|
Blacklisted dynamic IP addressesI am a dry loop DSL customer, and had two emails blocked by a Barracuda Networks filter, as the Pacific Bell dynamic IP address is blacklisted - 69.230.19.106. I called ATT, and was told that they could sell me a static address for another $44 per month, or simply reboot my DSL modem, and get a new IP address.
At least for now, the new IP address appears to have done the trick. Are there any other workarounds or fixes? |
actions · 2009-Jun-1 7:42 pm · (locked) |
|
DNSguy join:2006-04-09 Saint Charles, MO |
DNSguy
Member
2009-Jun-1 8:30 pm
The only time I've seen email filters care about dynamic IP's are when you are running your own SMTP server and are not using a smarthost to relay your mail. If that's the case, I'm surprised you've only had 2 emails blocked as many SMTP servers will not accept mail from dynamic IP blocks. Was the rejected email relayed through the AT&T / Yahoo SMTP servers? |
actions · 2009-Jun-1 8:30 pm · (locked) |
|
I am using the outgoing mail server of my shared hosting ISP, but Barracuda is going one level further and checking the reputation of the IP address of the computer that is sending the email to the ISP. |
actions · 2009-Jun-1 8:42 pm · (locked) |
tonydi Premium Member join:2001-05-11 San Jose, CA |
to DNSguy
said by DNSguy:The only time I've seen email filters care about dynamic IP's are when you are running your own SMTP server and are not using a smarthost to relay your mail. Really? My experience has been quite the opposite, especially when one uses the SMTP server of their web host and not their ISP's server. The block lists (SORBS seems to be the most trigger happy) slam whole blocks of Dynamic IP addresses onto their lists. According to SORBS, that IP has been on the list since 2004! I've seen this not only with Barracuda boxes but also on MailFoundry boxes. But it must depend on who is running the boxes and which spam lists they subscribe to, because it doesn't happen on all Barracuda or MailFoundry boxes. |
actions · 2009-Jun-1 9:05 pm · (locked) |
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
to diver858
Your hosting provider should not be checking blacklists of the DNSBL variety for message submission. You are paying them for service, are you not? They should only care that you are authenticating to their server. DNSBLs should only be applied on gateway (MX) mail servers. You need to take this up with your hosting provider. |
actions · 2009-Jun-2 12:41 am · (locked) |
|
to diver858
It appears that you might be running an SMTP server from your home??
If True.....
You will continue to have your email bounced due to your PTR (reverse lookup) either not existing or being in a format indicating a dynamic IP address.
Only with a static IP can you convince (with money) your ISP to setup your PTR to be suitable for email purposes.
NO I'm afraid DDNS (Dynamic DNS) will not save you from this one.
IF you are not running a SMTP server at home, then this is all mute and I mis-read your post, Sorry
Barry |
actions · 2009-Jun-3 2:22 pm · (locked) |
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
1 edit |
said by Barry_W:It appears that you might be running an SMTP server from your home?? If True..... You will continue to have your email bounced due to your PTR (reverse lookup) either not existing or being in a format indicating a dynamic IP address. OP state: quote: I am using the outgoing mail server of my shared hosting ISP ...
His hosting provider's SMTP server should not care that his IP address is blacklisted. His hosting provider's SMTP server is supposed to be relaying his email for him. That is the service he is paying for. I will reiterate: The only SMTP server which should be using a DNSBL to check for dynamic host sources of email is a domain gateway (MX) server. His hosting service should be providing him with an SMTP 'smarthost' so he doesn't have to worry about his IP address being blacklisted. That 'smarthost' is wrong, if it is rejecting his connection due to being listed as a dynamic host. P.S. I am definitely running an SMTP server from home, using a Dynamic DNS service, and a 'smarthost'. It definitely should work. |
actions · 2009-Jun-3 2:30 pm · (locked) |
tonydi Premium Member join:2001-05-11 San Jose, CA |
tonydi
Premium Member
2009-Jun-3 5:12 pm
My understanding of diver858 's situation is that there's a spam filtering appliance (Barracuda) somewhere out there that is looking at the headers of his email and stopping the email from getting to whoever owns the server behind the appliance. It's not his ISP, it's not his own webhost's SMTP server, it's on the server of whoever he's trying to email. Those people are (were) seeing his SBC IP address and rejecting it because that IP was on SORBS. So it's completely out of his control and he doesn't have any leverage to get this changed other than to hope he gets an IP that isn't on the list. The fact that SORBS has an SBC IP that's been blocked for going on 5 yrs is a whole other stupid situation. |
actions · 2009-Jun-3 5:12 pm · (locked) |
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
1 edit |
said by tonydi:My understanding of diver858 's situation is that there's a spam filtering appliance (Barracuda) somewhere out there that is looking at the headers of his email and stopping the email from getting to whoever owns the server behind the appliance. The impression I get from email admins posting in 'news.admin.net-abuse.email' is that users of the Barracuda appliance are, generally speaking, totally clueless about how to apply that piece of equipment. And the manufacturer's default configuration is way too Draconian to be used on a gateway mail server without adjustment. It's not his ISP, it's not his own webhost's SMTP server, it's on the server of whoever he's trying to email. I guess I didn't quite understand what I was reading. The fact that SORBS has an SBC IP that's been blocked for going on 5 yrs is a whole other stupid situation. If you read the requirements for a DNSBL listing on the SORBS site, any host with a hostname of the pattern, 'adsl-**-***-***-**.dsl.pltn**.{SBC_Domain}.net' meets their criteria for a listing, and will not be removed. The problem isn't how SORBS lists IP addresses, but how people who run mail servers apply those lists. It takes a lot of intelligence to figure out the best way to filter incoming connections to gateway mail servers to reduce false positives. FWIW, I don't use SORBS on my mail server. Nor do I check IP addresses beyond the one connecting to my server. Just the latter check method would mitigate a SORBS listing. P.S. Another method, used by Comcast and Windows Live, among others, is to run a reverse lookup against an SMTP "EHLO" name. And reject the connection on a mismatch of the forward and reverse names. Leads to this problem: Mailhost issues 'EHLO nlpi131.prodigy.net'. Name lookup IP address is, '[207.115.36.145]'. Reverse name lookup is, 'nlpi131.sbcis.sbc.com'. Since 'prodigy.net' != 'sbc.com', email is rejected. |
