dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
22494
share rss forum feed


Gizguy
Premium
join:2003-01-23
Alpharetta, GA

BellSouth E-mail server Blacklisted?

In the past week or so, my messages to one recipient are being rejected apparently because the BellSouth mail server imf21aec.mail.bellsouth.net [205.152.59.69] is black listed by '»www.mxtoolbox.com/'

Following is the reject message:

Subject: Mail System Error - Returned Mail

.net 007: This e-mail message was undeliverable due to the following reason:

.net 018: Each of the following recipients were rejected by a destination mail system.

Note: The reasons given by the destination mail system are included to help you determine why each recipient was rejected.

Solution:
Attempt to resend, or contact the recipient by alternate means to let them know about the issue.

Recipient:
Reason: 5.7.1 Mail from 205.152.59.69 refused see '»www.us.sorbs.net/'
I send mail using Outlook 2003 via mail.bellsouth.net. At first I thought maybe the reject was related to my normal return address (personal domain) being different from my BellSouth email ID. But then it has repeatedly failed three times using different BellSouth id's using both POP and WEB mail. It even failed sending a short test message so it is not content related.

This error shows up in Bell South's FAQ, but the recommendation is to contact the recipient by other means. There is a form on '»www.mxtoolbox.com/' to fill out concerning the blacklist, but I would think this should be done by BellSouth, not me. I talked with BellSouth technical support for 24 minutes, and they could not isolate the problem. I'm still waiting for their senior technician to call and help me.

I switched from Earthlink to BellSouth in early November for speed/price but the bad e-mail service here at BellSouth is causing me to rethink my switch.

Is anyone else having this problem, or have suggestions what I should do? Is there anyway I can send POP mail and avoid Bell South's mail servers? My hosting company supports alternative ports but I couldn't get that to work.

Thanks.


rstrandb
Howl at the moon
Premium
join:2003-04-17
Albany, GA
As a former DSL tech, I saw this issue a few times. It's your particular IP that's blacklisted, turn your modem off for a few monutes, then let it reconnect so it will be issued a different IP, this usually resolves the issue.
--
Deep thanks to the people who defend America from those who would do us harm.


Gizguy
Premium
join:2003-01-23
Alpharetta, GA
Thanks for the reply. But I have a static IP address so that won't work.

I did check my IP address on the suggested website, along with about 20 others DSL IP addresses in the same subnet, and all are listed 22 times. Since the reject message had the email server IP, and not my DSL IP, my assumption was that it must be the mail server in general.

My DSL IP address is always on the outgoing mail header along with my PC name, thus it should fail on all messages. Since I'm able to "successfully" send POP mail to the recipient via gmail and also my hosting company (not using Bell South's mail server (nor port 25) I don't think my IP address is the problem - right?

I did get a case number from the Bell South 'Senior Tech' who called me back about 3 hours after my trouble report. I am supposedly getting a callback tomorrow after they resolve the problem

My problem has been solved by finally bypassing BellSouth in both directions. Mail is much faster now, and not taking a long time to upload on a send.

I do appreciate your suggestion.


wyked
Premium
join:2001-11-01
Cibolo, TX
This is not your IP address being blocked, but indeed bellsouth's mail servers.

I had the same issue this week and ended up switching to the other MX entry from an nslookup on mail.bellsouth.net and all was working.

I would have no idea who to contact to get it removed, but I will keep an eye on this post for a possible contact and will provide the server I was having issues with as well (I will not be home for another week, so I will have to wait until then to figure out which server I was having the issue with) I know that it was on the SORBS blacklist and listed as having a dynamic IP address however

-Wyked
--
What is a Juggalo? I don't know, but I'm down with the clown and down for life yo!


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Gizguy
said by Gizguy:

In the past week or so, my messages to one recipient are being rejected apparently because the BellSouth mail server imf21aec.mail.bellsouth.net [205.152.59.69] is black listed by '»www.mxtoolbox.com/'
I can't get to the mxtoolbox.com site. If you could get there, and they allowed just anybody to click a link to delist the server, why not just do it? Some of those lists make it easy to delist in order to avoid litigation by aggrieved parties.

The SORBS site was interesting. They claim that mail from the Bellsouth output server was hitting their spamtrap email addresses. That could be caused by the Bellsouth server sending newmail bounces; but I just tried what should have been an invalid @bellsouth.net email address, and my bounce came back from my SBC server. That is a good thing for the Bellsouth server; it is rejecting at the SMTP transaction.

Perhaps a Bellsouth customer configured an "out of office" autoresponder to send email through the Bellsouth SMTP server. Unless such an autoresponder is set to only respond to email addresses in the user's Address book, there is a risk of sending an autoresponse to a spam message which has a spamtrap email address in the Return-Path. That is not good. Bellsouth mail administrators will probably have to get involved.

It happens to our SBC servers, too. I got a newmail bounce to my Netscape Web mail account from an SBC SMTP output server. An old, now defunct @pacbell.net email address is not completely deleted from the system. It was the recipient email address in a spam which had forged my @netscape.net email address in the Return-Path. When the SBC server could not deliver the message to my defunct @pacbell.net email address, it bounced it back to my forged @netscape.net email address.

Just another way that spammers have ruined things...
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


jazzman916
Life on the Upbeat
Premium,MVM,ExMod 2004-10
join:2001-09-01
Birdland
reply to Gizguy
Here are the entries for bellsouth mail servers:

ABOUT BLACKLIST CHECK

This test will check a mail server IP address against 147 DNS based blacklists. (Commonly called Realtime blacklists, DNSBLs or RBLs). If your mail server has been blacklisted, some email you send may not be delivered. Blacklisting is a common (although largely ineffective) way of reducing spam. If you don't know your mail server's address, start with a MX Lookup.

