cancel
Showing results for 
Search instead for 
Did you mean: 

F9 relays blacklisted, anyone else?

N/A

F9 relays blacklisted, anyone else?

I email allot and about once a month I get email bounced back from the recipients mail server because one of the F9 relay's have been blacklisted due to spam abuse. It's very annoying as it stops all email going to that person for several days while I raise a support ticket and F9 get around to removing it.

F9 Support says that they are not an open relay but they are continually getting listed, and from the evidence provided by the blacklisting service it's obvious that they are.

Anybody else having problems with blacklisted relays?
14 REPLIES
N/A

F9 relays blacklisted, anyone else?

Hi,

QTN too you? is the recipient your sending the email too on a completely different network such as NTL Telewest, AOL or such like because sometimes these providors block mail from other ISP's have you thought about that? Due to the nature of viruses, spam and other mail born nasties.

As for open relays its unlikely that F9 have open relays but hackers can sometimes create open relays that network providors like F9 dont or wont know about (but it is unusual though I have to say) because they are hidden or temporary. A good network administrator will definately have to tools on his system to know if there are any open relays. Open relays are NOT common & most ISP dont like them & wont tolerate them, most ISP's who provide mail services have good control over inbound & outbound services & so a mail relay would have to exsist outside of that control.

Ivan
orrery
Grafter
Posts: 138
Thanks: 1
Registered: 30-07-2007

F9 relays blacklisted, anyone else?

Quote
F9 Support says that they are not an open relay but they are continually getting listed, and from the evidence provided by the blacklisting service it's obvious that they are.


... or an F9 user is spamming someone, or an F9 user has reported his own mailhost in error...

It happens.

regards, Ian
jfrank
Grafter
Posts: 61
Registered: 30-07-2007

no - its true

At least one of the F9 relays is blacklisted because I got a return mail from a friend of mine who works at Royal Mail - and the report included a website where I could check the IP out - it was blacklisted on the system Royal Mail use (forgot it's name), showed up as owned by PlusNet.

I've also been getting a shed load of faked return path emails using my f9 address (usually anything -> fhuishfisehf@name@force9.co.uk). I never sign up to anything with my f9 account other than give it to friends or trusted services etc. so it's either been guessed or leaked or something.
N/A

F9 relays blacklisted, anyone else?

Hi,

I contacted F9 support some time ago about the problem of faked return to sender & failure notices and was told there is nothing that can be done by anyone as these are generated by one of the latest worms doing the rounds across the internet. The problem is difficult because failure notices are a real and genuine mail function so weeding out the junk ones from the legitimate ones is almost totally impossible.

**You dont have to sign up for anything to be deluged with such failure notices I get hundreds of them all the time, is very annoying and I even have good spam filtering too. Its just one of those things that one has to deal with when using the internet but it does degrade the service for the rest of the human race.

Ivan
Pendragon
Rising Star
Posts: 425
Thanks: 3
Fixes: 1
Registered: 07-04-2007

F9 relays blacklisted, anyone else?

As well as the worm there is another crafty way a spammer hit me.

I received an email like we all do but reading it just triggered a failure notice. Further investigation of the header revealed the email had been posted in such a way the return address and return path were both set to return back to me.

So just by reading (and in some cases where the original sender has set a ‘delete notification’) the message, will trigger a ‘failure notice’ bounced back to yourself.

Turning off all tracking (In Outlook, Tools, Options, [Email Options …], [Tracking Options …], click Never send a response, will kill this sort of bounced message.

I did find a way to turn off the ‘Delete failure notice’ but after re-installing XP and Office after a major crash, could not find it again, it might have been in a service pack I have not installed but a search on Technet and Google failed to find anything so I gave up.

Regards, Colin.
astarsolutions
Grafter
Posts: 393
Registered: 26-07-2007

F9 relays blacklisted, anyone else?

I use my own mail server for receiving e-mails and managing mailboxes but I still use the force9 mail server to send e-mail as the IP's we get issued are marked as dynamic and are blocked by most mail servers.

