Hi,
I have been repeatedly affected by RBL providers incorrectly listing my static IP address in their dial-up ranges causing my messages to be rejected by the servers of several clueless wannabe administrators.
What makes things really worse is that none of these lists is even close to being well maintained and it usually takes weeks to get removed.
I first thought of a cronjob to nag the removal contact about once per hour, but I doubt this account does ever get read.
Currently I am trying to use all contacts I can find for the RBL provider and recipient domain and ask them to unlist my IP and/or stop using the broken RBL.
Unfortunately some of those bastards even use their own RBL to prevent such requests from getting through and I wonder what else I can do.
Launch wget with an invalid URL once per second to put my removal request in their httpd log?
Reciprocally blocking their domain from delivering here?
Any other ideas?
Tom
Thomas Zehetbauer wrote:
Reciprocally blocking their domain from delivering here?
Any other ideas?
Don't send mail directly from a dial-up IP.
Use your ISP to send mail.
A lot of the spam zombies are coming from dynamic IPs and it's just plain sense to reject any email coming directly from those IPs.
Sorry.. No sympathy. I'm using a dial-up connection with a dynamic IP on a ISP that has had spam problems and *never* get email rejected.
On Tuesday 30 November 2004 14:17, Jerry Gaiser wrote:
Don't send mail directly from a dial-up IP.
Use your ISP to send mail.
A lot of the spam zombies are coming from dynamic IPs and it's just plain sense to reject any email coming directly from those IPs.
Sorry.. No sympathy. I'm using a dial-up connection with a dynamic IP on a ISP that has had spam problems and *never* get email rejected.
I maintain mail servers and I use (free) services of black lists. If your IP is listed, tough.
I'm also on dialup; I use my IAP's mail server to relay my outgoing mail.
Even aside from problems with blacklists, using your IAP's relay makes sense if you have any volume of mail; your outgoings go quickly to your IAP who then has to worry about deliveries which _can_ take hours, days sometimes.
Those black lists stop _a lot_ of spam. I get a few a day and dozens a day <plonked>.
On Tue, 2004-11-30 at 05:18 +0100, Thomas Zehetbauer wrote:
Hi,
I have been repeatedly affected by RBL providers incorrectly listing my static IP address in their dial-up ranges causing my messages to be rejected by the servers of several clueless wannabe administrators.
What makes things really worse is that none of these lists is even close to being well maintained and it usually takes weeks to get removed.
What's your IP address and which DNSBLs (RBL is a trademark of MAPS LLC) are you referring to?
I first thought of a cronjob to nag the removal contact about once per hour, but I doubt this account does ever get read.
That's more likely to get you permanently plonked than removed.
Currently I am trying to use all contacts I can find for the RBL provider and recipient domain and ask them to unlist my IP and/or stop using the broken RBL.
That makes more sense.
Unfortunately some of those bastards even use their own RBL to prevent such requests from getting through and I wonder what else I can do.
That's a pretty dumb thing for them to do, I'd have to agree.
Launch wget with an invalid URL once per second to put my removal request in their httpd log?
That's abusive; don't do it.
Reciprocally blocking their domain from delivering here?
That's fine: your mail server, your rules. However, if they did eventually make a query regarding your removal request, you probably wouldn't want to reject it.
Any other ideas?
A workaround might be to route outgoing mail for domains using that list via another mail server, such as your ISP's mail server.
Paul.
On Tue, November 30, 2004 12:18, Thomas Zehetbauer said:
I have been repeatedly affected by RBL providers incorrectly listing my static IP address in their dial-up ranges causing my messages to be rejected by the servers of several clueless wannabe administrators.
I'd in the first instance ask myself why my IP got into their list. You wouldn't have had your server open for public relay in the past (or still), would you? I believe tackling the root cause should be the first step.
I first thought of a cronjob to nag the removal contact about once per hour, but I doubt this account does ever get read.
With this attitude I understand why your IP is in black-lists ;-)
Currently I am trying to use all contacts I can find for the RBL provider and recipient domain and ask them to unlist my IP and/or stop using the broken RBL.
Yepp. On top, you may talk to the final receipient and inform him about the unprofessional mail admin (if this is really true, see above) he's paying fees to. His voice to an ISPs mail admin will be stronger than yours.
Launch wget with an invalid URL once per second to put my removal request in their httpd log?
Or better hack into their mail server and fix the problem yourself :-P
Reciprocally blocking their domain from delivering here?
Which would put you on the same level of mail admin you claim they are...
Any other ideas?
Using a relay, at least as a backup...
On Tue, November 30, 2004 12:18, Thomas Zehetbauer said:
Hi,
I have been repeatedly affected by RBL providers incorrectly listing my static IP address in their dial-up ranges causing my messages to be rejected by the servers of several clueless wannabe administrators.
Further, are you sure you're on a static IP? Your mail headers indicate that you're @ an IP from Vienna's Chello Cable Service. If that's the IP you're talking about, the problem likely lies with Chello -- their customers spam. In that case complain to Chello to tighten their network (eg block outgoing SMTP) or simply use their mail server as a relay.
On Tue, 2004-11-30 at 16:52 +0800, HaJo Schatz wrote:
On Tue, November 30, 2004 12:18, Thomas Zehetbauer said:
I have been repeatedly affected by RBL providers incorrectly listing my static IP address in their dial-up ranges causing my messages to be rejected by the servers of several clueless wannabe administrators.
I'd in the first instance ask myself why my IP got into their list. You wouldn't have had your server open for public relay in the past (or still), would you? I believe tackling the root cause should be the first step.
I am facing the same issues.
In my case, the origin almost always have been blacklists with broken, simple-minded relay tests checks, which choke on some kind of mail paths and then conclude mail to be spam they can not process.
Another cause I've recently encountered to be blocked is some site's having installed some content filtering/censorship systems which automatically reject mails containing certain key words.
ATM, I am struggling with such a site, which considers all mail originating from non-US-sites and contain the string "free" in the sender to be junk (My provider is "freenet.de").
