Dynamic IP Blocking
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Dynamic IP Blocking
Re: Dynamic IP Blocking
21-09-2007 9:20 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
This is no longer an acceptable situation for me!!!
Re: Dynamic IP Blocking
21-09-2007 9:26 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: paulby Would it be useful to forward mail headers from a mail that reached its destination (I have another account hosted by 1&1)? If so, I can do this later when I get home.
Yes it would. The rejection message should contain the originating IP but in your case it appears that the MTA that handled the rejection has truncated the message meaning the IP isn't visible
Quote I am now affected by this from my own web server running on my ADSL line. It is also affecting another system I maintain on a BT line which sends out system status emails to one of my PN addresses.
This is no longer an acceptable situation for me!!!
Peter we can whitelist specific hosts but if you yourself are maintaining these lines then the email will be getting sent from the IP address assigned by the ISP (which are likely to be assigned from dynamic address space). Can the emails not be sent via our relays (in our case) and via BT's SMTP server?
Edit: Just to add to this Peter, by smarthosting the mail through the ISP you will undoubtedly find that you'll encounter fewer problems over time as more and more admins lock down on dynamic IP's. We are not the and will definitely not be the last. It's what the industry has to do, as we have to become responsible for the spam being generated by our users. When we end up on blacklists and RBL's then to say it's not our fault it's our end users just doesn't cut the mustard.
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: Dynamic IP Blocking
21-09-2007 10:32 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Yes I can set my own box to relay through PN but as stated above I would prefer not to so I have control over the delivery. The vast majority of systems I delivered mail to have no problem with this but YOUR mail server does!!!
As for BT, that's not an option as BT will only allow known domains to send via their systems and none of the 20 or so domains the box has is known to BT because I want to keep control over the delivery and not have to fight with BT every time I want a domain added to their relay list as I have done with other customers.
Re: Dynamic IP Blocking
21-09-2007 11:52 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I started running my own mail server several years ago and quickly started using the relay servers as a lot of my message were getting bounced back.
Plusnet certainly aren't the only ones doing this.
The previous posters have mentioned not wanting to use Plusnet's relay servers, is there any real reason for this? As far as I am aware they haven't been affected by the various problems.
Re: Dynamic IP Blocking
21-09-2007 12:44 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Bob Peter we can whitelist specific hosts ...
Why are you doing it this way which seems to be a bit "go it alone"?
Further , if you offer to white list on request (a manual process?) this sounds like a maintenance nightmare.
Essentially the Spamhaus PBL offers the same aim but has a user controlled "no questions" automated removal route. I see that PN's address ranges have not even been registered on the PBL. Isn't the PBL route more readily scalable and potentially more accurate with it being open to the contributions of others?
Re: Dynamic IP Blocking
21-09-2007 12:54 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: astarsolutions ... started using the relay servers as a lot of my message were getting bounced back. Plusnet certainly aren't the only ones doing this.
You're quite right, PN are not the only ones to implement some rather draconian but mandatory filtering that is virtually guaranteed to cause a variety of problems for some customers. However, it also has to be said that even the likes of AOL and Hotmail are "open and honest" enough to (eventually) admit to the fact that they're doing it and then provide relatively clear and definitive details on what they're doing and more to the point, what their requirements are to result in mail being successfully received by them and subsequently delivered to customers.
Please correct me if I'm wrong and/or have missed an announcement but the increasing scope of the mandatory first-line filtering was not formally announced, to a certain extent has even denied (by comments such as "we have not made any mail server changes that would have resulted in dramatic changes in the volume of spam received" or "there is clearly a problem with the sender not sending stuff rather than with us not receiving stuff" or words to that effect) and there is no clearly defined specification of exactly what the PN requirements now are in order to guarantee (within reason) that mail will be received and delivered to a customer in a timely manner.
I always used to laugh at the (very sad IMHO) peeps who send an e-mail, wait 5 mins and then get on the phone to ask if the recipient has received it and generally told them to go and get themselves a decent service provider if they were having problems that necessitated this as I had never had any problems with random incoming stuff going missing or random outgoing stuff failing to get sent over the best part of 10 years. Oh how things change
B T Plusnet, a bit kinda like P T Barnum ...
... but quite often appears to feature more clowns
Re: Dynamic IP Blocking
21-09-2007 1:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I see it as an inevitable step that all Isp's will take in the near future. It has to be stressed again that practically all bounced emails will be as the result of misconfigured mail servers attempting direct delivery instead of relaying through a smarthost.
In order to reduce the worldwide spam problem, I would welcome all ISP's following this example. It would reduce the effectiveness of the Storm botnet to practically zero, and reduce the amount of spam accordingly.
As is usually the way with changes like this, there is some pain to bear. Unfortunately, this could have been communicated to the usergroup and community in advance to allow a discussion on the potential impact of such a change.
Perhaps changing the 550 error to be a little more descriptive would help?
In all fairness, the 'man in the street' is not going to experience any problems sending mail to plusnet addresses because of this change. Only people using their own mailservers attempting to direct deliver will experience problems. Imho, they should either know better, or be prepared for their mail to be rejected by an ever increasing number of isps attempting to combat the spam problem.
B.
Re: Dynamic IP Blocking
21-09-2007 2:03 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote Please correct me if I'm wrong and/or have missed an announcement but the increasing scope of the mandatory first-line filtering was not formally announced
This work was announced, at least as far back as a week
Static IP detected as dynamic by new mail filtering
21-09-2007 2:14 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Myself, work and friends and family are pretty much all on plusnet, so my emails are going from a plusnet work address, to our work mailserver [mail.moonpod.com] then to a plusnet mail server.
