A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Strange spam filtering issue - help please



 
 
Thread Tools Display Modes
  #1  
Old February 24th 08, 10:36 PM posted to uk.telecom.broadband
Peter
external usenet poster
 
Posts: 430
Default Strange spam filtering issue - help please

I have for a long time had a problem with emails to certain people
going missing, or ending up in their Spam folders.

I suspect that somehow the IP of my SMTP server (which is a PC running
on a fixed IP on a business account from Eclipse) is getting
blacklisted.

However, none of the various IP blacklists (mentioned here and
elsewhere) have ever shown that IP as being blacklisted.

I was originally worried because of rumours that dynamic IP blocks are
blacklisted whole, and I pressed Eclipse hard to confirm their 'fixed'
IP is not out of a dynamic IP block, with their DHCP server simply
being set up to always issue the same IP. Unlike with ZEN where one
can always get a proper tech reply, I never got through to anybody
technical but they said it is a real fixed IP and not out of a dynamic
block.

Some recipients get my emails but they are marked [SPAM] or "Spam
score x.x" in the subject header - obviously by their ISP. Yet these
can be really innocuous brief emails.

I wonder what is the best way to get to the bottom of something like
this?

Sometimes it seems that sending somebody a brief email containing a
URL is enough to get the email dumped.
  #2  
Old February 24th 08, 11:52 PM posted to uk.telecom.broadband
Chip
external usenet poster
 
Posts: 114
Default Strange spam filtering issue - help please

On Sun, 24 Feb 2008 22:36:55 +0000,it is alleged that Peter
spake thusly in
uk.telecom.broadband:

I have for a long time had a problem with emails to certain people
going missing, or ending up in their Spam folders.

I suspect that somehow the IP of my SMTP server (which is a PC running
on a fixed IP on a business account from Eclipse) is getting
blacklisted.

However, none of the various IP blacklists (mentioned here and
elsewhere) have ever shown that IP as being blacklisted.

I was originally worried because of rumours that dynamic IP blocks are
blacklisted whole, and I pressed Eclipse hard to confirm their 'fixed'
IP is not out of a dynamic IP block, with their DHCP server simply
being set up to always issue the same IP. Unlike with ZEN where one
can always get a proper tech reply, I never got through to anybody
technical but they said it is a real fixed IP and not out of a dynamic
block.

Some recipients get my emails but they are marked [SPAM] or "Spam
score x.x" in the subject header - obviously by their ISP. Yet these
can be really innocuous brief emails.

I wonder what is the best way to get to the bottom of something like
this?

Sometimes it seems that sending somebody a brief email containing a
URL is enough to get the email dumped.


I am sure someone with more experience will be along in the morning,
but one thing that can cause this is the forward and reverse dns being
different. Say for example your server claims to be (and is)
mail.smallcompany.example, but when the receiving mailserver does a
dsn lookup on the IP and gets static.something.123.eclipse.co.uk, it
flags it as suspicious. This never used to be the case, but
unfortunately spammers have almost ruined email as a medium :-(

--
_
( ) ASCII ribbon campaign against html e-mail
X and usenet posts
/ \
  #3  
Old February 25th 08, 12:05 AM posted to uk.telecom.broadband
Devs
external usenet poster
 
Posts: 54
Default Strange spam filtering issue - help please

In message , Peter
writes
I have for a long time had a problem with emails to certain people
going missing, or ending up in their Spam folders.

I suspect that somehow the IP of my SMTP server (which is a PC running
on a fixed IP on a business account from Eclipse) is getting
blacklisted.

However, none of the various IP blacklists (mentioned here and
elsewhere) have ever shown that IP as being blacklisted.

I was originally worried because of rumours that dynamic IP blocks are
blacklisted whole, and I pressed Eclipse hard to confirm their 'fixed'
IP is not out of a dynamic IP block, with their DHCP server simply
being set up to always issue the same IP. Unlike with ZEN where one
can always get a proper tech reply, I never got through to anybody
technical but they said it is a real fixed IP and not out of a dynamic
block.

