have a multi-layer strategy:
1. at the edge router all attempts at hitting well-known ports on the network
and b/cast get added to the PF blo
Am 21.10.2024 um 22:36 schrieb Vsevolod Stakhov via mailop:
There are many clear advantage of emails over homing pigeons if we talk
about communications. Could you please demonstrate what are the
advantages of 8 bit mime? Yes, it saves some small fraction of the
traffic and CPU resources but th
On 21/10/2024 21:23, Slavko via mailop wrote:
Dňa 21. októbra 2024 19:56:49 UTC používateľ Vsevolod Stakhov via mailop
napísal:
The least common denominator is just to use 7 bit and refrain from using any
sort of IDN names.
Or we can stay to use homing pigeons...
regards
There are man
Dňa 21. októbra 2024 19:56:49 UTC používateľ Vsevolod Stakhov via mailop
napísal:
>The least common denominator is just to use 7 bit and refrain from using any
>sort of IDN names.
Or we can stay to use homing pigeons...
regards
--
Slavko
https://www.slavino.sk/
On 21/10/2024 20:16, Florian Effenberger via mailop wrote:
Hello everyone,
let me thank you again for helping me out with this issue, I am really
glad to see so much discussion and support here!
Now things seem to fall into place indeed. Both Mimecast as well as
aboutmy.email do not announce
Hello everyone,
let me thank you again for helping me out with this issue, I am really
glad to see so much discussion and support here!
Now things seem to fall into place indeed. Both Mimecast as well as
aboutmy.email do not announce 8BITMIME, while other sites for testing
like dmarctester o
Dnia 21.10.2024 o godz. 19:36:45 Alexander Robohm via mailop pisze:
> cause seems to be that Postfix itself doesn't perform the signing,
> but delegates it to a milter. Wenn it delivers the message, it's
> already signed, so when it encounters an SMTP server that doesn't
> annouce 8BITMIME, you hav
On Mon, Oct 21, 2024 at 06:06:16PM +0200, Arrigo Triulzi via mailop wrote:
> On 21 Oct 2024, at 17:46, Geoff Mulligan via mailop wrote:
> > I wrote a script to check my mail log and block the IPs.
>
> I have about 5k different IPs hitting every day.
>
> > What do you all do?
>
> OpenBSD, so scr
On Mon 21/Oct/2024 16:43:03 +0200 Dave Crocker via mailop wrote:
On 10/21/2024 4:39 AM, Alessandro Vesely via mailop wrote:
On Mon 21/Oct/2024 05:50:09 +0200 Dave Crocker wrote:
In other words, to get around DMARC fragility and false positive damage, an
intermediary must
1. Break DMARC, by c
Dňa 21. októbra 2024 15:46:14 UTC používateľ Geoff Mulligan via mailop
napísal:
>I wrote a script to check my mail log and block the IPs.
>What do you all do?
Cofee & smoke, until they move to another target... One
can do very little with that, as that comes from many
countries, many ASNs and e
Hi all,
A week ago woke up to a rude shock of Google blocking mails from my
domain lateral.tech, which I realized later was rightful.
Although the DMARC reports from Google have always had everything
passing with no failures and I *do not* use the domain or IP, for that
matter any domain or
Am 21.10.2024 um 19:21 schrieb Benny Pedersen via mailop:
i wait until dns servers support utf8, punktum.dk still does not support
anything other then idn
1. IDNA is the correct way to handle non-ASCII domain names in
applications, and this is what is done for internationalized mail. [1]
2. T
Am 21.10.2024 um 18:40 schrieb Florian Effenberger via mailop:
What puzles me a lot is where the problem comes from. I consider my
setup pretty much standard here - I connect to my MX, which sends out
the message that it routes through rspamd, which takes care of DKIM
signing. No other modifica
It appears that Slavko via mailop said:
>Year or two ago i discuss 8BITMIME with exim's dev (as part
>of my SMTPUTF8 experiments) and he stated, that nowadays
>is support of 8BITMIME as common, that it is not worth to care
>about it (or so). I see, that it is not this case ;-)
qmail has been igno
Florian Effenberger via mailop skrev den 2024-10-21 18:40:
Postfix has SMTPUTF8 disabled because of Dovecot-LMTP, that is the
unique setting on encoding I configured.
i wait until dns servers support utf8, punktum.dk still does not support
anything other then idn
Florian Effenberger via mailop skrev den 2024-10-21 17:11:
However, that both times translates to
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
text/plain ok
charter=utf-8 ok, but this cant encode qouted printelbe content, fails !
