Mailing List CGatePro@mail.stalker.com Message #106240
From: Gib Henry <gib@gibhenry.com>
Subject: Re: Temporarily blocked...not
Date: Thu, 27 Oct 2016 21:46:31 +0200
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>

You’re absolutely correct, DMARC especially is broken.  Tell that to the biggest gorillas in the room who forced it on the rest of us, and see if you can get anywhere.  I don’t think they care.  Cheers,
--
Gib Henry


On 10/27/16 6:27 PM, Palvelin Postmaster wrote:
My question was more rhetorical than anything. I don’t see it as a viable practice to include various mailing list servers (beyond my control) as my trusted senders.

Couldn’t one instead argue that mailing lists are ”broken” in this regard? :) I don’t think DMARC and SPF are going anywhere but instead becoming more popular.

Anyhow, now I’m hijaking my own thread of a completely different topic. 8)


On 27 Oct 2016, at 16:17, Christoph Roethlisberger <christoph.roethlisberger@iway.ch> wrote:

Because their CGPro server redistributes your email to all subscribers of the list CGatePro@mail.stalker.com 

As DMARC does not only check the Return-Path (Envelope From) but als the "From:" address for forged sender addresses, it will fail this check.
This is the case with ANY mailing list our there and also any automatic email forwarding that recipients may have configured.

DMARC and to a lesser degree also SPF (SRS anyone?) is "broken" in this regards and that's why I woun't recommend to use these technologies.

regards
Christoph Roethlisberger

---------------------------------------------------------
iway AG
christoph.roethlisberger@iway.ch -:- http://www.iway.ch
---------------------------------------------------------


Thursday, October 27, 2016, 2:27:27 PM, you wrote:

Yes, I use DMARC. Why should *.stalker.com be an authorized sender for my domain?


On 27 Oct 2016, at 15:11, Gib Henry <gib@gibhenry.com> wrote:

And by the way, I’m guessing you use DMARC.  Your email was tagged “reject” because *.stalker.com is not an authorized sender for palvelin.fi:

DMARC: reject
Return-Path: 
<CGatePro-report@mail.stalker.com>

Received: from [72.20.112.40] (HELO stalker.com)
 by gibhenry.com (CommuniGate Pro SMTP 6.1.11 _community_)
 with ESMTP id 2330255 for 
gib@gibhenry.com
; Thu, 27 Oct 2016 01:38:08 -0500
X-ListServer: CommuniGate Pro LIST 6.1.12
List-Unsubscribe: 
<mailto:CGatePro-off@mail.stalker.com>

List-ID: <CGatePro.mail.stalker.com>
List-Archive: 
<http://mail.stalker.com:8080/Lists/CGatePro/List.html>

Precedence: list
Reply-To: "CommuniGate Pro Discussions" 
<CGatePro@mail.stalker.com>

Sender: "CommuniGate Pro Discussions" 
<CGatePro@mail.stalker.com>

To: "CommuniGate Pro Discussions" 
<CGatePro@mail.stalker.com>

From: Palvelin Postmaster 
<postmaster@palvelin.fi>

MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Original-Message-Id: 
<556D131D-9BD0-48BD-844B-AF216D01DCE5@palvelin.fi>

Date: Thu, 27 Oct 2016 09:37:36 +0300
X-Mailer: Apple Mail (2.3251)
Message-ID: 
<list-81957060@mail.stalker.com>

Subject: Temporarily blocked...not

On 10/27/16 8:37 AM, Palvelin Postmaster wrote:
Hi,
we get occasional brute force login atttempts. The following log clip shows a couple. The second login attempt would suggest the previous attempt doesn't actually block the host from retrying even though the log entry suggests so. Do I misunderstand something?
20:43:21.328 1 POP-006892([173.68.176.196]:4079) failed to open ACCOUNT(cs) for [173.68.176.196]:4079->[83.150.109.27]:110. Error Code=unknown user account
20:43:21.329 1 POP-006892([173.68.176.196]:4079) [173.68.176.196] temporarily blocked on login failure
20:43:21.343 1 ROUTER SYSTEM: 'angela' rejected. Error Code=unknown user account
20:43:21.343 1 POP-006893([173.68.176.196]:3535) failed to open ACCOUNT(angela) for [173.68.176.196]:3535->[83.150.109.28]:110. Error Code=unknown user account
20:43:21.344 1 POP-006893([173.68.176.196]:3535) [173.68.176.196] temporarily blocked on login failure
20:43:21.596 1 ROUTER SYSTEM: 'company' rejected. Error Code=unknown user account
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster