spamd and outlook.com

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

spamd and outlook.com

Markus Rosjat
Hi there,

so if you have spamd in place in greylisting mode and you have customers
that work with people who use Office365 as a service you will get calls
that emails are delayed for a freaking long time and if you check the ip
range that outlook.com could send from you get scared.

So  what are the strategies out there to handle this kind of situation?
Do you let them all pass and trust that microsoft is protecting there
service enough to stop spamming from hijacked machines that use office365 ?

Do you gradually grand access to a new ip rang if you see its tring to
reach your server and let the rest be?

Just curious here I had a case where you could dig the mx for a domain
and it was a outlook.com server. It was whitelisted in my system but it
seems MS is using this mx to retrieve mail and still send mails even
from that domain with other mx in diffrent ranges. So you see 30 grey
entries from diffent mx that trying to reach the customers mailbox.

I'm a little reluctant to whitelist a shitload of ips just to get rid of
a 1 or 2 day delay in delivering the message and yes this was the case

regards

--
Markus Rosjat    fon: +49 351 8107223    mail: [hidden email]

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Peter N. M. Hansteen-3
On Fri, Apr 21, 2017 at 11:25:14AM +0200, Markus Rosjat wrote:
>
> so if you have spamd in place in greylisting mode and you have customers
> that work with people who use Office365 as a service you will get calls that
> emails are delayed for a freaking long time and if you check the ip range
> that outlook.com could send from you get scared.

start with

$ host -ttxt outlook.com

and follow the includes to the very end. Then weep.

TL;DR: last time I looked that expanded to eighty-some *networks* of varying sizes.

https://github.com/akpoff/spf_fetch fed the relevant domains is one solution,
and in addition you will find my collection of manually maintained SPF sedimentation
is available at https://home.nuug.no/~peter/nospamd 

The problem is that the 'architects' behind outlook.com and their ilk are really
not on board with the idea that having some tiny bit of control over where your mail
comes from is a good idea, but they were made to comply with the SPF/DKIM/DMARC scheme
(straight out of the Rube Goldberg school of engineering), which is one of those endless
and endlessly tiresome artifacts of the "something has to be done", "this is something"
'system architect' responses.

--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Markus Rosjat
hey peter,

like your pf book very much helped me a lot to grasp some stuff  :)

fot the host solution I already did this but skiped the part with
following the includes.

MS is providing a list of there possible ip ranges here

https://technet.microsoft.com/en-us/library/dn163583(v=exchg.150).aspx

and thats just scary ...

Am 21.04.2017 um 11:59 schrieb Peter N. M. Hansteen:

> On Fri, Apr 21, 2017 at 11:25:14AM +0200, Markus Rosjat wrote:
>>
>> so if you have spamd in place in greylisting mode and you have customers
>> that work with people who use Office365 as a service you will get calls that
>> emails are delayed for a freaking long time and if you check the ip range
>> that outlook.com could send from you get scared.
>
> start with
>
> $ host -ttxt outlook.com
>
> and follow the includes to the very end. Then weep.
>
> TL;DR: last time I looked that expanded to eighty-some *networks* of varying sizes.
>
> https://github.com/akpoff/spf_fetch fed the relevant domains is one solution,
> and in addition you will find my collection of manually maintained SPF sedimentation
> is available at https://home.nuug.no/~peter/nospamd
>
> The problem is that the 'architects' behind outlook.com and their ilk are really
> not on board with the idea that having some tiny bit of control over where your mail
> comes from is a good idea, but they were made to comply with the SPF/DKIM/DMARC scheme
> (straight out of the Rube Goldberg school of engineering), which is one of those endless
> and endlessly tiresome artifacts of the "something has to be done", "this is something"
> 'system architect' responses.
>

--
Markus Rosjat    fon: +49 351 8107223    mail: [hidden email]

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Reyk Floeter-2
In reply to this post by Peter N. M. Hansteen-3
On Fri, Apr 21, 2017 at 11:59:20AM +0200, Peter N. M. Hansteen wrote:

> On Fri, Apr 21, 2017 at 11:25:14AM +0200, Markus Rosjat wrote:
> >
> > so if you have spamd in place in greylisting mode and you have customers
> > that work with people who use Office365 as a service you will get calls that
> > emails are delayed for a freaking long time and if you check the ip range
> > that outlook.com could send from you get scared.
>
> start with
>
> $ host -ttxt outlook.com
>
> and follow the includes to the very end. Then weep.
>
> TL;DR: last time I looked that expanded to eighty-some *networks* of varying sizes.
>
> https://github.com/akpoff/spf_fetch fed the relevant domains is one solution,
> and in addition you will find my collection of manually maintained SPF sedimentation
> is available at https://home.nuug.no/~peter/nospamd 
>

I use the attached script to fetch the SPF entries recursively, in a
plain text format that can be fed into pfctl.

outlook.com gives me 82 networks.