Checking 205.152.58.32 against 144 known blacklists...
Listed: 8 time(s)
Timeouts:4

Blacklist Name Status Reason TTL Response Time (ms)
BLARSBL Listed LISTED Return codes were: 127.1.0.1 76350 16
KROPKA-DIALUPS Listed LISTED Return codes were: 127.0.0.3 7200 516
KROPKA-FORMS Listed LISTED Return codes were: 127.0.0.3 7200 469
KROPKA-IP Listed LISTED Return codes were: 127.0.0.3 7200 437
KROPKA-LAMEAV Listed LISTED Return codes were: 127.0.0.3 7200 500
KROPKA-PROXIES Listed LISTED Return codes were: 127.0.0.3 7196 3406
KROPKA-RELAYS Listed LISTED Return codes were: 127.0.0.3 7196 3406
NETHERUNSURE Listed LISTED Return codes were: 127.0.0.2 900 250

Checking 205.152.58.33 against 144 known blacklists...
Listed: 7 time(s)
Timeouts:5

Blacklist Name Status Reason TTL Response Time (ms)
BLARSBL Listed LISTED Return codes were: 127.1.0.1 76277 16
KROPKA-DIALUPS Listed LISTED Return codes were: 127.0.0.3 7200 594
KROPKA-FORMS Listed LISTED Return codes were: 127.0.0.3 7200 3578
KROPKA-IP Listed LISTED Return codes were: 127.0.0.3 7200 3578
KROPKA-LAMEAV Listed LISTED Return codes were: 127.0.0.3 7200 437
KROPKA-PROXIES Listed LISTED Return codes were: 127.0.0.3 7200 578
KROPKA-RELAYS Listed LISTED Return codes were: 127.0.0.3 7196 3578
--
| Jazz's Line Stats | Jazz's Network | Jazz's Folding Stats |


Gizguy
Premium
join:2003-01-23
Alpharetta, GA
reply to NormanS
The '»www.mxtoolbox.com ' link in my previous post may have been entered wrong. I was able to get into the site and saw the hits on the mail server listed, and other IP addresses. If you put in an address not listed you will get a message indicating 'no MX records found'.

I'll try again later in the week using BellSouth servers to the hotel in Illinois that was rejecting my email to see if BellSouth has succeeded in getting their server removed from the black list. Again it only rejected when I used the BellSouth mail servers.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to jazzman916
said by jazzman916:

Blacklisting is a common (although largely ineffective) way of reducing spam.
I will assume that you are quoting somebody, or some article. I will tell you that statement is wrong; it is very effective at stopping spam from the listed hosts. Nobody would use them, otherwise.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


bathswife
Original Member

join:2000-09-06
Birmingham, AL
reply to Gizguy
I'm having the same problem lately. One of the most irritating things about all of this is that I am on Extreme DSL (supposedly) but for some reason in the last month or so my IP address has gone back to being dynamic. I want my static IP back because I never got emails bounced back and now about 10% of all my email is being rejected through no fault of mine.

And right now I can't find the help desk number to call and if I do call, am I going to really get any help? Waaaah....!

Just felt like whining.
--
jbooksNOSPAM@bellsouth.netremove the "nospam" from the email to email me.mhttp://www.johnsonsusedbooks.com


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
If you run your own mail server from your residential connection, you need the static IP address if you run an end-to-end SMTP client. AOL, among others, will not accept connections from residential dynamic accounts. Here is a log of a Telnet session:
554- (RTR:BB)  http://postmaster.info.aol.com/errors/554rtrbb.html
554- AOL does not accept e-mail transactions from dynamic or residential
554- IP addresses.
554 Connecting IP: 71.131.252.146
They didn't even wait for me to send "QUIT"; they wasted no time dumping the connection after the refusal.

When you get your static IP address back, also see if they will assign a ptr record for your domain MX server.

I just run on the low-end dynamic IP address and relay through my ISP SMTP server.

Do keep in mind; it is the connecting IP address which the MX will block. If you are submitting the email through a local mail client to your ISP SMTP server, your computer's IP address should not be a factor in blocking email.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


Gizguy
Premium
join:2003-01-23
Alpharetta, GA
reply to bathswife
The FastAccess DSL Tech Support number I've been using is 888-321-2375. I'll be calling them again today to followup on case #628719 from Wednesday since email being sent from BellSouth mail servers continue to be rejected

From: Mail Administrator [mailto:Postmaster@
Sent: Friday, December 23, 2005 6:40 AM
To: name@bellsouth.net
Subject: Mail System Error - Returned Mail

.net 007: This e-mail message was undeliverable due to the following reason:

.net 018: Each of the following recipients were rejected by a destination mail system.

Note: The reasons given by the destination mail system are included
to help you determine why each recipient was rejected.

Solution:
Attempt to resend, or contact the recipient by alternate means to let them know about the issue.

Recipient:
Reason: 5.7.1 Mail from 205.152.59.72 refused see »www.us.sorbs.net/

-------------
Yet the same message sent through either gmail, or my hosting company, mail server does not get rejected.

Regardless of what you may believe is the effectiveness of using MX addresses to reject messages, it is obvious what is not effective is BellSouth's process to remove their Mail Server MX records from being Blacklisted. I never had this problem with Earthlink before I switched to BellSouth last month.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
Reviews:
·Comcast
reply to Gizguy
MX records don't have anything to do with this. Why?

The servers that send mail out, the ones being blacklisted, are not the same ones used that receive mail for the bellsouth.net domain. It's the receiving servers that have an MX record, not the sending servers.