Some recipients get my emails but they are marked [SPAM] or "Spam
score x.x" in the subject header - obviously by their ISP. Yet these
can be really innocuous brief emails.

I wonder what is the best way to get to the bottom of something like
this?

Sometimes it seems that sending somebody a brief email containing a
URL is enough to get the email dumped.


Are you sending via DNS? A lot of ISPs seem to block mail unless it
comes from a known and established IP address of an SMTP server. Will
your ISP allow your SMTP server to send through its SMTP server? This
has cured the problem for me a few times.
--
Devs
"Punchdown Pete the old Kroner"
Un autre 4 ans!
  #4  
Old February 25th 08, 12:22 AM posted to uk.telecom.broadband
Joker7
external usenet poster
 
Posts: 198
Default Strange spam filtering issue - help please

In news: - Peter wrote :
I have for a long time had a problem with emails to certain people
going missing, or ending up in their Spam folders.

I suspect that somehow the IP of my SMTP server (which is a PC
running on a fixed IP on a business account from Eclipse) is getting
blacklisted.

However, none of the various IP blacklists (mentioned here and
elsewhere) have ever shown that IP as being blacklisted.

I was originally worried because of rumours that dynamic IP blocks
are blacklisted whole, and I pressed Eclipse hard to confirm their
'fixed' IP is not out of a dynamic IP block, with their DHCP server
simply being set up to always issue the same IP. Unlike with ZEN
where one can always get a proper tech reply, I never got through to
anybody technical but they said it is a real fixed IP and not out of
a dynamic block.

Some recipients get my emails but they are marked [SPAM] or "Spam
score x.x" in the subject header - obviously by their ISP. Yet these
can be really innocuous brief emails.

I wonder what is the best way to get to the bottom of something like
this?

Sometimes it seems that sending somebody a brief email containing a
URL is enough to get the email dumped.



You will find a lot of answer he
http://postmaster.aol.com/

Qnce you can get you mail to aol you can get it anywhere...

Chris

--
Superb hosting & domain name deals http://dn-22.co.uk
The Handyman http://www.looker.me.uk


  #5  
Old February 25th 08, 07:55 PM posted to uk.telecom.broadband
Peter
external usenet poster
 
Posts: 430
Default Strange spam filtering issue - help please


Devs wrote

Are you sending via DNS? A lot of ISPs seem to block mail unless it
comes from a known and established IP address of an SMTP server.


How would one define 'known and established'?

I do suspect this is happening but find it hard to get evidence. If it
is happening to me, it seems sporadic, for a given ISP.
  #6  
Old February 26th 08, 07:53 AM posted to uk.telecom.broadband
Alex Fraser
external usenet poster
 
Posts: 553
Default Strange spam filtering issue - help please

"Peter" wrote in message
news
I have for a long time had a problem with emails to certain people
going missing, or ending up in their Spam folders.

I suspect that somehow the IP of my SMTP server (which is a PC running
on a fixed IP on a business account from Eclipse) is getting
blacklisted.

However, none of the various IP blacklists (mentioned here and
elsewhere) have ever shown that IP as being blacklisted.

[snip]
Some recipients get my emails but they are marked [SPAM] or "Spam
score x.x" in the subject header - obviously by their ISP. Yet these
can be really innocuous brief emails.

I wonder what is the best way to get to the bottom of something like
this?


Anti-spam tools usually add details of how they computed the spam score to
the headers of the email - getting hold of some examples is probably the
best way to get to the bottom of the matter. If you are not sure how to
interpret them, post here - you can remove the subject and local parts (bit
before the @) of any email addresses. That said...

From what you say, it probably isn't the case, but worth double-checking
that your server is not an open relay.

