Is part of gandi* update and its buzzwordy with a zeg demo (my blog) and various distro install methods – even i had google what zeg was.
I did not have most requirements its very 64bit – and so it failed to compile.
*not the indian
Is part of gandi* update and its buzzwordy with a zeg demo (my blog) and various distro install methods – even i had google what zeg was.
I did not have most requirements its very 64bit – and so it failed to compile.
*not the indian
Yes i am doing dmarc today once again,exciting stuff this.and i have finally figured out opendmarc-reports which for the zoo atps is apparently needed.
These records are fun and once you do one domain, the others also need doing ala.
_adsp._domainkey.example.com IN TXT "dkim=all; atps=y; asl=example.net;" YFP5HEI6FUVG5WMNRBCEO6BK2Z75XKJZ._atps.example.com IN TXT "v=atps01; d=example.net;"
The YFP5HEI6FUVG5WMNRBCEO6BK2Z75XKJZ is sha1 hashed example.net. opendkim-atpszone can make this with
opendkim-atpszone -h sha1 -u example.com -A example.net -vvv
The rest of the dns lines from above is where your on your own
YFP5HEI6FUVG5WMNRBCEO6BK2Z75XKJZ._atps TXT 86400 "v=ATPS1; d=example.net"
Eagle eyed readers will note that v=ATPS1; and v=atps01; differ and no adsp record is made.
The has found that atps01 works and is unwilling to test the capital variant.
The only reason i have this is for opendmarc-report which for some reason if i do not have them i get a dmarc error of no.
postfix/smtp[*]: *: status=bounced (host aspmx.l.google.com[188.8.131.52] said: 550-5.7.1 Unauthenticated email from example is not accepted due to 550-5.7.1 domain's DMARC policy. Please contact the administrator of 550-5.7.1 example domain if this was a legitimate mail.
That’s it which is what brought me to this vague corner of dns and email
The dmarc report i received back the next day was interesting.
Maybe the zoo’s way of doing things is weird to openmarc-reports which is good at keeping secrets on our live mail server, so it is happy with adsp and human emaail gets sent properly with aligned spf,dkim and dmarc i will say no more.
So that fixes opendmarc-reporting. Yay
I was looking at a very quiet zoo day for email and our friends at outlook.com and india (eg scammy Microsoft) where abusing email dsn notifications.
We fixed it ala http://www.postfix.org/DSN_README.html
So I am happy*, email marketing professions not so, but if some of you abuse the clients this is what happens..
I suggest this expliot is worth fixing just to piss off all spammers (including marketing email experts).
*While the zoo’s postfix config does date in places from over ten years it is still good.
I decided to install some very crappy software to get dmarc reporting (my blog) working and adapted a script to suit from a blog, it works you import, report and expire the db.
This is week long plus blog post so i may contradict myself the longer i document stuff.
However with stuff inbound to the database i got no email reports out which i can assume is due to either an error on my part, the policy not to bother them with strict compliance or the software is broken.
A brainwave I had on exploring this was that as a low traffic host (the zoo is not gmail) that email we do get is strictly controlled by rules where gmail i guess might be lax on say spam where as we are not.
So most of the email dealt with needs no dmarc action.
I will run the import , report and expire once a day and see if dmarc reporting via opendmarc is worthwhile.
Later on with reports being sent i observed some issues…
Dmarc can be abused by marketing people, and it depends on who runs the report address they specified take pure360.com.
(host x.GOOGLE.com[74.125.x.x] said:
450-4.2.1 The user you are trying to contact is receiving mail at a rate that 450-4.2.1 prevents additional messages from being delivered. Please resend your 450-4.2.1 message at a later time. If the user is able to receive mail at that 450-4.2.1 time, your message will be delivered. For more information, please 450-4.2.1 visit 450 4.2.1 – gsmtp (in reply to RCPT TO command))
It is amusing to note that they also use gmail.
So dmarc might mismanaged by some who might know better. Does this mean pure360.com dmarc should be ignored? what do you think.
Another retard with dmarc did the below humorous issue – Please note this was collected by dmarc, and sent by dmarc it is not a typo error by a human.
opendmarc-reports: sent report for email3.telegraph.co.uk to email@example.com (2.0.0 Ok: queued as 5F1F4BD6315)
<firstname.lastname@example.org>: host <host>.google.com[74.125.x.x] said:
550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient’s email address for typos
Plenty of other idiots exist.