Ralf
On Tuesday 30 November 2004 17:13, Ralf Corsepius wrote:
ATM, I am struggling with such a site, which considers all mail originating from non-US-sites and contain the string "free" in the sender to be junk (My provider is "freenet.de").
It's in freenet's interests to sort that one out:-)
HaJo Schatz wrote:
On Tue, November 30, 2004 12:18, Thomas Zehetbauer said:
I have been repeatedly affected by RBL providers incorrectly listing my static IP address in their dial-up ranges causing my messages to be rejected by the servers of several clueless wannabe administrators.
I'd in the first instance ask myself why my IP got into their list. You wouldn't have had your server open for public relay in the past (or still), would you? I believe tackling the root cause should be the first step.
One primary "root cause" has nothing to do with the activities of the system. The original poster mentioned he was on a dialup line, which implies dynamic IP addresses. Many BL providers simply black list dynamic IP addresses as a rule (since much spam does originate from dynamic IP addresses). For this type of setup, its best to use the mail server for the ISP...
John
On Tue, 2004-11-30 at 04:18, Thomas Zehetbauer wrote:
Hi,
I have been repeatedly affected by RBL providers incorrectly listing my static IP address in their dial-up ranges causing my messages to be rejected by the servers of several clueless wannabe administrators.
I was not going to respond to this since others have made most of my points, but my case differs somewhat.
I am on a static IP addresses, both for my older dial-up account and my broadband one. In both cases I run smtp here, (one sendmail the other exim) and both are configured to use my ISP's outgoing mail server.
The IP addresses are in DBL. That way, the ISP does not mind me running smtp (rather than pop/imap), as if I mis-configured with open-relay or sent spam, other email servers would not respond to me and if I use my ISP's email server to send spam they would notice it in their logs quickly.
I do not see any problem in everyone using their ISP's mail server for outgoing email. It is easy to configure and provides some anti-spam measures for the ISP and for any unfortunate end-user mis-configuring a smtp server for open-relay.
Thomas, why would you not want to use your ISP's outgoing mail server?
Regards
Chris
Chris Hewitt wrote:
On Tue, 2004-11-30 at 04:18, Thomas Zehetbauer wrote: I do not see any problem in everyone using their ISP's mail server for outgoing email. It is easy to configure and provides some anti-spam measures for the ISP and for any unfortunate end-user mis-configuring a smtp server for open-relay.
Thomas, why would you not want to use your ISP's outgoing mail server?
I only use my ISP's mail server for sites that I cannot reach directly. One of the disadvantages of using the ISP's server is a loss of control; once the mail is delivered to the ISP you have no control over redelivery attempts (if the remote MXes are down), can't see if the mail has actually been delivered to the remote site's mail server etc. Knowing such things can be very useful when diagnosing mail problems.
Paul.
Jerry Gaiser wrote:
Don't send mail directly from a dial-up IP.
Use your ISP to send mail.
He is not using dial-up IP. He has *static* IP. One of the reasons people *pay* for static IP is to be able to have total control of their outgoing mail. Also, some ISPs will not allow you to relay through them if you have static IP. They give you connectivity and IP address. That is what you paid for and that is where their obligations toward you end. This is more common with big pipes such as E* and T* connections, than when you simply pay extra to have static IP on your cable or ADSL.
Anyhow, in my personal experience, using RBL lists for detecting dial-up pools for purpose of blind blocking is very bad idea. Those lists are impossible to be made accurate. It is trivial to find examples of dial-up pools not listed in those lists, and to find static ranges that are incorrectly listed (mostly small companies that own small number of IP addresses, larger companies that own at least entire C class are usually spared). Dial-up pools RBL lists have too much false positives and false negatives to be usefull on their own.
The reason is that ISP can use IP ranges it owns however it wants (which is perfectly OK, nothing wrong with it). ISP has no obligations to inform anybody what IP ranges it uses for dial-up pools, and what ranges it uses for customers who pay extra for static IP (this is perfectly OK too). It can move entire C class from dial-up pool to static customers without informing anybody, and it can do the other way around too. Said that, I am not aware of a single ISP that will publish such information, and some ISPs will not give you that information even if you ask for it.
Said that, the only place where dial-up RBL list is of any use are score based anti-spam tools (such as SpamAssassin). If you assign small score, it will not block emails by itself, but it will make contribution to the big picture. Add AWL to the mix, and dial-up RBL lists become actually usefull. For anything else, *do not* use them. You'll end up blocking legitimate email. Such as emails from the OP.
John Burton wrote:
The original poster mentioned he was on a dialup line, which implies dynamic IP addresses.
No. He explicitly said he has static IP address, and that this IP address is often incorrectly listed as dial-up address. That is the only piece of information present in his original posting.
I don't know from where you dag up dial-up line?
He did not said what kind of connection he has. It could be 300 bps modem, or T3, or anything in between. We don't know that. All he told us is that he has static IP address.
On Tue, 2004-11-30 at 14:51, Paul Howarth wrote:
Chris Hewitt wrote:
On Tue, 2004-11-30 at 04:18, Thomas Zehetbauer wrote: I do not see any problem in everyone using their ISP's mail server for outgoing email. It is easy to configure and provides some anti-spam measures for the ISP and for any unfortunate end-user mis-configuring a smtp server for open-relay.
Thomas, why would you not want to use your ISP's outgoing mail server?
I only use my ISP's mail server for sites that I cannot reach directly. One of the disadvantages of using the ISP's server is a loss of control; once the mail is delivered to the ISP you have no control over redelivery attempts (if the remote MXes are down), can't see if the mail has actually been delivered to the remote site's mail server etc. Knowing such things can be very useful when diagnosing mail problems.
Paul.
Paul,
True. I probably just do not have enough mail delivery problems to need anything else. I get a bounce message upon non-delivery and use that. The fact that I get very few means that as an ordinary ISP account user I have not found I need to do anything different.
Is Thomas's situation different I wonder?
Regards
Chris
Paul Howarth wrote:
I only use my ISP's mail server for sites that I cannot reach directly. One of the disadvantages of using the ISP's server is a loss of control; once the mail is delivered to the ISP you have no control over redelivery attempts (if the remote MXes are down), can't see if the mail has actually been delivered to the remote site's mail server etc. Knowing such things can be very useful when diagnosing mail problems.
