Re: openDKIM and postfix

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: openDKIM and postfix

Viktor Dukhovni


> On May 20, 2018, at 7:24 PM, John Levine <[hidden email]> wrote:
>
>  Has anyone actually seen it happen in the
> wild in the past decade?

I have a dataset with ~1.4 million MX hosts.  Running through those
at a gentle pace (one at a time) after the first ~200 MX hosts I have
10 that don't announce 8BITMIME.  So it certainly happens.  Whether
there's anyone behind those MTAs looking at DKIM is a rather different
question...

--- mail.webbrowserbellen.be
posttls-finger: Connected to mail.webbrowserbellen.be[109.236.95.78]:25
posttls-finger: < 220 HELO welcome to smtp.voipcentrale.nl
posttls-finger: > EHLO amnesiac
posttls-finger: < 250-hollanddns.com [192.0.2.1], this server offers 2 extensions
posttls-finger: < 250-SIZE 51200000
posttls-finger: < 250 HELP
posttls-finger: > QUIT
posttls-finger: < 221 Service closing transmission channel

--- mail.octowood.nl
posttls-finger: Connected to mail.octowood.nl[79.170.91.81]:25
posttls-finger: < 220 server1.adnecto.dk ESMTP Exim 4.72 Mon, 21 May 2018 01:39:35 +0200
posttls-finger: > EHLO amnesiac
posttls-finger: < 250-server1.adnecto.dk Hello amnesiac [192.0.2.1]
posttls-finger: < 250-SIZE 20971520
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-AUTH PLAIN LOGIN
posttls-finger: < 250-STARTTLS
posttls-finger: < 250 HELP
posttls-finger: > QUIT
posttls-finger: < 221 server1.adnecto.dk closing connection

--- rouge.insel-zu-verkaufen.de
posttls-finger: Connected to rouge.insel-zu-verkaufen.de[213.32.119.109]:25
posttls-finger: < 220 insel-zu-verkaufen.de ESMTP ready
posttls-finger: > EHLO amnesiac
posttls-finger: < 250-hello amnesiac
posttls-finger: < 250-PIPELINING
posttls-finger: < 250 SIZE 10485760
posttls-finger: > QUIT
posttls-finger: < 221 insel-zu-verkaufen.de

--- mail.fuis.nl
posttls-finger: Connected to mail.fuis.nl[5.200.9.113]:25
posttls-finger: < 220 mailcluster.webhosting-manager.nl ESMTP
posttls-finger: > EHLO amnesiac
posttls-finger: < 250-mailcluster.webhosting-manager.nl
posttls-finger: < 250-SIZE 50000000
posttls-finger: < 250-AUTH LOGIN
posttls-finger: < 250 HELP
posttls-finger: > QUIT
posttls-finger: < 221 goodbye

--- bierboetiek.com
posttls-finger: Connected to bierboetiek.com[80.69.95.175]:25
posttls-finger: < 220 WEB03.home ESMTP MailEnable Service, Version: 8.51-- ready at 05/21/18 01:47:15
posttls-finger: > EHLO amnesiac
posttls-finger: < 250-home [192.0.2.1], this server offers 4 extensions
posttls-finger: < 250-AUTH LOGIN
posttls-finger: < 250-SIZE 15360000
posttls-finger: < 250-HELP
posttls-finger: < 250 AUTH=LOGIN
posttls-finger: > QUIT
posttls-finger: < 221 Service closing transmission channel

--- mail.finwize.nl
posttls-finger: Connected to mail.finwize.nl[77.72.147.81]:25
posttls-finger: < 220 s01.finwizewebhost.nl ESMTP Exim 4.76 Mon, 21 May 2018 01:48:22 +0200
posttls-finger: > EHLO amnesiac
posttls-finger: < 250-s01.finwizewebhost.nl Hello amnesiac [192.0.2.1]
posttls-finger: < 250-SIZE 31457280
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-AUTH PLAIN LOGIN
posttls-finger: < 250-STARTTLS
posttls-finger: < 250 HELP
posttls-finger: > QUIT
posttls-finger: < 221 s01.finwizewebhost.nl closing connection