Reyk

---snip---
#!/usr/bin/perl

# Copyright (c) 2016 Reyk Floeter <[hidden email]>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

$domain = shift @ARGV or die "usage: $0 domain";

sub parsespf
{
        my $domain = shift;
        my @foo = `nslookup -q=TXT $domain`;
        my @results = ();

        foreach (@foo) {
                next if not /$domain\ttext/;
                next if not s/$domain\ttext = "v=spf1([^"]+)"/$1/;

                @results = split /\s+/;
                foreach (@results) {
                        next if /.all/;
                        if (s/^ip[46]://) {
                                print "$_\n";
                        } elsif (s/^(redirect|include)[:=]//) {
                                print "\n#$_\n";
                                parsespf($_);
                        }
                }
        }
}

parsespf($domain);

0;

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Craig Skinner-3
In reply to this post by Markus Rosjat
Hi Markus,

On Fri, 21 Apr 2017 11:25:14 +0200 Markus Rosjat wrote:
> so if you have spamd in place in greylisting mode and you have
> customers that work with people who use Office365 as a service you
> will get calls that emails are delayed for a freaking long time

Email is not instant messaging.

Customers need educated to that fact.

>
> So  what are the strategies out there to handle this kind of
> situation? Do you let them all pass and trust that microsoft is
> protecting there service enough to stop spamming from hijacked
> machines that use office365 ?
>

http://web.britvault.co.uk/products/ungrey-robins/logs/outlook.txt

The ungrey-robins tool, with patterns for Outlook, Google, Amazon, etc:
http://web.britvault.co.uk/products/ungrey-robins/


>
> Just curious here I had a case where you could dig the mx for a
> domain and it was a outlook.com server.

No. DNS MX records are used for sending mail _TO_ a domain.

Inbound mail routing doesn't apply to outbound mail.

Domains may relay out via other domains (e.g. their ISP's mail farm).

When sending, many domains SMTP HELO with google, outlook, etc...

The ungrey-robins tool looks at the HELO hostname, not the FROM domain.


See the misc@ thread "spamd and network whitelisting"
http://marc.info/?t=148189829200002


Cheers,
--
Craig Skinner | http://linkd.in/yGqkv7

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Craig Skinner-3
In reply to this post by Peter N. M. Hansteen-3
Hello Peter/all,

On Fri, 21 Apr 2017 11:59:20 +0200 "Peter N. M. Hansteen" wrote:
>
> start with
>
> $ host -ttxt outlook.com
>
> and follow the includes to the very end. Then weep.
>


In February 2015 Paul de Weerd calculated Google published 217,088 IPv4
addresses, and 29,710,560,942,849,126,597,578,981,376 IPv6 addresses as
valid SMTP servers. See:
http://marc.info/?l=openbsd-misc&m=142478407909186

It would be reasonable to state Google (and others) have populated SPF
with LIES.


Boudewijn Dijkstra wrote: "SPF was never meant for making accept/reject
decisions on arbitrary domains. If you don't trust the sending domain,
then SPF evaluation is pointless."
http://marc.info/?l=openbsd-misc&m=148232868408696


Regards,
--
Craig Skinner | http://linkd.in/yGqkv7

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Boudewijn Dijkstra-3
In reply to this post by Reyk Floeter-2
Op Fri, 21 Apr 2017 12:16:31 +0200 schreef Reyk Floeter <[hidden email]>:
> On Fri, Apr 21, 2017 at 11:59:20AM +0200, Peter N. M. Hansteen wrote:
>> On Fri, Apr 21, 2017 at 11:25:14AM +0200, Markus Rosjat wrote:
>> >
>
> I use the attached script to fetch the SPF entries recursively, in a
> plain text format that can be fed into pfctl.