When I setup the server to send through f9 the only information I entered was relay.force9.co.uk, it is set to not use any authentication.
F9 are either detecting the connection is coming from a F9 account (which I didn't think they did) or they are running as an open relay (although I can't imagine they are).
David_W
Rising Star
Posts: 2,291
Thanks: 29
Registered: 19-07-2007

F9 relays blacklisted, anyone else?

It would be more along the lines of, if IP address isnt an F9 IP address, block it from using the mail server.
N/A

F9 relays blacklisted, anyone else?

Hi, the email recipient is with an ISP in another country.

From the evidence at http://psbl.surriel.com/listing?ip=212.159.14.132 (click on the Check Evidence button for that ip address or for 212.159.14.131) you can see that mail is coming from outside F9/plus to a completely open SMTP server at one of their customers. F9's relays are then accepting email from these customers even though the email did not originate from it.

As it's an F9 relay passing it on, it's getting blacklisted. Note you can't connect to the relay from outside the F9/plus network and try to send email, you get a 'relay denied' error as you should.

This has been going on for 7 months and all F9 do is say they're not an open relay and remove the listing. If they don't close this hole I'll have to leave F9.
astarsolutions
Grafter
Posts: 393
Registered: 26-07-2007

F9 relays blacklisted, anyone else?

The problem lies with one of F9's customers not F9.
How do F9 detect an open relay being run by another user, this user isn't in any block list so they can't stop it that way.
And it may not be an open relay, it could be a legit user of that server with a compromised machine.

The only thing that can be done is to contact F9 and get them to notify the user of the problem and to contact BT and let them know they have a spammer or a user with a compromised machine.
N/A

F9 relays blacklisted, anyone else?

Yes, at the very least F9 should be doing as Arthur suggested; contacting one of their customers as their use of the network (intentional or not) is affecting other customers.

But the fact that the F9 relays are accepting email from customers servers/computers that are addressed as coming from domains that are not F9/plus means it IS an open relay. In one example, the From field is eafazgpuxof@vbgov.com (Virginia Beach, USA)!
astarsolutions
Grafter
Posts: 393
Registered: 26-07-2007

F9 relays blacklisted, anyone else?

I assume F9's mail servers work the way mine does, as long as I authenticate with the server it doesn't matter where I am connecting from; so as long as the user is using a user name and password he can be connecting from anywhere.
I.E. not an open relay
N/A

F9 relays blacklisted, anyone else?

Quote
Yes, at the very least F9 should be doing as Arthur suggested; contacting one of their customers as their use of the network (intentional or not) is affecting other customers.

But the fact that the F9 relays are accepting email from customers servers/computers that are addressed as coming from domains that are not F9/plus means it IS an open relay. In one example, the From field is eafazgpuxof@vbgov.com (Virginia Beach, USA)!

That's not the definition of an open relay. You don't have to acept mail only from your own domain to be 'closed' you only have to have an authentication requirement which F9 do have. So closed, not open.

As to whether F9 could help, that's a different matter. Yes they should. Do you think they will?
N/A

F9 relays blacklisted, anyone else?

Quote
But the fact that the F9 relays are accepting email from customers servers/computers that are addressed as coming from domains that are not F9/plus means it IS an open relay. In one example, the From field is eafazgpuxof@vbgov.com (Virginia Beach, USA)!


If you are sure the mail is spam and is being relayed through relay.force9.net, then you should report it using the Questions system - Customer Services and Billing, Contact the Abuse Team, Report Abuse.

As was said, accepting mail from non F9/plus domains is allowable - for people with domain names, it could be the only way to send email from that domain for example.
orrery
Grafter
Posts: 138
Thanks: 1
Registered: 30-07-2007

F9 relays blacklisted, anyone else?

Quote
In one example, the From field is eafazgpuxof@vbgov.com (Virginia Beach, USA)!


The 'from' field has no bearing on anything. It is simply text inserted into mail headers. It tells us nothing about where the mail comes from.

regards, Ian