TV Science Associates.

550 Empty envelope senders not allowed - The tvScience Blog

2017-12-19T10:15:04Z

The refusal by an ISP to accept a bounce message (one with an empty envelope sender) is increasingly rare these days, but occasionally we do see it.

This is always a bad idea:

H=mx01.csx1.net [38.103.192.105] … SMTP error from remote mail server after pipelined DATA: 550 Empty envelope senders not allowed

The sender of the message (their client remember) will never find out that the email has not been delivered. In this case the mail was being forwarded, so it's impossible for us to do any better than accept the mail and then test the recipient address by trying a delivery. We had to delete the bounce message — there was nowhere to send it. ]]> Bounce messages are sent with an empty envelope sender to eliminate mail loops. For more information see: RFC 5321.

Did I mention that we would never contemplate such a foolish policy?

This is NOT How You Use a Spamhaus Blocklist - The tvScience Blog

2017-07-12T10:32:44Z

TFL are rejecting authenticated mail relayed through our servers due to one of the SMTP Received: headers containing an IP address listed at Spamhaus.

In this case, it's the mistaken & inadvertent use of the Spamhaus PBL where the error lies. A majority of e-mail sent from a home broadband connection will contain an IP listed in the PBL. TFL (or is it Capita?) are wrongly using the Spamhaus ZEN blocklist which is an aggregate of all the lists maintained by Spamhaus. This includes the PBL.

Here's the rejection message:

  REDACTED@tflcc.co.uk
    host smtp.tflcc.co.uk [80.82.130.162]
    SMTP error from remote mail server after end of data:
    550 5.7.1 92.40.249.10 listed at zen.spamhaus.org

The IP address TFL take an exception to is [92.40.249.10] which is indeed listed in the PBL. The crucial thing is that this IP has not connected to TFL's servers at all. Instead it has been plucked from the trace headers included in the message.]]> Here are the SMTP Received: headers from the outgoing message rejected by TFL:

Received: from [92.40.249.10] (helo=dsklinux.lan) by smtp2.tvscience.co.uk with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1dVEdi-0004i8-Wd for REDACTED@tflcc.co.uk; Wed, 12 Jul 2017 10:13:02 +0000 Received: from localhost ([127.0.0.1]:59230 helo=dsklinux.lan) by dsklinux.lan with esmtp (Exim 4.88) (envelope-from ) id 1dVEdh-0004QW-Bd for REDACTED@tflcc.co.uk; Wed, 12 Jul 2017 11:13:01 +0100

The IP of our SMTP relay server smtp2.tvscience.co.uk is [185.208.170.37] — not listed in any blocklist.

Mail administrators from TFL/Capita would do well to read and inwardly digest this Spamhaus FAQ entry; noting particularly the "⚠WARNING!" section.

For information on the correct and appropriate use of Spamhaus's blocklists see this FAQ.

For more information on SMTP trace headers, including the Received: header see: RFC 2822.

POP3 SSL Access in Beta Test - The tvScience Blog

2015-12-08T11:36:04Z

All our POP3 servers now support access via encrypted connections for e‐mail retrieval.

Your secure connection can use port 995 for SSL access or stick with port 110 and enable STARTTLS.

You will need to accept the SSL certificate presented in order to proceed with your first e‐mail check. Use the "Accept all certificates" option where available.]]> Remember, this does not make your e-mails much more secure at all. Just your username and password now become fully protected from snooping. Only an end‐to‐end encryption scheme such as PGP or GPG can guarantee e‐mail security.

Byte Quotas for SMTP (e-mail) Posting Increased Again! - The tvScience Blog

2015-11-30T11:33:10Z

We have just doubled the byte quota for our base SMTP (e-mail) posting package.

You now get 350 recipients/128MiB per month for a measly GBP20+VAT per year. ]]> Any unused quota, both bytes and recipients, roll over for a second month.

Optionally we offer DKIM signing at no extra cost.

Remember - No Mail from Dynamic IP Addresses - The tvScience Blog

2015-07-25T08:54:49Z

E‐mail from dynamic IP addresses has long been refused by the wise postmaster, including ourselves. The reason is that both whitelisting & blacklisting are ineffective in this case — two tools that are essential for the world's mail administrators.

Remember also that cloud services use dynamically allocated IP addresses in many cases and are thus also unsuitable for relaying mail for the same reasons given above. Currently we do not block such computing services from sending mail to our servers; they are regarded with additional suspicion by our filters however.

Upgrade Your Movable Type Installation - The tvScience Blog

2015-04-15T05:50:09Z

The latest stable version of Movable Type Open Source is MTOS-5.2.13. You should upgrade your installations.

Server Outage n6.tvscience.co.uk - The tvScience Blog

2015-02-17T11:39:35Z

The server known as n6.tvscience.co.uk is currently down due to a power outage in the datacentre. ]]> We will publish an update when there is further news.

UPDATE: The server came back online at 1915UTC and services were reinstated shortly afterwards.

Upgrade Your Movable Type Installation - The tvScience Blog

2015-02-12T11:51:14Z

The latest stable version of Movable Type Open Source is MTOS-5.2.12. You should upgrade your installations.

Upgrade Your Movable Type Installation - The tvScience Blog

2015-01-11T16:37:57Z

The latest stable version of Movable Type Open Source is MTOS-5.2.11. You should upgrade your installations.