We aren't listed on any dynamic ip lists like SORBS. What criteria are you using to detect this?
Bounce message and headers (emails have been starred out):
The original message was received at Thu, 20 Sep 2007 06:35:20 -0700
from ****.plus.com [212.159.47.194]
----- The following addresses had permanent fatal errors -----
<****@*****.plus.com>
(reason: 550-REJECTED: We do not accept email from dynamic IP's. Connection from the IP)
----- Transcript of session follows -----
... while talking to mx.core.plus.net.:
<<< 550-REJECTED: We do not accept email from dynamic IP's. Connection from the IP
<<< 550-address {207.36.208.184} has been refused. If you think we have done
<<< 550-something wrong then please forward a copy of this message complete with
<<< 550 full email headers to abuse@plus.net
... while talking to mx.last.plus.net.:
>>> QUIT
<<< 550-REJECTED: We do not accept email from dynamic IP's. Connection from the IP
<<< 550-address {207.36.208.184} has been refused. If you think we have done
<<< 550-something wrong then please forward a copy of this message complete with
<<< 550 full email headers to abuse@plus.net
554 5.0.0 Service unavailable
HEADERS:
X-ClientAddr: 212.159.47.194
Return-Path: <****@moonpod.com>
Received: from **** (****.plus.com [212.159.47.194])
(authenticated bits=0)
by dedicated.moonpod.com (8.12.11.20060308/8.12.11) with ESMTP id l8KDZJLY020786
for <****@****.plus.com>; Thu, 20 Sep 2007 06:35:20 -0700
Message-ID: <01ec01c7fb8c$28d43ea0$0300a8c0@fost>
From: "*****" <***@moonpod.com>
To: "******" <***@***.plus.com>
References: <000d01c7fb87$cccc0d30$0200a8c0@tippo>
Subject: =?iso-8859-1?Q?Re:_{Disarmed}_Fw:_27_Inch_LCD_TV_only_=A3329.95!?=
Date: Thu, 20 Sep 2007 14:42:58 +0100
Organization: Moonpod
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_01E9_01C7FB94.89A7DE00"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
X-Moonpod-MailScanner-Information: Please contact the ISP for more information
X-Moonpod-MailScanner: Found to be clean
X-MailScanner-From: *****@moonpod.com
Re: Dynamic IP Blocking
21-09-2007 2:17 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
What annoys and worries me is that something might not be quite right with the implementation - and clearly it's having a serious impact on PN customers.
I use Netserve Consultants for domains and hosting - and they're a very well-established and bright bunch of guys, who I think understand networking better than most. They say on their service status blog:
http://nsnoc.blogspot.com/
As an advisory to Plus.Net users - it would appear that for some reason they are classing our primary secondary and mail scanning mail clusters as "Dynamic Addresses". While this is not the case, it is not preventing them from currently rejecting mail forwarded to accounts on their servers from our clusters.
We are all behind the less spam option and use many restrictions on our own scanning and non scanning servers - however this misapprehension that we are on a dynamic range will cause users with this ISP who usually use our forwarding service issue until they get their block lists corrected.
They have said to me:
I suggest you ask them why that is the case when the IPs currently in mx1.nsnoc.com mx2.nsnoc.com mxs1.nsnoc.com and mxs2.nsnoc.com are being marked as dynamic as opposed to statics as they are if you look on the
block. Even our ADSL customers get static IP's!
More over - ask them to mail us (support@nsnoc.com) as well to explain what they are up to - I expect ridiculousness from AOL, but not from a glorified branch of BT like Plus.
Can you ask them where we should email so we can revise our otherwise some what accusatory blog posting
Meanwhile I've stopped using PN mail. Thank goodness I never give anyone my .plus.com adddress...
Bob - can you comment?
Brian
Re: Dynamic IP Blocking
21-09-2007 2:45 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Did Plusnet ever release this information?
Re: Dynamic IP Blocking
21-09-2007 3:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I spotted this only by picking up a service status announcement which referred to a blog post which I queried here but with no response from PlusNet
Quote from: astarsolutions
Quote Please correct me if I'm wrong and/or have missed an announcement but the increasing scope of the mandatory first-line filtering was not formally announced
This work was announced, at least as far back as a week
I assume the current problems are from this change which is remarkably unclear.
This was the part I queried in the above post but there was no official response at all so we were all left in the dark
Quote We currently reject mail from senders with no reverse DNS, we will be changing this so that less DNS queries are required, thus saving even more processing time. We anticipate that this will reduce possible delays on this part of the process from 2-4 seconds to zero seconds.
Re: Dynamic IP Blocking
21-09-2007 3:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks for contacting us regarding this, the reason why the IP was
rejected is due to forward and reverse dns not being set up correctly
for it:
IP = "207.36.208.184"
Here is the output of my queries on this IP:
rdns = "www.moonpod.com"
forward dns = "www.moonpod.com"
Please ensure the forward and reverse DNS entries match and they are to
industry standard for mailserver, once this has been done our mail
servers will accept mail from this host.
Kind Regards,
PlusNet Abuse Team
So, rdns and dns must match, and in your email you point out that it does, so what's the problem?
Re: Dynamic IP Blocking
21-09-2007 3:25 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
You initially mentioned the server was called mail.moonpod.com, perhaps when the IP address is looked up it finds www.moodpod.com which doesn't match what the mail server thinks it is.
Re: Dynamic IP Blocking
21-09-2007 3:27 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
forward dns = "www.moonpod.com" 83.138.187.175
which is a different IP o the reverse
I hope that PN have corrected their rDNS entries as these have been incorrect in the past
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page