Does anyone has insights about dealing with Spamhaus? I'm getting increasingly frustrated by being listed without explanation. I run a very low bandwidth mail server and a website for my business. I am running postfix with SPF, DKIM, and DMARC. I'd like to know what I am missing. Spamhaus is very popular which in turn affects Twitter, LInkedIn, beyond just the mail. Is it possible to run one's own mail server this days?
On Thu, 21 Feb 2019 at 13:34, Marc Lijour via talk <talk@gtalug.org> wrote:
Does anyone has insights about dealing with Spamhaus?
Is it being run on shared hosting? I had an issue with a similar service because the server shared an IP address with another site that was hacked and was spamming people.
On Thu, 21 Feb 2019 at 13:34, Marc Lijour via talk <talk@gtalug.org> wrote:
Does anyone has insights about dealing with Spamhaus?
I'm getting increasingly frustrated by being listed without explanation. I run a very low bandwidth mail server and a website for my business. I am running postfix with SPF, DKIM, and DMARC. I'd like to know what I am missing.
Do you have a permanent static IP address? If not, you may occasionally be picking up a "dirty" IP address. Also, it seems to me that even permanent static IP addresses are not made the same. I get a feeling that some spam databases do not "like" certain ranges of IP addresses. Although I have no direct evidence of it, I suspect that these spam database sites run periodic checks on how much spam a subnet produces and when it exceeds some threshold the entire subnet is marked "dirty".
On Thu, 21 Feb 2019 at 14:03, Val Kulkov <val.kulkov@gmail.com> wrote:
Also, it seems to me that even permanent static IP addresses are not made the same. I get a feeling that some spam databases do not "like" certain ranges of IP addresses. Although I have no direct evidence of it, I suspect that these spam database sites run periodic checks on how much spam a subnet produces and when it exceeds some threshold the entire subnet is marked "dirty".
Forgot to mention http://www.mail-tester.com/, a site I periodically use to check how spam databases treat my ip address.
I have 8.2/10 pretty good considering that I got a -2 from Pyzor for my blank email On 2019-02-21 2:09 p.m., Val Kulkov via talk wrote:
On Thu, 21 Feb 2019 at 14:03, Val Kulkov <val.kulkov@gmail.com <mailto:val.kulkov@gmail.com>> wrote:
Also, it seems to me that even permanent static IP addresses are not made the same. I get a feeling that some spam databases do not "like" certain ranges of IP addresses. Although I have no direct evidence of it, I suspect that these spam database sites run periodic checks on how much spam a subnet produces and when it exceeds some threshold the entire subnet is marked "dirty".
Forgot to mention http://www.mail-tester.com/, a site I periodically use to check how spam databases treat my ip address.
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
I'm hosting at OVH, running a small VM with SSD. The IP is fixed. A range of IP owned by the cloud provider might explain things, except that I'm not responsible (nor have any control) of bad neighbours. On 2019-02-21 2:03 p.m., Val Kulkov via talk wrote:
On Thu, 21 Feb 2019 at 13:34, Marc Lijour via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
Does anyone has insights about dealing with Spamhaus?
I'm getting increasingly frustrated by being listed without explanation. I run a very low bandwidth mail server and a website for my business. I am running postfix with SPF, DKIM, and DMARC. I'd like to know what I am missing.
Do you have a permanent static IP address? If not, you may occasionally be picking up a "dirty" IP address.
Also, it seems to me that even permanent static IP addresses are not made the same. I get a feeling that some spam databases do not "like" certain ranges of IP addresses. Although I have no direct evidence of it, I suspect that these spam database sites run periodic checks on how much spam a subnet produces and when it exceeds some threshold the entire subnet is marked "dirty".
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Do you have reverse DNS records set up -- this is pretty much a requirement for running any mail server these days. This mailing list kept getting blocked by Spamhaus when we used IPv6 address to send out mail. I have no idea what was wrong with that, but the minute I turned off IPv6 everything went back to normal. I remember there's an open-source mail config/blacklist checking website tool, but I don't remember its name. Alex. On 2019-02-21 1:24 p.m., Marc Lijour via talk wrote:
Does anyone has insights about dealing with Spamhaus?
I'm getting increasingly frustrated by being listed without explanation. I run a very low bandwidth mail server and a website for my business. I am running postfix with SPF, DKIM, and DMARC. I'd like to know what I am missing.
Spamhaus is very popular which in turn affects Twitter, LInkedIn, beyond just the mail.
