Closed JasonBarnabe closed 7 months ago
From #1198
Oct 18 21:46:47 mail sm-mta[1835663]: STARTTLS=client, relay=mail2.anonaddy.me., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkdR61835642: to=<s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com>, delay=00:00:09, xdelay=00:00:09, mailer=esmtp, pri=120643, relay=mail2.anonaddy.me. [IPv6:2a04:3544:8000:1000:e8b5:6ff:fe29:56c], dsn=5.7.1, stat=User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkdR61835642: to=<noreply@greasyfork.org>, delay=00:00:09, mailer=local, pri=120643, dsn=5.1.1, stat=User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkdR61835642: to=postmaster, delay=00:00:09, mailer=local, pri=120643, dsn=5.1.1, stat=User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkdR61835642: 39ILkmR61835663: postmaster notify: User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkmR61835663: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkmR61835663: to=postmaster, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkmR61835663: 39ILkmR71835663: return to sender: User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkmR71835663: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Oct 18 21:46:48 mail sm-mta[1835663]: 39ILkmR61835663: Saved message in /var/lib/sendmail/dead.letter
Bounce message:
From MAILER-DAEMON Wed Oct 18 21:46:48 2023
Return-Path: <MAILER-DAEMON>
Received: from localhost (localhost)
by mail.greasyfork.org (8.15.2/8.15.2/Debian-22ubuntu3) id 39ILkmR61835663;
Wed, 18 Oct 2023 21:46:48 GMT
Date: Wed, 18 Oct 2023 21:46:48 GMT
From: Mail Delivery Subsystem <MAILER-DAEMON>
Message-Id: <202310182146.39ILkmR61835663@mail.greasyfork.org>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="39ILkmR61835663.1697665608/mail.greasyfork.org"
Subject: Postmaster notify: see transcript for details
Auto-Submitted: auto-generated (postmaster-notification)
This is a MIME-encapsulated message
--39ILkmR61835663.1697665608/mail.greasyfork.org
The original message was received at Wed, 18 Oct 2023 21:46:39 GMT
from mail.greasyfork.org [127.0.0.1]
with id 39ILkdR61835642
----- The following addresses had permanent fatal errors -----
<s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com>
(reason: 550 5.7.1 Service unavailable; client [2600:3c01::f03c:93ff:fe42:f60e] blocked using zen.spamhaus.org)
----- Transcript of session follows -----
... while talking to mail2.anonaddy.me.:
>>> RCPT To:<s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com>
<<< 550 5.7.1 Service unavailable; client [2600:3c01::f03c:93ff:fe42:f60e] blocked using zen.spamhaus.org
550 5.1.1 <s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com>... User unknown
>>> DATA
<<< 554 5.5.1 Error: no valid recipients
451 4.4.1 reply: read error from mail2.anonaddy.me.
550 5.1.1 <noreply@greasyfork.org>... User unknown
550 5.1.1 postmaster... User unknown
--39ILkmR61835663.1697665608/mail.greasyfork.org
Content-Type: message/delivery-status
Reporting-MTA: dns; mail.greasyfork.org
Received-From-MTA: DNS; mail.greasyfork.org
Arrival-Date: Wed, 18 Oct 2023 21:46:39 GMT
Final-Recipient: RFC822; s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com
Action: failed
Status: 5.7.1
Remote-MTA: DNS; mail2.anonaddy.me
