You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rob Gunther <re...@gmail.com> on 2017/03/05 06:32:05 UTC
Yahoo - Can't figure out a server is down?
We have run our servers with a decoy, our MX records have been like this
for 10+ years:
mx0.example.com
mx1.example.com
mx2.example.com
mx1 & mx2 are real servers. mx0 is nothing, it points to an IP address
that is controlled by us but there is no server.
The concept being that some spammers attempt that server, get nothing and
don't bother trying any other server.
This has been fine for a decade.
In the last few weeks we are finding that SOME (but not all) of Yahoo's
outbound servers are not dealing with this correctly.
They don't try the other servers in the MX record list. They continue to
try delivery for a few hours to mx0 and then return the following error to
the sender:
*Sorry, we were unable to deliver your message to the following address.*
*<user@example.com <us...@example.com>>:*
*Unable to deliver message after multiple retries, giving up.*
We have confirmed this with a few domains that we host so far, even setup a
brand new domain and server to to testing with to verify that our suspicion
was true, Yahoo is not correctly dropping down to lower priority servers
anymore.
Has anyone else seen this?
Rob
Re: Yahoo - Can't figure out a server is down?
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 3/5/2017 6:52 AM, David Jones wrote:
> I think you misunderstood what I meant. I agree 100% with your
> statement above. I meant that the OP didn't have to use hide his
> real mail server names and use example.com since this is not giving
> away any real secret by posting the actual server names on this
> list.
Yep, totally missed that :-)
Re: Yahoo - Can't figure out a server is down?
Posted by David Jones <dj...@ena.com>.
>From: Kevin A. McGrail <KM...@PCCC.com>
>Sent: Sunday, March 5, 2017 5:47 AM
>To: David Jones; users@spamassassin.apache.org
>Subject: Re: Yahoo - Can't figure out a server is down?
>On 3/5/2017 6:41 AM, David Jones wrote:
>> There is no reason to
>> obfuscate your domain or real mail servers since the spammers
>> have very sophisticated ways to find this info and already know it.
>Sadly I wish this was true. Greylisting and obfuscated MX's work quite
>well against real-world ratware in use right now today.
I think you misunderstood what I meant. I agree 100% with your
statement above. I meant that the OP didn't have to use hide his
real mail server names and use example.com since this is not giving
away any real secret by posting the actual server names on this
list.
Dave
Re: Yahoo - Can't figure out a server is down?
Posted by Benny Pedersen <me...@junc.eu>.
Kevin A. McGrail skrev den 2017-03-05 12:47:
> On 3/5/2017 6:41 AM, David Jones wrote:
>> There is no reason to
>> obfuscate your domain or real mail servers since the spammers
>> have very sophisticated ways to find this info and already know it.
>
> Sadly I wish this was true. Greylisting and obfuscated MX's work
> quite well against real-world ratware in use right now today.
and i got only complains of missing mx
looking forward to see 3.4.2
Re: Yahoo - Can't figure out a server is down?
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 3/5/2017 6:41 AM, David Jones wrote:
> There is no reason to
> obfuscate your domain or real mail servers since the spammers
> have very sophisticated ways to find this info and already know it.
Sadly I wish this was true. Greylisting and obfuscated MX's work quite
well against real-world ratware in use right now today.
Regards,
KAM
Re: Yahoo - Can't figure out a server is down?
Posted by David Jones <dj...@ena.com>.
>From: Rob Gunther <re...@gmail.com>
>Sent: Sunday, March 5, 2017 12:32 AM
>To: users@spamassassin.apache.org
>Subject: Yahoo - Can't figure out a server is down?
>We have run our servers with a decoy, our MX records have been like
>this for 10+ years:
>mx0.example.com
>mx1.example.com
>mx2.example.com
You didn't give the real domain that is pointing to these mail servers
or the MX priorities so we can't help much. There is no reason to
obfuscate your domain or real mail servers since the spammers
have very sophisticated ways to find this info and already know it.
Plus this is not giving away any major secret anyway.
>mx1 & mx2 are real servers. mx0 is nothing, it points to an IP address
>that is controlled by us but there is no server.
>The concept being that some spammers attempt that server, get
>nothing and don't bother trying any other server.
Common practice on a high MX. I do this too but I have a real mail
server setup with a short delay then it always temp fails the message.
>This has been fine for a decade.
