> I see that current setup might be useful in case some user changes MX
> before the domain is activated at Fastmail, in which case giving 4xx
> could make sense. But it is not right to report such re-tries to sender
> score as attempts to deliver to non-existing users.
Yes, this is why we 4xx
We're seeing a strange rejection message with emails containing a
particular link.
Can someone please contact me off list.
Thanks
--
Rob Mueller
r...@fastmail.fm
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/li
> I'm thinking that perhaps your cert is using SHA-(256|512) and
> something better than 3DES for HMAC, and therefore the remote servers
> are unable to work with the certificate as they don't have access to
> the required crypto. I sincerely hope this is not the case, but
> perhaps you can test th
> You may want to use this tool on your mail server(so it picks up the
> same openssl version) to check what cyphers the mil server accepts:
> https://testssl.sh/
I'm not sure how this would help. The problem occurs with them trying to
send mail to us. I know what ciphers we offer, what I don't
Just wondering if there's a Symantec contact here or someone else that
might know what's happening here.
A number of our users are reporting that KPN (a Netherlands ISP) are
rejecting our emails. An example in our logs a few minutes ago.
2017-01-09T07:22:13.671964-05:00 gateway1 postfix-forward/s
> We've suddenly had a couple of reports from users about people sending
> to them (e.g. sending from a remote service to our servers) failing and
> bouncing with the error message:
>
> Certificate rejected over TLS. (unknown protocol)
Just to update with more information.
So it turns out we'd
We've suddenly had a couple of reports from users about people sending
to them (e.g. sending from a remote service to our servers) failing and
bouncing with the error message:
Certificate rejected over TLS. (unknown protocol)
There's not much more in the error message, I haven't managed to get
ho
> I know there's no standard header for storing the envelope recipients for
> a message (for good reason, especially when it comes to Bccs) but there
> are times when it's useful.
>
> Does anyone know of a system that does that? I'm stashing them in
> "X-Rcpt-To" at the moment, for lack of anythin
Hi
Is there anyone from cox.net on this list? Can you please contact me off
list, we're having a problem with email forward to @cox.net accounts.
Thanks
--
Rob Mueller
r...@fastmail.fm
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal
> We're definitely seeing dkim replay attacks and of course doing our
> best to catch them.
Out of curiosity, one thing I thought might be a strong sign of a replay
attack is lots of emails with the same b= value in the DKIM-Signature.
Obviously mass mailings might trigger this as well, but I'm w
> Laura Atkins has some pretty cool ideas here:
> https://wordtothewise.com/2014/05/dkim-injected-headers/
> I'd be interested to see if including those headers twice in the
> signature works, so an altered or second instance of them would
> fail DKIM.
They didn't alter any of the headers or add
> 1. Add timestamp (t=) to DKIM-Signature. It limits replay attacks in
> time.
Assuming the receiving side looks at it. But you probably mean the x=
tag anyway to set the expiry time, the RFC explicitly says though:
INFORMATIVE NOTE: The "x=" tag is not intended as an anti-
> Use a different selector for each account holder, and then revoke
> selectors that are abused.
That's an interesting idea, but I'm not sure it'll be a big help.
The reality is that the timeline between signup a new account, send one
email, copy it and mass send via AWS instance could all be do
Hi mailop
So it appears at the moment that we're experiencing a DKIM replay attack
against us. Basically some people are signing up a trial FastMail
account, sending a couple of emails to a gmail account (to get them DKIM
signed by us), and then copying the entire content of the email and
sending
> I wonder what the point is. How does the bad guy monetize it, or is it a
> coordinated attack against a specific victim? What other nefarious
> issues? Making the address useless or burying some other mail in the
> midst of the junk would seem to be a possibility.
>
> If an attack against a
> just as an fyi, Gmail switched to sending out utf-8 (for messages we
> compose) by default in 2014 and removed the feature that allowed users
> to override this a year ago. Downgrading from utf-8 to some charset
> that handles a much smaller subset of characters seems mostly
> unnecessary at t
Reported by one of our users...
---
Diagnostic information for administrators:
Generating server: AM4PR0601MB1986.eurprd06.prod.outlook.com
ville.kiiv...@ort.fi
Remote Server returned '550 5.6.0 CAT.InvalidContent.Exception:
InvalidCharsetException, Character set name (ISO-8859-10) is invalid or
> Back when I was running the mailfilters for a major state government
> agency, I regularly saw users reporting as spam things like:
> * Turnpike billing and account balance notices;
> * Time-to-renew notices for all manner of different licences and
> registrations: MDs and DOs, dentists
>> Ok, just to confirm, does this mean you don't recommend or recognise
>> SRS rewritten MAIL FROM addresses as special in any way?
>
> Does anyone understand SRS? I thought it was pretty much a dead end.
IMHO everything about SPF and SRS borders on somewhere between pointless
and craziness. Is
> Segregating it onto its own IP which is clearly named - like
> forwarder.fastmail.fm - would be a very good idea.
FYI, we already do this.
I think Bron got a bit sidetracked into this, because the delays were
mostly our out "outgoing mail" IPs, not on our "forwarded mail" IPs.
--
Rob Mueller
> We don't recommend doing that:
>
> https://support.google.com/mail/answer/175365
>
> If you are forwarding mail, you'll inevitably forward spam, and you
> don't want your reputation to take a hit on that.
>
> Or, damned if you do, damned if you don't.
Ok, just to confirm, does this mean you don
> A client with a new iPhone (not sure what model), attempts to setup
> imap/smtp using starttls. As part of the setup, the iPhone apparently
> probes the smtp server on port 587 with an SSL handshake:
>
> Jul 29 21:31:34 ns1 sendmail[20641]: t6U4VYQL020641: rejecting commands
> from 97-93-80-251.
Anyone else seeing delayed email to protection.outlook.com servers?
2015-06-29T19:55:41.804899-04:00 gateway1 postfix-out/smtp[210066]:
A30C222D2C: host protection.outlook.com[207.46.163.170] said: 451
4.7.550 Server busy. Please try again later. (AS22) (in reply to RCPT TO
command)
2015-06-2
We're seeing lots of deferred emails to AOL in the last couple of hours.
host mailin-03.mx.aol.com[152.163.0.99] refused to talk to me: 421
mtaig-aan02.mx.aol.com Service unavailable - try again later)
Anyone else seeing this?
--
Rob Mueller
r...@fastmail.fm
___
On Fri, 15 May 2015, at 15:35, Anne P. Mitchell, Esq. wrote:
> Robert, may I forward this to our Mailchimp contact?
Sure.
--
Rob Mueller
r...@fastmail.fm
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop
Is anyone from mailchimp on this list?
I've got some examples of issues with your sending IPs that I'd like to
discuss.
Please contact me off list.
Thanks
--
Rob Mueller
r...@fastmail.fm
___
mailop mailing list
mailop@mailop.org
http://chilli.nosign
26 matches
Mail list logo