Exactly my point. If remote site is down, and you know it will be down for extended period of time (say two or three weeks), you can move mails for that site to separete queue with different set of timeouts, and inform your users about that. That way, emails will be delivered once the remote site is operational again, instead of being bounced after 5 days (and annoying warinings generated after 4 hours). Something no ISP will be willing to do for you.
Another reason might be that some people might have privacy issues with their correspondence being stored on intermediate mail server they have no controll of.
These are just two examples why in some cases using ISPs mail servers for relaying is not acceptable solution.
Aleksandar Milivojevic wrote:
Anyhow, in my personal experience, using RBL lists for detecting dial-up pools for purpose of blind blocking is very bad idea. Those lists are impossible to be made accurate. It is trivial to find examples of dial-up pools not listed in those lists,
I am not aware of any list that claims to list *all* dial-up pools. Refusing mail from the dial-up pools of large ISPs is very effective at reducing spam. However, greylisting probably works better for these cases (generally trojanned Windows boxes that are open proxies rather than open relays that will retry).
and to find static ranges that are incorrectly listed (mostly small companies that own small number of IP addresses, larger companies that own at least entire C class are usually spared).
Having reverse DNS with a non-generic-looking name is also a good way of demonstrating that the IPs are static rather than dynamic.
Dial-up pools RBL lists have too much false positives and false negatives to be usefull on their own.
The false positives are usually hobbyist Linux users that know how to work around the problem though.
The reason is that ISP can use IP ranges it owns however it wants (which is perfectly OK, nothing wrong with it). ISP has no obligations to inform anybody what IP ranges it uses for dial-up pools, and what ranges it uses for customers who pay extra for static IP (this is perfectly OK too). It can move entire C class from dial-up pool to static customers without informing anybody, and it can do the other way around too. Said that, I am not aware of a single ISP that will publish such information, and some ISPs will not give you that information even if you ask for it.
Last week, over on SPAM-L, an Israeli ISP listed their dynamic IP range and *requested* that everyone block it until they could get their outgoing port 25 block in place.
AOL's dynamic ranges are available to see at http://postmaster.info.aol.com/servers/dialup.html
Most of the entries in the MAPS DUL are provided by the ISPs themselves.
Said that, the only place where dial-up RBL list is of any use are score based anti-spam tools (such as SpamAssassin). If you assign small score, it will not block emails by itself, but it will make contribution to the big picture. Add AWL to the mix, and dial-up RBL lists become actually usefull. For anything else, *do not* use them. You'll end up blocking legitimate email. Such as emails from the OP.
*Any* list can be prone to blocking legitimate mail. Some more so than others. It's up to each mail admin how they want to trade off their false positives/false negatives/processing time per message. I score the SORBS DUL list highly on my spam filter and it works for me.
As the OP actually has a static IP, the real solution for that should be to get the incorrect listings fixed, rather than stopping using dynamic IP lists altogether.
Paul.
Chris Hewitt wrote:
Paul,
True. I probably just do not have enough mail delivery problems to need anything else. I get a bounce message upon non-delivery and use that. The fact that I get very few means that as an ordinary ISP account user I have not found I need to do anything different.
Is Thomas's situation different I wonder?
Only Thomas can answer that. I run a mailing list off my mail server (DSL, static IP) and I occasionally have to track down delivery problems (people complaining that they're not receiving the mail). Knowing that someone's mail server has accepted an email is useful to know in these cases.
Paul.
On Tue, 2004-11-30 at 23:20, Aleksandar Milivojevic wrote:
John Burton wrote:
The original poster mentioned he was on a dialup line, which implies dynamic IP addresses.
No. He explicitly said he has static IP address, and that this IP address is often incorrectly listed as dial-up address. That is the only piece of information present in his original posting.
Assuming that his original post comes from the same IP he's talking about, this seems like an either wrong information or unlucky/stupid case. Seems that all IPs around him are dial-up IPs of his ISP, chello.at. And chello.at seems not to be liked by BLs, probably because they have outgoing SMTP open and hence nurture spammers. I'd conclude that in a first instance it would be up to chello.at to do something about their reputation they've earned in the net! (I'm connected through an ISP which was not long ago one of the most notorious one rgd causing spam traffic, especially because of their ignorance rgd abusing customers. But since BLs have gone a hard line against this ISP, the people in charge quickly realized that they had to change if they wanted to stay alive. They've blocked outgoing SMTP, closed their mail-relays,... Shortly after, the BLs started removing the ISP and since then I have no more trouble sending mail -- except the fact that their mail server imposes a 2MB limit/mail on me). So again, find the root cause & solve it or you'll be fighting an up-hill battle for long...
Paul Howarth wrote:
Having reverse DNS with a non-generic-looking name is also a good way of demonstrating that the IPs are static rather than dynamic.
Wrong. If you have single or only a handfull IP addresses, more often than not your reverse DNS will be generic.
Last week, over on SPAM-L, an Israeli ISP listed their dynamic IP range and *requested* that everyone block it until they could get their outgoing port 25 block in place.
I've probably went too far by saying "all" and "none". Probably should have used "most" and/or "many".
As the OP actually has a static IP, the real solution for that should be to get the incorrect listings fixed, rather than stopping using dynamic IP lists altogether.
I'm seeing people with OP problems too often to be able to agree with you.
Aleksandar Milivojevic wrote:
Paul Howarth wrote:
Having reverse DNS with a non-generic-looking name is also a good way of demonstrating that the IPs are static rather than dynamic.
Wrong. If you have single or only a handfull IP addresses, more often than not your reverse DNS will be generic.
I'm not disputing that. What I meant was that if you have a non-generic rDNS, people are less likely to think your IP is dynamic.
Paul.
HaJo Schatz wrote:
Assuming that his original post comes from the same IP he's talking about, this seems like an either wrong information or unlucky/stupid case. Seems that all IPs around him are dial-up IPs of his ISP, chello.at.