Diagnostic-Code: SMTP; 550 5.7.1 Service unavailable; client [2600:3c01::f03c:93ff:fe42:f60e] blocked using zen.spamhaus.org
Last-Attempt-Date: Wed, 18 Oct 2023 21:46:48 GMT
--39ILkmR61835663.1697665608/mail.greasyfork.org
Content-Type: text/rfc822-headers
Return-Path: <noreply@greasyfork.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=greasyfork.org;
s=default; t=1697665599;
bh=JC28450rGzhEk07qPKrkt4X+Y1feTx4tJD0/NYY0dc0=;
h=Date:From:Reply-To:To:Subject:From;
b=dlqcREb5yiIdt1qXqTzd3mjzW15yVdMDLgxqQNhClgcpuwF5ExZzEmkQy9xLF5Z2U
7gR3UlSg9Hzn/iAxx7EYRnT6GyhvxblDXLINEUBXCVvTgFtGI8uLHoSEGNX/Z9w7Ht
O/EP1uU71wcN6X6/cwQ5lB2NnwRnXLgvR4v7vRlvgcNRz8UpjP2f2hne8JtobWgzmb
17StUCilG0TSr6mV3yXTJ0ITYHQQTF++j+YhwAgpCHd/apcUbJlDC68f5yIMkjzw5d
2boj78Jq1QnghqTmwzG0tNZVXnQcxhRs1EmixySKIJ16e7gUOH1Bb8QrHIuDnYKqWN
KWbGMEA5TnL0Q==
Received: from localhost.localdomain (mail.greasyfork.org [127.0.0.1])
by mail.greasyfork.org (8.15.2/8.15.2/Debian-22ubuntu3) with ESMTP id 39ILkdR61835642
for <s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com>; Wed, 18 Oct 2023 21:46:39 GMT
Date: Wed, 18 Oct 2023 21:46:39 +0000
From: Greasy Fork <noreply@greasyfork.org>
Reply-To: noreply@greasyfork.org
To: s2qv57+s2qv5b@rokejulianlockhart.anonaddy.com
Message-ID: <6530523f226d8_1b4e0c1b940055@riker.mail>
Subject: Confirmation instructions
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
--39ILkmR61835663.1697665608/mail.greasyfork.org--
Pertinent portion appears to be
client [2600:3c01::f03c:93ff:fe42:f60e] blocked using zen.spamhaus.org
From https://greasyfork.org/en/discussions/greasyfork/203868-no-notification-emails-are-sent, a log from a receiving server:
un 2023-10-01 03:13:55: [6144:1] Session 6144; child 1; thread 0
Sun 2023-10-01 03:13:55: [6144:1] Accepting SMTP connection from [xx.xx.xx.xx:34306] to [xx.xx.xx.xx:25]
Sun 2023-10-01 03:13:55: [6144:1] --> 220 xxx.xxx.xxx ESMTP MDaemon 11.0.2; Sun, 01 Oct 2023 03:13:55 -0400
Sun 2023-10-01 03:13:55: [6144:1] <-- EHLO [mail.greasyfork.org](http://mail.greasyfork.org/)
Sun 2023-10-01 03:13:55: [6144:1] EHLO/HELO response delayed 1 seconds
Sun 2023-10-01 03:13:56: [6144:1] --> 250-xxx.xxx.xxx Hello [mail.greasyfork.org](http://mail.greasyfork.org/), pleased to meet you
Sun 2023-10-01 03:13:56: [6144:1] --> 250-ETRN
Sun 2023-10-01 03:13:56: [6144:1] --> 250-AUTH=LOGIN
Sun 2023-10-01 03:13:56: [6144:1] --> 250-AUTH LOGIN CRAM-MD5
Sun 2023-10-01 03:13:56: [6144:1] --> 250-8BITMIME
Sun 2023-10-01 03:13:56: [6144:1] --> 250-STARTTLS
Sun 2023-10-01 03:13:56: [6144:1] --> 250 SIZE
Sun 2023-10-01 03:13:56: [6144:1] <-- STARTTLS
Sun 2023-10-01 03:13:56: [6144:1] --> 220 Begin TLS negotiation
Sun 2023-10-01 03:13:56: [6144:1] * SSL error 0x80090302 The function requested is not supported
Sun 2023-10-01 03:13:56: [6144:1] SMTP session terminated (Bytes in/out: 332/3527)
From an email request:
Oct 17 20:20:50 mail sm-mta[2569455]: STARTTLS=client, relay=mx2.mailbox.org., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKmvR2569435: to=<redacted@mailbox.org>, delay=00:00:03, xdelay=00:00:02, mailer=esmtp, pri=120586, relay=mx2.mailbox.org. [IPv6:2001:67c:2050:104:0:2:25:1], dsn=5.7.1, stat=Service unavailable
