Routing peers down?

bobpullen · ‎04-04-2007

@ukguy1 wrote:
Hi any news on the blocks at plusnet?

No, afraid not. I'm waiting on one of our engineers to take a look.

This is also happening to other people on other isps.

Which ISP's is that? I'm not aware of anybody else reporting problems

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

ukguy1 · ‎29-06-2016

Ok thanks
I'll try and find out the other isps.

This all came to light when a family member tried to email someone on plusnet. They mentioned that they'd had issues for a few months and asked me how to resolve it.

Since then several other friends of this family member have also commented how they also get bounce backs. They don't use us for hosting.
I think one is @btinternet.com - I'll check others.

So this is when I tried emailing a test address of my own at plusnet and it also bounced back.

bobpullen · ‎04-04-2007

@ukguy1, our engineers have taken a look at this now, and it's as I suspected. One of your IP's is being explicitly blocked by our intrusion prevention platform. It obviously saw something from your network at some point that it didn't like.

The block has been removed so feel free to try again and let me know if you're still encountering problems.

@ukguy1 wrote:
@I think one is @btinternet.com - I'll check others.

FWIW, I'm able to email Plusnet addresses from a BT Internet account without any problems:

Return-path: <[REDACTED]@btinternet.com>
Envelope-to: [REDACTED]@[REDACTED].plus.com
Delivery-date: Sun, 13 Aug 2017 21:52:15 +0100
Received: from [212.159.8.109] (helo=avasin05.plus.net)
	  by inmx13.plus.net with esmtp (PlusNet MXCore v2.00) id 1dgzrr-00016n-OD 
	  for [REDACTED]@[REDACTED].plus.com; Sun, 13 Aug 2017 21:52:15 +0100
Received: from rgout02.bt.lon5.cpcloud.co.uk ([65.20.0.179])
	by avasin05.plus.net with Plusnet Cloudmark Gateway
	id wksD1v0053rjMu901ksF7d; Sun, 13 Aug 2017 21:52:15 +0100
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.2 cv=V5MN6avi c=1 sm=1 tr=0
 a=4E4LqNzxNmDyhSF3E/Ia/Q==:117 a=O75fUQ6w6GmJr1eTjd7Zng==:17
 a=_MQNuJvqGDgA:10 a=IkcTkHD0fZMA:10 a=x7bEGLp0ZPQA:10 a=KeKAF7QvOSUA:10
 a=opZm9xa9l6swPPD4eWIA:9 a=QEXdDO2ut3YA:10
X-OWM-Source-IP: 10.110.13.1 ()
X-OWM-Env-Sender: [REDACTED]@btinternet.com
X-Junkmail-Premium-Raw: score=7/50,refid=2.7.2:2017.8.13.201517:17:7.944,ip=,rules=__PHISH_SPEAR_HTTP_RECEIVED,
 __TO_MALFORMED_2, __TO_NO_NAME, __HAS_MSGID, __SANE_MSGID, __SUBJ_ALPHA_END,
 __MIME_VERSION, __CT, __CT_TEXT_PLAIN, __CTE, __USER_AGENT, WEBMAIL_XOIP,
 __HAS_XOIP, __CD, __HAS_FROM, __FRAUD_WEBMAIL_FROM, WEBMAIL_X_IP_HDR,
 __NO_HTML_TAG_RAW, BODYTEXTP_SIZE_400_LESS, BODYTEXTP_SIZE_3000_LESS,
 BODY_SIZE_10_99, __MIME_TEXT_P1, __MIME_TEXT_ONLY, HTML_00_01, HTML_00_10,
 BODY_SIZE_5000_LESS, __FRAUD_WEBMAIL, WEBMAIL_SOURCE, NO_URI_FOUND,
 NO_CTA_URI_FOUND, __PHISH_SPEAR_STRUCTURE_1, BODY_SIZE_1000_LESS,
 BODY_SIZE_2000_LESS, SMALL_BODY, __PHISH_SPEAR_STRUCTURE_2, __MIME_TEXT_P,
 NO_URI_HTTPS, BODY_SIZE_7000_LESS
Received: from webmail13.bt.ext.cpcloud.co.uk (10.110.13.1) by rgout02.bt.lon5.cpcloud.co.uk (9.0.019.13-1) (authenticated as [REDACTED]@btinternet.com)
        id 58482B971A37C716 for [REDACTED]@[REDACTED].plus.com; Sun, 13 Aug 2017 21:52:13 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=btcpcloud; t=1502657535; 
        bh=Hy61WwSEndqwKzArKPLZcQPACoRjmbmRdNbnqGWeg+Y=;
        h=To:Message-ID:Subject:MIME-Version:From:Date;
        b=ViyzuNSJokO2x/orc5ym/qyZDjJpETG+Vt7yBJchfvjJ/gLS7X3RX6QJ4umDjSem7tDP4pUVEH/06LZrPqJuOlVg9YOxy7v68vey5pfX4EIYMPhuXQuNuLlpLy1IZZNpVJdrtobltoZ//1susQaj/vIwfwh3sx3l2j5a/n/nRkI=
Received: from [REDACTED]
	by btmail.bt.com with HTTP; Sun, 13 Aug 2017 21:52:13 +0100
To: [REDACTED]@[REDACTED].plus.com
Message-ID: <7e669b.e25.15ddd5e56af.Webtop.52@btinternet.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=no
Content-Transfer-Encoding: 7bit
User-Agent: OWM Mail 3
X-SID: 52
X-Originating-IP: [80.229.150.170]
Content-Disposition: inline
From: "[REDACTED]@btinternet.com" <[REDACTED]@btinternet.com>
Date: Sun, 13 Aug 2017 21:52:13 +0100 (BST)
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: Test from BT Internet