Have you tried mx3a.certifiedfactory.info ?  ;)


--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Reyk Floeter-2
On Fri, Apr 21, 2017 at 01:52:05PM +0200, Boudewijn Dijkstra wrote:

> Op Fri, 21 Apr 2017 12:16:31 +0200 schreef Reyk Floeter <[hidden email]>:
> > On Fri, Apr 21, 2017 at 11:59:20AM +0200, Peter N. M. Hansteen wrote:
> > > On Fri, Apr 21, 2017 at 11:25:14AM +0200, Markus Rosjat wrote:
> > > >
> >
> > I use the attached script to fetch the SPF entries recursively, in a
> > plain text format that can be fed into pfctl.
>
> Have you tried mx3a.certifiedfactory.info ?  ;)
>

great

I think you got something wrong:

I don't use this simple script automatically or for "untrusted
domains", I just use it _manually_ and for _well-known_ offenders like
outlook.com that break greylisting.  SPF is not a security solution,
but it is a band-aid that helps to handle these stupid cloud-based MTAs.

The script below fixes it - or akpoff's slightly more complicated (and
probably more correct) version.

Reyk

---snip---
#!/usr/bin/perl

# Copyright (c) 2016, 2017 Reyk Floeter <[hidden email]>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

$domain = shift @ARGV or die "usage: $0 domain";
%seen = {};

sub parsespf
{
        my $domain = shift;
        my @foo = `nslookup -q=TXT $domain`;
        my @results = ();

        foreach (@foo) {
                next if not /$domain\ttext/;
                next if not s/$domain\ttext = "v=spf1([^"]+)"/$1/;

                @results = split /\s+/;
                foreach (@results) {
                        next if /.all/;
                        if (s/^ip[46]://) {
                                print "$_\n";
                        } elsif (s/^(redirect|include)[:=]//) {
                                print "\n#$_\n";
                                if (!$seen{$_}) {
                                        $seen{$_} = true;
                                        parsespf($_);
                                }
                        }
                }
        }
}

parsespf($domain);

0;

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Peter N. M. Hansteen-3
In reply to this post by Peter N. M. Hansteen-3
And apropos of the subject, quite on-topic: https://home.nuug.no/~peter/dmarc-reject_openbsd-misc_spadm_and_spf.txt

- P (pats robot on virtual head)
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Edgar Pettijohn III-2
In reply to this post by Reyk Floeter-2


On 04/21/17 07:12, Reyk Floeter wrote:

> On Fri, Apr 21, 2017 at 01:52:05PM +0200, Boudewijn Dijkstra wrote:
>> Op Fri, 21 Apr 2017 12:16:31 +0200 schreef Reyk Floeter <[hidden email]>:
>>> On Fri, Apr 21, 2017 at 11:59:20AM +0200, Peter N. M. Hansteen wrote:
>>>> On Fri, Apr 21, 2017 at 11:25:14AM +0200, Markus Rosjat wrote:
>>> I use the attached script to fetch the SPF entries recursively, in a
>>> plain text format that can be fed into pfctl.
>> Have you tried mx3a.certifiedfactory.info ?  ;)
>>
> great
>
> I think you got something wrong:
>
> I don't use this simple script automatically or for "untrusted
> domains", I just use it _manually_ and for _well-known_ offenders like
> outlook.com that break greylisting.  SPF is not a security solution,
> but it is a band-aid that helps to handle these stupid cloud-based MTAs.
>
> The script below fixes it - or akpoff's slightly more complicated (and
> probably more correct) version.
>
> Reyk
>
> ---snip---
> #!/usr/bin/perl
>
> # Copyright (c) 2016, 2017 Reyk Floeter <[hidden email]>
> #
> # Permission to use, copy, modify, and distribute this software for any
> # purpose with or without fee is hereby granted, provided that the above
> # copyright notice and this permission notice appear in all copies.
> #
> # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
> # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>
> $domain = shift @ARGV or die "usage: $0 domain";
> %seen = {};
>
> sub parsespf
> {
> my $domain = shift;
> my @foo = `nslookup -q=TXT $domain`;
> my @results = ();
>
> foreach (@foo) {
> next if not /$domain\ttext/;
> next if not s/$domain\ttext = "v=spf1([^"]+)"/$1/;
>
> @results = split /\s+/;
> foreach (@results) {
> next if /.all/;
> if (s/^ip[46]://) {
> print "$_\n";
> } elsif (s/^(redirect|include)[:=]//) {
> print "\n#$_\n";
> if (!$seen{$_}) {
> $seen{$_} = true;
> parsespf($_);
> }
> }
> }
> }
> }
>
> parsespf($domain);
>
> 0;
I'm glad I'm not the only one with this problem.  I started off just
adding individual ip's to my nospamd as needed, but they deliver mail so
stupidly.  One message may get sent from in my experience 4 different
ip's so they get trapped each time and I'm guessing they eventually give
up.  Luckily https://home.nuug.no/~peter/nospamd came across my screen
one day.  It seems to have cured my problem. Thanks Peter!

