[Mailman-Users] Re: AT&T RBL again
Carl Zwanzig writes: > On 3/30/2021 9:28 AM, Mark Sapiro wrote: > > I had two servers blocked by ATT, fortunately not this one. They were > > both DigitalOcean droplets,[...] > > FWIW, a couple of my regular correspondents have said that DO generally does > not have a great email reputation, and that they're moving lists to other > platforms. DO hosts a large domain (appears to be a hosting reseller; don't recall offhand, if you want to know reply to me off list and I'll summarize to the list) that regularly tries to exploit my nonexistent O365 server and my also nonexistent DoH server, among others whose exact targets I don't remember offhand. I wrote the domain once, got nothing, nothing changed. I've blocked a couple of /20s and even a /16 and I haven't seen DO for a few weeks. I also wrote DO once, got a thank you note, nothing visibly changed.[1] :-/ Steve Footnotes: [1] To be honest, I'd already blocked the source address, but the only repeater I ever saw was my own employer's vuln scanner. :-รพ What a PITA, 9000+ accesses as quickly as they could connect. During work hours (gggh!) to boot. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: AT&T RBL again
Morris Jones writes: > [AT&T are opaque about their standards and process, and don't > provide any means to respond or unsubscribe their customers who > don't want your mail. This is the basic issue. Email users generally put more pressure on providers about "spam" (including stuff they've signed up for but have lost interest) than they do for lost mail (which they often don't know about, to be sure). Furthermore, with lost mail providers can easily point the finger elsewhere, which users tend to accept because moving providers is a massive PITA (unless the original one provides forwarding). Not much Mailman or site admins can do about this, unfortunately. Note that in those cases where the provider sends examples of "problematic" mail from your server but redacts customer identification, there are ways to "fingerprint" the message which the providers usually don't touch. Basically, add a header field with a hashed email address. Of course this requires message-per-subscriber which may be costly, and won't do much good unless you see enough of these to make it worth doing this as a policy matter. Since this involves patching Mailman anyway, you can add code so this only happens for specific problematic domains. It's reported to be effective with AOL and (IIRC) Yahoo! Steve -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: AT&T RBL again
Dear Stephen and Morris, Regarding your first post, I do not see the kind of Digital Ocean problems that you have. In the past, I have had other problems, mostly a botnet that was trying to guess passwords for WordPress (nonexistent), for many months. Concerning your second email, below, this has become a real sore point for me. However, I have no difficulty in identifying the recipients who are blocked. (I use Fedora linux with sendmail. That may or may not matter.) When a message from Mailman is blocked, I, as list owner, get a message that begins this way: # From: Mail Delivery Subsystem # To: jdm-society-boun...@sjdm.org # Subject: Returned mail: see transcript for details I think this happens because I checked "yes" for all the boxes in the Mailman configuration for "notifications" under "Bounce processing". (I also checked "yes" for all notifications under "General options", but I don't think that is relevant here.) The "transcript" says where the block came from, sometimes why the message was blocked (sometimes even with an address to complain to), and sometimes who the intended recipient was. (The bad news is that many of the addresses are not on my mailing list. They result from forwarding a listed address somewhere else, and the "transcript" doesn't give me the listed address. In a couple of particularly annoying cases I managed to track down the list member through detective work.) But it always gives the customer's address that is blocking the mail. Usually gmail will succeed in reaching that address if I want to tell the list member what is going on. Some of the "Returned mail" is the result of "host not found" or "account does not exist", when, in fact, the host can be found or the recipient is easily reached by gmail. This problem seems specific to my mail system. Fortunately it is rare. The other way I identify which users are blocked is that many of these are go into the "mail queue" (/var/spool/mqueue). As root, I am able to see all this with the "mailq" command, and each entry identifies the recipient. These are supposed to be temporary. The mailing system (sendmail) keeps trying to send these for 5 days. Most of them clear, but some never seem to clear. I think what I have just said speaks to your question. If not, then I don't understand your question. Now for a rant on the subject of spam blocking. Many providers (including att.net) block what they guess is spam without letting the recipient know what is happening. This includes posts to a 4000-member Mailman list concerning the academic field of judgments and decisions. Sometimes the post itself has a "high probability of spam". Sometimes our server is blocked because it sends too much "spam", or because someone within one of our "ranges" of ipv6 addresses is sending what they call spam, or even because our provider, Linode, has been known to harbor spammers. Block lists vary a lot in how responsive they are to complaints. Most of them allow you to request removal, but that is not permanent. The