--- mail.literaircafehelmond.nl
posttls-finger: Connected to mail.literaircafehelmond.nl[95.211.201.5]:25
posttls-finger: < 220 mail.mkbportal.nu ESMTP MailEnable Service, Version: 9.00-9.00- ready at 05/21/18 01:49:15
posttls-finger: > EHLO amnesiac
posttls-finger: < 250-mkbportal.nu [192.0.2.1], this server offers 4 extensions
posttls-finger: < 250-AUTH LOGIN
posttls-finger: < 250-SIZE 40960000
posttls-finger: < 250-HELP
posttls-finger: < 250 AUTH=LOGIN
posttls-finger: > QUIT
posttls-finger: < 221 Service closing transmission channel

--- vrouwzoekt.nl
posttls-finger: Connected to vrouwzoekt.nl[149.210.159.235]:25
posttls-finger: < 220 stickyservers.nl ESMTP Exim 4.76 Mon, 21 May 2018 01:50:42 +0200
posttls-finger: > EHLO amnesiac
posttls-finger: < 250-stickyservers.nl Hello amnesiac [192.0.2.1]
posttls-finger: < 250-SIZE 20971520
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-AUTH PLAIN LOGIN
posttls-finger: < 250-STARTTLS
posttls-finger: < 250 HELP
posttls-finger: > QUIT
posttls-finger: < 221 stickyservers.nl closing connection

--- moczni.hu
posttls-finger: Connected to moczni.hu[212.52.166.43]:25
posttls-finger: < 220 2-Narasimha.hu V2.08 antispam service. Please keep in mind, we decline spams!
posttls-finger: > EHLO amnesiac
posttls-finger: < 250-Welcome, 192.168.14.20 [192.168.14.20], pleased to meet you
posttls-finger: < 250-AUTH=LOGIN
posttls-finger: < 250-AUTH LOGIN
posttls-finger: < 250 HELP
posttls-finger: > QUIT
posttls-finger: < 221 Aba he

--- herbanow.com
posttls-finger: Connected to herbanow.com[149.210.188.57]:25
posttls-finger: < 220 server.markbruin.nl ESMTP Exim 4.76 Mon, 21 May 2018 01:51:42 +0200
posttls-finger: > EHLO amnesiac
posttls-finger: < 250-server.markbruin.nl Hello amnesiac [192.0.2.1]
posttls-finger: < 250-SIZE 20971520
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-AUTH PLAIN LOGIN
posttls-finger: < 250-STARTTLS
posttls-finger: < 250 HELP
posttls-finger: > QUIT
posttls-finger: < 221 server.markbruin.nl closing connection

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: openDKIM and postfix

Viktor Dukhovni


> On May 20, 2018, at 7:59 PM, Viktor Dukhovni <[hidden email]> wrote:
>
> I have a dataset with ~1.4 million MX hosts.  Running through those
> at a gentle pace (one at a time) after the first ~200 MX hosts I have
> 10 that don't announce 8BITMIME.

I stopped the scan after 2308 MX hosts of which 72 did not offer 8BITMIME.
The purported Exim versions were:

   1 4.63
   2 4.69
   5 4.72
   1 4.73
  19 4.76
   1 4.77

The next most common non-8bit MTAs were 12 instances of
"MailEnable Service".

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: openDKIM and postfix

A. Schulze
In reply to this post by Viktor Dukhovni


On May 20, 2018, at 7:24 PM, John Levine <[hidden email]> wrote:
>
>  Has anyone actually seen it happen in the
> wild in the past decade?

yes, web.de, gmx.net and other domains operated by 1&1 for example.
or freemail.de or all the domains hosted by Eleven (today Cyren)

For that it /is/ a huge problem in Germany...
John, you may know me, I asked them many times but that changed nothing :-/

Andreas