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

ukguy1 · ‎29-06-2016

@bobpullen Fantastic, I've just tested an email to my own plusnet account and it works.

I'll let everyone know! Thanks again Bob, really appreciate your help. Star of the day!

Ps With the others I know who are on other isps, I'll advise they contact you/plusnet with the mx ip and do the same.
I'll let the bt internet person know - bt have many mx ips so could just be the one their email uses.

Townman · ‎22-08-2007

@bobpullen,

One presumes that PN had good reason to blackball these IPs? Responsible for massive volumes of SPAM?

If that is the case and the MTA service providers have done nothing to curtail abuse ... surely its only a matter of time before they are blackballed again?

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

ukguy1 · ‎29-06-2016

@Townman

Please let me reassure you that I have run a hosting company for 15 years along with 2 other businesses. I do not tolerate spam of any kind from any of our servers. We have all the correct measures in place with hourly limits and SPF records etc.

Yes, something probably did trigger the ip block, but I can assure you it was NOT massive volumes of spam as it is impossible to even send out more than 200 emails an hour from our accounts. If there is a relay attempt, I get alerted and the user gets reduced to 1 per hour until the emails are checked.

I do totally agree with you that spam has to be controlled and if there is repeated evidence of spamming from an IP it should stay blacklisted for very good reasons. In these cases it is also usually the case that the IP is also on many other blacklists (which ours isn't, it's 100% reputation 100% clean).

EDIT: None of our other ip's were listed

bobpullen · ‎04-04-2007

@Townman, that's possible, but without being able to establish the exact reason for the blacklisting, it's an assumption at best. Time will tell of course. The system we're talking about isn't part of the mail platform per se, and can block non-MX traffic too.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Townman · ‎22-08-2007

@ukguy1,

No offense was intended, just asking the right questions to flush out RCA.

Bob's statement of resolution somewhat inferred that the problem was associated with a BT email server - though a misunderstood detail, the principle is the same. There was some cause for the IPs being blackballed - if the cause is not known, there is the risk of being blackballed again.

I've 35 years experience in running IT amongst which is some experience of digging email services out of the blackballed spirals which occur by fixing symptoms and rather causes. Sounds as though the usual culprits you have well nailed down!

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

ukguy1 · ‎29-06-2016

@Townman 👍
In some cases of repeated spam from the same source we've actually traced the owner of the ips and contacted datacentres as tackling the root helps everyone. Needs more like us!