email wierdness.

newer
problems with trusted net on suse...

elfed lewis

12 Oct 2001 12 Oct '01

08:43

I got this message today (names have been changed to protect the innocent!). Is it saying i'm blacklisted, or the host i'm emailing to is blacklisted? ----------email------------------- from localhost ----- The following addresses had permanent fatal errors ----- (email i'm mailing to) (expanded from: (their local alias name)) ----- Transcript of session follows ----- ... while talking to mail-in.pol.net.uk.:(email i'm mailing to)

...

...
...
RCPT To:

<<< 550- <<< 550 mail from (my emailer ip address) rejected: administrative prohibition (host is blacklisted) 550 (email i'm mailing to)... User unknown ----------email-------------------

Show replies by date

Avi Schwartz

12 Oct 12 Oct

13:25

New subject: [suse-security] email wierdness.

Looks like the receiver is blacklisted by few DNSbl filters due to being a spam source. You can check for yourself at: http://relays2.osirusoft.com/cgi-bin/rbcheck.cgi Avi --On Friday, October 12, 2001 09:43:07 AM +0100 elfed lewis wrote:

...

I got this message today (names have been changed to protect the innocent!). Is it saying i'm blacklisted, or the host i'm emailing to is blacklisted?

----------email-------------------

from localhost

----- The following addresses had permanent fatal errors ----- (email i'm mailing to) (expanded from: (their local alias name))

----- Transcript of session follows ----- ... while talking to mail-in.pol.net.uk.:(email i'm mailing to)

...
...
...
RCPT To:

<<< 550- <<< 550 mail from (my emailer ip address) rejected: administrative prohibition (host is blacklisted) 550 (email i'm mailing to)... User unknown

----------email-------------------

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

-- Avi Schwartz avi@CFFtechnologies.com "I have to share the credit. I invented it, but Bill made it famous." - IBM engineer Dave Bradley describing the control-alt-delete reboot sequence

Boris Lorenz

15:13

New subject: [suse-security] email wierdness.

Hi, On 12-Oct-01 Avi Schwartz wrote:

...

Looks like the receiver is blacklisted by few DNSbl filters due to being a spam source. You can check for yourself at:

http://relays2.osirusoft.com/cgi-bin/rbcheck.cgi

I think the *sender* is blacklisted, not the receiver. I have never seen an anti-spam feature of any MTA which checks wether the host the MTA runs on is blacklisted - would be a poke in the eye sometimes ;)) The postmaster warning mail reads: "while talking to mail-in.pol.net.uk.:(email i'm mailing to) [...]" ...and prints just this communication afterwards. Maybe the sending mailer is blacklisted after being abused by some formmail spammers... ...or it accidentally got on some blacklist, this happens sometimes (although the rate of these false alarms gets lower since ORBS is outta business...). Btw., SamSpade ( http://classic.samspade.org ) also offers a good blacklist check.

...

Avi

--On Friday, October 12, 2001 09:43:07 AM +0100 elfed lewis wrote:

...
I got this message today (names have been changed to protect the innocent!). Is it saying i'm blacklisted, or the host i'm emailing to is blacklisted?

----------email-------------------

from localhost

_ _----- The following addresses had permanent fatal errors ----- (email i'm mailing to) _ _ (expanded from: (their local alias name))

_ _----- Transcript of session follows ----- ... while talking to mail-in.pol.net.uk.:(email i'm mailing to)

...
...
...
_RCPT To:

<<<_550- <<<_550 mail from (my emailer ip address) rejected: administrative prohibition (host is blacklisted) 550 (email i'm mailing to)... User unknown

----------email------------------- [...]

Boris Lorenz ---

Andrew Hougie

14 Oct 14 Oct

18:34

New subject: [suse-security] email wierdness.