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Boudewijn Dijkstra-3
In reply to this post by Reyk Floeter-2
Op Fri, 21 Apr 2017 14:12:56 +0200 schreef Reyk Floeter <[hidden email]>:

> On Fri, Apr 21, 2017 at 01:52:05PM +0200, Boudewijn Dijkstra wrote:
>> Op Fri, 21 Apr 2017 12:16:31 +0200 schreef Reyk Floeter  
>> <[hidden email]>:
>> > On Fri, Apr 21, 2017 at 11:59:20AM +0200, Peter N. M. Hansteen wrote:
>> > > On Fri, Apr 21, 2017 at 11:25:14AM +0200, Markus Rosjat wrote:
>> > > >
>> >
>> > I use the attached script to fetch the SPF entries recursively, in a
>> > plain text format that can be fed into pfctl.
>>
>> Have you tried mx3a.certifiedfactory.info ?  ;)
>>
>
> great
>
> I think you got something wrong:
>
> I don't use this simple script automatically or for "untrusted
> domains", I just use it _manually_ and for _well-known_ offenders like
> outlook.com that break greylisting.

I only pointed out a weakness. Infinite loops may happen regardless of  
trust or reputation, so the weakness should IMHO be either documented or  
fixed.

>  SPF is not a security solution,
> but it is a band-aid that helps to handle these stupid cloud-based MTAs.
>
> The script below fixes it - or akpoff's slightly more complicated (and
> probably more correct) version.

Thanks.

--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Stuart Henderson
In reply to this post by Markus Rosjat
On 2017-04-21, Markus Rosjat <[hidden email]> wrote:
> so if you have spamd in place in greylisting mode and you have customers
> that work with people who use Office365 as a service you will get calls
> that emails are delayed for a freaking long time and if you check the ip
> range that outlook.com could send from you get scared.
>
> So  what are the strategies out there to handle this kind of situation?

I stopped simple spamd-style greylisting years ago, I was spending far
more time waiting for verification mails and figuring out the cause for
mail delays than it saved me in deleting spam (especially considering
a lot still gets past greylisting).

I switched to using postfix's "after-accept" checks (which drop the
first attempt from a new source, blacklisting if they make certain SMTP
errors, but don't have a timeout period - allows delivery immediately on
reconnect). And these days I exempt hosts on dnswl.org from this.

I now also do greylisting via rspamd for high-ish scoring mail, if it
suspects it's likely to be spam but isn't quite sure, it greylists for a
while; often the sender is added to enough RBL or RHSBLs by the time it
retries and is then detected as spam right away. There are still some
delays from legit-but-spammy-looking mail, but real "written by a human"
mail, and the majority of address verification mails, usually get through
without greylisting.

> Do you let them all pass and trust that microsoft is protecting there
> service enough to stop spamming from hijacked machines that use office365 ?

Never mind spam, from what I can see Microsoft don't even kill off
actual malware hosted on their own domains (e.g. sharepoint.com) in a
timely fashion..

But they undoubtedly will have per-sender rate limits on email. I don't
see greylisting from the address space listed in their SPF records or
dnswl entries as doing much good.

> I'm a little reluctant to whitelist a shitload of ips just to get rid of
> a 1 or 2 day delay in delivering the message and yes this was the case

And if you're unlucky they don't retry from the same IP before the
message gets too old and falls out of the sender's queue.


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Stuart Henderson
In reply to this post by Craig Skinner-3
On 2017-04-21, Craig Skinner <[hidden email]> wrote:

> Hi Markus,
>
> On Fri, 21 Apr 2017 11:25:14 +0200 Markus Rosjat wrote:
>> so if you have spamd in place in greylisting mode and you have
>> customers that work with people who use Office365 as a service you
>> will get calls that emails are delayed for a freaking long time
>
> Email is not instant messaging.
>
> Customers need educated to that fact.

