Re: [mailop] script to collect SPF addresses by domain?

On Tue, Oct 31, 2023 at 11:09:52AM +, Stuart Henderson wrote: > On 2023/10/30 20:28, Peter Nicolai Mathias Hansteen via mailop wrote: > > Assuming you are running on OpenBSD or other system that has a recent-ish > > OpenSMTPD, you could > > use OpenSMTPD's "smtpctl spf walk" > > SPF syntax al

Re: [mailop] seeking a spamtrap milter

On Tue, Jan 23, 2024 at 02:40:06PM -0500, Michael W. Lucas via mailop wrote: > > I have domains that should never receive mail. I'd like a milter that > looks for mail to those domains and feeds the IP of the sender to an > outside program. > > Surely someone wrote this spamtrap software? Or does

Re: [mailop] seeking a spamtrap milter

This thread had me think for long enought that I thought it might be useful to do a short (for me at least) writeup - A Simpler Life: Trapping Spambots Based on Target Domain Only https://nxdomain.no/~peter/domain-only-trapping.html (or tracked https://bsdly.blogspot.com/2024/01/a-simpler-life

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

On Thu, Jan 25, 2024 at 07:10:13AM +0100, Hans-Martin Mosner via mailop wrote: > Tonight we received a huge wave of extortion spams from OVH hosted domains > trying to get bitcoin payments. The senders claim that recipients watched > child porn. Your customers might find a tiny bit of solace in th

Re: [mailop] Extortion spam from OVH-hosted *.sbs domains

that it is almost certain that the embarrasing videos do not in fact exist. Unless of course you think that a particular user deserves to live in fear of just that. All the best, Peter On Thu, Jan 25, 2024 at 05:58:07PM +0100, Peter N. M. Hansteen via mailop wrote: > On Thu, Jan 25, 2024 at 07

Re: [mailop] Meta outgoing servers in black list (SORBS, 0SPAM...)

On Thu, Feb 01, 2024 at 10:32:14AM +0100, Eduardo Díaz Comellas via mailop wrote: > > Btw, how do you deal with this big players' blacklist problems? One (possibly naive) option is to extract from SPF the outbound MXes for domains you want to receive mail from, such as what I describe in http

Re: [mailop] how does mailhash.josephlist.net work?

On Tue, Apr 02, 2024 at 04:09:48PM +0200, Benoit Panizzon via mailop wrote: > I came across emails rejected by mailhash.josephlist.net > > reason: 550 5.7.1 block listed email address s...@example.com by > mailhash.josephlist.net (c559b92e0e284312b26c88d4bb707d14) "block listed email address"?

Re: [mailop] too many bad IP blocked

On Fri, Jun 21, 2024 at 10:46:02AM +, L. Mark Stone via mailop wrote: > We use "route" as the banaction in our Fail2Ban. If iptables or other filtering performance is a concern, I would definitely support the suggestion to use blackhole routes instead. Searching on obvious keywords dug out th

[mailop] Is anyone here familiar with vrfintelligence.es?

My spamd (https://man.openbsd.org/spamd, not the other one) entangled scriptery just alerted me to this: Aug 12 09:24:19 skapet spamd[84915]: 45.142.230.249: connected (134/129) Aug 12 09:24:30 skapet spamd[84915]: (GREY) 45.142.230.249: -> <66b9b8a2b327e_is_catch-...@bsdly.net> Aug 12 09:24:30

Re: [mailop] Virgina Media in UK bouncing emails with "550 Mailbox unavailable"

From the symptoms you describe, I would say this matches somebody running a joejob (https://en.wikipedia.org/wiki/Joe_job) campaign and most likely bought a bottom of the barrel spamto: list with a generous helping of outdated or never-existed-in-the-first-place addresses. DMARC reporting might he

Re: [mailop] Virgina Media in UK bouncing emails with "550 Mailbox unavailable"

On Tue, Sep 17, 2024 at 01:57:03PM +0100, Sebastian Arcus via mailop wrote: > On 17/09/2024 12:36, Peter N. M. Hansteen wrote: > > From the symptoms you describe, I would say this matches somebody running > > a joejob (https://en.wikipedia.org/wiki/Joe_job) campaign and most likely > > bought a bo

[mailop] The 'DNS only requires UDP' misconception vs SPF et al -- historical reasons?