(host eu-smtp-inbound-1.mimecast.com[184.108.40.206] said: 451 IP temporarily blacklisted – https://community.mimecast.com/docs/DOC-1369#451 (in reply to RCPT TO command))
(host eu-smtp-inbound-2.mimecast.com[220.127.116.11] said: 451 IP temporarily blacklisted – https://community.mimecast.com/docs/DOC-1369#451 (in reply to RCPT TO command))
These appear to go hours and hours later that is getting the dmarc report back (rac do send spam) and piss off hosts when it reports back – Oh to be a mind reader.
Yet another brainwave i had was that there is no way to block ‘pfishing’ emails via opendkmarc unless there is a strict policy setup. Unless you search headers for dmarc rules but thats down to the mta or spambotter not opendmarc. There is an example below.
Routing loops could be a problem – ala i send mail, they send mail, we mail back etc. Have to see on that one. I guess you could turn off reporting which kind of makes dmarc reporting an odd idea to start with.
In the real world i found out:
If you do not import messages into sql and then close down opendmarc (say for an kernel upgrade) then opendmarc deletes the text file is one bug i noticed – not an end of the world issue but occasional one.
Another bug i noticed in 1.3.0 release (1.3.2 is debian experimental) is that opendmarc-reports will still send email out even if you had a typo in the address or email set in script (the zoo has four domains)
I noticed as our dkim signing did not initiate when it should have (my typo).
The sql data is stored although its not designed for humans to read, the xml reports which it makes and we also get from others as the zoo has dmarc are more human readable.
Microsoft (microshit) are pretty crap at dmarc -there reports leave a lot to be desired due to \n issues.
They also bounce failure – this is pure microshit in action. I perceive this as bit spammy. It took a little time to sanitize here.
Typical crap from microsoft, it was spamcop proof too
Criminals also have odd dmarc setups an good example is quantumaccountingservices . net which is scammy* returned at time of wtiting
Host not found, try again
So i guess your going to get a lot of domains to ignore.
A problem i have is with multiple domain reporting (say mail.zoo mail.zoo1 etc). In the debian 1.3.0 version the first report run for mail.zoo has all the fun the other opendmarc report scripts run but have nothing to report on. That might be a level of complexity most with one domain and one host never get to see or care about and might be down to the shit sql server it uses.
My adsp and atps lines in dns needed some tweaking since reporting uses port 25 and i use the other port for outbound mail which for over a week i failed to comprehend so this might be a postfix / amavis or some other issue i cannot resolve currently.
The zoo will not be sending reports until we figure out adsp (my blog) even though the sql import and expire work
opendmarc-spam looks interesting although a thought experiment needing a look at source code to guess how it works
That’s about it for opendmarc reporting. Tomorrow I will be delving into the science of mind reading** after all it appears to be a required skill with dmarc.
*the hint is in the name. ** i joke
One area of failing was amavis which one instance inspects mail, having more than daemon now  seems impossible, some years ago i had four amavis servers but attempts to recreate that left an inconsistent mess sometimes it worked and other time spewed errors by the dozen.
So it was back to improving the single instance.
But $inet_socket_port can have more than one value with = [10024,100xx,etc];
So one instance might suffice.for inbound delivery to amavis.
outbound paths are done with $forward_method and this too becomes = [‘smtp:127.0.0.1:10025’, ‘smtp:127.0.0.1:10027’] ; opposed to the simple defaults in the amavis config hiding in /etc/amavis/conf.d if your debian based like the zoo
That seems (debian stable) to work but it is not guaranteed it might and then again might go back to the first method.
Amavis with it’s perl like configuration is a learn the hard way experience if you want something extra from it.
Don’t forget those semi colons.
This kind of makes sense although it is not guaranteed that the plumbing will go to the right outout but a tolerant spf config allows for that.
I like the one daemon rather than four of them and while not perfect it will do – a discussion on atps will follow so not finished yet..
Having failed in my first attempt (my blog) so i decided to try again looking at blogs who confirmed my suspicions that it did not work too well i looked at how others had got the thing to ‘work’
The zoo has dane,dkim and other stuff for some time so i will not be discussing that..
There’s a public suffix list some use which is not included in the debain packaging which was fun and indicates that maybe this is a compiled from source thing rather than an os package to install – ala here is one i prepared earlier.