Is it possible to run one's own mail server this days?
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On Thu, 21 Feb 2019 at 14:17, Alex Volkov via talk <talk@gtalug.org> wrote:
I remember there's an open-source mail config/blacklist checking website tool, but I don't remember its name.
I thought I had, and I do. OVH is allocating my PTR in a group of 8 addresses (*ip-54-39-185.eu.*). May be that's where the problem lies? I sent a ticket to OVH. $ dig -x 54.39.185.225 ; <<>> DiG 9.11.4-3ubuntu5-Ubuntu <<>> -x 54.39.185.225 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25851 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;225.185.39.54.in-addr.arpa. IN PTR ;; ANSWER SECTION: 225.185.39.54.in-addr.arpa. 5990 IN PTR *ip-54-39-185.eu.* https://mxtoolbox.com/subnet/?filter=54.39.185.225/29&source=findmonitors&domain=54.39.185.225 On 2019-02-21 2:17 p.m., Alex Volkov wrote:
Do you have reverse DNS records set up -- this is pretty much a requirement for running any mail server these days.
This mailing list kept getting blocked by Spamhaus when we used IPv6 address to send out mail. I have no idea what was wrong with that, but the minute I turned off IPv6 everything went back to normal.
I remember there's an open-source mail config/blacklist checking website tool, but I don't remember its name.
Alex.
On 2019-02-21 1:24 p.m., Marc Lijour via talk wrote:
Does anyone has insights about dealing with Spamhaus?
I'm getting increasingly frustrated by being listed without explanation. I run a very low bandwidth mail server and a website for my business. I am running postfix with SPF, DKIM, and DMARC. I'd like to know what I am missing.
Spamhaus is very popular which in turn affects Twitter, LInkedIn, beyond just the mail.
Is it possible to run one's own mail server this days?
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
I think this might be it. You can't set reverse DNS records yourself, so you will need to contact your service provider and ask them to change the record for IP 54.39.185.225 from ip-54-39-185.eu to your mail server dns name. Alex. On 2019-02-21 2:43 p.m., Marc Lijour wrote:
I thought I had, and I do. OVH is allocating my PTR in a group of 8 addresses (*ip-54-39-185.eu.*). May be that's where the problem lies? I sent a ticket to OVH.
$ dig -x 54.39.185.225
; <<>> DiG 9.11.4-3ubuntu5-Ubuntu <<>> -x 54.39.185.225 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25851 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;225.185.39.54.in-addr.arpa. IN PTR
;; ANSWER SECTION: 225.185.39.54.in-addr.arpa. 5990 IN PTR *ip-54-39-185.eu.*
https://mxtoolbox.com/subnet/?filter=54.39.185.225/29&source=findmonitors&domain=54.39.185.225
On 2019-02-21 2:17 p.m., Alex Volkov wrote:
Do you have reverse DNS records set up -- this is pretty much a requirement for running any mail server these days.
This mailing list kept getting blocked by Spamhaus when we used IPv6 address to send out mail. I have no idea what was wrong with that, but the minute I turned off IPv6 everything went back to normal.
I remember there's an open-source mail config/blacklist checking website tool, but I don't remember its name.
Alex.
On 2019-02-21 1:24 p.m., Marc Lijour via talk wrote:
Does anyone has insights about dealing with Spamhaus?
I'm getting increasingly frustrated by being listed without explanation. I run a very low bandwidth mail server and a website for my business. I am running postfix with SPF, DKIM, and DMARC. I'd like to know what I am missing.
Spamhaus is very popular which in turn affects Twitter, LInkedIn, beyond just the mail.
Is it possible to run one's own mail server this days?
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 2019-02-21 2:49 p.m., Alex Volkov via talk wrote:
You can't set reverse DNS records yourself, so you will need to contact your service provider and ask them to change the record for IP 54.39.185.225 from ip-54-39-185.eu to your mail server dns name. [snip] On 2019-02-21 2:43 p.m., Marc Lijour wrote:
I thought I had, and I do. OVH is allocating my PTR in a group of 8 addresses (*ip-54-39-185.eu.*). May be that's where the problem lies?
OVH allows you to set a reverse IP mapping if you are renting a full server using the website account/server management tools. -- Cheers! Kevin. http://www.ve3syb.ca/ | "Nerds make the shiny things that https://www.patreon.com/KevinCozens | distract the mouth-breathers, and | that's why we're powerful" Owner of Elecraft K2 #2172 | #include <disclaimer/favourite> | --Chris Hardwick
On 2019-02-21 3:03 p.m., Kevin Cozens via talk wrote:
OVH allows you to set a reverse IP mapping if you are renting a full server using the website account/server management tools.