How do you know they are dial-up IPs? Maybe they are static IPs with generic reverse DNS? Also, if he is on cable, cable uses DHCP to assign addresses to the clients. Maybe his ISP fixed only his address to be static (or excluded it on DHCP server), and the rest are dynamic?
Or maybe he sent hi original email from somewhere else. Say he has problem with his company, and he sent email about it from his home?
Too many people generating too many assumptions from too sparse info.
On Tue, 2004-11-30 at 10:28, Aleksandar Milivojevic wrote:
Another reason might be that some people might have privacy issues with their correspondence being stored on intermediate mail server they have no controll of.
For such an issue encryption is a better solution. Even going straight from your system to the advertised MX record you don't really know how many or which systems your message may pass through. In addition if some one wanted to eaves drop they could access one of the many routers your message passes through and capture it that way. Without encryption the message goes in plain text. Any expectation of privacy when sending email should be corrected. There is none.
Aleksandar Milivojevic wrote:
HaJo Schatz wrote:
Assuming that his original post comes from the same IP he's talking about, this seems like an either wrong information or unlucky/stupid case. Seems that all IPs around him are dial-up IPs of his ISP, chello.at.
How do you know they are dial-up IPs? Maybe they are static IPs with generic reverse DNS? Also, if he is on cable, cable uses DHCP to assign addresses to the clients. Maybe his ISP fixed only his address to be static (or excluded it on DHCP server), and the rest are dynamic?
Or maybe he sent hi original email from somewhere else. Say he has problem with his company, and he sent email about it from his home?
Too many people generating too many assumptions from too sparse info.
Exactly my case. You can get static IP on ADSL at no charge from our ISP (SIOL). But the address is still from the same pool.
Regards, Bob
On Die, 2004-11-30 at 14:48 +0000, Chris Hewitt wrote:
The IP addresses are in DBL. That way, the ISP does not mind me running smtp (rather than pop/imap), as if I mis-configured with open-relay or sent spam, other email servers would not respond to me and if I use my ISP's email server to send spam they would notice it in their logs quickly.
My ISP here has 228,000 customers. If every one of them sends only 10 messages per day this makes 2,280,000 messages. This gives me good reason to doubt they would notice a few spammers abusing their mail servers.
I do not see any problem in everyone using their ISP's mail server for outgoing email. It is easy to configure and provides some anti-spam measures for the ISP and for any unfortunate end-user mis-configuring a smtp server for open-relay.
My ISP's mail server _cluster_ has a history of loosing messages and being blacklisted for sending spam. Especially caused by clueless end users configuring their open relay to use the ISP's mail server as smarthost.
Thomas, why would you not want to use your ISP's outgoing mail server?
Using my own mail server I can verify that and when a message has been delivered to the recipients server. Have you ever tried to get this information from your ISP?
Last but not least we live in a time of more surveillance than ever before. Using the ISP's mail server gives the authorities a central point for scanning the messages in transit. Yes, I use PGP but this requires a certain skill and privacy awareness from the recipient. TLS on the other hand is more widely deployed and provides an easy solution to ensure that mail can only be read at the sender's and recipient's sites.
Tom
Scot L. Harris wrote:
On Tue, 2004-11-30 at 10:28, Aleksandar Milivojevic wrote:
Another reason might be that some people might have privacy issues with their correspondence being stored on intermediate mail server they have no controll of.
For such an issue encryption is a better solution.
I ment even when using encryption. Message in transmission (usually) is not stored on the disk. However message that is relayed might be stored on the disk on the relay host. As we all know, deleting something from hard drive is not trivial task (if possible at all). For somebody who gets hold of such a hard drive, the fact that two persons were communicating in the past might be valuable information, even without being able to see content of the correspondence (encryption is not going to save you there). Anyhow this belongs to rather extreme area of security/privacy. There are entire books written on it, and anything that I attempt to put in a paragraph or two will be so full of holes that it wan't illustrate any usable point.
Anyhow, even without this (rather extreme, and not applicable to vast majority of people) security/privacy thing, having control on how your email is sent to recipient's MX might be of value to the sender.
On Die, 2004-11-30 at 11:51 -0500, Scot L. Harris wrote:
For such an issue encryption is a better solution. Even going straight from your system to the advertised MX record you don't really know how many or which systems your message may pass through. In addition if some one wanted to eaves drop they could access one of the many routers your message passes through and capture it that way. Without encryption the message goes in plain text. Any expectation of privacy when sending email should be corrected. There is none.
End2End encryption requires some skills and privacy awareness of both the sender and the recipient. Having mail servers that support TLS encryption at least ensures that the mail cannot be read off-site, even when it goes through a country that has no suitable privacy laws.
Tom
On Die, 2004-11-30 at 17:01 +0800, HaJo Schatz wrote:
Further, are you sure you're on a static IP?
I am very certain indeed.
Your mail headers indicate that you're @ an IP from Vienna's Chello Cable Service.
That is in fact correct, but chello does not use separate networks for their residential and business customers and even the end users get assigned an IP that can be reasonably considered static.
If that's the IP you're talking about, the problem likely lies with Chello -- their customers spam.
Almost every ISP's customers spam from time to time, the only difference is whether it is being tolerated or not.
In that case complain to Chello to tighten their network (eg block outgoing SMTP) or simply use their mail server as a relay.
Chello is already scanning their residential customers for running servers and are quick to discontinue their service if any open ports are found.
Tom
On Die, 2004-11-30 at 16:52 +0800, HaJo Schatz wrote:
I'd in the first instance ask myself why my IP got into their list. You wouldn't have had your server open for public relay in the past (or still), would you? I believe tackling the root cause should be the first step.
The RBL providers _assuming_ the range my IP is in to be 1) dynamic 2) for residential customers.
I have _never_ run a public relay and almost certainly never will.
I first thought of a cronjob to nag the removal contact about once per hour, but I doubt this account does ever get read.
With this attitude I understand why your IP is in black-lists ;-)
What do you do against blackmailers that are out of your legal and physical reach?
Yepp. On top, you may talk to the final receipient and inform him about the unprofessional mail admin (if this is really true, see above) he's paying fees to. His voice to an ISPs mail admin will be stronger than yours.