I came across a network that I need to communicate with where (not unlike the one in https://bsdly.blogspot.com/2018/02/a-life-lesson-in-mishandling-smtp.html) they perform the checks for SPF, DKIM and so forth in the wrong places in addition to on ingress. Studying the headers at the receiving en

Re: [mailop] Protection.outlook.com SPF hoops to jump for IPv6

On Fri, Oct 23, 2020 at 10:28:28AM +0300, Otto J. Makela via mailop wrote: > > SPF for aka.fi is, as far as I can tell, correct albeit non-restrictive. > Before I start randomly making changes (like adding DKIM etc), does anyone > have ideas? I would guess it's the "?all" part they don't like. Th

Re: [mailop] JSON mail server logs ?

On Fri, Nov 20, 2020 at 08:01:36AM +, Andrew C Aitchison via mailop wrote: > > The has been a request for Exim to have the ability to save the > server mainlog in json format 'to make it easier to "consume" it' > https://bugs.exim.org/show_bug.cgi?id=2610 > > The developers would like to

Re: [mailop] Gmail deliverability issues of domain after double sendings

On 1/27/21 10:39 AM, postmaster outspot via mailop wrote: > Google postmaster reports a bad reputation for outspot.fr > already since April 2020. The other domains are fine. One oddity I notice about that domain is that it has apparently handed over incoming mail to google, bu

Re: [mailop] [External] Hotmail spam (again)

On Mon, Aug 16, 2021 at 05:25:57AM -0400, Kevin A. McGrail via mailop wrote: > > Microsoft, at a minimum, has 4 domains under their freemail umbrella:  > hotmail.com, msn.com, live.com and outlook.com. In addition, you will see a number of outlook.$countrytld such as outlook.jp, outlook.it, and

Re: [mailop] Anyone here from SiteGround or .mailspamprotection.com?

On 9/20/21 01:39, Kevin A. McGrail via mailop wrote: Hello, working on a delivery error that to me looks like there might be DNS issues.  Very unusual. if you do reach a human there, could you do us all a favor and ask them whether they still believe in the tooth fairy^H^H^H^H^H^H^H^H^H^H^H

Re: [mailop] How did this get routed to me?

On 2/16/22 16:40, Sinclair, John via mailop wrote: Valid email (supposedly) from petvetcarecenters.com to drew.q.tay...@gmail.com , and it got delivered to MY domain (mspca.org)… Sorry in advance if this violates any of the list’s rules, but here’s the header

Re: [mailop] Traffic patterns related to Russian-Ukranian conflict

On Wed, Mar 30, 2022 at 10:20:47AM -0400, Luis E. Muñoz via mailop wrote: > > Dear colleagues, > > I am looking at some data showing substantial email traffic increase (2x > baseline) along with a visible change in the spam filtering statistics, > centered at or near 2022-02-28. Are you guys aw

Re: [mailop] does outbound.protection.outlook.com ignore 550 for RCPT?

On Wed, Sep 07, 2022 at 06:15:14AM +, ml+mailop--- via mailop wrote: > My system is getting spammed by outbound.protection.outlook.com > > mail= > rcpt=, stat=550 > rcpt=, stat=550 > > and this happens again and again. > (note: it happened before with other MAIL addresses) > > It their MTA b

Re: [mailop] Massive bounce report campaign

On Tue, Nov 22, 2022 at 11:54:21AM +0100, Cyril - ImprovMX via mailop wrote: > I mean, to have 50k connections per minute to deliver bounce reports means > that the running campaign must be in the order of millions of emails just > for Outlook! 50k bounces per minute is abnormal, that's for sure.