Yes it does (under IP in the cloud management tab of the web console), but this is what I got (thrown together with 7 other IPs and a dig -x that does not map directly to my DNS record).
OVH is a well known den of spam, scraper and malicious bots. This is your problem. I am sure Spamhaus has given up on the number of bots they need to block and banned the whole IP range. I know I have. You need to move to another host provider. OVH allows the rampant running of bots, so this is what they get. Total ban. On Thu, 21 Feb 2019 at 14:17, Alex Volkov via talk <talk@gtalug.org> wrote:
Do you have reverse DNS records set up -- this is pretty much a requirement for running any mail server these days.
This mailing list kept getting blocked by Spamhaus when we used IPv6 address to send out mail. I have no idea what was wrong with that, but the minute I turned off IPv6 everything went back to normal.
I remember there's an open-source mail config/blacklist checking website tool, but I don't remember its name.
Alex.
On 2019-02-21 1:24 p.m., Marc Lijour via talk wrote:
Does anyone has insights about dealing with Spamhaus?
I'm getting increasingly frustrated by being listed without explanation. I run a very low bandwidth mail server and a website for my business. I am running postfix with SPF, DKIM, and DMARC. I'd like to know what I am missing.
Spamhaus is very popular which in turn affects Twitter, LInkedIn, beyond just the mail.
Is it possible to run one's own mail server this days?
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
fair enough -I can understand that perspective What is my best bet? AWS? Azure? On 2019-02-21 3:41 p.m., Don Tai via talk wrote:
OVH is a well known den of spam, scraper and malicious bots. This is your problem. I am sure Spamhaus has given up on the number of bots they need to block and banned the whole IP range. I know I have. You need to move to another host provider. OVH allows the rampant running of bots, so this is what they get. Total ban.
On Thu, 21 Feb 2019 at 14:17, Alex Volkov via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
Do you have reverse DNS records set up -- this is pretty much a requirement for running any mail server these days.
This mailing list kept getting blocked by Spamhaus when we used IPv6 address to send out mail. I have no idea what was wrong with that, but the minute I turned off IPv6 everything went back to normal.
I remember there's an open-source mail config/blacklist checking website tool, but I don't remember its name.
Alex.
On 2019-02-21 1:24 p.m., Marc Lijour via talk wrote: > Does anyone has insights about dealing with Spamhaus? > > I'm getting increasingly frustrated by being listed without > explanation. I run a very low bandwidth mail server and a website for > my business. I am running postfix with SPF, DKIM, and DMARC. I'd like > to know what I am missing. > > Spamhaus is very popular which in turn affects Twitter, LInkedIn, > beyond just the mail. > > Is it possible to run one's own mail server this days? > > --- > Talk Mailing List > talk@gtalug.org <mailto:talk@gtalug.org> > https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org <mailto:talk@gtalug.org> https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
I forgot Planet Hoster in Montreal On Thu, 21 Feb 2019 at 15:49, Marc Lijour <marclijour@gmail.com> wrote:
fair enough -I can understand that perspective
What is my best bet? AWS? Azure? On 2019-02-21 3:41 p.m., Don Tai via talk wrote:
OVH is a well known den of spam, scraper and malicious bots. This is your problem. I am sure Spamhaus has given up on the number of bots they need to block and banned the whole IP range. I know I have. You need to move to another host provider. OVH allows the rampant running of bots, so this is what they get. Total ban.
On Thu, 21 Feb 2019 at 14:17, Alex Volkov via talk <talk@gtalug.org> wrote:
Do you have reverse DNS records set up -- this is pretty much a requirement for running any mail server these days.
This mailing list kept getting blocked by Spamhaus when we used IPv6 address to send out mail. I have no idea what was wrong with that, but the minute I turned off IPv6 everything went back to normal.
I remember there's an open-source mail config/blacklist checking website tool, but I don't remember its name.
Alex.
On 2019-02-21 1:24 p.m., Marc Lijour via talk wrote:
Does anyone has insights about dealing with Spamhaus?
I'm getting increasingly frustrated by being listed without explanation. I run a very low bandwidth mail server and a website for my business. I am running postfix with SPF, DKIM, and DMARC. I'd like to know what I am missing.