My mail relays have been doing temp fails too for a very long time on
the high MX server but this is a little different since your mail server
mx0.example.com apparently doesn't respond at all but we can't
check for sure since you didn't give the real server names.
Are you doing any greylisting on the real low priority mail servers?
This can cause issues if using a high MX "honey pot" setup like this.
I have my postfix configuration excluding certain sending IPs from
greylisting. For example, Google mail servers send from different
IPs all of the time when retrying so they must be excluded from
greylisting.
Dave
Re: Yahoo - Can't figure out a server is down?
Posted by "@lbutlr" <kr...@kreme.com>.
On 2017-03-06 (04:38 MST), Reindl Harald <h....@thelounge.net> wrote:
>
> Am 06.03.2017 um 12:35 schrieb @lbutlr:
>> On 2017-03-04 (23:32 MST), Rob Gunther <re...@gmail.com> wrote:
>>>
>>> In the last few weeks we are finding that SOME (but not all) of Yahoo's outbound servers are not dealing with this correctly.
>>
>> This may not work for you, but I solved all my yahoo problems by simply blocking their servers with a nice message about over a billion accounts being leaked.
>>
>> But yahoo was less than 1% of my traffic (and most of that was spam or at least unwanted email). The only things I get “from” Yahoo anymore are list messages.
>
> fine for a server hosting email for you, your wife and your dog but not for anybody else.... on the server for your wife and dog you could even reject anything which is not whitelisted to start with...
I have a few more accounts than that, but yes, as I said, “this might not work for you.”
I blacklisted Roadrunner about 20 years ago and they are still blocked. I’m not sure roadrunner still exists, but I haven’t seen them hit the block in years (I do see them hit the RBLs, so either they exist and are still spam-friendly or they are used as fake helo’s by spammers, I haven’t looked into it.
--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.
Re: Yahoo - Can't figure out a server is down?
Posted by "@lbutlr" <kr...@kreme.com>.
On 2017-03-04 (23:32 MST), Rob Gunther <re...@gmail.com> wrote:
>
> In the last few weeks we are finding that SOME (but not all) of Yahoo's outbound servers are not dealing with this correctly.
This may not work for you, but I solved all my yahoo problems by simply blocking their servers with a nice message about over a billion accounts being leaked.
But yahoo was less than 1% of my traffic (and most of that was spam or at least unwanted email). The only things I get “from” Yahoo anymore are list messages.
--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.
Re: Yahoo - Can't figure out a server is down?
Posted by Groach <gr...@yahoo.com>.
For info: http://nolisting.org/
On 05/03/2017 14:41, Matus UHLAR - fantomas wrote:
> Oops, seems I mistook nolisting with other MX-related anti-spam technique
> postscreen (and many others) uses.
Re: Yahoo - Can't figure out a server is down?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>>>On 05/03/2017 06:32, Rob Gunther wrote:
>>>>mx0.example.com <http://mx0.example.com>
>>>>mx1.example.com <http://mx1.example.com>
>>>>mx2.example.com <http://mx2.example.com>
>>>>
>>>>mx1 & mx2 are real servers. mx0 is nothing, it points to an IP
>>>>address that is controlled by us but there is no server.
On 05.03.17 15:15, Matus UHLAR - fantomas wrote:
>does the mx0 has highest preference (lowest priority)?
>
>If not, there's little point in using it - nolisting is supposed to catch
>spambots trying to connect to your backup MXes, not to primaries.
Oops, seems I mistook nolisting with other MX-related anti-spam technique
postscreen (and many others) uses.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol.
Re: Yahoo - Can't figure out a server is down?
Posted by Groach <gr...@yahoo.com>.
On 05/03/2017 14:15, Matus UHLAR - fantomas wrote:
> does the mx0 has highest preference (lowest priority)?
>
> If not, there's little point in using it - nolisting is supposed to catch
> spambots trying to connect to your backup MXes, not to primaries.
No its not. Nolisting is to catch spambots that are firing off and
cannot wait or handle the idea of MX sequences properly due to their
'fire-and-forget' attitude. Most genuine mail servers would try the
highest preference (lowest priority) first and if not available/timeout,
drop to the next highest (a backup MX) and so on. Spambots dont want to
wait for the timeout of the first attempt to then lookup and try the
next on the list and intead just just bail out (time isnt on their
side). Occasionally there might be one that simply tries the last on
the list (the idea that it is a backup MX and often with less
protection) - and thats why its a good idea to put a dummy MX also in
this position (just like the first one).