My current problem is that I cannot post to postfix-users@postfix.org, I have already mailed Wietse but got no response.
Reciprocally blocking their domain from delivering here?
Which would put you on the same level of mail admin you claim they are...
I would only prevent them to send a mail to which they cannot get an answer...
Tom
On Die, 2004-11-30 at 08:52 -0500, John Burton wrote:
One primary "root cause" has nothing to do with the activities of the system. The original poster mentioned he was on a dialup line, which implies dynamic IP addresses. Many BL providers simply black list dynamic IP addresses as a rule (since much spam does originate from dynamic IP addresses). For this type of setup, its best to use the mail server for the ISP...
I am not on a dialup line and have a static IP, it's just the RBL providers incorrectly _assuming_ my IP to be dynamic.
Tom
On Die, 2004-11-30 at 23:34 +0800, HaJo Schatz wrote:
Assuming that his original post comes from the same IP he's talking about, this seems like an either wrong information or unlucky/stupid case.
Chello assigns both it's business and residential customers from the same pool of IP adresses. It's just that the RBL providers don't get it that there is no such thing like dynamic ranges.
Seems that all IPs around him are dial-up IPs of his ISP, chello.at.
Chello is one of the better providers here and assigns all of their customers an IP that usually remains unchanged for many years.
And chello.at seems not to be liked by BLs, probably because they have outgoing SMTP open and hence nurture spammers.
Show me any provider who has more than 228,000 customers and has no history of spammers. Nurturing them would mean to tolerate spamming and to my best knowledge chello has never done this.
Tom
On Die, 2004-11-30 at 08:22 +0000, Paul Howarth wrote:
What's your IP address and which DNSBLs (RBL is a trademark of MAPS LLC) are you referring to?
In fact it _is_ MAPS LLC.
Launch wget with an invalid URL once per second to put my removal request in their httpd log?
That's abusive; don't do it.
I consider it abusive to block my legitimate mail from getting through, so what.
Reciprocally blocking their domain from delivering here?
That's fine: your mail server, your rules. However, if they did eventually make a query regarding your removal request, you probably wouldn't want to reject it.
Of course, but it seems that they are ignoring my removal request anyway.
Tom
On Mon, 2004-11-29 at 22:17 -0800, Jerry Gaiser wrote:
Don't send mail directly from a dial-up IP.
Can you read?
Do you understand english?
At least you have not read and understood my posting, because I am on a static IP.
Tom
On Tue, 2004-11-30 at 20:57 +0100, Thomas Zehetbauer wrote:
On Die, 2004-11-30 at 08:22 +0000, Paul Howarth wrote:
What's your IP address and which DNSBLs (RBL is a trademark of MAPS LLC) are you referring to?
In fact it _is_ MAPS LLC.
Could it be that your ISP nominated the address range for inclusion on the MAPS DUL? The page at http://www.mail- abuse.com/services/mds_dul.html says:
"While the majority of listings on the MAPS DUL are dynamically assigned IP addresses (including dialup, DSL and cable connections), the MAPS DUL also includes some static addresses where the owning ISP has requested a listing due to contractual prohibitions against the usage of servers on that address. We invite ISPs to help protect their networks, as well as others, by sharing with us those addresses under their control that should be listed on the MAPS DUL."
Have you asked your ISP about this, or requested your ISP request removal of your address? They might be more willing to listen to the ISP than to you, especially since the whois record for your IP says:
inetnum: 212.186.110.0 - 212.186.111.255 netname: VIE-14-CUSTOMER-CABLE descr: chello Austria descr: Customers in Vienna headend 14
Which appears to be prime DUL fodder.
Paul.
On Tue, 2004-11-30 at 20:57 +0100, Thomas Zehetbauer wrote:
On Die, 2004-11-30 at 08:22 +0000, Paul Howarth wrote:
What's your IP address and which DNSBLs (RBL is a trademark of MAPS LLC) are you referring to?
In fact it _is_ MAPS LLC.
Launch wget with an invalid URL once per second to put my removal request in their httpd log?
That's abusive; don't do it.
I consider it abusive to block my legitimate mail from getting through, so what.
Reciprocally blocking their domain from delivering here?
That's fine: your mail server, your rules. However, if they did eventually make a query regarding your removal request, you probably wouldn't want to reject it.
Of course, but it seems that they are ignoring my removal request anyway.
Tom
You dont really have much of a choice. You're in the customer pool of IP addresses for your ISP. Those IP blocks are usually the ones blocked by the DNSRBLs.
You have two choices here:
1) Set up a smarthost so that your mail server relays through your ISP's mail server
-or-
2) Live with your emails getting blocked.
On Die, 2004-11-30 at 15:31 +0000, Paul Howarth wrote:
Having reverse DNS with a non-generic-looking name is also a good way of demonstrating that the IPs are static rather than dynamic.
I have that.
Last week, over on SPAM-L, an Israeli ISP listed their dynamic IP range and *requested* that everyone block it until they could get their outgoing port 25 block in place.
Great, what does this prove?
As the OP actually has a static IP, the real solution for that should be to get the incorrect listings fixed, rather than stopping using dynamic IP lists altogether.
It would be more useful to implement SPF and block every domain that does not designate senders.
Tom
On Die, 2004-11-30 at 14:38 +0800, John Summerfield wrote:
I maintain mail servers and I use (free) services of black lists. If your IP is listed, tough.
Tough for the users of your mail server. Tough if they seek another admin because of your incompetence.
I'm also on dialup; I use my IAP's mail server to relay my outgoing mail.
Fine, don't forget to wink at the listening NSA/FBI/CIA/... guys from time to time.
Even aside from problems with blacklists, using your IAP's relay makes sense if you have any volume of mail; your outgoings go quickly to your IAP who then has to worry about deliveries which _can_ take hours, days sometimes.
Do you imagine your ISP to employ a lot of postmen trying to deliver your messages? Wake up, we live in the 21st century. The average desktop machine has hundreds of times more power than the system that brought people to the moon. I mostly don't care how long my messages wait in the queue, almost all are delivered on the first attempt anyway.