Gizguy
Premium
join:2003-01-23
Alpharetta, GA
Click for full size
graysonf,

you most likely know much more about MX records than me, I'm just pecking away trying to figure out why starting last week my email to my daughter's work place was being rejected. In all cases the rejects had a common source of error - a BellSouth server at one of the following addresses:
imf21aec.mail.bellsouth.net [205.152.59.69]
imf24aec.mail.bellsouth.net [205.152.59.72]

They look like 'mail' servers and they are being rejected on my outgoing messages, not my incoming mail. At the time I reported this problem I know for a fact that '»www.mxtoolbox.com ' indicated the .59.69 address had MX records as being black listed. The reject early this morning was for the .59.72 address. Similarly IP addresses in my residential IP Subnet 66.156.67.xxx yesterday showed MX records on the black list.

As of this post, neither of these addresses, nor addresses in my DSL subnet, show up as having MX records (see attached). Also, now my mail has "not" been rejected. So either BellSouth has cleared the problem as promised, or something stranger is happening. Or perhaps the small text message I sent 30 minutes ago is still in queue somewhere.

I do appreciate all of they help that you and others have provided.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
Reviews:
·Comcast
imf21aec.mail.bellsouth.net [205.152.59.69] and imf24aec.mail.bellsouth.net [205.152.59.72] are outgoing mail servers used by bellsouth customers. The do not have MX records because they do not receive mail for the bellsouth.net domain.

The two mail servers that currently do receive mail for the bellsouth.net domain are:

mx01.mail.bellsouth.net [205.152.58.33] and
mx00.mail.bellsouth.net [205.152.58.32]. These are the actual MX records for bellsouth.net.

There are dozens, if not hundreds of blacklists in use out there. And they use varying criteria for inclusion of IP addresses.

For example, every single residential bellsouth.net IP address (both dialup and DSL) is in the DUL blacklist. These inclusions have nothing to do with any evidence of any spam being sent. The logic for this list is that running mail servers on these IPs is not allowed by the ISP, so any mail coming directly from them is likely problematic. Bellsouth's use of port 25 filtering has largely reduced the usefulness of this portion of the DUL.

Some sites reject mail because the IP sending it reverses to a hostname that does not also have an MX record. This is poor practice since many large ISPs operate as described above and their sending mail server hosts do not have MX records. A site rejecting mail this way would reject 100% of all the mail sent by bellsouth's customers.

And some sites reject mail based on actual spam content, or receiving mail at unknown and unpublished addresses. This could be the result of brute force address guessing commonly used to send spam.

And there are many, many other rationales/designs for blacklists.


Gizguy
Premium
join:2003-01-23
Alpharetta, GA
thanks


bathswife
Original Member

join:2000-09-06
Birmingham, AL
reply to graysonf
I am completely confused which is not all that unusual but maybe you can help me understand.

Please read through what I write carefully because I don't know the right language to try to explain what I'm confused about and I need help talking to the help desk.

What is the difference between the IP address and the server address? I thought that the IP address was what your computer showed to the public as your IP address.

All I know is that until I got accidentally moved to having a dynamic IP address I had no trouble sending email to anyone. Now that my IP address is dynamic, it's a crapshoot as to whether or not I can send email. When I power off the router from time to time (electrical storms, etc.), I am given an IP address at random by bellsouth.

If my emails start getting bounced back to me because the IP I am using is listed in nsorbs, etc.,(like last night), I know that the IP I have been dynamically assigned has been reported by someone as coming from a spammer. I then have to power off my router and power it back on and try sending the same emails again. If the IP I am assigned after powering back on is one that is "good", the email will go, if it is one that has been abused in the past by someone spamming and has been reported to nsorbs,etc., I have to keep powering off the router and powering it back on until I get a good one.

I believe it is my computer IP that is being rejected by the recipient's ISP because in the headers, the numbers listed as being rejected are exactly the numbers of the IP I've been dynamically assigned by bellsouth.

So what I think is happening here is that it is my computer's assigned IP address that is being rejected, and perhaps that is a bellsouth 'server' and I just don't know the correct lingo. That is what worries me. When I talk to the help desk, are they going to understand what I'm saying is the problem? Can you request a specific static IP address? And if so, how can you know one to ask for that has NOT been used in the past by a spammer?

When I call the help desk to get put back on static, how can I ensure that I get my old IP address back (the good one that never got emails bounced back) or one that has not previously been abused by someone?

I have been a member of spamcop for years and go through energetic spurts of turning every single spam in for a day or two before I just get too worn out so I am familiar with the problems associated with spam. I understand why some addresses are blocked by nsorbs and the other organizations like them and I don't have a problem with that. What I think is that before some glitch occurred in the BLS system that caused my account to revert back to 'dynamically assigned IP' I never had any problems sending emails. Now I do. I want my old static IP address back that was what I think of as "clean" in the sense that it hadn't been used by spammers and I never had trouble sending email to people.
--
jbooksNOSPAM@bellsouth.netremove the "nospam" from the email to email me.mhttp://www.johnsonsusedbooks.com


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
Your problem is not related to your IP address because you are not allowed to send mail directly from your IP address to any mail server other than mail.bellsouth.net, and the mail being rejected isn't coming from mail.bellsouth.net.


bathswife
Original Member

join:2000-09-06
Birmingham, AL
Okay, I'm going to cut and paste the entire header here and maybe you can help me understand what you are saying. The sending IP address that is listed as being rejected was my public IP address at that time dynamically assigned to me (205.152.59.67). Here is the entire header:
Recipient:
Reason: 5.5.1 Rejected, sending IP address 205.152.59.67 is blocked. Details: IP 205.152.59.67 is blacklisted (code 6), info at »blacklist.kpn-cert.nl/bailout