(I h
On 21 Oct 2024, at 17:46, Geoff Mulligan via mailop wrote:
> I wrote a script to check my mail log and block the IPs.
I have about 5k different IPs hitting every day.
> What do you all do?
OpenBSD, so script to filter IPs from maillog using awk and stick them into a
PF table every 5 minutes or
Florian Effenberger via mailop skrev den 2024-10-21 16:37:
I configured smtputf8_enable = no in my main.cf (and nothing that
overrides it elsewhere), so in theory I should not be sending any
8BITMIME content, or is there any other setting that I miss?
amavisd have 8bitmime, in amavisd its imp
Dňa 21. októbra 2024 16:04:33 UTC používateľ Steve Atkins via mailop
napísal:
>So an MUA sending 8bit mail to a non-8BITMIME recipient may cause the
>signature to break. Setting force_mime_input_conversion to reencode all 8bit
>mail on submission looks like a fix, for a signing outbound server
Steve Atkins via mailop skrev den 2024-10-21 16:28:
On 21 Oct 2024, at 14:33, Florian Effenberger via mailop
thanks to a friendly reader of this list, I tested the mail also with
aboutmy.email.
I can confirm now that when the Content-Encoding is 8bit, it gets
bounced by Mimecast, and also
Hello,
Steve Atkins via mailop wrote on 21.10.24 at 18:04:
Chatting with Florian off list it seems likely that the Postfix smarthost is
accepting Content-Transfer-Encoding: 8bit messages, DKIM signing them, only
then discovering that the recipient MX doesn’t offer 8BITMIME. It rewrites the
bo
Dnia 21.10.2024 o godz. 09:46:14 Geoff Mulligan via mailop pisze:
> Maybe I'm just now more observant, but I've seen a huge increase in
> bunches of systems trying to brute force an SASL login.
[...]
>
> I wrote a script to check my mail log and block the IPs.
> What do you all do?
1) I don't hav
On Mon, Oct 21, 2024 at 09:46:14AM -0600, Geoff Mulligan via mailop wrote:
> Maybe I'm just now more observant, but I've seen a huge increase in bunches
> of systems trying to brute force an SASL login.
[ ... ]
>
> I wrote a script to check my mail log and block the IPs.
> What do you all do?
One
Geoff Mulligan via mailop skrev den 2024-10-21 17:46:
I wrote a script to check my mail log and block the IPs.
What do you all do?
joined AbuseIPDB in February 2024 and has reported 17,081 IP addresses.
create an account https://www.abuseipdb.com/
add api key to fail2ban
enable jails
if yo
Dnia 21.10.2024 o godz. 17:04:33 Steve Atkins via mailop pisze:
> Chatting with Florian off list it seems likely that the Postfix smarthost
> is accepting Content-Transfer-Encoding: 8bit messages, DKIM signing them,
> only then discovering that the recipient MX doesn’t offer 8BITMIME. It
> rewrites
Florian Effenberger via mailop skrev den 2024-10-21 15:28:
Hello,
Florian Effenberger via mailop wrote on 21.10.24 at 10:33:
I just sent an e-mail to the affected domain, Bcc my GMail address.
For that very mail, GMail confirms the DKIM signature is proper,
whereas Mimecast bounces it.
The o
Chatting with Florian off list it seems likely that the Postfix smarthost is
accepting Content-Transfer-Encoding: 8bit messages, DKIM signing them, only
then discovering that the recipient MX doesn’t offer 8BITMIME. It rewrites the
body using quoted-printable encoding, breaking the signature in
Am 21.10.2024 um 09:46:14 Uhr schrieb Geoff Mulligan via mailop:
> I wrote a script to check my mail log and block the IPs.
> What do you all do?
I have auth only enabled on my submission server and this is only
reachable via IPv6, almost no abusers tries to break in.
Fail2ban can also be used i
Maybe I'm just now more observant, but I've seen a huge increase in
bunches of systems trying to brute force an SASL login.