Spamhaus is very popular which in turn affects Twitter, LInkedIn, beyond just the mail.
Is it possible to run one's own mail server this days?
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing Listtalk@gtalug.orghttps://gtalug.org/mailman/listinfo/talk
On Thu, Feb 21, 2019, 15:42 Don Tai via talk, <talk@gtalug.org> wrote:
... You need to move to another host provider.
This is not always an option. The not-for-profit I work for has a web site run from WP Engine. It can send e-mail for updates, subscriptions, etc. Just one of the wp.com hosts that the mail relays through got blacklisted. Consequently, our volunteers and clients - people with disabilities - got nothing from us if they had a gmail or hotmail account. We have *no* control over this and no option to change. Spam blocking lists are extortion that hurt innocent people. Stewart
+1 turns out that OVH is cheap and not-for-profit organizations are looking for cheap (same as spammers I guess), we're caught in the same bag On 2019-02-21 3:50 p.m., Stewart Russell via talk wrote:
On Thu, Feb 21, 2019, 15:42 Don Tai via talk, <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
... You need to move to another host provider.
This is not always an option.
The not-for-profit I work for has a web site run from WP Engine. It can send e-mail for updates, subscriptions, etc.
Just one of the wp.com <http://wp.com> hosts that the mail relays through got blacklisted. Consequently, our volunteers and clients - people with disabilities - got nothing from us if they had a gmail or hotmail account.
We have *no* control over this and no option to change. Spam blocking lists are extortion that hurt innocent people.
Stewart
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On Thu, Feb 21, 2019, 15:53 Marc Lijour, <marclijour@gmail.com> wrote:
+1
turns out that OVH is cheap and not-for-profit organizations are looking for cheap (same as spammers I guess), ...
We're not looking for cheap at all. A site hosted by WPEngine isn't cheap. It's the arbitrariness of spam blocking: we did _nothing_ wrong, we have no link to any spammer or blacklist, yet the anti-spam crowd held our business up. I'm really surprised they haven't been sued into oblivion under tort laws. Stewart
You're on a shared host with any number of other web sites and owners. When one goes rogue and launches bots at the world the IP is logged and is used to ban all the sites on that IP, which might include your own. Bots reappear on a regular basis, using the same IP, so bans, in general, are for life. Spamhaus probably works on multiple complaint submissions, so it is not just a couple that will get you on the list. On Thu, 21 Feb 2019 at 17:53, Stewart Russell via talk <talk@gtalug.org> wrote:
On Thu, Feb 21, 2019, 15:53 Marc Lijour, <marclijour@gmail.com> wrote:
+1
turns out that OVH is cheap and not-for-profit organizations are looking for cheap (same as spammers I guess), ...
We're not looking for cheap at all. A site hosted by WPEngine isn't cheap. It's the arbitrariness of spam blocking: we did _nothing_ wrong, we have no link to any spammer or blacklist, yet the anti-spam crowd held our business up.
I'm really surprised they haven't been sued into oblivion under tort laws.
Stewart
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 02/21/2019 08:38 PM, Don Tai via talk wrote:
You're on a shared host with any number of other web sites and owners. When one goes rogue and launches bots at the world the IP is logged and is used to ban all the sites on that IP, which might include your own. Bots reappear on a regular basis, using the same IP, so bans, in general, are for life.
Are you saying all hosts on a site use the same IP address? That would make it impossible to access individual servers. Perhaps you meant subnet? Also, with many data centres, it's possible to arrange for your own Internet connection, completely independent of everyone else there. Of course, that becomes more difficult, though not impossible, if the servers are running virtual machines.
A host will have a number of IPs, a box is on a specific IP, there will be a number of web sites on the same box, many domain names pointing to the same IP. For example my sites are on a box with 25 different sites that I know of, all pointing to the same IP. If one of them causes a ban on the IP then all sites are affected/banned. On Fri, 22 Feb 2019 at 10:20, James Knott via talk <talk@gtalug.org> wrote:
On 02/21/2019 08:38 PM, Don Tai via talk wrote:
You're on a shared host with any number of other web sites and owners. When one goes rogue and launches bots at the world the IP is logged and is used to ban all the sites on that IP, which might include your own. Bots reappear on a regular basis, using the same IP, so bans, in general, are for life.