Malware Now Being Pushed in ".arj" Files - The tvScience Blog

2014-09-02T14:30:41Z

Most file compression formats are ripe for exploitation these days. We've seen our first .arj files today:

Thank you for using our services! Your order #37311131537 will be shipped on 05-09-2014. Date: September 02, 2014. 03:09pm Price: Â£191.50 Payment method: Wire transfer Transaction number: 0466142997148E Please find the detailed information on your purchase in the attached file (sale_2014-09-02_14-20-08_37311131537.arj) Best regards, Sales Department Evelina Example +07775 xxx xxx

]]> The payload is a Windows™ executable as one might expect.

Upgrade Your Movable Type Installation - The tvScience Blog

2014-08-21T11:52:00Z

The latest stable version of Movable Type Open Source is MTOS-5.2.10. You should upgrade your installations.]]> Note: Version 5.2.9 of Movable Type Open Source closes a security vulnerability.

Outlook Test Messages Not SMTP Compliant - The tvScience Blog

2014-03-20T12:27:40Z

There are versions of MS Outlook out there which don't send messages compliant with SMTP
(RFC 5322 - Section-3.6), in as much as the mandatory “Date:” header is missing. Quite naturally this makes them useless as a method for testing your SMTP mail system. See this discussion for more information.

WORKAROUND: If you encounter this when testing SMTP delivery, compose your own test message and send that one to yourself. ]]> Only two headers are compulsory in an SMTP e-mail: the “Date:” header & the “From:” header. Our servers refuse messages where either of these two are absent. The error message returned by our servers is, helpfully we think:

550-Mandatory header absent, 550 see: http://tools.ietf.org/html/rfc5322#section-3.6

Note: Some mailservers will return an imcomplete version of the above message — returning only part of it.

All tvScience customers using our SMTP posting accounts will have a “Date:” header added automatically should buggy software fail to add one itself.

Spam to Your PayPal E-mail Address - The tvScience Blog

2014-03-16T17:00:24Z

As PayPal give your name and e-mail address away to its merchants (i.e: they effectively make it public) - we recommend our clients to use a throw-away or time-limited address for paypal accounts. The spam will be sent to your address using your full name so:

To: "Anthony Other"

Currently the spam is promoting a fake goods site with the connivance of an ISP based in Hong Kong. ]]> All customers with SMTP posting accounts can request throw-away and time-limited addresses. A throw-away address is preferable in this case as a time-limited address must be promptly updated before it expires. An expired address can cause you to be temporarily locked out of your PayPal account, requiring a telephone call to PayPal customer services.

Phishing From Microsoft Messaging - The tvScience Blog

2014-01-08T11:57:58Z

Here’s a phish, sent by: mail14-co9on0066.outbound.messaging.microsoft.com [157.56.211.66] seconds ago:

From: Barclays Bank PLC Subject: Important Information From Barclays! You have not used the telephone banking service for some time now and this could lead to a temporary de-activation of your access to this service. In order to ensure your continued usage of the service and other services such as the internet banking, please follow the steps below : Click here to begin © 2014 Barclays Bank. All Rights Reserved

]]> Unlike Gmail, they are happy to accept a report back although this particular mail does not contain an executable payload.

Unfortunately little gets done. Parts of their network, AS8075 in particular, is currently listed by UCEPROTECT at level 2.

Gmail Spewing Malware - The tvScience Blog

2013-08-08T07:14:24Z

We've trapped a couple of mails from gmail containing malware. Malware in the form of an attachment called "Payment.rar", "document.rar" or "INVOICES.rar"; within that file is a windows ".scr" or ".exe" executable.

The text is like this (sic):

Dear Sir/Ma Please check attachment for the confirmation of the part payment into your account. Thanks for your patient and we sincerely apologize for the delay. Please find swift message for the payment made via attachment and confirm back. -- Thanks & Regard, Rohitashwa K. Mishra, Senior Journalist, Dainik Bhaskar Group.

Or perhaps like this, received from mail-vc0-f194.google.com [209.85.220.194] on Tue, 29 Oct 2013 06:12:01 (sic):

Dear sir , Regarding to the previous order i made in your company , the goods shipped to me are not exactly what i purchased, the attachments are the slip of the payment i made and sample of the products i need if you have them give me feedback and the new account so that i`ll make the next payment as you told me . thanks.

]]> Reporting this to Google's abuse address results in this message:

SMTP error from remote mail server after end of data: host aspmx.l.google.com [74.125.136.27]: 552-5.7.0 This message was blocked because its content presents a potential 552-5.7.0 security issue. Please visit http://support.google.com/mail/bin/answe 552-5.7.0 r.py?answer=6590 to review our message content and attachment content 552 5.7.0 guidelines. t9si5817581eeo.35 - gsmtp

They're right, there is a potential security issue - pity they don't want to have it reported to them. Also a pity they don't enforce such guidelines on their own ~~product~~ users.

tvScience clients are shielded from the risk as all executable attachments from unknown senders are held in quarrantine. We report the message where possible to the sending organisation; in the above case the mails now have to be deleted.

UPDATE: They're still at it as of 2014/01/16.

Onthis occasion text is:

Hello dear, I am sorry for getting back to you very late, I was on leave and only came back to the office today. As a matter of fact, we have evaluated your PI you sent to us previously. kindly see the attached Revised Invoice and check if you can supplier me the engines, spear spear parts, oils and cooler this January 2014, as we have many demanding. Hope to hear from you soonest. Mr. Toney Adem (CEO) Toney Adem Holdings Ltd.

The file is called "copy1.rar" and was sent by "mail-lb0-f194.google.com" ["209.85.217.194"].