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKmvR2569435: to=<noreply@greasyfork.org>, delay=00:00:03, mailer=local, pri=120586, dsn=5.1.1, stat=User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKmvR2569435: to=postmaster, delay=00:00:03, mailer=local, pri=120586, dsn=5.1.1, stat=User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKmvR2569435: 39HKKpvR2569455: postmaster notify: User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKpvR2569455: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKpvR2569455: to=postmaster, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKpvR2569455: 39HKKpvS2569455: return to sender: User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKpvS2569455: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown
Oct 17 20:20:51 mail sm-mta[2569455]: 39HKKpvR2569455: Saved message in /var/lib/sendmail/dead.letter
Bounce email:
From MAILER-DAEMON Tue Oct 17 20:20:51 2023
Return-Path: <MAILER-DAEMON>
Received: from localhost (localhost)
by mail.greasyfork.org (8.15.2/8.15.2/Debian-22ubuntu3) id 39HKKpvR2569455;
Tue, 17 Oct 2023 20:20:51 GMT
Date: Tue, 17 Oct 2023 20:20:51 GMT
From: Mail Delivery Subsystem <MAILER-DAEMON>
Message-Id: <202310172020.39HKKpvR2569455@mail.greasyfork.org>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="39HKKpvR2569455.1697574051/mail.greasyfork.org"
Subject: Postmaster notify: see transcript for details
Auto-Submitted: auto-generated (postmaster-notification)
This is a MIME-encapsulated message
--39HKKpvR2569455.1697574051/mail.greasyfork.org
The original message was received at Tue, 17 Oct 2023 20:20:48 GMT
from mail.greasyfork.org [127.0.0.1]
with id 39HKKmvR2569435
----- The following addresses had permanent fatal errors -----
<redacted@mailbox.org>
(reason: 554 5.7.1 Service unavailable; Client host [2600:3c01::f03c:93ff:fe42:f60e] blocked by RBL; https://www.spamhaus.org/query/ip/2600:3c01::f03c:93ff:fe42:f60e / https://www.spamhaus.org/sbl/query/SBLCSS)
----- Transcript of session follows -----
... while talking to mx2.mailbox.org.:
>>> DATA
<<< 554 5.7.1 Service unavailable; Client host [2600:3c01::f03c:93ff:fe42:f60e] blocked by RBL; https://www.spamhaus.org/query/ip/2600:3c01::f03c:93ff:fe42:f60e / https://www.spamhaus.org/sbl/query/SBLCSS
554 5.0.0 Service unavailable
<<< 554 5.5.1 Error: no valid recipients
550 5.1.1 <noreply@greasyfork.org>... User unknown
550 5.1.1 postmaster... User unknown
--39HKKpvR2569455.1697574051/mail.greasyfork.org
Content-Type: message/delivery-status
Reporting-MTA: dns; mail.greasyfork.org
Received-From-MTA: DNS; mail.greasyfork.org
Arrival-Date: Tue, 17 Oct 2023 20:20:48 GMT
Final-Recipient: RFC822; redacted@mailbox.org
Action: failed
Status: 5.7.1
Remote-MTA: DNS; mx2.mailbox.org
Diagnostic-Code: SMTP; 554 5.7.1 Service unavailable; Client host [2600:3c01::f03c:93ff:fe42:f60e] blocked by RBL; https://www.spamhaus.org/query/ip/2600:3c01::f03c:93ff:fe42:f60e / https://www.spamhaus.org/sbl/query/SBLCSS
Last-Attempt-Date: Tue, 17 Oct 2023 20:20:51 GMT
--39HKKpvR2569455.1697574051/mail.greasyfork.org
Content-Type: text/rfc822-headers
Return-Path: <noreply@greasyfork.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=greasyfork.org;
s=default; t=1697574048;
bh=qMlpziykcqbQiWddQraM3/Zmfy6SX6E8CzULws7GPaQ=;
h=Date:From:To:Subject:From;
b=GUl9RBiLW61gHx1888E9xGWFs3VYabJ0ubt6FBzLXpo2mAxtuqHqbAgxJO340rHEN