How do you educate them to that when they send to their gmail account
and it shows up on their phone within seconds?

Sometimes there are delays but there's no reason for that to be the norm.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Markus Rosjat
In reply to this post by Markus Rosjat
Like I said I had one case where I had the same message send from 20 different outlook.com servers that's just stupid
Regards
Markus

-------- Ursprüngliche Nachricht --------
Von: Edgar Pettijohn <[hidden email]>
Datum: 21.04.17  15:20  (GMT+01:00)
An: [hidden email]
Betreff: Re: spamd and outlook.com



On 04/21/17 07:12, Reyk Floeter wrote:

> On Fri, Apr 21, 2017 at 01:52:05PM +0200, Boudewijn Dijkstra wrote:
>> Op Fri, 21 Apr 2017 12:16:31 +0200 schreef Reyk Floeter <[hidden email]>:
>>> On Fri, Apr 21, 2017 at 11:59:20AM +0200, Peter N. M. Hansteen wrote:
>>>> On Fri, Apr 21, 2017 at 11:25:14AM +0200, Markus Rosjat wrote:
>>> I use the attached script to fetch the SPF entries recursively, in a
>>> plain text format that can be fed into pfctl.
>> Have you tried mx3a.certifiedfactory.info ?  ;)
>>
> great
>
> I think you got something wrong:
>
> I don't use this simple script automatically or for "untrusted
> domains", I just use it _manually_ and for _well-known_ offenders like
> outlook.com that break greylisting.  SPF is not a security solution,
> but it is a band-aid that helps to handle these stupid cloud-based MTAs.
>
> The script below fixes it - or akpoff's slightly more complicated (and
> probably more correct) version.
>
> Reyk
>
> ---snip---
> #!/usr/bin/perl
>
> # Copyright (c) 2016, 2017 Reyk Floeter <[hidden email]>
> #
> # Permission to use, copy, modify, and distribute this software for any
> # purpose with or without fee is hereby granted, provided that the above
> # copyright notice and this permission notice appear in all copies.
> #
> # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
> # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>
> $domain = shift @ARGV or die "usage: $0 domain";
> %seen = {};
>
> sub parsespf
> {
> my $domain = shift;
> my @foo = `nslookup -q=TXT $domain`;
> my @results = ();
>
> foreach (@foo) {
> next if not /$domain\ttext/;
> next if not s/$domain\ttext = "v=spf1([^"]+)"/$1/;
>
> @results = split /\s+/;
> foreach (@results) {
> next if /.all/;
> if (s/^ip[46]://) {
> print "$_\n";
> } elsif (s/^(redirect|include)[:=]//) {
> print "\n#$_\n";
> if (!$seen{$_}) {
> $seen{$_} = true;
> parsespf($_);
> }
> }
> }
> }
> }
>
> parsespf($domain);
>
> 0;
I'm glad I'm not the only one with this problem.  I started off just
adding individual ip's to my nospamd as needed, but they deliver mail so
stupidly.  One message may get sent from in my experience 4 different
ip's so they get trapped each time and I'm guessing they eventually give
up.  Luckily https://home.nuug.no/~peter/nospamd came across my screen
one day.  It seems to have cured my problem. Thanks Peter!

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Kevin Chadwick-4
In reply to this post by Stuart Henderson
On Fri, 21 Apr 2017 16:02:20 +0000 (UTC)
Stuart Henderson <[hidden email]> wrote:

> >
> > Email is not instant messaging.
> >
> > Customers need educated to that fact.  
>
> How do you educate them to that when they send to their gmail account
> and it shows up on their phone within seconds?
>
> Sometimes there are delays but there's no reason for that to be the
> norm.

Unfortunately, I disagree. Instant messaging has a friends/block
facility, email is for strangers too. The delay doesn't need to
be long however but your chances of receiving spam are far better with
the checks before accepting.