My first days attempts seemed to work, but i had socket problems with postfix and logging changing ownership and creating the file because that is the sort of thing that it probably needs but won’t automatically do.
On my second day i still have no damm clue as to what opendmarc should be doing. and despite my best efforts
smtpd[*]: warning: connect to Milter service unix:/var/run/opendmarc/opendmarc.sock: No such file or directory
I changed unix to local as specified in /etc/default/opendmarc making the required change to posfix and still nothing happened
so eventually i went with it takes an hour or so to get a message from postfix about the broken socket on a not that busy mail server.
in opendmarc.conf , /etc/default/opendmarc and in the correct main.cf and that seemed to work in version 1.3.0 (current debian stable version) at time of writing 1.3.1 is debian testing, and 1.3.2. in experimental so there’s no reason to expect massive changes down the release cycle.
I just have it running on four mail hosts
Here is what a correct mail log looks like
date* 17:57:49 host opendmarc: 1XX8BD6310: gmail.com pass
date* 07:30:15 host opendmarc: 5XX35BD6310: plexiglas.de none
date* 08:24:20 host opendmarc: 0XX85BD6310: factoringforless.eu none
That covers most use cases if hosts do not have dmarc hey that is not my fault.
Errors (or huh) are stated as
opendmarc[*]: *314: unable to parse From header field
So even the dmarc milter has problems with crap email.
For tls signed email
is the response.
If your internal email does not outbound via a public internet address and then return* It seems opendmarc bitches and whines like
opendmarc: 23XXEBD6310: zoo** fail
However since i route fail2ban email from internal mail to a real email server those messages seem be ignored if you do not specify the opendmarc milter in the internal postfix handler we have.
I might have to add ignore hosts to a file (not done) – or fix internal relaying which is what i did
I am not sure if i can turn off rejectfailures option in opendmarc without perhaps some additional postfix plumbing but that;s my problem not yours since i am probably doing that the wrong way.
Things i have yet to do reporting***, see if the
spf thing is broken in opendmarc – works. But its working with postfix
*i see no point ** our domains (my blog) are zoo,zoo1,zoo2,zoo3 *** needs mysql (fucking crap software) i will save for another post.
Does the monkey house save the day or will it go wrong, stay tuned for the next episode of opendmarc in draft as we attempt speak with some noteworthy retards with dmarc.
The monkey houses email server is quite busy and to keep it that way the website has some famous video game characters listed in a comment in html so your usually a robot extracting them rather than a carbon based lifeform with a computer.
It amazes me that people actually email these addresses which do not exist but might because there ‘listed’.
China seems to like them and these captains of banana management, and who am i not to keep the spammers happy? Have no idea what was sent to these imaginary zoo employees but you too can buy them from spammers.
Some spammers get close but make the most amusing mistakes, you know who to email, our imaginary zoo staff will be happy to get your email honest.
One afternoon i was bored on a bank holiday and decided to go figure out letsencrypt of which my previous attempt left much to be desired (my blog).
The domain was using self signed certs for email and i had no www, and being slightly drunk certainly made it a game of it after all this has got to work somehow.
This is from debian backports, i guess i might end compiling everything if compiled from source. Since i use debian lets try and keep it the debian way.
I had to do some www config work, listening on 80 and 443 in apache, i also did some dns redirect diversions a day earlier
Nit pick – the man page for certbot really sucks in formatting you have to be in FULL SCREEN mode or other the formatting is shit. I smell a gnome developer.
With my config i then experimented until i hit the right command to use with apache since i have a host that does more than just one website which is where crappy website hosting will assume that you only have only one.
certbot certonly –webroot -w /var/www/<host>/ -d <host>
Which picked up the config rather than assume i have only one ip address.
Anyhow i eventually got a working certificate (nice not to get a useless www. is a plus point) after some apache config work and restarts but guessing where the certs where was the next issue – a google discovered the /etc/letsencrypt/live/<host>/*.pem was the ticket. Never trusted or knew about the automatic apache config mode of which i have no idea if that is for the 2.2 or 2.4 release.
Reconfiguring apache could be big job for me if it fucks up as we host more than one website here in the zoo on one computer. I really do not trust certbot to configure things and i like to know how it works rather than some stuff i did not set up.
For dane (my blog) i had to hash the cert.pem – i only really want it for that not apache, why i cant use email to approve this shit like paid certs do is beyond me, if they want a apache config i am willing to oblige it but this is me pushing the average user envelope.
