home.social

#mailadmin — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #mailadmin, aggregated by home.social.

  1. Blocking all *.bc.googleusercontent.com on my mailserver as they send nothing but phishing mails and spam. Google doesn't really care about the 150+ reports I sent them, so on the blocklist they go.

    #SelfHost #MailAdmin @homelab

  2. Silly spammer "revenge". When you report spam in ways that it actually does something, some spammers get cranky about that and:

    - Use a domain that is about to expire
    - Use google mail for that domain
    - set up a reflector e-mail address on that domain
    - Run a script that spams hundreds of support systems of innocent websites
    - Redirect the replies to those support tickets to my email address via google mail

    Silly, but it seems to make the spammers happy.

    #SelfHost #MailAdmin

  3. Miraculously, mail servers that do not use/check neither SPF, DMARC nor DKIM still exist. This one from a consulting company in Hungary allowed me to track down the sender of spam using one of my mail accounts as spoofed `from:`. So, dear 1.202.53.77 from China, welcome to my blocklist :)

    #SelfHost #MailAdmin

  4. 363 IP addresses in 24 hours, trying to guess user/password combinations on my mailserver. The botnets seem to be back in full force after a little over 2 weeks of almost nothing (yes, that coincides with the war against Iran).

    #SelfHost #MailAdmin @homelab

  5. Honeypot mail account got a new kind of spam. Not seen attached .html files for years.

    Are .html attachments in emails allowed by popular mail clients and webmailers again by now???

    #infosec #itsec #mailadmin #spam

  6. So I guess for the next few days you can send an e-mail to [email protected] and it will reach me ;)

    #SelfHost #MailAdmin @homelab

  7. I guess they will also use the support forms to try to subscribe me to whatever marketing stuff from there.

    So I look forward to interesting messages from Bavarian restaurants, Austrian doctors and swiss lawyers :)

    #SelfHost #MailAdmin @homelab

  8. When spammers don't like you reporting their spam, they will:

    - set up a forwarding email address on one of their servers with good DKIM/SPF/DMARC, typically on a domain that will expire soon
    - Run a script that spams hundreds of support addresses/web forms with nonsense content using that forwarding address
    - Forward all the confirmation receipts to your email address

    That stuff is easy to block, but can be quite a nuisance to the affected support teams.

    #SelfHost #MailAdmin @homelab

  9. Well, it seems the botnets are coming back. After two weeks of almost nothing, today the SASL login attempts and support tickets opened using one of my email addresses are coming back. So. Back to business as usual. Report spammers and blocking these botnet IP adresses.

    #SelfHost #MailAdmin

  10. Wtf, just got a wave of mails from various ticket systems that they got my request (vever heard of any of them). All delivered via google MXes 🙄

    #MailAdmin

  11. Seems my spam reports are upsetting a spammer who tries to subscribe me to weird mailing lists and swinger groups. LOL. Good thing is that EU regulations require a double opt-in so I just ignore the "please confirm" mails.

    #SysAdminLife #MailAdmin #ThanksEU

  12. Seems my spam reports are upsetting a spammer who tries to subscribe me to weird mailing lists and swinger groups. LOL. Good thing is that EU regulations require a double opt-in so I just ignore the "please confirm" mails.

    #SysAdminLife #MailAdmin #ThanksEU

  13. Seems my spam reports are upsetting a spammer who tries to subscribe me to weird mailing lists and swinger groups. LOL. Good thing is that EU regulations require a double opt-in so I just ignore the "please confirm" mails.

    #SysAdminLife #MailAdmin #ThanksEU

  14. Hot Take: E-Mail-Weiterleitungen sind immer Grütze. Egal, ob mit oder ohne SRS, DKIM oder ähnlichem.
    Der Mailserver, der die Mails weiterleitet, handelt sich nur Probleme ein.


    #mailadmin #postmaster

  15. A few months ago it was sendgrid as mail service (and also cloudflare for the phishing sites). Sendgrid has promptly reacted to every report I sent them and I now rarely see them in my log files.

    #SelfHost #MailAdmin @homelab

  16. Observation: Google is currently the biggest spreader of phishing mails, Cloudflare hides/hosts the phishing sites these mails link to. That's the simple truth on my mailserver since a few weeks. And yes, I manually report every single one of them to no visible avail.