Re: [mailop] Massive bounce report campaign

On 11/23/22 10:39, Cyril - ImprovMX via mailop wrote: I forgot to mention this, but indeed, the first thing we did was contact them. We had no response, so we blocked them and later realized that the email contact we had was a black hole on their end, so we reached out using another email we

Re: [mailop] Report sharing

On Wed, Dec 14, 2022 at 11:58:17AM +0100, Camille - Clean Mailbox via mailop wrote: > As I see some of you are sharing reports about sources of unwanted emails, For your collections and hopefully with potential for some practical use - This article https://bsdly.blogspot.com/2018/08/badness-e

Re: [mailop] Report sharing

On Wed, Dec 14, 2022 at 08:09:59PM -0600, Jarland Donnell via mailop wrote: > Thanks for sharing this. I'm asking publicly as I'm curious if this message > spawns any conversation, but have you seen or heard a lot of intentional > abuse around using bsdly.net email addresses specifically to attack

Re: [mailop] Contact info for antispamcloud.com ?

On Mon, Dec 26, 2022 at 06:26:26PM +, ml+mailop--- via mailop wrote: > On Sun, Dec 25, 2022, Peter Nicolai Mathias Hansteen via mailop wrote: > > > but since they have no valid MX record > > What's wrong with the MX records? > > dig antispamcloud.com. mx > antispamcloud.com.600 IN

Re: [mailop] Contact info for antispamcloud.com ?

On Mon, Dec 26, 2022 at 01:04:15PM -0600, Mark Alley via mailop wrote: > Checking the MX history, it looks like they've had these MX records in place > for that domain for several years. Or am I missing something? Were you > getting no resolution results previously? The 'dig antispamcloud.com mx'

Re: [mailop] Contact info for antispamcloud.com ?

On Mon, Dec 26, 2022 at 01:04:15PM -0600, Mark Alley via mailop wrote: > Checking the MX history, it looks like they've had these MX records in place > for that domain for several years. Or am I missing something? Were you > getting no resolution results previously? Circumstantial evidence from th

[mailop] Contact at mxrouting.net / mxroute.com /porkbun.com ?

Does anyone have useful contact info for one or more of those (which I am beginning to believe is in fact the same outfit)? Some odd delivery problems with messages that are some of the least useful I have seen. So bad, in fact, that I have already threatened to blog about them. Contact off-

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

On Wed, Jan 11, 2023 at 10:00:50PM +0100, Cyril - ImprovMX via mailop wrote: > Hi everyone! > > Today, I received a spam ("I got full access to your computer and installed > a trojan" kind of email). In general, I completely ignore these, but today > was different: > > The sender and recipient we

Re: [mailop] gmail putting most messages into Spam

On Tue, Jan 17, 2023 at 01:16:03PM +, Paul Gregg via mailop wrote: > Heads up in case anyone else is experiencing this. > > We are aware of a recent change in behaviour of gmail.com where > most email is placed directly into Spam folder. > > So far we have dozens of customers reporting this.

Re: [mailop] Google spurning the City of Kuopio, Finland

On Tue, Jan 24, 2023 at 10:57:37PM +0200, Atro Tossavainen via mailop wrote: > > It was reported in Finnish news today https://yle.fi/a/74-20014495 that > the city of Kuopio (#8 largest in the country) is unable to send email > to addresses served by Google and that this would be expected to last

Re: [mailop] Compromised email account trends

On Wed, Feb 08, 2023 at 03:39:18PM -0600, Jarland Donnell via mailop wrote: > > - Any email sent to ollegas2...@gmail.com, glob22aa.fun, or mx373.com > consistently links to what I believe is a virus that sends out a user's > email credentials to the bad actor. I can add to the list of likely can

[mailop] New iteration of SMTP callback snakeoil

Hi, Since some time yesterday I've seen a largish number of delivery attempts to obviously generated, invalid addesses in some of our domains, with the following apparent senders: informat...@ckuser.com informat...@mbxchk.com informat...@reqck.com informat...@send-now.net informat...@usereml.com

Re: [mailop] New iteration of SMTP callback snakeoil

On Sat, Mar 11, 2023 at 10:31:01AM -0600, Michael Rathbun via mailop wrote: > [snip] > >informat...@validmbx.com > [snip] > > The most recent validmbx.com attempt failed the generated address as expected, > then validated one of my "sudden death" spamtrap addresses. So, the sender is > welcome to

Re: [mailop] IP to country?

On Mon, Apr 24, 2023 at 06:44:45PM +0300, Mary via mailop wrote: > Is there a place that provides IP to country location information for free? > > Preferably in CIDR format. I am not interested to query a service, I am > interested to block whole countries at the firewall level. Maybe, refresh th

Re: [mailop] Next Microsoft rant: Account blocked with 'compliance warning' after forwarding spam to spamcop!