Are you saying all hosts on a site use the same IP address? That would make it impossible to access individual servers. Perhaps you meant subnet? Also, with many data centres, it's possible to arrange for your own Internet connection, completely independent of everyone else there. Of course, that becomes more difficult, though not impossible, if the servers are running virtual machines.
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 02/22/2019 11:00 AM, Don Tai wrote:
A host will have a number of IPs, a box is on a specific IP, there will be a number of web sites on the same box, many domain names pointing to the same IP. For example my sites are on a box with 25 different sites that I know of, all pointing to the same IP. If one of them causes a ban on the IP then all sites are affected/banned.
If each server has the same IP, how are they differentiated? The only ways I know are to use non standard port numbers or extend the host name with a suffix after a /.
On Fri, 22 Feb 2019 at 11:12, James Knott via talk <talk@gtalug.org> wrote:
On 02/22/2019 11:00 AM, Don Tai wrote:
A host will have a number of IPs, a box is on a specific IP, there will be a number of web sites on the same box, many domain names pointing to the same IP. For example my sites are on a box with 25 different sites that I know of, all pointing to the same IP. If one of them causes a ban on the IP then all sites are affected/banned.
If each server has the same IP, how are they differentiated? The only ways I know are to use non standard port numbers or extend the host name with a suffix after a /.
A single instance of Apache or Nginx (and probably most other HTTP servers) can handle multiple names on one port at one IP address. We use this ability a fair bit at my work: the web server determines what name you're looking for from the incoming header, looks at its own config to find out where on the box that website is stored, and responds with the proper information. The most obvious implementation of this is hosting sites who have used this ability for around 20 years. Presumably similar things can be done with most other incoming services, although I'm most familiar with the behaviour of web servers. -- Giles https://www.gilesorr.com/ gilesorr@gmail.com
On 02/22/2019 11:33 AM, Giles Orr wrote:
We use this ability a fair bit at my work: the web server determines what name you're looking for from the incoming header,
What would be in the header? All IP has in the header to differentiate connections is IP address and port number. For example, if I wanted to access the Mississauga Library ebook collection, I could open a browser to 13.92.99.128 and it would connect to port 443 for https. I have not provided any other information. So, how would the appropriate server be accessed from that, when multiple servers share a single IP?
On Fri, 22 Feb 2019 at 11:58, James Knott via talk <talk@gtalug.org> wrote:
On 02/22/2019 11:33 AM, Giles Orr wrote:
We use this ability a fair bit at my work: the web server determines what name you're looking for from the incoming header,
What would be in the header? All IP has in the header to differentiate connections is IP address and port number. For example, if I wanted to access the Mississauga Library ebook collection, I could open a browser to 13.92.99.128 and it would connect to port 443 for https. I have not provided any other information. So, how would the appropriate server be accessed from that, when multiple servers share a single IP?
Since HTTP 1.1, a request may contain the "Host" header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host which web servers can they use to serve proper content for a given host name. See, for example, http://nginx.org/en/docs/http/request_processing.html for information how nginx deals with multiple servers on the same IP address. For https, there is SNI: https://en.wikipedia.org/wiki/Server_Name_Indication
On 02/22/2019 12:08 PM, Val Kulkov via talk wrote:
Since HTTP 1.1, a request may contain the "Host" header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host which web servers can they use to serve proper content for a given host name. See, for example, http://nginx.org/en/docs/http/request_processing.html for information how nginx deals with multiple servers on the same IP address.
For https, there is SNI: https://en.wikipedia.org/wiki/Server_Name_Indication
That could explain why I can connect to my cable modem config using IP address, but not a host name & DNS. While the login screen appears either way, connections made via host name are not accepted with "Login Failed"
On Fri, 22 Feb 2019 at 11:58, James Knott via talk <talk@gtalug.org> wrote:
On 02/22/2019 11:33 AM, Giles Orr wrote:
We use this ability a fair bit at my work: the web server determines what name you're looking for from the incoming header,
What would be in the header? All IP has in the header to differentiate connections is IP address and port number. For example, if I wanted to access the Mississauga Library ebook collection, I could open a browser to 13.92.99.128 and it would connect to port 443 for https. I have not provided any other information. So, how would the appropriate server be accessed from that, when multiple servers share a single IP?