Those black lists stop _a lot_ of spam. I get a few a day and dozens a day <plonked>.
I do only get a few spams per moth, spamassassin eats the rest, but I am not blocking legitimate messages from going through. It's not spam that could kill e-mail, it's ignorant and busive admins like you!
Tom
fedora-list-bounces@redhat.com wrote:
On Die, 2004-11-30 at 08:22 +0000, Paul Howarth wrote:
What's your IP address and which DNSBLs (RBL is a trademark of MAPS LLC) are you referring to?
In fact it _is_ MAPS LLC.
Ah, well then... THere have been... *issues* with MAPS over the years.
Launch wget with an invalid URL once per second to put my removal request in their httpd log?
That's abusive; don't do it.
I consider it abusive to block my legitimate mail from getting through, so what.
So you believe in fighting abuse with abuse? Not to mention that you've not demonstrated that abuse has been committed; the receiving mail servers are well within their rights to block mail from ANYONE, for whatever reason they choose. They could block mail from odd-numbered IP addresses if they chose; you have absolutely no right to demand that they deliver your mail just because you deem it "legitimate". Choosing to abuse their servers is something more likely to get you landed in jail than get you satisfaction.
Reciprocally blocking their domain from delivering here?
That's fine: your mail server, your rules. However, if they did eventually make a query regarding your removal request, you probably wouldn't want to reject it.
Of course, but it seems that they are ignoring my removal request anyway.
Tom
It seems you need to focus your efforts on Chello, not MAPS.
-Don
fedora-list-bounces@redhat.com wrote:
On Die, 2004-11-30 at 14:38 +0800, John Summerfield wrote:
I maintain mail servers and I use (free) services of black lists. If your IP is listed, tough.
Tough for the users of your mail server. Tough if they seek another admin because of your incompetence.
If this is an example of the civility you use when trying to resolve the issue, I'm not surprised that your requests have gone unanswered.
I'm also on dialup; I use my IAP's mail server to relay my outgoing mail.
Fine, don't forget to wink at the listening NSA/FBI/CIA/... guys from time to time.
And you think that your communication would be completely unmonitored otherwise? Did you install the hardwire between you and your destination yourself, or something?
Even aside from problems with blacklists, using your IAP's relay makes sense if you have any volume of mail; your outgoings go quickly to your IAP who then has to worry about deliveries which _can_ take hours, days sometimes.
Do you imagine your ISP to employ a lot of postmen trying to deliver your messages? Wake up, we live in the 21st century. The average desktop machine has hundreds of times more power than the system that brought people to the moon. I mostly don't care how long my messages wait in the queue, almost all are delivered on the first attempt anyway.
Which removes one concern from not smarthosting your mail - the ability to track down and/or otherwise control that portion of the delivery cycle.
Those black lists stop _a lot_ of spam. I get a few a day and dozens a day <plonked>.
I do only get a few spams per moth, spamassassin eats the rest, but I am not blocking legitimate messages from going through. It's not spam that could kill e-mail, it's ignorant and busive admins like you!
Tom
I block somewhere around 60% of my incoming connections because they are spam. They're on blocking lists, both off-site (SORBS, etc) and my own. I can guarantee that they're spam. How? They're to addresses which were never meant to accept incoming mail. My logs confirm it. As far as I can tell, I've blocked 2 legitimate messages in the past three years based upon these criteria. Obviously, YMMV. At one point I was blocking over 10,000 messages a day from dynamic IPs on cable modems. Their ranges weren't otherwise listed, and it took their providers in excess of three weeks to address the problem.
But one thing I don't understand: why do you feel you have any expectation to absolute privacy via email, especially when you're also demanding 100% deliverability?
-Don
fedora-list-bounces@redhat.com wrote:
On Die, 2004-11-30 at 17:01 +0800, HaJo Schatz wrote:
Further, are you sure you're on a static IP?
I am very certain indeed.
Your mail headers indicate that you're @ an IP from Vienna's Chello Cable Service.
That is in fact correct, but chello does not use separate networks for their residential and business customers and even the end users get assigned an IP that can be reasonably considered static.
So what you're saying is that your ISP has chosen to organise (or, most likely, simply NOT chosen to organise) their networks in such a way that their business and residential customer networks cannot be differentiated, and you're being caught in their choice/incompetence/what-have-you?
Could it also be that they themselves provided this netblock to the listing services? If so, then they should be fixing the problem, and the list owners are rightly refusing to delist an address without the consent of the owner of that address, and the nominator of that address.
If that's the IP you're talking about, the problem likely lies with Chello -- their customers spam.
Almost every ISP's customers spam from time to time, the only difference is whether it is being tolerated or not.
Very true. Many of the lists do maintain certain addresses because the ISPs are historically slow to respond (if ever). I personally have had problems with several of the Chello systems, though in particular .nl, not .at.
In that case complain to Chello to tighten their network (eg block outgoing SMTP) or simply use their mail server as a relay.
Chello is already scanning their residential customers for running servers and are quick to discontinue their service if any open ports are found.
If they organised their network properly, they could do what many responsible ISPs do and block outbound port 25 access for those netblocks which should not be using it.
-Don
fedora-list-bounces@redhat.com wrote:
On Die, 2004-11-30 at 23:34 +0800, HaJo Schatz wrote:
Chello is one of the better providers here and assigns all of their customers an IP that usually remains unchanged for many years.
How are you defining 'best'? My personal experience with Chello differs...
And chello.at seems not to be liked by BLs, probably because they have outgoing SMTP open and hence nurture spammers.
Show me any provider who has more than 228,000 customers and has no history of spammers. Nurturing them would mean to tolerate spamming and to my best knowledge chello has never done this.
My experience differs, as I mentioned. With 228,000 customers, it's how they *respond* to spam which shows how they nurture it. If they keep their system wide open, and block users only after they spam, they nurture spam because they're allowing "one free bite" of the pie. This also leads to "whack-a-mole" activities, where someone gets a throwaway account, spams until they lose it, and then establishes another account at the same provider (meanwhile, the drop box, web page, whatever is on another provider).