v8qoSSJiFJs5F3dANVtjXoxyK9pvgF1ono5cXfE0HNRP6LDuGxkeI9t6pEGZF8SP2b
zyAFT7qmbXtOeu/ASTdtGcTmAfvEUo01smREjfVIJ/KMv4OvxWPMczzzIDpbBAgkU2
jC8KmiHefweTgDZD73CstkQkfTQCpfFiP0PlLXBf/Yq+Hev8V3Rre790F2VDvFdepE
z8d9XaqVdrK0HH0im64WSdzFmeoZrG9A3cil91STrtaG+tRGg7oavuqehNkCzx8wlK
5//zcbzwHte3A==
Received: from localhost.localdomain (mail.greasyfork.org [127.0.0.1])
by mail.greasyfork.org (8.15.2/8.15.2/Debian-22ubuntu3) with ESMTP id 39HKKmvR2569435
for <redacted@mailbox.org>; Tue, 17 Oct 2023 20:20:48 GMT
Date: Tue, 17 Oct 2023 20:20:48 +0000
From: Greasy Fork <noreply@greasyfork.org>
To: (redacted)@mailbox.org
Message-ID: <652eeca09f4e9_2558d513420579c7@riker.mail>
Subject: Sleazy Fork account delete confirmation
Mime-Version: 1.0
Content-Type: text/plain;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Client host [2600:3c01::f03c:93ff:fe42:f60e] blocked by RBL; https://www.spamhaus.org/query/ip/2600:3c01::f03c:93ff:fe42:f60e / https://www.spamhaus.org/sbl/query/SBLCSS
Why was this IP listed?
2600:3c01::/64 is making SMTP connections with HELO values that use a bare IP address. This behavior is commonly associated with various botnets, and is a violation of the SMTP protocol as defined in RFC2821/5321 section 4.1.1.1.
The most recent detection(s):
(IP, UTC timestamp, HELO value)
2600:3c01::f03c:93ff:fe42:f60e 2023-10-18 13:30:00 74-207-240-164
Some potential leads:
http://www.isnotspam.com says DKIM is failing.
Result: fail ID(s) verified: header.From=noreply@greasyfork.org Selector= domain= DomainKeys DNS Record=._domainkey.
X-DKIM-Status: fail (bodyhash_mismatch)
However, Gmail says DKIM is fine.
Spamhaus says
2600:3c01::/64 is making SMTP connections with HELO values that use a bare IP address. This behavior is commonly associated with various botnets, and is a violation of the SMTP protocol as defined in RFC2821/5321 section 4.1.1.1.
The most recent detection(s):
(IP, UTC timestamp, HELO value)
2600:3c01::f03c:93ff:fe42:f60e 2023-10-18 13:30:00 74-207-240-164
(According to an IP lookup, 74-207-240-164 is a Linode address but doesn't seem to be one I control.)
While isnotspam.com says
HELO hostname: 192-155-83-16.ip.linodeusercontent.com
Added a DMARC record, trying to get incoming email to work so I can get reports. Added postfix to handle it, which also took over outgoing email duties from sendmail, but then outgoing emails broke due to
OpenSSL::SSL::SSLError
SSL_connect returned=1 errno=0 peeraddr=[::1]:25 state=error: certificate verify failed (hostname mismatch) (OpenSSL::SSL::SSLError)
Possibly because postfix works over TLS and sendmail doesn't, and with Rails's default enable_starttls_auto=>true
, it tried to use TLS, but there was no proper certificate on the server.
Since only my own servers have access to send email, I think we can skip certificate verification with `openssl_verify_mode => 'none'
.
Re-enabled postfix with openssl_verify_mode: OpenSSL::SSL::VERIFY_NONE
to avoid failures due to the self-signed certificates. Verified email goes out - passes SPF but no result for DKIM now. Verify incoming email works (to receive DMARC reports).
Re-enabled DKIM with Postfix.
SPF Check : pass
Sender-ID Check : pass
DKIM Check : pass
SpamAssassin Check : ham (non-spam)
mail-tester.com now says rDNS is good and the authentication tests all pass.