worst two are Spamhaus CSS and UCEPROTECT3. Fortunately, nobody pays much attention to the latter. The documents for Spamhaus seem to say that they are doing this to force customers, like me, to put pressure on my provider, Linode, to prevent anyone from sending spam from their domain. They say that this is possible because Microsoft does it. (They seem to ignore the cost issue.) Our server sees all the spam. (We use spamassassin to put it in a separate file.) 99% of it is simply electronic junk mail. If you had to sort it by hand, it would take a couple hundred msec to identify it and delete it, just like postal junk mail. By contrast, robo calls on a land line or cell phone are REALLY annoying. Thus, I do see why recipients cannot see the spam and create their own white list. Email spam is trivial by comparison. Gmail comes close to letting you decide what to call spam. In sum, totally blocking "spam" from the recipient, on the basis of some fallible algorithm that guesses what is spam, is outrageous. Jon On 04/03/21 17:59, Stephen J. Turnbull wrote: > Morris Jones writes: > > > [AT&T are opaque about their standards and process, and don't > > provide any means to respond or unsubscribe their customers who > > don't want your mail. > > This is the basic issue. Email users generally put more pressure on > providers about "spam" (including stuff they've signed up for but have > lost interest) than they do for lost mail (which they often don't know > about, to be sure). Furthermore, with lost mail providers can easily > point the finger elsewhere, which users tend to accept because moving > providers is a massive PITA (unless the original one provides > forwarding). Not much Mailman or site admins can do about this, > unfortunately. > > Note that in those cases where the provider sends examples of > "problematic" mail from your server but redacts customer > identification, there are ways to "fingerprint" the message wh
[Mailman-Users] Re: AT&T RBL again
Jon Baron writes: > I think what I have just said speaks to your question. If not, then I don't > understand your question. It wasn't a question. It was a statement that a technical solution exists that might be useful to some site administrators in relatively unusual circumstances. > Now for a rant on the subject of spam blocking. [ agreed! ] > In sum, totally blocking "spam" from the recipient, on the basis of > some fallible algorithm that guesses what is spam, is outrageous. And semi-popular with users while being cheap for providers, which was my other point. So, good luck doing anything about it. :-( Let's put it this way: one of the few things my (ultimate) employer has done right in terms of Internet security was banning in April 2014 the use of Yahoo! addresses for communication within all educational institutions in Japan. And I haven't seen any (internally) since. :-) But it takes that level of power to do anything about sucky providers. And ... uh, well ... they actually got it *wrong*: Yahoo! Japan franchised the name and some of the software, but otherwise is independent of international Yahoo!, and to this day % host -t TXT _dmarc.yahoo.co.jp _dmarc.yahoo.co.jp descriptive text "v=DMARC1; p=none; \ <= ! rua=mailto:ymail_dmarc_rep...@yahoo.co.jp"; This is the cockeyed Internet we have. It's wishful thinking to think otherwise. Im theory, it *could* be *much* better, but it's not going to "just happen". We have to build it ourselves. That's why we (Mailman) are here. Not that we're terribly important, or even all that good at it, but https://gitlab.com/mailman is open for merge requests if you can do a better job. :-) By the way, that's a happy smiley, not a snarky smiley trying to imply "quitcherbitchin and code" or anything like that. Steve -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: AT&T RBL again
On 4/3/21 1:59 AM, Stephen J. Turnbull wrote: > > Note that in those cases where the provider sends examples of > "problematic" mail from your server but redacts customer > identification, there are ways to "fingerprint" the message which the > providers usually don't touch. Basically, add a header field with a > hashed email address. Of course this requires message-per-subscriber > which may be costly, and won't do much good unless you see enough of > these to make it worth doing this as a policy matter. > > Since this involves patching Mailman anyway, you can add code so this > only happens for specific problematic domains. It's reported to be > effective with AOL and (IIRC) Yahoo! This is a feature in MM 2.1. From Defaults.py > # If the following is set to a non-empty string, that string is the name of a > # header that will be added to personalized and VERPed deliveries with value > # equal to the base64 encoding of the recipient's email address. This is > # intended to enable identification of the recipient otherwise redacted from > # "spam report" feedback loop messages. For example, if > # RCPT_BASE64_HEADER_NAME = 'X-Mailman-R-Data' > # a header like > # X-Mailman-R-Data: dXNlckBleGFtcGxlLmNvbQo= > # will be added to messages sent to user@@example.com. > RCPT_BASE64_HEADER_NAME = '' This feature doesn't yet exist in Mailman 3. FWIW, Yahoo/AOL are not currently redacting the recipient address, but it may not be the address the message was sent to if intermediate forwarding is involved. Also, Hotmail is not currently redacting the recipient address. Personalizing deliveries and putting the recipient address in the msg_footer seems to work well for non-digest messages. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