I suspect the OP understands this and this is why he has it set as
such. The problem (if it exists) that Yahoo is not following protocol
to retry the next MX on the list is geniune and is one of the reasons
why some would say implementing Nolisting is dangerous (as in the risk
of genuine mail servers not configured and performing correctly and
simply returning mail back to sender). I must say I am VERY surprised
to find it is Yahoo though - and especially that it seems to be only
some of their servers. I doubt they know they have the problem and
perhaps should be reported to them.
Re: Yahoo - Can't figure out a server is down?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>Am 05.03.2017 um 13:09 schrieb Groach:
>> Its called "NOLISTING" - but does it work?
On 05.03.17 14:19, Robert Schetterer wrote:
>everyone has his own spam
>nobody can say whats best at your site
>analyse your logs and the choose what to do best, you may follow best
>practice but
>Greylisting , Nolisting are very old practices
>there are better ones now ,like postscreen etc
..which uses kind of greylisting (temporarily rejects new IP) and also a kind
of nolisting (rejects IPs connecting to lower MX without trying higher MX
first).
Therefore, I would not say those practices are worse than postscreen :-)
>you should avoid use Greylisting , Nolisting
>cause of many its disadvantages by design
>however this was discussed extremly before , search list archive
>to catch pro/contra
>> An experiment was carried out on a small throughput server. Here is the
>> conclusion: https://www.hmailserver.com/forum/viewtopic.php?p=185262#p185262
Maybe the increase in spam would be different with postscreen rejecting IPs
that connect to lower MX
>> On 05/03/2017 06:32, Rob Gunther wrote:
>>> mx0.example.com <http://mx0.example.com>
>>> mx1.example.com <http://mx1.example.com>
>>> mx2.example.com <http://mx2.example.com>
>>>
>>> mx1 & mx2 are real servers. mx0 is nothing, it points to an IP
>>> address that is controlled by us but there is no server.
does the mx0 has highest preference (lowest priority)?
If not, there's little point in using it - nolisting is supposed to catch
spambots trying to connect to your backup MXes, not to primaries.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.
Re: Yahoo - Can't figure out a server is down?
Posted by Robert Schetterer <rs...@sys4.de>.
Am 05.03.2017 um 13:09 schrieb Groach:
> Its called "NOLISTING" - but does it work?
everyone has his own spam
nobody can say whats best at your site
analyse your logs and the choose what to do best, you may follow best
practice but
Greylisting , Nolisting are very old practices
there are better ones now ,like postscreen etc
you should avoid use Greylisting , Nolisting
cause of many its disadvantages by design
however this was discussed extremly before , search list archive
to catch pro/contra
>
> An experiment was carried out on a small throughput server. Here is the
> conclusion: https://www.hmailserver.com/forum/viewtopic.php?p=185262#p185262
>
> (You'll be surprised).
>
>
> On 05/03/2017 06:32, Rob Gunther wrote:
>> We have run our servers with a decoy, our MX records have been like
>> this for 10+ years:
>>
>> mx0.example.com <http://mx0.example.com>
>> mx1.example.com <http://mx1.example.com>
>> mx2.example.com <http://mx2.example.com>
>>
>> mx1 & mx2 are real servers. mx0 is nothing, it points to an IP
>> address that is controlled by us but there is no server.
>>
>> The concept being that some spammers attempt that server, get nothing
>> and don't bother trying any other server.
>>
>> This has been fine for a decade.
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Schlei�heimer Stra�e 26/MG, 80333 M�nchen
Sitz der Gesellschaft: M�nchen, Amtsgericht M�nchen: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: Yahoo - Can't figure out a server is down?
Posted by Groach <gr...@yahoo.com>.
Its called "NOLISTING" - but does it work?
An experiment was carried out on a small throughput server. Here is the
conclusion: https://www.hmailserver.com/forum/viewtopic.php?p=185262#p185262
(You'll be surprised).
On 05/03/2017 06:32, Rob Gunther wrote:
> We have run our servers with a decoy, our MX records have been like
> this for 10+ years:
>
> mx0.example.com <http://mx0.example.com>
> mx1.example.com <http://mx1.example.com>
> mx2.example.com <http://mx2.example.com>
>
> mx1 & mx2 are real servers. mx0 is nothing, it points to an IP
> address that is controlled by us but there is no server.
>
> The concept being that some spammers attempt that server, get nothing
> and don't bother trying any other server.
>
> This has been fine for a decade.