Hotmail users skip through the spam and pick valid messages out of their
spam folder. A colleague of mine commented on having a spam message as
if it was rare the other day.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Kurt H Maier
In reply to this post by Stuart Henderson
On Fri, Apr 21, 2017 at 04:02:20PM +0000, Stuart Henderson wrote:

> On 2017-04-21, Craig Skinner <[hidden email]> wrote:
> > Hi Markus,
> >
> > On Fri, 21 Apr 2017 11:25:14 +0200 Markus Rosjat wrote:
> >> so if you have spamd in place in greylisting mode and you have
> >> customers that work with people who use Office365 as a service you
> >> will get calls that emails are delayed for a freaking long time
> >
> > Email is not instant messaging.
> >
> > Customers need educated to that fact.
>
> How do you educate them to that when they send to their gmail account
> and it shows up on their phone within seconds?
>
> Sometimes there are delays but there's no reason for that to be the norm.
>

There's no reason email can't be instant messaging.  Postmasters have
spent decades training users that email just sucks and is necessarily
unreliable.  All they did was corral users toward services where they
don't have to hear the administrators whining about how hard that job
is.  

Greylisting is a hack, an abuse of a side-effect.  Most such approaches
have deleterious side effects.  This particular side effect is why I
don't like greylisting in general, even though it's fairly effective.

khm

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Walter Alejandro Iglesias-3
In reply to this post by Stuart Henderson
Stuart Henderson wrote:

> On 2017-04-21, Craig Skinner <[hidden email]> wrote:
> > Email is not instant messaging.
> >
> > Customers need educated to that fact.
>
> How do you educate them to that when they send to their gmail account
> and it shows up on their phone within seconds?

We, at school, used the pen as blowgun.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Kevin Chadwick-4
In reply to this post by Kurt H Maier
On Fri, 21 Apr 2017 09:21:48 -0700
Kurt H Maier <[hidden email]> wrote:

> Greylisting is a hack, an abuse of a side-effect.  Most such
> approaches have deleterious side effects.  This particular side
> effect is why I don't like greylisting in general, even though it's
> fairly effective.

Do you answer your phone before looking at the number/caller?

It is not a hack at all. The only problem that keeps coming up is large
MTAs that I have concluded, wish to discourage it as it increases their
costs (I am sure they know what IPS may send mail and could publish SPF
records much more usefully (they probably block windows boxes
etc. from connecting to port 25 to avoid being blacklisted)). It would
be nice if SPAMD/SMTPD/GREYSCANNER/SCRIPTS could be integrated/improved
to the point that checks could be completed whilst the connection is
still stuttering and then the connection speed back up once completed.
Unfortunately, it is often dumb spam bots that hang around and the
likes of hotmail that disconnect early. So I guess any efforts there
*may* be a waste of time anyway.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Kurt H Maier
On Fri, Apr 21, 2017 at 10:40:42PM +0100, Kevin Chadwick wrote:
> On Fri, 21 Apr 2017 09:21:48 -0700
> Kurt H Maier <[hidden email]> wrote:
>
> > Greylisting is a hack, an abuse of a side-effect.  Most such
> > approaches have deleterious side effects.  This particular side
> > effect is why I don't like greylisting in general, even though it's
> > fairly effective.
>
> Do you answer your phone before looking at the number/caller?

In fact, there are some numbers I will not respond to (and these do not
cause my phone to ring) and the rest I just answer.  Just like having a
blacklist I don't accept SMTP connections from at all, and the rest get
processed normally.

What I don't do it set an outgoing voicemail greeting informing
correspondents that my time is more valuable than theirs, and if they
want to contact me I have a list of hoops through which they must jump.

That would make me an asshole.

> It is not a hack at all.

It is.  SMTP is mandated to retry as a reliability factor, in a world
with bad network connections and unreliable software.  It is not
mandated to retry so people can play cute games with the sending unit.
I personally have no burning desire to see greylisting expunged from the
internet, but I also have no sympathy for people who think it's a real
solution to anything.  If it works for someone, good for them, but I
will never be even a little surprised when it becomes a pain in
someone's ass.

khm

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: spamd and outlook.com

Stuart Henderson
On 2017-04-21, Kurt H Maier <[hidden email]> wrote:
> What I don't do it set an outgoing voicemail greeting informing
> correspondents that my time is more valuable than theirs, and if they
> want to contact me I have a list of hoops through which they must jump.
>
> That would make me an asshole.

Heh. I do actually have asterisk play a "press <randomly chosen
digit> to talk to someone" message to callers who withhold caller id.


12
Loading...