I run a mail server on a home Eclipse connection with static address with no
such problem (at least, as far as I know). However, I have two connections
with static addresses: the one with the email server, which I have had for
several years, clearly has an address from a static pool whereas this is not
clearly the case for the other one (ie it may just be a fixed address from a
pool used for both static and dynamic addresses). So it's possible that your
address appears in "dynamic IP" lists - and you just haven't found which
one(s).

Eclipse don't appear to assign any reverse DNS by default which may cause a
slight spam weighting but not as much as a mismatch. As Chip suggested, make
sure you have reverse DNS set up (I can do this via the website, probably
the same for you) to the name your mail server uses when it says HELO/EHLO.

If you have good control over DNS records and your server sends mail with
addresses in domains you own, you could add SPF records for the domains (see
http://www.openspf.org/).

Routing all mail through Eclipse's SMTP server(s) will likely avoid the
problem. For a bit more effort, routing "problem domains" only will also
likely avoid the problem whilst introducing minimal dependency on Eclipse's
server(s).

Alex


  #7  
Old February 26th 08, 07:55 AM posted to uk.telecom.broadband
Alex Fraser
external usenet poster
 
Posts: 553
Default Strange spam filtering issue - help please

"Peter" wrote in message
...

Devs wrote

Are you sending via DNS? A lot of ISPs seem to block mail unless it
comes from a known and established IP address of an SMTP server.


How would one define 'known and established'?


That, unfortunately, is the main problem - anti-spam tools are forced to
guess.

Alex


  #8  
Old February 26th 08, 11:43 AM posted to uk.telecom.broadband
[email protected]
external usenet poster
 
Posts: 39
Default Strange spam filtering issue - help please


"Peter" wrote in message
news
I have for a long time had a problem with emails to certain people
going missing, or ending up in their Spam folders.

I suspect that somehow the IP of my SMTP server (which is a PC running
on a fixed IP on a business account from Eclipse) is getting
blacklisted.

However, none of the various IP blacklists (mentioned here and
elsewhere) have ever shown that IP as being blacklisted.

[snip]
Some recipients get my emails but they are marked [SPAM] or "Spam
score x.x" in the subject header - obviously by their ISP. Yet these
can be really innocuous brief emails.

I wonder what is the best way to get to the bottom of something like
this?


Anti-spam tools usually add details of how they computed the spam score to
the headers of the email - getting hold of some examples is probably the
best way to get to the bottom of the matter. If you are not sure how to
interpret them, post here - you can remove the subject and local parts (bit
before the @) of any email addresses. That said...

From what you say, it probably isn't the case, but worth double-checking
that your server is not an open relay.


I am as sure as I can be. We use SMTP AUTH only, and the password is
nontrivial, and the logs have been checked fairly regularly. We see
loads of hacking attempts...

I run a mail server on a home Eclipse connection with static address with no
such problem (at least, as far as I know). However, I have two connections
with static addresses: the one with the email server, which I have had for
several years, clearly has an address from a static pool whereas this is not
clearly the case for the other one (ie it may just be a fixed address from a
pool used for both static and dynamic addresses). So it's possible that your
address appears in "dynamic IP" lists - and you just haven't found which
one(s).


I have never found any of these mysterious lists - this would be
highly interesting and relevant.

I have always suspected Eclipse allocate their 'fixed' IPs from a
dynamic pool, but one cannot get hold of anybody there who sounds like
they know what they are talking about. They don't provide access to
another level of tech support, no matter how hard I have tried.

Eclipse don't appear to assign any reverse DNS by default which may cause a
slight spam weighting but not as much as a mismatch. As Chip suggested, make
sure you have reverse DNS set up (I can do this via the website, probably
the same for you) to the name your mail server uses when it says HELO/EHLO.


I got them to add reverse DNS - no problem. They seem to be used to
such requests.

If you have good control over DNS records and your server sends mail with
addresses in domains you own, you could add SPF records for the domains (see
http://www.openspf.org/).