-Don
On Die, 2004-11-30 at 16:15 -0500, Don Levey wrote:
fedora-list-bounces@redhat.com wrote:
On Die, 2004-11-30 at 23:34 +0800, HaJo Schatz wrote:
Chello is one of the better providers here and assigns all of their customers an IP that usually remains unchanged for many years.
How are you defining 'best'? My personal experience with Chello differs...
Only nature as a whole may be perfect. I could tell you some providers that are better than chello in some aspects, but none of them is perfect. Many providers are worse in that they assign their customers a different IP on each connection and either cannot track down abusers or store the connection data in violation of national law.
My experience differs, as I mentioned. With 228,000 customers, it's how they *respond* to spam which shows how they nurture it. If they keep their system wide open, and block users only after they spam, they nurture spam because they're allowing "one free bite" of the pie. This also leads to "whack-a-mole" activities, where someone gets a throwaway account, spams until they lose it, and then establishes another account at the same provider (meanwhile, the drop box, web page, whatever is on another provider).
AFAIK their policies do not differ from most other providers, you get an account in good trust and get kicked if you abuse it. Additionally we have anti spam laws in Austria, can you say that of your country? Also I am pretty certain that chello does not give another account to someone who was kicked for spamming.
Would you want to shut down all providers and thereby the whole internet just because someone could abuse their system for spamming? Would you want every provider to ask you for permission to give an account to xyz? You would better cut your own connection and stop whining.
Tom
On Die, 2004-11-30 at 16:15 -0500, Don Levey wrote:
And you think that your communication would be completely unmonitored otherwise? Did you install the hardwire between you and your destination yourself, or something?
No, but I wish anyone trying to intercept my mail good luck and a lot of fun deciphering the TLS encrypted connection. I guess hardwires are a whole lot easier to eavesdrop.
Which removes one concern from not smarthosting your mail - the ability to track down and/or otherwise control that portion of the delivery cycle.
I said *mostly*, I still have the ability to track down any message should this become necessary.
Tom
On Wednesday 01 December 2004 03:40, Thomas Zehetbauer wrote:
On Die, 2004-11-30 at 08:52 -0500, John Burton wrote:
One primary "root cause" has nothing to do with the activities of the system. The original poster mentioned he was on a dialup line, which implies dynamic IP addresses. Many BL providers simply black list dynamic IP addresses as a rule (since much spam does originate from dynamic IP addresses). For this type of setup, its best to use the mail server for the ISP...
I am not on a dialup line and have a static IP, it's just the RBL providers incorrectly _assuming_ my IP to be dynamic.
Those mail admins have a solution that they think works for them. The blacklists I use, AFAIK, don't block IP addresses without confirmation, but I have no vote in _their_ choices.
Don't suppose they're going to take a lot of notice of your voice; but your IAP (I presume) offers you a easy solution. I (and others) have already recommended it.
Use your IAP's mail relay, and stop whinging about the injustice of the world.
On Wednesday 01 December 2004 01:45, Thomas Zehetbauer wrote:
Using my own mail server I can verify that and when a message has been delivered to the recipients server. Have you ever tried to get this information from your ISP?
You can't actually. Many (most) sites have alternative sites that accept mail on their behalf and forward it later.
My incoming mail to _this_ address lands on a box that you see and then is forwarded via a VPN to a location you cannot see.
On Wednesday 01 December 2004 04:00, Thomas Zehetbauer wrote:
On Mon, 2004-11-29 at 22:17 -0800, Jerry Gaiser wrote:
Don't send mail directly from a dial-up IP.
Can you read?
Do you understand english?
At least you have not read and understood my posting, because I am on a static IP.
Where's the conflict? For a time I was on dialup and had a static IP address provided by my IAP.
On Wednesday 01 December 2004 03:57, Thomas Zehetbauer wrote:
I consider it abusive to block my legitimate mail from getting through, so what.
The blacklist providers provide a service to their clients amongst whom ypu're not.
the people they're most inclined to listen to are those who pay them to provide the service. Next would be non-paying customers.
Someone they've never heard of claiming to be unjustly blocked they're quite likely to ignore.
The lists _I_ use (but not all) allow someone to requuest a particilar IP address be tested, and I've used this facility. It's very reassuring to be diagnosed healthy:-)
But passing that test says nothing about my integrity.
On Tuesday 30 November 2004 23:28, Aleksandar Milivojevic wrote:
Exactly my point. If remote site is down, and you know it will be down for extended period of time (say two or three weeks), you can move mails for that site to separete queue with different set of timeouts, and inform your users about that. That way, emails will be delivered once the remote site is operational again, instead of being bounced after 5 days (and annoying warinings generated after 4 hours). Something no ISP will be willing to do for you.
Another reason might be that some people might have privacy issues with their correspondence being stored on intermediate mail server they have no controll of.
These are just two examples why in some cases using ISPs mail servers for relaying is not acceptable solution.
Seems to me those are rare cases where special arrangements might be appropriate. Such as tunneling via a VPN or even ssh, or providing distant uses an account on your own server.
On Wednesday 01 December 2004 04:20, Thomas Zehetbauer wrote:
On Die, 2004-11-30 at 14:38 +0800, John Summerfield wrote:
I maintain mail servers and I use (free) services of black lists. If your IP is listed, tough.
Tough for the users of your mail server. Tough if they seek another admin because of your incompetence.
They are perfectly happy with the arrangement:-)
I'm also on dialup; I use my IAP's mail server to relay my outgoing mail.
Fine, don't forget to wink at the listening NSA/FBI/CIA/... guys from time to time.
<Shrug> I'm not involved in any criminal behaviour. If they want to waste their efforts monitoring friendly foreign countries' citizens.... Not forgetting the scandal when they're caught.
Even aside from problems with blacklists, using your IAP's relay makes sense if you have any volume of mail; your outgoings go quickly to your IAP who then has to worry about deliveries which _can_ take hours, days sometimes.
Do you imagine your ISP to employ a lot of postmen trying to deliver your messages?
Nah. That's what MTAs do. But, it costs bandwidth and time to do.