You're correct: if the user provides only an IP address, the web server doesn't necessarily know how to respond. You can set a default in the web server (at a hosting site it would almost certainly be to the hosting provider's main page). But your use-case is vanishingly small: no one uses IP addresses anymore, and I'd suggest it's an actively bad idea since cloud services allow us (the web site creators) to change IP addresses as frequently as people change their clothes. That's how it is now: the _name_ remains constant, but the IP changes intermittently. This random changing of IP addresses is also why we're having a parallel discussion of "bad" and "good" IP neighbourhoods: if you take your name and move it from one neighbourhood to another, places like Spamhaus associate you (and thus your behaviour, warranted or not) with that of your neighbours. -- Giles https://www.gilesorr.com/ gilesorr@gmail.com
On 02/22/2019 12:11 PM, Giles Orr wrote:
But your use-case is vanishingly small: no one uses IP addresses anymore
As I mentioned in another note, there is one case where IP address is mandatory. It's when I connect to my cable modem for management. It works only if I specify the IP address. It will not work if I use a host name.
Here's an example of a request header. The IP and host name are in the request header. This is a Bingbot request. For a ban I usually only use the IP. 2019-02-11:00:03:53 URL: /wp/tag/fire-code/ IP: 157.55.39.xxx Accept: */* Accept-Encoding: gzip, deflate Cache-Control: no-cache Connection: Keep-Alive From: bingbot(at)microsoft.com Host: ewxample.com Pragma: no-cache User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; + http://www.bing.com/bingbot.htm) X-Https: 1 On Fri, 22 Feb 2019 at 11:32, Giles Orr via talk <talk@gtalug.org> wrote:
On Fri, 22 Feb 2019 at 11:12, James Knott via talk <talk@gtalug.org> wrote:
On 02/22/2019 11:00 AM, Don Tai wrote:
A host will have a number of IPs, a box is on a specific IP, there will be a number of web sites on the same box, many domain names pointing to the same IP. For example my sites are on a box with 25 different sites that I know of, all pointing to the same IP. If one of them causes a ban on the IP then all sites are affected/banned.
If each server has the same IP, how are they differentiated? The only ways I know are to use non standard port numbers or extend the host name with a suffix after a /.
A single instance of Apache or Nginx (and probably most other HTTP servers) can handle multiple names on one port at one IP address. We use this ability a fair bit at my work: the web server determines what name you're looking for from the incoming header, looks at its own config to find out where on the box that website is stored, and responds with the proper information. The most obvious implementation of this is hosting sites who have used this ability for around 20 years.
Presumably similar things can be done with most other incoming services, although I'm most familiar with the behaviour of web servers.
-- Giles https://www.gilesorr.com/ gilesorr@gmail.com --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
| From: Val Kulkov via talk <talk@gtalug.org> | Do you have a permanent static IP address? If not, you may occasionally be | picking up a "dirty" IP address. It's clear (now) that Marc has a static IP address. It really isn't worth trying to use a dynamic IP address for mail. But I did it. I used to use a Rogers connection for a secondary email server. I could use the domain name they gave me, and the reverse domain would agree (but was out of my control). The IP address would change at the rate of roughly once a year. That would cause a bit of disruption because the transition was carelessly managed by Rogers. I still use Rogers for bulk IP traffic but maybe not for long: they are kind of doubling the cost for my "bundle" and I find that annoying. | From: Don Tai via talk <talk@gtalug.org> | You're on a shared host with any number of other web sites and owners. When | one goes rogue and launches bots at the world the IP is logged and is used | to ban all the sites on that IP, which might include your own. Bots | reappear on a regular basis, using the same IP, so bans, in general, are | for life. It's clear (now) that Marc has a dedicated IP address. It depends on what you mean by "shared host". Normally that means several web sites sharing one IP address. I don't think that you can do that with SMTP. You could mean several people sharing one box, but with each having their own IP address. That should work for email. I, for example, rent a couple of OpenVZ instances in the cloud, each with their own IP address. Each physical box is shared by untold numbers of OpenVZ instances. I'm allowed to set the reverse domain records for them. (Control of one's own forward domain is not a problem.) They each cost less than $20 per year. I don't run mail servers on them but I'm sure that I could. They both run CentOS 7.
Happy to report that OVH got it fixed for me. They replied to the support ticket within 24 hours. After two interactions we were done. They said it took some time for the reverse DNS to replicate (for the reverse record I did setup days earlier). Whether it was just that delay or they did something in the backend, the dig -x command now reports the correct information. No Spamhaus red flag since then. Happy end. On Fri, Feb 22, 2019, 20:20 D. Hugh Redelmeier via talk, <talk@gtalug.org> wrote:
| From: Val Kulkov via talk <talk@gtalug.org>
| Do you have a permanent static IP address? If not, you may occasionally be | picking up a "dirty" IP address.