We have done SPF.

I don't think SPF can be used by any ISP as a definitive spam
indicator because currently so few people use SPF. Also the larger
ISPs have a number of SMTP server IPs so their SPF records will be
quite comprehensive, or perhaps they set them up dynamically as they
switch from one server to another...

Routing all mail through Eclipse's SMTP server(s) will likely avoid the
problem. For a bit more effort, routing "problem domains" only will also
likely avoid the problem whilst introducing minimal dependency on Eclipse's
server(s).


We used to do that for a year or two. Sendmail was configured to
forward all emails to Eclipse's SMTP server, and it was done precisely
to avoid those mysterious 'dynamic IP pool' blacklists.

Unfortunately we had a bit of a problem with Eclipse. We get about 20k
incoming email spams a day. About 18k of those are rejected at the
connection level (not in sendmail user table), leaving 2k which are
received. Of these 99% are spam. We dump about 3/4 of them on keywords
("medication, viagra, v1agra" etc etc). The rest, a few hundred per
day, are to valid usernames. Those on a whitelist (all contacts going
back to 1995, including all those we email *to*) and ones with
whitelist keywords (product names etc) go through. The remainder (a
few hundred per day) are challenged with an email asking the sender to
REPLY to it.

Now, there is a possible problem here. Those challenges are sometimes
classified as spam at the receiving end, and (apart from the sender
not seeing them, which is a pain) this could place us on a blacklist.
I have also read that Spamcop deliberately target IPs that carry
challenge/response antispam measures, presumably for commercial
reasons as Spamcop offer an antispam service. But our IP has never
been seen on Spamcop's public blacklist....

Anyway, a few hundred challenges per day going out via Eclipse is
nothing. Unfortunately, very occassionally, one of the constant spam
attacks succeeds in stumbling across one of the valid usernames and
hits us with 10k emails. We then send out 10k challenges... and
Eclipse cuts off the connection if you do that.

We should have a more intelligent system here, like scanning sender
IPs and if we get a flood from the same IP, the whole lot can
obviously be dumped. Unfortunately I don't understand FreeBSD/sendmail
myself and I am relying on a friend who does this part time, a few
hours per week, and all previously suggested solutions to this would
take much longer to implement than he has time.

Also Eclipse have significant downtimes on their servers. Their ADSL
connection occassionally changes the IP, killing everything at this
end for a few hours, and they put a recorded message on their phone
lines telling people to reset their routers etc. But their SMTP/POP
servers are down much more often than ADSL itself.

I could use Zen who are much better but I already use Zen at home
where I have a backup server, rsynced from the office one at night.
One should not have the same ISP for main and backup...

Sorry for the long description.

If there is some simple FreeBSD firewall or sendmail add-on which
would identify a flood from the same IP and dump it all, that might
help. Whether we would want to go back to Eclipse's SMTP server I
don't know though, because we had the same missing email problem with
that - their server seems to get blacklisted quite often.

  #10  
Old February 26th 08, 09:13 PM posted to uk.telecom.broadband
Peter
external usenet poster
 
Posts: 430
Default Strange spam filtering issue - help please


"Bob Eager" wrote

http://www.spamhaus.org/pbl/index.lasso


Thank you. The IP is not in there...
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Beware of ISP 'spam' filtering Joe Soap uk.telecom.broadband (UK broadband) 91 September 18th 06 11:51 PM
Spam filtering (again) Colin Wilson uk.telecom.broadband (UK broadband) 17 February 2nd 04 11:00 AM
Spam Filtering Paul Hanson uk.telecom.broadband (UK broadband) 3 January 24th 04 01:09 PM
Spam filtering Steven Campbell uk.telecom.broadband (UK broadband) 9 January 19th 04 04:37 PM


All times are GMT +1. The time now is 05:15 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2020 BroadbanterBanter.
The comments are property of their posters.