Reporting-MTA: dns; imf19aec.mail.bellsouth.net
Arrival-Date: Thu, 22 Dec 2005 23:43:01 -0500
Received-From-MTA: dns; ibm60aec.bellsouth.net (208.63.194.66)

Final-Recipient: RFC822;
Action: failed
Status: 5.1.1
Remote-MTA: dns; mailhost.hetnet.nl (195.121.6.164)
Diagnostic-Code: smtp; 550 5.5.1 Rejected, sending IP address 205.152.59.67 is blocked. Details: IP 205.152.59.67 is blacklisted (code 6), info at »blacklist.kpn-cert.nl/bailout
Received: from ibm60aec.bellsouth.net ([208.63.194.66])
by imf19aec.mail.bellsouth.net with ESMTP
id
for ; Thu, 22 Dec 2005 23:43:01 -0500
Received: from Karen.sip.bhm.bellsouth.net
([208.63.194.66]) by ibm60aec.bellsouth.net with ESMTP
id
for ; Thu, 22 Dec 2005 23:43:00 -0500
Message-Id:
X-Sender: harperbooks@mail.bhm.bellsouth.net
X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0
Date: Thu, 22 Dec 2005 22:42:21 -0600
To: "Ben Blomsma"
From: Karen Harper
Subject: Re: Item #6584916504
In-Reply-To:
References:
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="=====================_83387859==.ALT"
After I powered off my router and powered it back on, I was dynamically assigned an IP addy that began with 72.X.X.X and was immediately able to send the email to the above person. I don't think that is coincidence but perhaps I am still not understanding what you are trying to tell me.
--
jbooksNOSPAM@bellsouth.netremove the "nospam" from the email to email me.mhttp://www.johnsonsusedbooks.com


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to bathswife
Are you running your own mail server? From home? On your residential account? I am not familiar with the Bellsouth AUP/TOS, but, personally, I have no problem if you are doing that.

If you are doing that, then you must know a little bit about mail servers, domains, DNS records, MX records, etc. If you are not doing that, then how do you send email? Having your computer's IP address in DNSBLs is only an issue if you are running a mail server from that computer; otherwise, you are using somebody else's SMTP server for your outbound email, and it will be their server's IP address, not yours, which is subject to listing by DNSBLs.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
Reviews:
·Comcast
reply to bathswife
205.152.59.67 is/was not your public IP address. It belongs to one of bellsouth's outgoing mail servers:

Name: imf19aec.mail.bellsouth.net
Address: 205.152.59.67

Your public IP address that was in effect when you sent the mail appears to be:

Name: adsl-63-194-66.bhm.bellsouth.net
Address: 208.63.194.66

This address was not the one used for the basis of the rejection, 205.152.59.67 was.


bathswife
Original Member

join:2000-09-06
Birmingham, AL
reply to NormanS
said by NormanS:

said by jazzman916:

Blacklisting is a common (although largely ineffective) way of reducing spam.
I will tell you that statement is wrong; it is very effective at stopping spam from the listed hosts. Nobody would use them, otherwise.
I've been turning in spammers for about 4 years now through Spamcop. What I have discovered is that there is absolutely no slow down in the number of spams I receive every day. In fact, I received hundreds per day now. So in the larger scheme of things, I agree with jazzman, blacklisting is ineffective for reducing spam. The spammers know what they're doing, they just find an alternate route. To say that 'nobody would use them otherwise' is sort of like saying nobody would smoke cigarettes if they knew that cigarettes would kill them. Even though I still turn spammers into spamcop now and then when I get a particularly repulsive lot of 'enlarge your penis' and 'impress your girl with huge XXX shots' etc., I've pretty much given up and just use the delete button. What I really wish is that I could send emails back to the spammers explaining that women ARE NOT impressed with ...oh never mind. You know what I mean, what I really want is revenge. Blacklisting ends up causing ME problems....my innocent and legitimate emails get bounced back because some joker used my current dynamic IP address to send spam at some point in the past.
--
jbooksNOSPAM@bellsouth.netremove the "nospam" from the email to email me.mhttp://www.johnsonsusedbooks.com


bathswife
Original Member

join:2000-09-06
Birmingham, AL
reply to graysonf
said by graysonf:

205.152.59.67 is/was not your public IP address. It belongs to one of bellsouth's outgoing mail servers:

Name: imf19aec.mail.bellsouth.net
Address: 205.152.59.67

Your public IP address that was in effect when you sent the mail appears to be:

Name: adsl-63-194-66.bhm.bellsouth.net
Address: 208.63.194.66

This address was not the one used for the basis of the rejection, 205.152.59.67 was.
Okay, I'm trying to understand this. Where did you get the "adsl-63-194-66"? And how exactly do you find out what your current IP address is? When I looked at my "public IP" address here on the DSLReports site, it showed the 205.152.59.67 as being my IP. Sorry to be so slow on this but I want to make sure I do the right thing when I switch back to static IP. Thanks for using small words and speaking slowly
--
jbooksNOSPAM@bellsouth.netremove the "nospam" from the email to email me.mhttp://www.johnsonsusedbooks.com


bathswife
Original Member

join:2000-09-06
Birmingham, AL
reply to NormanS
said by NormanS:

Are you running your own mail server? From home? On your residential account? I am not familiar with the Bellsouth AUP/TOS, but, personally, I have no problem if you are doing that.