Remaining (known) tasks:
New IPv6 range is now in use.
From a Hotmail account:
Oct 30 05:39:28 mail postfix/smtp[2668286]: 49204A2876: to=<redacted@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[104.47.17.97]:25, delay=1.2, delays=0.09/0/0.96/0.13, dsn=5.7.1, status=bounced (host hotmail-com.olc.protection.outlook.com[104.47.17.97] said: 550 5.7.1 Unfortunately, messages from [192.155.83.16] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [DB8EUR05FT031.eop-eur05.prod.protection.outlook.com 2023-10-30T05:39:28.426Z 08DBD88ACE532CFB] (in reply to MAIL FROM command))```
Reviewing DMARC results:
My only concern here are the gmail.com DKIM fails for 2600:3c01:e000:8f7::1. This may have just been while this was getting set up. Will wait for the next report to see if it's still an issue.
The rest of the IPs are not mine and failures are expected.
Latest DKIM results from Gmail are fine, changed DMARC from "none" to "quarantine". Will change to "reject" in about a week if no problems are found.
DMARC is now set to "reject".
Last known failure is with Microsoft email address like outlook.com, live.com, and hotmail.com.
Nov 24 21:48:25 mail postfix/smtp[4114583]: 98934A28A9: to=<greasyforktest@outlook.com>, relay=outlook-com.olc.protection.outlook.com[104.47.14.33]:25, delay=4.2, delays=0.1/0.01/3.9/0.16, dsn=5.7.1, status=bounced (host outlook-com.olc.protection.outlook.com[104.47.14.33] said: 550 5.7.1 Unfortunately, messages from [192.155.83.16] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [VI1EUR04FT031.eop-eur04.prod.protection.outlook.com 2023-11-24T21:48:25.710Z 08DBE2D1B3E6A724] (in reply to MAIL FROM command))
Submitted a support ticket at https://olcsupport.office.com/ but not that confident that it'll fix things.
Submitted a support ticket at https://olcsupport.office.com/ but not that confident that it'll fix things.
They are stupid people, it gets patience to be unblocked. And some day they just block you back. Small ISP here and I am fighting each every months to have 2-3 IPs allowed. Anyway, good luck.. 💪🏻
They reply "Nothing was detected to prevent your mail from reaching Outlook.com customers. Please follow the instructions below." now and "As stated previously, I do not see anything offhand that would be preventing your mail from reaching our customers for the following IP (.....)"
Yup, got the "Nothing was detected" message back, now gotta argue with a real person I guess.
Let me know if you find a wording that makes them answer something else
Seems like it's a stupid IA
They have "implemented mitigation" which may take 24-48 hours.
They have "implemented mitigation" which may take 24-48 hours.
Lucky day!
What did you send to trigger such a reply?
This is all I sent:
When my server at 192.155.83.16 sends email to outlook.com addresses, I get this error:
Nov 24 21:48:25 mail postfix/smtp[4114583]: 98934A28A9: to=[greasyforktest@outlook.com](mailto:greasyforktest@outlook.com), relay=outlook-com.olc.protection.outlook.com[104.47.14.33]:25, delay=4.2, delays=0.1/0.01/3.9/0.16, dsn=5.7.1, status=bounced (host outlook-com.olc.protection.outlook.com[104.47.14.33] said: 550 5.7.1 Unfortunately, messages from [192.155.83.16] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [VI1EUR04FT031.eop-eur04.prod.protection.outlook.com 2023-11-24T21:48:25.710Z 08DBE2D1B3E6A724] (in reply to MAIL FROM command))
I would like to be removed from this block list.
Confirmed sending to outlook.com works. No known problems remain, so closing.
I started using tools like https://github.com/anson-vandoren/mailfeed or https://github.com/eduardostuart/paperboy
To send my daily emails on Microsoft and ensure my IP does not get blocked because I do lot have enough volume sent to them That's for now my conclusion, keep sending or in some months the ip will get blocked back
If you are interested, you can setup this too and send emails to my address and I will read them to ensure bots do not spam flag them
Gathering info on what exactly is failing.