Secret Google and Microsoft Blacklists affecting non tor IPs if on same server.
Just had to shut down my exit temporally while Google sorts out their secret blacklisting system on my innocent non-tor IP.
My server has two IPs, not consecutive. One I use for my own email server and public web server, locked tight and private. No relays, no proxy. This IP is not on any blacklist.
Second IP is used for TOR alone and forced exit is via this second IP, and only has TOR-use ports open. This IP is not on any blacklist other than being listed as a tor exit.
Torrc config has careful port selection, not port 80 except to a single /8 block. 443 open etc. Despite many other ports open, apart from the obvious at risk ones which are blocked, I have had no abuse notices over last year it has been up. Quiet ISP. ISP have no idea as to why Google blocked my IP (despite high traffic from second IP!).
Alas it seems that both Google now and Microsoft before tar both IPs with the same brush and reject. Google just stared blocking emails from my domain to all gmail accounts It is a real performance finding out who to contact to undo this block. Microsoft was a pain last year, but this year is it is Google. Google’s own postmaster tools reports no issues about my domain! Alas:
Mailog:
May 8 20:17:16 server postfix/smtp[4079]: E36533E07F4: host gmail-smtp-in.l.google.com[64.233.166.26] said: 421-4.7.0 [109.228.50.196 15] Our system has detected an unusual rate of 421 -4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 4 21-4.7.0 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.0 review our Bulk Email Senders Guidelines. o31-v6si13678468wrc.44 - gsmtp (in reply to end of DATA command)
Really annoying that my email server IP has never sent anything, no relay, no spam, almost no traffic so what is stated is not true and even their own tools reports nothing.
Is Google looking at MAC addresses to do this? How can we stop it? I really do not want to run another server just for tor as that costs!
Gerry
Really annoying that my email server IP has never sent anything, no relay, no spam, almost no traffic so what is stated is not true and even their own tools reports nothing. Is Google looking at MAC addresses to do this? How can we stop it? I really do not want to run another server just for tor as that costs!
I don't think its you Tor node - it just google. I note that your DMARC, SPF, etc are set and valid. You mail server is not an open relay. I maintain a few mail servers and run into these types of problems. There is no real reason for them. Microsoft is the worst - no logic what so ever. Do others use your server and has one of those accounts been compromised? Had one last week - a user followed a spam link and gave out their username and password - we sent 300000 emails out in an hour... You don't need to be on black lists to be blocked by the major players. You might want to relax your DMARC to see what happens.
Paul
609662E824251C283164243846C035C803940378
Thanks PAUL, assuring. Nobody else IS using out email server, which now really an archive, as we are pretty much retired now and no other users left on our old system. Logs show only our emails.
SPF, reverse DNS. DKIM DMARC all 100% fail2ban, no relay, no proxy, few working email addresses, complex passwords. SSL
So it is some random thing at google that selects us. Random roadside alcohol testing spree?
How long does it take Google to sort once you have sent in their form? They even state that will not send a confirmation email…
Gerry
From: tor-relays tor-relays-bounces@lists.torproject.org On Behalf Of Paul Templeton Sent: 09 May 2018 00:32 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Secret Google and Microsoft Blacklists affecting non tor IPs if on same server.
Really annoying that my email server IP has never sent anything, no relay, no spam, almost no traffic so what is stated is not true and even their own tools reports nothing. Is Google looking at MAC addresses to do this? How can we stop it? I really do not want to run another server just for tor as that costs!
I don't think its you Tor node - it just google. I note that your DMARC, SPF, etc are set and valid. You mail server is not an open relay. I maintain a few mail servers and run into these types of problems. There is no real reason for them. Microsoft is the worst - no logic what so ever. Do others use your server and has one of those accounts been compromised? Had one last week - a user followed a spam link and gave out their username and password - we sent 300000 emails out in an hour... You don't need to be on black lists to be blocked by the major players. You might want to relax your DMARC to see what happens.
Paul
609662E824251C283164243846C035C803940378
I just seen that my abuse email address gets a shower of abuse reports when I send an email to this tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org
The forwarded emails do not come from me so fails DKIM/DMARC
Gerry
From: tor-relays tor-relays-bounces@lists.torproject.org On Behalf Of gerard@bulger.co.uk Sent: 09 May 2018 00:48 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Secret Google and Microsoft Blacklists affecting non tor IPs if on same server.
Thanks PAUL, assuring. Nobody else IS using out email server, which now really an archive, as we are pretty much retired now and no other users left on our old system. Logs show only our emails.
SPF, reverse DNS. DKIM DMARC all 100% fail2ban, no relay, no proxy, few working email addresses, complex passwords. SSL
So it is some random thing at google that selects us. Random roadside alcohol testing spree?
How long does it take Google to sort once you have sent in their form? They even state that will not send a confirmation email…
Gerry
From: tor-relays <tor-relays-bounces@lists.torproject.org mailto:tor-relays-bounces@lists.torproject.org > On Behalf Of Paul Templeton Sent: 09 May 2018 00:32 To: tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org Subject: Re: [tor-relays] Secret Google and Microsoft Blacklists affecting non tor IPs if on same server.
Really annoying that my email server IP has never sent anything, no relay, no spam, almost no traffic so what is stated is not true and even their own tools reports nothing. Is Google looking at MAC addresses to do this? How can we stop it? I really do not want to run another server just for tor as that costs!
I don't think its you Tor node - it just google. I note that your DMARC, SPF, etc are set and valid. You mail server is not an open relay. I maintain a few mail servers and run into these types of problems. There is no real reason for them. Microsoft is the worst - no logic what so ever. Do others use your server and has one of those accounts been compromised? Had one last week - a user followed a spam link and gave out their username and password - we sent 300000 emails out in an hour... You don't need to be on black lists to be blocked by the major players. You might want to relax your DMARC to see what happens.
Paul
609662E824251C283164243846C035C803940378
On Wed, May 09, 2018 at 01:04:35AM +0100, gerard@bulger.co.uk wrote:
I just seen that my abuse email address gets a shower of abuse reports when I send an email to this tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org
most mailing lists break spf, they send email on your behalf from an ip that is not in your spf record
most mailing lists break dkim because they modify headers, therefore the DKIM-Signature, even the list may add a signature on top of yours
ARC helps with that, i dunno if mailman supports it
The forwarded emails do not come from me so fails DKIM/DMARC
when A forwards to B C's email, the from is rewriten to match A, email lists "forward" emails but keep the From intact
From: tor-relays <tor-relays-bounces@lists.torproject.org mailto:tor-relays-bounces@lists.torproject.org > On Behalf Of Paul Templeton Sent: 09 May 2018 00:32 To: tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org Subject: Re: [tor-relays] Secret Google and Microsoft Blacklists affecting non tor IPs if on same server.
Really annoying that my email server IP has never sent anything, no relay, no spam, almost no traffic so what is stated is not true and even their own tools reports nothing. Is Google looking at MAC addresses to do this? How can we stop it? I really do not want to run another server just for tor as that costs!
MAC addresses are local to your network segment (your provider datacenter) there is no way google knows them.
are you sure tor and your smtp aren't using the same IPv6 address/ranges?
I don't think its you Tor node - it just google. I note that your DMARC, SPF, etc are set and valid. You mail server is not an open relay. I maintain a few mail servers and run into these types of problems. There is no real reason for them. Microsoft is the worst - no logic what so ever.
+1
since this is already off-topic for -relays, i want to spam about an email privacy project: https://autocrypt.org/
tor-relays@lists.torproject.org
-
gerard@bulger.co.uk -
gustavo -
Paul Templeton