Most people probably reading this probably cannot use tls in email – say gandi clients, or have dkim signed mail unless you buy a high end xen instance and configure it yourself. tls encryption was a no in the cheapest gandi* offering when i looked.
Letsencrypt works in postfix too once you set cert,ca chain,and private key, tlsa hashing was successful too a benefit of doing the apache ssl config.
These certs only last three months and so expect a lot of crap in /var./log/lersencrypt from python dumps which is easier said to trackdown what generates them even with cron jobs turned off although the renewal directory files appears to be adjusted by what i have no idea on.
I have now got to write a index html page and a404 explaining the reason for this bizarre oddity. It’s a make work scheme although it will work the default index.html we all know and love..
Then your renewal – you have to setup a cron entry, in three months time i then have to hash cert.pem once again and change to dns records.
The cron scheduling may or may not be available with basic or average hosting.
I suppose it is better than self signed.
This i suppose it not how your average website would usually get an tls cert but the monkey house is not constrained like you lot with one ip address, a virgin domain name and a strange version of dns,email and hosting.
Works here though setting hsts (my blog) to three months is deemed ‘bad’ by some.
*gandi is a hosting firm not an indian
One day they just stopped and since most of them are in China* its been boring on the dmarc (my blog) front ever since.
However since reporting abuse to china does not work except for ‘special’ people it can be said that many Chinese isps colluded. Any american reading this should comprehend that china is not russia
Of other countries Vietnam has one attempt, the us a couple so either there spoofing somebody without dmarc which is something i would have done months ago or the thing that controlled it is down rather the look an idiot to the once a day like China did.
I still have the data and can firewall it in seconds, the dmarc records still exist and are permanent and so I will only now report on the latest attempts and correlate with previous behaviour.
Latterly I have also caught amazon (yes the big retailer) trying 24 attempts in one day via ec2 (my blog) – so maybe this year will be the year that the us wins the gold medal in dmarc probes over china with quantity from single hosts.
I am sure you are all looking forward to these posts. Exciting stuff
*both HK and mainland.
China wins again as top spoofer (my blog) Exciting stuff this honest, and since the quantity outweighs the more interesting single entries (these are all crooks and scammers) and they have mentioned before lets admire the Chinese trying again and again.
Its a shame we know but they still dont know. Dont tell them please
I like dmarc
1 CN 18.104.22.168 22.214.171.124/13AS4837, China Unicom Zhejiang Province Network 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 38 1 CN 188.8.131.52 184.108.40.206/16AS4837 CNC Group CHINA169 Sichuan Province Network 1 CN 220.127.116.11 2 1 CN 18.104.22.168 22.214.171.124/16 CNC Group CHINA169 Sichuan Province network 1 1 CN 126.96.36.199 188.8.131.52/13AS4837 CNC Group CHINA169 Zhejiang Province Network 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 8 1 CN 220.127.116.11 18.104.22.168/15AS4837 CNC Group CHINA169 Zhejiang Province Network 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 20 1 CN 126.96.36.199 WASU-BB 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 52 1 CN 18.104.22.168 Huashu media&Network Limited 2 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 2 CN 188.8.131.52 1 CN 184.108.40.206 2 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 2 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 2 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 2 CN 18.104.22.168 2 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 2 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 2 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 2 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 2 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 2 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 3 CN 18.104.22.168 1 CN 22.214.171.124 2 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 2 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 2 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 204 1 CN 22.214.171.124 Huashu media&Network Limited 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 2 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 2 CN 220.127.116.11 3 CN 18.104.22.168 1 CN 22.214.171.124 1 CN 126.96.36.199 1 CN 188.8.131.52 1 CN 184.108.40.206 1 CN 220.127.116.11 1 CN 18.104.22.168 1 CN 22.214.171.124 97% 355 1 CN 126.96.36.199 30 0.28% 1 HK 188.8.131.52 email@example.com 1 1 JP 184.108.40.206 OCN,JP 1 0.55% 2 1 JP 220.127.116.11 SRS SAKURA Internet Inc. 1 0.28% 1 None 18.104.22.168 Dmarc report error (not my mistake) 1 1 US 22.214.171.124 nyu.edu 1 1 US 126.96.36.199 754th electronic systems group 7esg 1 1 US 188.8.131.52 firstname.lastname@example.org 1 1.10% 4 1 US 184.108.40.206 email@example.com 1 100.00% 363 363