internal exim fun and ipv6

Exim has been in wars recently and got an update for a tls issue.  In the zoo exim is tolerated internally and so was not an issue as it relays email internally and then off to postfix.

I tried exim many years ago and did not like it

However ipv6 was then activated by the exim update which caused internal relay issues (my blog) so i am stuck with ipv4 doing the internal emailing until i either change mta or figure out ipv6 relaying in both exim and postfix

Exim was returned tp ipv4 action with

disable_ipv6=true

Which suits the zoo fine.  Ipv6 internally and no ipv4* seems a long way off.

*rfc1918 ranges.

proxy-research.com – vile scum

scum

One weekend i did this found in the mail log with 70,000 entries,

grep "connect from" /var/log/mail.log | awk '{ print $8 }' | grep proxy | sort -n | uniq -c

They have been a concern and do not do shit for several months so out came the mallet (my blog)

198 starttls-oregon.proxy-research.com[54.187.79.149]
198 Starttls-paris.proxy-research.com[15.188.24.147]
198 Starttls-saopaulo.proxy-research.com[54.94.237.221]
198 Starttls-sydney.proxy-research.com[3.104.129.119]
440 starttls-virginia.proxy-research.com[34.227.19.103]

Useless academic scum worth blocking.  I do not object to to some validation of dane (my blog) but months and months of it mean your not as wise as you think you are.

dmarc false positives

Dmarc (my blog) is interesting and while it does not lie to  use it as a metric to say email to an inbox is delivered is an incorrect way to represent the reports you may get.

The zoo has a mail server (not hosted by google) people with dmarc records send us email.

That email is validated for dkim, spf, dmarc mx records, reverse dns, valid users and then in the spam and virus filter

So if your email passed some of the tests but not all then your email was delivered but not to a user.

dmarc reports say so much but to guarantee as a in an inbox metric your sadly delusional.

Dmarc reports can also often be confusing.


5 2a00:1450:4864:20::345
2 2a00:1450:4864:20::347
1 2a00:1450:4864:20::348
5 2a00:1450:4864:20::445
1 2a00:1450:4864:20::446
1 2a00:1450:4864:20::447

They are google servers

net6num: 2a00:1450::/29
netname: IE-GOOGLE-20091005
country: IE

Which report that the above servers are failing the spf check on the zoo’s servers  which again in correct. However assuming nothing bad is coming from those addresses and it is recording the ip as it goes means misconfiguration is an issue for google not the zoo.

50% of this picture is racist by bbc logic

The zoo’s dmarc is correct and dmarc is working correctly but to claim dmarc is a email delivered metric is a bonkers proposition if your a a spammer or email campaign professional the dmarc reports do not mean what you hope they mean.

 

to all the clients & or crooks at hostwinds llc

There ipv6 range is 2607:5500::/31 – ipv4 ranges worth blocking here (my blog).   Yes they have a reputation with the monkey house,

Reason for mallet-ing – (my blog) attempted relay of fake zoo email to the zoo via postfix so some thought was put in here there not being idiots but targeting specifically.

I believe this is the first range of ipv6 addresses (a lot of them) i have had to null route for nefarious reasons.

Determining genuine and crook here is hard.  Since they do not seem to subnet below /31 say a [small] /64 so it seems the /31 is safer assuming we start playing whack a mole if i block per ipv6 address.

Its kind of amazing with the small user base of ipv6 that my first block is from a usual suspect perhaps being too trusting of the address space is a mistake although spamhaus has a ipv6 list of subnets it distrusts which i am aware of.

prediction alphabet and youtube views to go down.

I like some channels (my blog) and despite me not having a facebook account for over five years means google and you tube are now becoming rare visits for me as well.

social justice warrior

If democrat/communist facebook and google do not like off plantation thinking then i am happy to not visit there sites.

Despite google forcing cnn on people as preferred content means they visit alphabet but not play videos from cnn so that diminishes the youtube experience.

I have never seen a cnn youtube video on youtube, if i wanted to visit cnn why am deemed  too dumb to not visit a website they run?

If you want youtube to be a be a happy place with cats playing as the sole means of ‘user’ content great dont expect me to watch it.

Other video streamers exist and guess where i go and i seem to visit those sites first resulting in a loss of page views for our comrades in silicon valley.

I think the era of google is over and the beginning of something else will be starting soon.  Put simply youtube’s ideology means its not a mainstream view of america.   Have a think on that.

where are the ipv6 email relay testers and sasl [password] bots

guess who this person is

Where are they, it seems only ipv4 people do them.  Sure it is early days and most people are using a big email provider and maybe ipv6 if they have a more modern mobile phone.

Its rather nice ipv6 if quiet compared to ipv4.

In fact nobody seems to use ipv6 and yes we do send and receive ipv6 mail unless your nerdy or a few specific internet behemoths .

ipv6 on postfix

Works, although it does feel a little incoherent setup wise it [] sometimes required and not required, and having access to reverse dns means i can mail google in ipv6, your experience might be different (not here) than the zoo’s

Don’t forget about spf records

Being ipv6 is very mostly silicon valley based (not amazon) i was surprised that some try and abuse ipv6 and the domain name system

Domain unknown senders
frostystoo.default.scharles.uk0.bigv.io[2001:41c8:51:770:fcff:ff:fe00:435c]:<secrppl*3*@appslconfg.com>:

Although we do see them trying this from ipv4 too

No damage was done and the ipv6 and ipv4 protocol matched the fake domain.

Ipv6 accounts for 25% of dns traffic and not many ipv6 mx entries so 1% of email traffic unless you email gmail all the time.

back to opendmarc reporting

Covered here and there (both my blog) with ipv6 i decided to have another go at reporting with extra hosts available with ipv6.

I kept the importer running even if reports where not being sent but with ipv6 and ipv4 mail servers dmarc reporting remains stubbornly ipv4 based.

Not all is well with dmarc reporting and auto responders with spam getting sent to dmarc inboxes and bar the big providers nobody seems to take dmarc reporting seriously.

Oh well