On Mon, Oct 07, 2024 at 11:21:10AM +0200, Benoit Panizzon via mailop wrote: > I usually forward spam mails I receive to Spamcop and similar services > as RFC822 attachments. Those services take the email apart, feed > blacklists train bayes filters and send notifications to the ISP of the > source

Re: [mailop] Next Microsoft rant: Account blocked with 'compliance warning' after forwarding spam to spamcop!

On Mon, Oct 07, 2024 at 12:07:59PM +, Louis via mailop wrote: > I would never use their feature where you can forward spam to them on sending > infrastructure I don't own, especially Microsoft. Just go to spamcop.net and > paste the raw email instead. What I tend to do is to dump the offending

Re: [mailop] Good registrar?

On Wed, Oct 02, 2024 at 01:37:41PM +0300, Otto J. Makela via mailop wrote: > It seems Gandi has been hiking their prices rather significantly. > > Do you have recommendations for a good domain registrar which still > keeps prices at a reasonable level, and also isn't a problematic > spammer/scamme

Re: [mailop] Huge increase in SASL brute force

On Mon, Oct 21, 2024 at 09:46:14AM -0600, Geoff Mulligan via mailop wrote: > Maybe I'm just now more observant, but I've seen a huge increase in bunches > of systems trying to brute force an SASL login. [ ... ] > > I wrote a script to check my mail log and block the IPs. > What do you all do? One

Re: [mailop] Huge increase in SASL brute force

On Mon, Oct 21, 2024 at 06:06:16PM +0200, Arrigo Triulzi via mailop wrote: > On 21 Oct 2024, at 17:46, Geoff Mulligan via mailop wrote: > > I wrote a script to check my mail log and block the IPs. > > I have about 5k different IPs hitting every day. > > > What do you all do? > > OpenBSD, so scr

Re: [mailop] Weird bounce message

On Thu, Jan 16, 2025 at 03:46:12AM -0500, Scott Q. via mailop wrote: > A user is trying to e-mail someone at setunari.com but we get > this weird bounce: > > 85.13.157.168 does not like recipient. > Remote host said: 550 5.7.1 : Recipient address rejected: temporarily > blocked because of previous

Re: [mailop] Weird bounce message

On Thu, Jan 16, 2025 at 04:32:27AM -0500, Scott Q. via mailop wrote: > Thanks, so despite the bounce saying it's a problem with the > recipient, it may very well be a problem with our sending IP ? > > Just trying to make sense of what the error really means. I keep thinking that we may need to fa

Re: [mailop] Landed on a blacklist that is out of order

For what it's worth, it seems that at least the OpenBSD.org mirror now considers nixspam dead: Getting http://www.openbsd.org/spamd/nixspam.gz blacklist nixspam 0 entries And for what it's worth part the second, I wrote a thing about running a blocklist way back when that I think still applies

[mailop] Possible SMTP callback implementation spotted - info appreciated

Hi, My spamtrap harvesting machinery(1) spotted a weird overlong one this afternoon (times in CEST), to wit: [Fri May 09 18:22:04] peter@skapet:~$ grep ujtvek_baecn8zeukebbwu_yvpj.5ay0q02j3uqj7-jn61h7zh-lw1awg226-...@bsdly.net /var/log/spamd May 9 18:09:34 skapet spamd[16683]: (GREY) 54.217.2

Re: [mailop] Alphanumerical account testing ?

On Mon, May 26, 2025 at 08:08:56PM -0400, J Doe via mailop wrote: > I operate a small mail server for a non-profit organization. Over the last > two weeks or so, I have observed servers connecting and attempting to > deliver to non-existent addresses. > > Ordinarily it's pretty easy to figure out

Re: [mailop] Checking existence of recipients

On Thu, Jun 26, 2025 at 10:33:14AM +0200, Support 3Hound via mailop wrote: > Dear list, > is it fair/correct to check the existence of a mailbox for about 30/50 mail > addresses/day? > They quite always will be present unless misspelled or typo that may be a > couple in a month. > We must RSET and