It's clear (now) that Marc has a static IP address.
It really isn't worth trying to use a dynamic IP address for mail. But I did it.
I used to use a Rogers connection for a secondary email server. I could use the domain name they gave me, and the reverse domain would agree (but was out of my control). The IP address would change at the rate of roughly once a year. That would cause a bit of disruption because the transition was carelessly managed by Rogers.
I still use Rogers for bulk IP traffic but maybe not for long: they are kind of doubling the cost for my "bundle" and I find that annoying.
| From: Don Tai via talk <talk@gtalug.org>
| You're on a shared host with any number of other web sites and owners. When | one goes rogue and launches bots at the world the IP is logged and is used | to ban all the sites on that IP, which might include your own. Bots | reappear on a regular basis, using the same IP, so bans, in general, are | for life.
It's clear (now) that Marc has a dedicated IP address.
It depends on what you mean by "shared host". Normally that means several web sites sharing one IP address. I don't think that you can do that with SMTP.
You could mean several people sharing one box, but with each having their own IP address. That should work for email.
I, for example, rent a couple of OpenVZ instances in the cloud, each with their own IP address. Each physical box is shared by untold numbers of OpenVZ instances. I'm allowed to set the reverse domain records for them. (Control of one's own forward domain is not a problem.) They each cost less than $20 per year. I don't run mail servers on them but I'm sure that I could. They both run CentOS 7. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Uhm, no. For example: If you would ask 8.8.4.4 the in-addr.arpa for "your" rented OVH ip resource, then 8.8.4.4 would go and ask OVH for the answer. And no, Spamhaus does not "red flag" any ipv4/6 resource for lack of a reverse name. So no mystery for me here... OVH is known for being less than responsive to abuse complaints. Also, judging from your post, OVH is also economic with the truth? Your reverse setting took a day or two because OVH did not update your request and as far as Spamhaus goes: OVH had to promise that their abuse has stopped, to have their resources removed. No IP becomes listed simply because it has no reverse name setup. In fact, there is no technical requirement to even have a reverse name setup. But, for some types of spam, 99.9% of the time, that specific type of abuse resource has no reverse, which is why over 50% (by volume of servers) of mail servers do not talk to you without your ipv having a reverse name... Then again, by volume of email (not by volume of servers), over 87% of email boxes will accept email from you, with no reverse name configured. (The reason for this is partly the large dominance of Google & Microsoft - One of which accepts email from ipv with no reverse and the other being unpredictable as it does anything at any time) Anyway, as usual, ymmv. hth Andre On Wed, 27 Feb 2019 10:38:09 -0500 Marc Lijour via talk <talk@gtalug.org> wrote:
Happy to report that OVH got it fixed for me. They replied to the support ticket within 24 hours. After two interactions we were done. They said it took some time for the reverse DNS to replicate (for the reverse record I did setup days earlier). Whether it was just that delay or they did something in the backend, the dig -x command now reports the correct information. No Spamhaus red flag since then. Happy end.
On Fri, Feb 22, 2019, 20:20 D. Hugh Redelmeier via talk, <talk@gtalug.org> wrote:
| From: Val Kulkov via talk <talk@gtalug.org>
| Do you have a permanent static IP address? If not, you may occasionally be | picking up a "dirty" IP address.
It's clear (now) that Marc has a static IP address.
It really isn't worth trying to use a dynamic IP address for mail. But I did it.
I used to use a Rogers connection for a secondary email server. I could use the domain name they gave me, and the reverse domain would agree (but was out of my control). The IP address would change at the rate of roughly once a year. That would cause a bit of disruption because the transition was carelessly managed by Rogers.
I still use Rogers for bulk IP traffic but maybe not for long: they are kind of doubling the cost for my "bundle" and I find that annoying.
| From: Don Tai via talk <talk@gtalug.org>
| You're on a shared host with any number of other web sites and owners. When | one goes rogue and launches bots at the world the IP is logged and is used | to ban all the sites on that IP, which might include your own. Bots | reappear on a regular basis, using the same IP, so bans, in general, are | for life.
It's clear (now) that Marc has a dedicated IP address.
It depends on what you mean by "shared host". Normally that means several web sites sharing one IP address. I don't think that you can do that with SMTP.
You could mean several people sharing one box, but with each having their own IP address. That should work for email.