Wake up, we live in the 21st century. The average desktop machine has hundreds of times more power than the system that brought people to the moon. I mostly don't care how long my messages wait in the queue, almost all are delivered on the first attempt anyway.
The average desktop system's not running software with the nous to do the job properly, and isn't connected enough hours to handle difficult mail anyway.
Those black lists stop _a lot_ of spam. I get a few a day and dozens a day <plonked>.
I do only get a few spams per moth, spamassassin eats the rest, but I am not blocking legitimate messages from going through. It's not spam that could kill e-mail, it's ignorant and busive admins like you!
Tut tut.
I check my logs from time to time. I see lots of mail to my spambait addresses being plonked because it comes from blocked address. I've not noticed any legit mail getting dropped.
If you want to send me mail, you gotta meet my rules. These include approval by my blacklist providers.
Also you gotta pass my header checks. No funny East-asian character sets, we can't read them. I'll drop Russian and Greek when someone tries those.
Then Spamassassin gets a look. Everything to the spambait addresses that gets here is processed by spamassassing as known spam.
On Wednesday 01 December 2004 03:39, Thomas Zehetbauer wrote:
My current problem is that I cannot post to postfix-users@postfix.org, I have already mailed Wietse but got no response.
Of course you can, you're just being pigheaded about it.
HaJo Schatz wrote:
Assuming that his original post comes from the same IP he's talking about, this seems like an either wrong information or unlucky/stupid case. Seems that all IPs around him are dial-up IPs of his ISP, chello.at.
How do you know they are dial-up IPs? Maybe they are static IPs with generic reverse DNS? Also, if he is on cable, cable uses DHCP to assign addresses to the clients. Maybe his ISP fixed only his address to be static (or excluded it on DHCP server), and the rest are dynamic?
Or maybe he sent hi original email from somewhere else. Say he has problem with his company, and he sent email about it from his home?
Too many people generating too many assumptions from too sparse info.
-- Aleksandar Milivojevic amilivojevic@pbl.ca Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
i know from a colleague, that chello just allows fixed ips...
Roger
On Wed, 2004-12-01 at 00:51, Scot L. Harris wrote:
On Tue, 2004-11-30 at 10:28, Aleksandar Milivojevic wrote:
Another reason might be that some people might have privacy issues with their correspondence being stored on intermediate mail server they have no controll of.
For such an issue encryption is a better solution.
Agreed
Even going straight from your system to the advertised MX record you don't really know how many or which systems your message may pass through.
If one looks at the envelope header, the mail actually hops around.
In addition if some one wanted to eaves drop they could access one of the many routers your message passes through and capture it that way. Without encryption the message goes in plain text. Any expectation of privacy when sending email should be corrected. There is none.
I wish all users would start using Linux or at least thunderbird on windows. This way, communication can be encrypted using GPG. (I've tried to get outlook to use GPG,via a plugin, but all I ever managed is to crash outlook.)
In the end, I installed Thunderbird and Enigmail on the "The One Whom Must Be Obeyed"
-- Ow Mun Heng Gentoo/Linux on D600 1.4Ghz Neuromancer 20:16:46 up 25 min, 1 average: 0.22, 0.22, 0.19
On Wed, 2004-12-01 at 02:57, Thomas Zehetbauer wrote:
On Die, 2004-11-30 at 11:51 -0500, Scot L. Harris wrote:
For such an issue encryption is a better solution. Even going straight from your system to the advertised MX record you don't really know how many or which systems your message may pass through. In addition if some one wanted to eaves drop they could access one of the many routers your message passes through and capture it that way. Without encryption the message goes in plain text. Any expectation of privacy when sending email should be corrected. There is none.
End2End encryption requires some skills and privacy awareness of both the sender and the recipient. Having mail servers that support TLS encryption at least ensures that the mail cannot be read off-site, even when it goes through a country that has no suitable privacy laws.
the thing with TLS is not all mail servers supports it. When the mail hops around routers or servers on its way to the final destination, if one server isn't TLS enabled, then the objective is lost.
GPG is still the way to Go
-- Ow Mun Heng Gentoo/Linux on D600 1.4Ghz Neuromancer 20:19:49 up 28 min, 1 average: 0.15, 0.21, 0.18
Thomas Zehetbauer wrote:
Would you want to shut down all providers and thereby the whole internet just because someone could abuse their system for spamming?
Hmmm... Reminds me of my university days. The long gone time before 'home users' discovered Internet. Maybe that wouldn't be bad idea after all ;-)
On Thu, 2004-12-02 at 09:22 -0600, Aleksandar Milivojevic wrote:
Thomas Zehetbauer wrote:
Would you want to shut down all providers and thereby the whole internet just because someone could abuse their system for spamming?
Hmmm... Reminds me of my university days. The long gone time before 'home users' discovered Internet. Maybe that wouldn't be bad idea after all ;-)
Oh yes! We the unclean masses would not want to interfere with the bastions of higher learning.
Thomas Zehetbauer wrote:
My ISP here has 228,000 customers. If every one of them sends only 10 messages per day this makes 2,280,000 messages. This gives me good reason to doubt they would notice a few spammers abusing their mail servers.
A typical spam run would be tens of millions of messages. Spam is generally only economical if it is sent in huge quantities.
They should notice.
James.
On Saturday 04 December 2004 18:12, James Wilkinson wrote:
A typical spam run would be tens of millions of messages. Spam is generally only economical if it is sent in huge quantities.
I'd not think from a single computer tho.
They should notice.
On Sun, 2004-12-05 at 19:47 +0800, John Summerfield wrote:
On Saturday 04 December 2004 18:12, James Wilkinson wrote:
A typical spam run would be tens of millions of messages. Spam is generally only economical if it is sent in huge quantities.
I'd not think from a single computer tho.
They should notice.
--
Cheers John Summerfield tourist pics: http://environmental.disaster.cds.merseine.nu/
I recently read an article about a guy with a product to sell @ $19.95 ( that magic number ) with out much money for advertising he chose email / spam. After giving up a few hundred dollars, millions of people got the message. He got 2 orders. With filters getting better all the time, and results like that, in time it will be hard to find customers willing to pay to send out spam. So it hopefully will just go away.
Tim...