No, I'm not running on my own mail server. I wouldn't have a clue about how to do that sort of thing. I think the problem I'm having explaining my situation is that I have never learned how to properly read a complete email header. I started learning it way back when I signed up for spamcop but got lazy, ahem, busy and didn't do it. Now I think my problem is that I am reading the headers wrong and so giving information wrong.

My goal here is to understand what is happening so I can fix it. I'm thinking that if I switch back to a static IP I will be able to send emails to everyone like I always had been able to before but I'm beginning to think that it might not make any difference which is very depressing.
--
jbooksNOSPAM@bellsouth.netremove the "nospam" from the email to email me.mhttp://www.johnsonsusedbooks.com


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
said by bathswife:

No, I'm not running on my own mail server. I wouldn't have a clue about how to do that sort of thing...

My goal here is to understand what is happening so I can fix it. I'm thinking that if I switch back to a static IP I will be able to send emails to everyone like I always had been able to before but I'm beginning to think that it might not make any difference which is very depressing.
No. For your case there will be no difference between the static and the dynamic IP address. Which isn't to say that you shouldn't try to get it back; assuming that you were paying for a static IP package, you should not have been switched to a dynamic IP account.

However, if you are not running a server from your computer, your email is going out through somebody else's SMTP server; in your case, a Bellsouth SMTP server. Your problem with rejected email is separate from, and unrelated to your problem with your lost static IP address. No mail server should reject email from an ISP SMTP server on the basis of the submission IP address; else nobody would be able to send email. My submission IP address is blocked six ways from Sunday just because it is a dynamic IP address.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


bathswife
Original Member

join:2000-09-06
Birmingham, AL
said by NormanS:

However, if you are not running a server from your computer, your email is going out through somebody else's SMTP server; in your case, a Bellsouth SMTP server. Your problem with rejected email is separate from, and unrelated to your problem with your lost static IP address. No mail server should reject email from an ISP SMTP server on the basis of the submission IP address; else nobody would be able to send email. My submission IP address is blocked six ways from Sunday just because it is a dynamic IP address.
So each time I power off my router and then power it back on I'm sent through a different bellsouth mail server? Argh. How can I change which bellsouth smtp server my mail is sent through? I would like to avoid this problem.
--
jbooksNOSPAM@bellsouth.netremove the "nospam" from the email to email me.mhttp://www.johnsonsusedbooks.com


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC

1 edit
Click for full size
SMTP relay diagam.
said by bathswife:

So each time I power off my router and then power it back on I'm sent through a different bellsouth mail server? Argh. How can I change which bellsouth smtp server my mail is sent through? I would like to avoid this problem.
No. You set your mail client to use mail.bellsouth.net. The IP address for this server is fixed in DNS. It exists independent of your IP address which you draw from the DHCP address pool. Furthermore, this message submission server need not have the same IP address as the Bellsouth output SMTP server.

There is no way for you to control which Bellsouth output SMTP server sends your email on to the Internet. That is determined entirely by some kind of network traffic management magic. Things work something like this:

You computer gets an IP address from the Bellsouth DHCP pool. When you send email with MS Outlook Express, your computer connects to the BS SMTP server on that server's IP address. In the simplest configuration, that server then does a DNS lookup on the recipient domain to find that domain's MX server; after which, it connects to that MX server. That BS output-to-recipient-MX connection is fixed at one of two IP addresses, as explained earlier. Your computer IP address is well out of this loop by the time that the message is being relayed on to the destination. This relay is between either of two Bellsouth SMTP relay clients, " imf21aec.mail.bellsouth.net [205.152.59.69]", or "imf24aec.mail.bellsouth.net [205.152.59.72]". You have zero control over which of those two servers handles your email.

The diagram I have included shows a schematic of the arrangement. The point at which your email is being rejected is the looping line between the Bellsouth SMTP relay clients and the SBC (prodigy.net) MX server. As you can see, your computer's IP address is not even known to the SBC MX server. At the time an MX server rejects an email, the only foreign IP address that the MX server sees is the connecting SMTP relay client's IP address (oversimplified; some MX servers can examine the message through DATA for content filtering).

Oh, I just picked on the SBC MX server to illustrate the nature of the problem. You should substitute the actual MX server for the domain rejecting your messages.

Addenda:
Bellsouth may have more than the two SMTP relay clients shown in my diagram; some may be blocked, others not. Whether you draw a new IP address may, or may not affect which Bellsouth SMTP servers in their farm will handle your email. Whether your email goes through, or is rejected, is dependent upon which SMTP relay client is handing of the message to the destination MX server.


said by bathswife:

Okay, I'm trying to understand this. Where did you get the "adsl-63-194-66"? And how exactly do you find out what your current IP address is?
A couple of places to find your IP address:

»www.whatismyip.com/
»myip.dslextreme.com/

BTW, that second one shows why I am sometimes confused in this forum; DSL Extreme is not only the name of a level of Bellsouth DSL service, it is also the name of a CLEC DSL service provider who could have serviced my premises if I hadn't started up on Pacbell DSL (now SBC AT&T) service.

More interesting information can be found here (by filling in the blanks):

»www.dnsstuff.com/

Your IP address should be visible near the upper right corner on the DNSStuff page.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC

1 edit
reply to bathswife
said by bathswife:

I've been turning in spammers for about 4 years now through Spamcop. What I have discovered is that there is absolutely no slow down in the number of spams I receive every day. In fact, I received hundreds per day now. So in the larger scheme of things, I agree with jazzman, blacklisting is ineffective for reducing spam. The spammers know what they're doing, they just find an alternate route. To say that 'nobody would use them otherwise' is sort of like saying nobody would smoke cigarettes if they knew that cigarettes would kill them.
Very bad analogy; that "smoking" example. You are turning in spammers through SpamCop; I do that also.

