[tde-users] Re: Persistent KMail issue

said David C. Rankin via tde-users: | Be very, very wary.... | | Protonmail is not accepted by my server and many others due to it | routing mail though APNIC servers in PRC. Starting several years ago, I | have an engineering company I host that found it could no longer receive | mail from proton mail. A quick investigation showed it could no longer | receive mails due to the protonmail server being blocked at the | firewall. It was banned by fail2ban due to repeated illegal intrusion | attempts from that same IP. (dovecot:auth failures) | | I know I'm not the only one that now blocks protonmail IPs at the | firewall. Just a guess, but given the distributed nature of the | wonderful net, if kmail receives header information from an open IP, but | the remainder of the message is blocked somewhere along the way at one | of the hops close to your delivery point - I could see kmail being quite | confused. The same distributed nature of the net should also provide an | automatic re-route, but if it run into another block elsewhere I could | see a problem like you describe. traceroute on the sender/server IP may | turn up something (low probability, but worth doing) | | Like I said this is a GUESS, but I can see this becoming a bigger issue | as temporary bans come on/off IP addresses. I am seeing just over 1000 | brute force attempts per-month (with hundreds of thousands of bad-actor | IPs already blocked by ipset). | | It may also be that protonbridge causes the mail header to be seen by | kmail with some non-standard additions in it used by the web-mail UI | that most current mail packages accept. The old "Internet Explorer" type | adherence to standards applied to mail... It would be really interesting | if you could pin down an error message (hopefully with debug info) from | kmail that shows where kmail is unhappy. (and it may just be a | corner-case issue that doesn't throw an error or exception). | | I'll keep following this thread. I'm interested in what turns up and if | it provides a way for me to loosen protonmail restrictions. I've spent much of this morning along with others trying to figure out what you're talking about, there being no connection whatsoever between Proton and China. Here's the most likely explanation offered: "No, it's likely just a person not being able to differentiate .ch (Confoederatio Helvetica) - Switzerland's top level domain, with .cn which is China's Top level domain." -- dep Pictures: http://www.ipernity.com/doc/depscribe/album Column: https://ofb.biz/author/dep/