I, for example, rent a couple of OpenVZ instances in the cloud, each with their own IP address. Each physical box is shared by untold numbers of OpenVZ instances. I'm allowed to set the reverse domain records for them. (Control of one's own forward domain is not a problem.) They each cost less than $20 per year. I don't run mail servers on them but I'm sure that I could. They both run CentOS 7. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 21/02/2019 17:53, Stewart Russell via talk wrote:
On Thu, Feb 21, 2019, 15:53 Marc Lijour, <marclijour@gmail.com <mailto:marclijour@gmail.com>> wrote:
+1
turns out that OVH is cheap and not-for-profit organizations are looking for cheap (same as spammers I guess), ...
We're not looking for cheap at all. A site hosted by WPEngine isn't cheap. It's the arbitrariness of spam blocking: we did _nothing_ wrong, we have no link to any spammer or blacklist, yet the anti-spam crowd held our business up.
Looks like WPEngine allows you to use an external SMTP provider: https://wpengine.com/support/using-3rd-party-email-provider-send-mail-wordpr... $5/month for a VM with places like vultur, linode, digital ocean. I run a few VMs, and all get 10/10 with that mail test site mentioned earlier. Postfix with SPF, DKIM, and rDNS records are what I use. Ought to be pretty solid for all but the most demanding users. I haven't needed to look into DMARC at all, but could add it if needed. Otherwise with WPEngine, mailgun, sendgrid, looks like there are options to get your messages onto reliable mail gateways. Cheers, Jamon
I gave up on trying to keep a local mail server off of spamhaus and similar lists and ended up getting an account at authsmtp.com to relay outbound mail through so that they can deal with the deliverability side of it. Sending 4000 messages a month is probably cheaper than the amount of time you've invested in trying to get your IP safelisted. -jason On Thu, Feb 21, 2019 at 10:33 AM Marc Lijour via talk <talk@gtalug.org> wrote:
Does anyone has insights about dealing with Spamhaus?
I'm getting increasingly frustrated by being listed without explanation. I run a very low bandwidth mail server and a website for my business. I am running postfix with SPF, DKIM, and DMARC. I'd like to know what I am missing.
Spamhaus is very popular which in turn affects Twitter, LInkedIn, beyond just the mail.
Is it possible to run one's own mail server this days?
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
If you want to relay email and operate a working email server, you need to start with ipv4 reputation. If you host in the middle of a criminal hotspot and at a socalled "bullet proof" host (a host that does not care about abuse complaints and has a bad reputation) Do not expect to be able to relay email communications properly, from such a poor IP neighborhood. The check your IPv4 reputation, I strongly suggest using this service: http://multirbl.valli.org/ If your IP is listed by 10+ services, rather migrate to a better IP neighborhood (Why would you want to support hosting providers that proved safe haven to child pornographers, scammer, cyber crime and other rubbish???) If your ipv4 reputation is not too bad, apply for removal from wherever. The services listed on multirbl.valli.org - are all ethical, decent and moral, if you know different and have actual proof of non ethical behavior, do please submit any such evidence to any RIR anti-abuse (or even this) public mailing list. Yes, you can operate your own email service, no, you cannot easily spam, abuse and do any number of other weird things easily any longer... hth Andre On Thu, 21 Feb 2019 19:10:16 -0800 Jason Shaw via talk <talk@gtalug.org> wrote:
I gave up on trying to keep a local mail server off of spamhaus and similar lists and ended up getting an account at authsmtp.com to relay outbound mail through so that they can deal with the deliverability side of it. Sending 4000 messages a month is probably cheaper than the amount of time you've invested in trying to get your IP safelisted.
-jason
On Thu, Feb 21, 2019 at 10:33 AM Marc Lijour via talk <talk@gtalug.org> wrote:
Does anyone has insights about dealing with Spamhaus?
I'm getting increasingly frustrated by being listed without explanation. I run a very low bandwidth mail server and a website for my business. I am running postfix with SPF, DKIM, and DMARC. I'd like to know what I am missing.
Spamhaus is very popular which in turn affects Twitter, LInkedIn, beyond just the mail.
Is it possible to run one's own mail server this days?
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
participants (13)
-
ac -
Alex Volkov -
D. Hugh Redelmeier -
Don Tai -
Giles Orr -
James Knott -
Jamon Camisso -
Jason Shaw -
Kevin Cozens -
Marc Lijour -
Stewart Russell -
Tim Tisdall -
Val Kulkov