From my standpoint, running an MX server, DNSBLs work very well. I have received, maybe, twenty spam email messages, tops, to my domain this year. Not for a lack of the spammers trying; my MTA logs show a few hundred attempts (or more) over that past year. Here is a sample from the last twenty-four hours (or so):
T 20051222 120439 43a97e40 Connection from 68.117.186.201
T 20051222 120440 43a97e40 HELO 68-117-186-201.dhcp.mtgm.al.charter.com
T 20051222 120444 43a97e40 MAIL FROM: <iyiab@doramail.comE>
E 20051222 120444 43a97e40 Host 68.117.186.201 blocked by Spamhaus - message rejected.
T 20051222 120445 43a97e40 QUIT
T 20051222 120445 43a97e40 Connection closed with 68.117.186.201, 6 sec. elapsed.
T 20051222 132528 43a97e43 Connection from 200.104.78.84
T 20051222 132530 43a97e43 HELO pc-84-78-104-200.cm.vtr.net
T 20051222 132531 43a97e43 MAIL FROM: <owbcbprzvhcafo@freemail.lt>
E 20051222 132531 43a97e43 Host 200.104.78.84 blocked by Spamhaus - message rejected.
T 20051222 132532 43a97e43 QUIT
T 20051222 132532 43a97e43 Connection closed with 200.104.78.84, 4 sec. elapsed.
T 20051222 134327 43a97e44 Connection from 200.207.43.217
T 20051222 134328 43a97e44 ehlo friend
T 20051222 134328 43a97e44 MAIL FROM:<gilbert@englishforum.biz>
E 20051222 134328 43a97e44 Host 200.207.43.217 blocked by Spamhaus - message rejected.
T 20051222 134329 43a97e44 Connection closed with 200.207.43.217, 2 sec. elapsed.
T 20051222 161143 43a97e48 Connection from 68.57.161.152
T 20051222 161144 43a97e48 HELO pcp09063693pcs.centrl01.va.comcast.net
T 20051222 161144 43a97e48 MAIL FROM: <qupcwlwbu@erg.it>
E 20051222 161146 43a97e48 Host 68.57.161.152 blocked by Spamhaus - message rejected.
T 20051222 161146 43a97e48 QUIT
T 20051222 161146 43a97e48 Connection closed with 68.57.161.152, 3 sec. elapsed.
T 20051222 165912 43a97e4b Connection from 200.67.219.248
T 20051222 165912 43a97e4b HELO localhost
E 20051222 165912 43a97e4b 554 Invalid host name - message rejected; see: HTTP://antispam.aosake.net.
T 20051222 165913 43a97e4b Connection closed with 200.67.219.248, 1 sec. elapsed.
E 20051222 165913 0 Connection from 200.67.219.248 refused because of short-term restriction.
E 20051222 165913 0 Connection from 200.67.219.248 refused because of short-term restriction.
T 20051222 172333 43a97e4d Connection from 70.37.42.211
T 20051222 172333 43a97e4d HELO temecula-cuda1-70-37-42-211.ontrca.adelphia.net
T 20051222 172333 43a97e4d MAIL FROM: <ruane@alcoa.com>
E 20051222 172333 43a97e4d Host 70.37.42.211 blocked by Spamhaus - message rejected.
T 20051222 172333 43a97e4d QUIT
T 20051222 172333 43a97e4d Connection closed with 70.37.42.211, 0 sec. elapsed.
T 20051222 191255 43a97e51 Connection from 69.60.133.212
T 20051222 191255 43a97e51 EHLO socialclass.org
T 20051222 191255 43a97e51 MAIL FROM:<ew-update@paypal.com>
E 20051222 191256 43a97e51 Host 69.60.133.212 blocked by SpamCop (Tag only) - message tagged.
T 20051222 191256 43a97e51 RCPT To:<nanae@aosake.net>
E 20051222 191256 43a97e51 554 Recipient address rejected: User not allowed in recipient maps table (in reply to RCPT TO command)
T 20051222 191256 43a97e51 Connection closed with 69.60.133.212, 1 sec. elapsed.
T 20051222 194017 43a97e53 Connection from 68.68.91.132
T 20051222 194018 43a97e53 helo localhost
E 20051222 194018 43a97e53 554 Invalid host name - message rejected; see: HTTP://antispam.aosake.net.
T 20051222 194018 43a97e53 Connection closed with 68.68.91.132, 1 sec. elapsed.
T 20051222 211638 43a97e57 Connection from 68.164.107.254
T 20051222 211639 43a97e57 HELO h-68-164-107-254.sfldmidn.covad.net
T 20051222 211639 43a97e57 MAIL FROM: <%nameheixmkiqn.%nameneca@msa.hinet.net >
E 20051222 211639 43a97e57 Killfile: Mail from '<%nameheixmkiqn.%nameneca@msa.' rejected, talking to 68.164.107.254
T 20051222 211640 43a97e57 QUIT
T 20051222 211640 43a97e57 Connection closed with 68.164.107.254, 2 sec. elapsed.
T 20051222 215513 43a97e59 Connection from 24.49.219.125
T 20051222 215513 43a97e59 HELO ny-lancastercadent4g1-3d-b-125.buf.adelphia.net
T 20051222 215513 43a97e59 MAIL FROM: <stephen@firstadvantage.com>
E 20051222 215513 43a97e59 Host 24.49.219.125 blocked by Spamhaus - message rejected.
T 20051222 215514 43a97e59 QUIT
T 20051222 215514 43a97e59 Connection closed with 24.49.219.125, 1 sec. elapsed.
T 20051222 221510 43a97e5a Connection from 82.193.148.36
T 20051222 221510 43a97e5a HELO localhost
E 20051222 221510 43a97e5a 554 Invalid host name - message rejected; see: HTTP://antispam.aosake.net.
T 20051222 221511 43a97e5a Connection closed with 82.193.148.36, 1 sec. elapsed.
E 20051222 221511 0 Connection from 82.193.148.36 refused because of short-term restriction.
E 20051222 221512 0 Connection from 82.193.148.36 refused because of short-term restriction.
T 20051222 232802 43a97e5d Connection from 202.83.52.86
T 20051222 232802 43a97e5d ehlo friend
T 20051222 232803 43a97e5d MAIL FROM:<simon@funeasy.biz>
E 20051222 232807 43a97e5d Host 202.83.52.86 blocked by SpamCop (Tag only) - message tagged.
T 20051222 232807 43a97e5d RCPT TO:<salty.dog@aosake.net>
E 20051222 232807 43a97e5d 554 Recipient address rejected: User not allowed in recipient maps table (in reply to RCPT TO command)
T 20051222 232807 43a97e5d Connection closed with 202.83.52.86, 5 sec. elapsed.
T 20051222 234017 43a97e5e Connection from 200.199.240.11
T 20051222 234018 43a97e5e HELO 71.131.252.146
E 20051222 234018 43a97e5e 554 Misconfigured host - message rejected; see: HTTP://antispam.aosake.net.
T 20051222 234027 43a97e5e Connection closed with 200.199.240.11, 10 sec. elapsed.
T 20051222 234432 43a97e5f Connection from 24.85.151.208