Here is a list of IPs that have tried in just the last hour:
2.47.196.162
5.172.14.125
5.89.106.141
5.94.25.239
14.194.116.93
14.33.96.3
14.49.199.104
24.126.24.151
35.130.1
Hello,
Steve Atkins wrote on 21.10.24 at 16:49:
If you’re sending purely ascii payloads then everything will be fine. If you’re
sending non-ascii payloads to servers that don’t announce 8BITMIME that could
cause problems.
my bad, the above information was not acurate.
Roundcube, MIME-coding
> On 21 Oct 2024, at 15:40, Florian Effenberger wrote:
>
> Steve Atkins wrote on 21.10.24 at 16:28:
>
>> If you’re sending 8BITMIME payloads to aboutmy.email that’s probably your
>> problem. We don’t currently advertise 8BITMIME, and flag any non-ascii
>> character in the transaction as a p
On 10/21/2024 4:39 AM, Alessandro Vesely via mailop wrote:
On Mon 21/Oct/2024 05:50:09 +0200 Dave Crocker wrote:
In other words, to get around DMARC fragility and false positive
damage, an intermediary must
1. Break DMARC, by changing the rfc5322.From address to be something
other
than
Hello,
thanks for your reply! :)
Steve Atkins wrote on 21.10.24 at 16:28:
If you’re sending 8BITMIME payloads to aboutmy.email that’s probably your
problem. We don’t currently advertise 8BITMIME, and flag any non-ascii
character in the transaction as a problem.
A lot of MXs advertise 8BITMI
> On 21 Oct 2024, at 14:33, Florian Effenberger via mailop
>
> thanks to a friendly reader of this list, I tested the mail also with
> aboutmy.email.
>
> I can confirm now that when the Content-Encoding is 8bit, it gets bounced by
> Mimecast, and also flagged as erroneus by aboutmy.email.
> On 21 Oct 2024, at 14:28, Florian Effenberger via mailop
> wrote:
>
> Hello,
>
> Florian Effenberger via mailop wrote on 21.10.24 at 10:33:
>> I just sent an e-mail to the affected domain, Bcc my GMail address. For that
>> very mail, GMail confirms the DKIM signature is proper, whereas Mim
Hello,
Florian Effenberger via mailop wrote on 21.10.24 at 10:33:
I just sent an e-mail to the affected domain, Bcc my GMail address. For
that very mail, GMail confirms the DKIM signature is proper, whereas
Mimecast bounces it.
The only two options left are that Mimecast has hiccups with my D
On Mon 21/Oct/2024 05:50:09 +0200 Dave Crocker wrote:
On 10/18/2024 7:38 AM, Bill Cole via mailop wrote:
The real original sender is preserved in the Reply-To here (and on most lists
using Mailman today.)
In other words, to get around DMARC fragility and false positive damage, an
intermediary
Hello Mail Peeps
Just a short service announcement:
We (Open-Xchange) will soon be taking over the sending of messages from the
domains talktalk.net and tiscali.co.uk. The IPs will go through a warmup
process, but please treat the traffic from the below IPs as legit and reset
whatever existi
On 21.10.2024 at 12:14 Lena--- via mailop wrote:
>> From: "Gellner, Oliver"
>> when I grep Microsoft DMARC reports for temperror, there are hundreds
>> of hits. Nevertheless I don't see why you should change your policy
>> because one recipients is unable to reliably operate a DNS client.
>>
> From: "Gellner, Oliver"
> when I grep Microsoft DMARC reports for temperror, there are hundreds of
> hits. Nevertheless I don't see why you should change your policy because
> one recipients is unable to reliably operate a DNS client.
> dm-jobs.com
> dmglobal4
> temperro
On 17.10.2024 at 19:43 L. Mark Stone via mailop wrote:
> Back in May at the InboxExpo conference in Atlanta, I was told by a
> consultant to very large senders that they advise customers to set their
> DMARC to "p=quarantine" because they had been observing that Microsoft's
> processing of som
Dnia 20.10.2024 o godz. 15:12:08 John Levine via mailop pisze:
> >Thunderbird does show more than display names (unless I'm missing something)
> >...
>
> In the message list it just shows the display name unless there is no display
> name,
> in which case it shows the address.
>
> When you open
Hi,
Florian Effenberger via mailop wrote on 20.10.24 at 10:47:
I assume the issue is on Mimecast's end. If there is any Mimecast
contact on this list, I'd appreciate a reach out. 🙂
just as heads-up:
I just sent an e-mail to the affected domain, Bcc my GMail address. For
that very mail, GMai
48 matches
Mail list logo