    #SelfHost #MailAdmin #Phishing @homelab

  17. My mailserver is very German. When your mailserver tries to send a message, it does a reverse lookup on the IP address. If that doesn't deliver a valid hostname, you're out. But we are not done yet. If it gets a valid hostname, it does an A (IPv4) or AAAA (IPv6&) lookup on that hostname. And if it doesn't deliver back the same IP address, you are still out. It is fascinating to observe how often that uncovers that even big names get their DNS wrong. Hello, Spamcop ;)

    #ItsAlwaysDNS #MailAdmin

  18. Because a few people asked how I block the IP ranges from hostgnome:

    - Mailserver detects IP address trying to to deliver spam: 91.237.124.193
    - Via `whois` I find the corresponding AS: 201579 (picture 1)
    - Then I find all IP ranges associated with with this AS (picture 2)
    - Then I go through the ranges and add them to my firewall.

    Rinse, repeat.

    #SelfHost #MailAdmin @homelab

  19. Hostgnome uses a simple tactic. They rent/buy IPv4 address pools, send spam via all allocated addresses in that space for a few days and then get rid of the pool, replacing it with a fresh one. So it makes sense to have a cronjob that checks their ASes and immediately block all pools on the firewall.

    #SelfHost #MailAdmin @homelab

  20. Noticeable trend on my mailserver: Spam that comes via IPv6 is 90% from Google servers and the rest is Amazon or Microsoft servers. So far no other senders of IPv6 spam. 95% of spam attempts are still IPv4 from various Chinese, US, pacific country sources. The most annoying spam sender stays hostgnome from UK. (All of these attempts are blocked by my mail server, so never make it past the initial HELO part).

    #SelfHost #MailAdmin @homelab

  21. A noticeable uptick in phishing mail coming from Google's mail servers. Trying to report them has turned out to be fruitless. If anyone know where to best send reports so that the Google geniuses take a look and action, please do tell me!

    #SelfHost #MailAdmin

  22. OK. After my rant about sendgrid servers sending me a lot of phishing mails (mostly Trezor related), I actually checked on how to report abuse to them and it turns out that they listen and care. Just forward the email with all original headers intact to their abuse mail address and after a sanity check they will accept the complaint, open a ticket and go after their customer doing this shit. Chapeau.

    #Selfhost #SysAdminLife #MailAdmin

  23. I am THIS close to fully blocking all IP ranges from AS11377 (Sendgrid) on my mailserver as the only thing they are sending my way is Trezor phishing mails. Fellow #postmaster #mailAdmin how do you treat them?

  24. #NerdTalk Wow. A multi-step, sophisticated way of spoofing emails that pass SPF, DKIM, DMARC. Hardcore.

    "And most importantly, the key trick is that you can put anything you want in the App Name field in Google"

    Le sigh. That's where they put the email text. In the App Name field. Google can fix this by sanitising input better.

    easydmarc.com/blog/google-spoo

    #Spam #Phishing #MailAdmin

  25. ```
    if address :match "From" "*@gmail.com" {
    fileinto "SPAM";
    }
    ```

    Current frustration level of being a #mailadmin over 900000.

    These days is there even a single legitimate user sending mails with an gmail.com address? Literally all of them within my inbox are spam...

  26. because running a mail server wasn’t fun enough: the Dovecot 2.3 → 2.4 update has tons of breaking config changes

    (h/t to willem.com/blog/2025-06-04_bre for the exhaustive breakdown of the changes)

    #mailadmin #dovecot #postfix #sysadmin

  27. For the first time ever, I've got spam.

    It's from 102.213.93.28 (AfriNIC) and there is no abuse mail in the whois output, only telephone numbers. What should I do? I can DM you the full headers/mail, if it helps.

    #spam #SpamMails #spammail #mailserver #mailadmin #mailadmins #afrinic #whois

  28. #tfw You have to email a government agency, explain in excruciating detail why your mail server (and any other that enforces #DMARC) can't receive certain emails they're sending that fail their DMARC policy, and then cross your fingers and pray that the tier 1 customer service rep who reads your email forwards it to someone who can fix the problem AND said someone actually takes the time to do it. *sigh*
    #smtp #SysAdmin #MailAdmin