actions · 2009-Jun-3 5:49 pm · (locked) |
tonydi Premium Member join:2001-05-11 San Jose, CA |
tonydi
Premium Member
2009-Jun-3 6:42 pm
said by NormanS:The impression I get from email admins posting in 'news.admin.net-abuse.email' is that users of the Barracuda appliance are, generally speaking, totally clueless about how to apply that piece of equipment. Probably true, although I'll add that there are a ton of admins out there that don't use these boxes and still fit into that category. I'm sure Barracuda/MailFoundry market their products to them as a black box, plug it in and it does all the magic for you. said by NormanS:If you read the requirements for a DNSBL listing on the SORBS site, any host with a hostname of the pattern, 'adsl-**-***-***-**.dsl.pltn**.{SBC_Domain}.net' meets their criteria for a listing, and will not be removed. The problem isn't how SORBS lists IP addresses, but how people who run mail servers apply those lists. Well, that last part is certainly true, but if the first part was universally true, all of our dynamic IP's would be in SORBS and clearly they aren't. |
actions · 2009-Jun-3 6:42 pm · (locked) |
2 edits |
to diver858
These arguments seem to be caused by some incorrect assumptions. Tonydi is certainly correct -- the server that rejected the OP's mail belongs to the recipient's organization or ISP. However, nowhere did the OP mention SORBS. In fact, it's very likely that SORBS was not a factor, because when the OP obtained a different dynamic IP, his problem stopped happening. The SORBS list is intended to list addresses that should not be connecting directly to your server to deliver mail. By design, all dynamic IPs should be on it. It is almost certain that the new IP that was issued to the OP is also on SORBS. There are other blacklisting services that list addresses that are known sources of spam or viruses. These lists can be applied to the Received: headers to help separate spam from ham. (NormanS has chosen not to do that on his servers, but I bet that when he manually examines mail headers, he does not shut his eyes to those lines. There is clearly useful information there that can improve the filtering process.) Until recently, it was quite rare for dynamic IPs to appear on these lists, but criminals using phishing techniques and dictionary attacks have obtained large numbers of account credentials that can be used to send mail. Sadly, authenticated mail from spambots is now quite common. The folks who run these lists normally delete entries associated with dynamic IPs, when no more spam is seen for a few days. This eliminates most false positives, because the majority of dynamic addresses arre not reassigned very often. DHCP lease times are usually at least several hours, so if you reboot your cable modem or FiOS router, or have a short power outage, you get the same IP back. Unfortunately, when a spambot-infested DSL user reboots his modem in an attempt to restore connection speed, his (now blacklisted) IP is released to the pool, ready to be issued to the OP, when his modem retrains after a burst of noise Of course, the Barracuda's admin should not have used presence on such a blacklist to reject a message outright -- at most, it should have been placed in the user's junk folder. In addition, the score given to any one blacklist test should not be enough to classify the message as spam. |
actions · 2009-Jun-3 8:41 pm · (locked) |
tonydi Premium Member join:2001-05-11 San Jose, CA |
tonydi
Premium Member
2009-Jun-3 9:37 pm
said by Stewart: However, nowhere did the OP mention SORBS. In fact, it's very likely that SORBS was not a factor, because when the OP obtained a different dynamic IP, his problem stopped happening. He didn't, but he said he was advised that his IP was blacklisted and when I did a search, SORBS is the only spamlist I could find that had his IP. said by Stewart:Of course, the Barracuda's admin should not have used presence on such a blacklist to reject a message outright -- at most, it should have been placed in the user's junk folder. In addition, the score given to any one blacklist test should not be enough to classify the message as spam. I don't know the intracasies of how the Barracuda stuff works, but I do know that some of the people with MailFoundry devices use them as a secondary filter. First, incoming email is scanned and immediately nuked if the originating IP is on any of the block lists they subscribe to. So that email never even gets to see the MailFoundry filtering process, which is where the Inbox or Spam folder decision is made. I actually like that idea for the most part because it takes a huge load off of the spam appliance and the email server. But as you can see, sometimes legit stuff gets caught. |
actions · 2009-Jun-3 9:37 pm · (locked) |
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
to Stewart
said by Stewart:Until recently, it was quite rare for dynamic IPs to appear on these lists, but criminals using phishing techniques and dictionary attacks have obtained large numbers of account credentials that can be used to send mail. Sadly, authenticated mail from spambots is now quite common. Indeed. I've seen 'nlpi***.prodigy.net' handle such spam from "Phished" AT&T DSL accounts. |
actions · 2009-Jun-3 9:37 pm · (locked) |