OT mail spam question

From: Pete Turnbull <pete_at_dunnington.u-net.com>
Date: Sat Oct 30 19:58:50 2004

On Oct 30 2004, 6:17, Vintage Computer Festival wrote:
> I just moved my mail server to my internal office network. The IP
> I've been assigned apparently used to be used for dynamic DSL users.
> problem is, at some point someone used one or more of these IP
> to send out spam, enough so that my entire Class C block is
blacklisted in
> some database.

You don't have a Class C, you have a block of 8. Looks like a DSL to
me :-) In fact, the netblock which your addresses are part of *is*
used for DSL lines, including dynamic ones, as far as I can see -- and
the netblock as a whole is bigger than a Class C.

> I'm getting reject messages occasionally when I try to send someone
> e-mail, like so:
> ----- Transcript of session follows -----
> ... while talking to smtp.secureserver.net.:
> >>> RCPT To:<mike_at_sccpc.com>
> <<< 553 66.120.4.* mail rejected due to excessive spam (Spam received
> 550 5.1.1 <mike_at_sccpc.com>... User unknown
> It's a very small percentage of my mail, but it's keeping me from
> responding to people sending me inquiries in some instances.
> How the *hell* do I track down what fuckwit is blacklisting my

It's not in the obvious places like MAPS, so short of asking Google for
all the blackhole lists, your best bet is to ask one of the sites
that's blocking your mail.

It could conceivably also be something to do with your broken DNS. The
name servers don't return reverse lookups, and don't list an MX record.

If you're running your mail server from a DSL line, that's the risk you
take. It's too easy for spammers to take a short-term contract, get an
address, abuse it, and disappear before the ISP can do anything about
it. It's also common for inexpert users to misconfigure SMTP servers
to be insecure in a spectacularly large number of ways. The easiest
way to counter such problems is to list dialups and
dynamically-allocated IPs (or the blocks they're in) in one of the
DULs. Often the address space owner will do that. You could try
asking Pac Bell if they have.

The proper way to do it is to have your mailserver talk to a "smart
host" that is well managed and hasn't ended up on a blackhole list. If
you're bothered about the possibility that it might go down at a time
beyond your control, and you use a recent version of sendmail, you can
specify a fallback smarthost, I think. You ought to upgrade anyway,
what you're using is fairly old [wonders if he should hide his own
headers on this email ;-)]. Several ISPs will let you buy mail relay
rights for very little money, and you can use SMTP AUTH to be able to
talk to servers that know you, even when you're relaying through them.

Pete						Peter Turnbull
						Network Manager
						University of York
Received on Sat Oct 30 2004 - 19:58:50 BST

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:37:25 BST