T 20051222 234432 43a97e5f HELO localhost
E 20051222 234432 43a97e5f 554 Invalid host name - message rejected; see: HTTP://antispam.aosake.net.
T 20051222 234432 43a97e5f Connection closed with 24.85.151.208, 0 sec. elapsed.
E 20051222 234432 0 Connection from 24.85.151.208 refused because of short-term restriction.
E 20051222 234432 0 Connection from 24.85.151.208 refused because of short-term restriction.
T 20051222 234447 43a97e60 Connection from 203.139.25.14
T 20051222 234447 43a97e60 Connection closed with 203.139.25.14, 0 sec. elapsed.
T 20051222 234542 43a97e61 Connection from 80.143.67.251
T 20051222 234542 43a97e61 helo localhost
E 20051222 234542 43a97e61 554 Invalid host name - message rejected; see: HTTP://antispam.aosake.net.
T 20051222 234542 43a97e61 Connection closed with 80.143.67.251, 0 sec. elapsed.
T 20051222 234742 43a97e62 Connection from 211.253.176.115
T 20051222 234745 43a97e62 HELO 71.131.252.146
E 20051222 234745 43a97e62 554 Misconfigured host - message rejected; see: HTTP://antispam.aosake.net.
T 20051222 234745 43a97e62 Connection closed with 211.253.176.115, 3 sec. elapsed.
T 20051222 234752 43a97e63 Connection from 202.112.115.35
T 20051222 234752 43a97e63 Connection closed with 202.112.115.35, 0 sec. elapsed.
T 20051223 004929 43ab43bb Connection from 211.162.200.140
T 20051223 004933 43ab43bb HELO 71.131.252.146
E 20051223 004933 43ab43bb 554 Misconfigured host - message rejected; see: HTTP://antispam.aosake.net.
T 20051223 004934 43ab43bb Connection closed with 211.162.200.140, 5 sec. elapsed.
T 20051223 005015 43ab43bc Connection from 170.215.43.234
T 20051223 005102 43ab43bc Connection closed with 170.215.43.234, 47 sec. elapsed.
T 20051223 005133 43ab43bd Connection from 220.232.98.234
T 20051223 005134 43ab43bd HELO 71.131.252.146
E 20051223 005134 43ab43bd 554 Misconfigured host - message rejected; see: HTTP://antispam.aosake.net.
T 20051223 005135 43ab43bd Connection closed with 220.232.98.234, 2 sec. elapsed.
T 20051223 013337 43ab43c1 Connection from 70.68.252.252
T 20051223 013337 43ab43c1 helo localhost
E 20051223 013337 43ab43c1 554 Invalid host name - message rejected; see: HTTP://antispam.aosake.net.
T 20051223 013337 43ab43c1 Connection closed with 70.68.252.252, 0 sec. elapsed.
T 20051223 014258 43ab43c3 Connection from 83.55.78.122
T 20051223 014300 43ab43c3 HELO 122.Red-83-55-78.dynamicIP.rima-tde.net
T 20051223 014303 43ab43c3 MAIL FROM: <nradford@itftaekwondo.com>
E 20051223 014303 43ab43c3 Host 83.55.78.122 blocked by Spamhaus - message rejected.
T 20051223 014310 43ab43c3 QUIT
T 20051223 014310 43ab43c3 Connection closed with 83.55.78.122, 12 sec. elapsed.
T 20051223 014347 43ab43c4 Connection from 219.21.152.5
T 20051223 014408 43ab43c4 Connection closed with 219.21.152.5, 21 sec. elapsed.
T 20051223 014409 43ab43c5 Connection from 204.50.71.156
T 20051223 014410 43ab43c5 HELP
T 20051223 014410 43ab43c5 Connection closed with 204.50.71.156, 1 sec. elapsed.
T 20051223 031959 43ab43ca Connection from 24.158.94.77
T 20051223 032007 43ab43ca HELO 24-158-94-077.dhcp.chtn.wv.charter.com
T 20051223 032008 43ab43ca MAIL FROM: <bqbxjufc@fds.com>
E 20051223 032008 43ab43ca Host 24.158.94.77 blocked by Spamhaus - message rejected.
T 20051223 032040 43ab43ca QUIT
T 20051223 032040 43ab43ca Connection closed with 24.158.94.77, 41 sec. elapsed.
T 20051223 034312 43ab43cc Connection from 82.50.56.50
T 20051223 034313 43ab43cc HELO host50-56.pool8250.interbusiness.it
T 20051223 034314 43ab43cc MAIL FROM: <hlgfbqqar@centrapoint.com>
E 20051223 034314 43ab43cc Host 82.50.56.50 blocked by Spamhaus - message rejected.
T 20051223 034317 43ab43cc QUIT
T 20051223 034317 43ab43cc Connection closed with 82.50.56.50, 5 sec. elapsed.
T 20051223 105836 43abd46e Connection from 211.73.164.25
T 20051223 105836 43abd46e helo localhost
E 20051223 105836 43abd46e 554 Invalid host name - message rejected; see: HTTP://antispam.aosake.net.
T 20051223 105836 43abd46e Connection closed with 211.73.164.25, 0 sec. elapsed.
T 20051223 114136 43abd479 Connection from 62.143.13.167
T 20051223 114136 43abd479 HELO ip167.13.1411N-CUD12K-02.ish.de
T 20051223 114136 43abd479 MAIL FROM: <nadon@imrgold.com>
E 20051223 114137 43abd479 Host 62.143.13.167 blocked by NJABL - message rejected.
T 20051223 114138 43abd479 QUIT
T 20051223 114138 43abd479 Connection closed with 62.143.13.167, 2 sec. elapsed.
T 20051223 121036 43abd47b Connection from 82.154.158.147
T 20051223 121037 43abd47b HELO bl5-158-147.dsl.telepac.pt
T 20051223 121038 43abd47b MAIL FROM: <pbwqvzdxlsy@msn.com>
E 20051223 121040 43abd47b Host 82.154.158.147 blocked by NJABL - message rejected.
T 20051223 121041 43abd47b QUIT
T 20051223 121041 43abd47b Connection closed with 82.154.158.147, 5 sec. elapsed.
T 20051223 131707 43abd47d Connection from 71.252.159.223
T 20051223 131707 43abd47d helo localhost
E 20051223 131707 43abd47d 554 Invalid host name - message rejected; see: HTTP://antispam.aosake.net.
T 20051223 131707 43abd47d Connection closed with 71.252.159.223, 0 sec. elapsed.
What you are seeing in your Inbox, and what the mail administrator is seeing in his logs are very different pictures. What you think, based on your Inbox, disagrees with what I see in my MTA logs; a hell of a lot of blocked spam.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
Reviews:
·Comcast
reply to bathswife
You pasted the header from the rejected mail. In that header was the Received: header inserted by the bellsouth mail server that handled your message. That Received header contained your IP address, 208.63.194.66. A reverse lookup of that IP yields adsl-63-194-66.bhm.bellsouth.net.

One very simple way to determine your current IP address is to surf to this link:

»checkip.dyndns.org/

I don't see how it's possible you had an IP address that belongs to a bellsouth.net mail server.


Gizguy
Premium
join:2003-01-23
Alpharetta, GA
reply to graysonf
Isn't this fun..... two hours after I sent my 12:25pm email a reject message was received - once again reporting the Bellsouth outgoing email with ip address of 205.152.59.69 as the cause of the rejection. Perhaps it takes some time for '»www.us.sorbs.net ' to update the removal of this IP address from '»www.mxtoolbox.com ' , or maybe sorbs.net is rejecting the mail for another reason. In all fairness, it may just be a problem between BellSouth and the receiving email system since all of my other POP mail is not rejecting.

Again as I posted earlier, when I send an POP email to this one recipient from the same PC, with same DSL IP address, but I send it using a non-BellSouth email ID through Google's GMAIL smtp server (outgoing port of 465) the message is not rejected. Similarly if I send the mail using the smtp server of the web hosting company I use (not using port 25) it gets through fine.

So it appears to be a problem within the BellSouth Email system - which many on this forum have reported as being very weak. It even failed when I sent the message using BellSouth's Webmail.

Please note, that regardless of what email address I use (BellSouth, or my personal domain address), the mail rejects for this one recipient only when I use the BellSouth.Net (port 25) mail server. I'm not going to lose any sleep over this as I am now sending all of my POP email via Google's SMTP server and/or my web hosting server. However, if BellSouth ever prevents me from using these alternatives, then I guess I'll switch to an alternative broadband provider.


bathswife
Original Member

join:2000-09-06
Birmingham, AL
reply to NormanS
Okay, great diagram and information. At least there is a glimmer of hope that I might understand all of this because I have a place to start.

I can see I am going to have to start reading a bunch of technical stuff to try to understand and you all have been very helpful. I appreciate that.

Yes, it was a bad analogy and really all I was pointing out is that I get more spam now than I ever did before and that turning spammers in hasn't decreased the number of spams I receive every day.

Now that I realize that my ip address doesn't make any difference I am wondering why change it to a static ip address at all.

I have a lot to think about and really, thanks to everybody who has tried to explain all this to me. I'm not a stupid person but understanding this sort of thing is sort of like looking at a map and having a feel for directions and that is a talent I am unfortunately without.
--
jbooksNOSPAM@bellsouth.netremove the "nospam" from the email to email me.mhttp://www.johnsonsusedbooks.com