I don't think any of these replies are actually correct. I had exactly the same message from mail-in.pol.net.uk relating to some mail passing through my server to one of my clients (a Freeserve.co.uk subscriber) for whom I operate MX services. I can see from my logs that subsequent mail to freeserve has gone through, via mail-in.pol.net.uk. The relevant IP address does not appear on any of the blacklists covered by the link below and the mail server is not promiscuously relaying. My conclusion is that freeserve had a temporary problem. Andrew At 17:13 12/10/2001 +0200, Boris Lorenz wrote:

...

Hi,

On 12-Oct-01 Avi Schwartz wrote:

...
Looks like the receiver is blacklisted by few DNSbl filters due to being a spam source. You can check for yourself at:

http://relays2.osirusoft.com/cgi-bin/rbcheck.cgi

I think the *sender* is blacklisted, not the receiver. I have never seen an anti-spam feature of any MTA which checks wether the host the MTA runs on is blacklisted - would be a poke in the eye sometimes ;))

The postmaster warning mail reads:

"while talking to mail-in.pol.net.uk.:(email i'm mailing to) [...]"

...and prints just this communication afterwards.

Maybe the sending mailer is blacklisted after being abused by some formmail spammers... ...or it accidentally got on some blacklist, this happens sometimes (although the rate of these false alarms gets lower since ORBS is outta business...).

Btw., SamSpade ( http://classic.samspade.org ) also offers a good blacklist check.

...
Avi

--On Friday, October 12, 2001 09:43:07 AM +0100 elfed lewis wrote:

...
I got this message today (names have been changed to protect the innocent!). Is it saying i'm blacklisted, or the host i'm emailing to is blacklisted?

----------email-------------------

from localhost

_ _----- The following addresses had permanent fatal errors ----- (email i'm mailing to) _ _ (expanded from: (their local alias name))

_ _----- Transcript of session follows ----- ... while talking to mail-in.pol.net.uk.:(email i'm mailing to)

...
...
...
_RCPT To:

<<<_550- <<<_550 mail from (my emailer ip address) rejected: administrative prohibition (host is blacklisted) 550 (email i'm mailing to)... User unknown

----------email------------------- [...]

Boris Lorenz ---

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

Fluffy Bananachunks

19:23

New subject: [suse-security] email wierdness.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 14 October 2001 02:34 pm, you wrote:

...

I don't think any of these replies are actually correct. I had exactly the same message from mail-in.pol.net.uk relating to some mail passing through my server to one of my clients (a Freeserve.co.uk subscriber) for whom I operate MX services. I can see from my logs that subsequent mail to freeserve has gone through, via mail-in.pol.net.uk. The relevant IP address does not appear on any of the blacklists covered by the link below and the mail server is not promiscuously relaying. My conclusion is that freeserve had a temporary problem. Andrew

I have had this 'problem' of blacklisting once before, since I've started hosting my sites from behind my DSL at home. My particular IP at the time of the problem was 'blacklisted' because my ISP had my IP on a list of 'End Users' - ie, "shouldn't be sending out emails directly"... For the life of that IP, it was easiest just to set up sendmail to send out thru my ISP's SMTP server. Now that my IP has switched again, I don't seem to be having the blacklist problems, and have switched sendmail back to direct outward SMTP... HTH Geo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7yeYno2oOGEnz8fYRAkNOAJwLzEIlxAfNIO+0qPikL6lwLYIiJwCfbi9O noXJJAZ1rXtEi7R0zWYW1tY= =nAjO -----END PGP SIGNATURE-----

elfed lewis

15 Oct 15 Oct

09:31

New subject: [suse-security] email wierdness.

Ar Sunday 14 October 2001 7:34 pm, ysgrifenodd Andrew Hougie:

...

I don't think any of these replies are actually correct. I had exactly the same message from mail-in.pol.net.uk relating to some mail passing through my server to one of my clients (a Freeserve.co.uk subscriber) for whom I operate MX services. I can see from my logs that subsequent mail to freeserve has gone through, via mail-in.pol.net.uk. The relevant IP address does not appear on any of the blacklists covered by the link below and the mail server is not promiscuously relaying. My conclusion is that freeserve had a temporary problem. Andrew

Yeah, i think you're right. My situation is similar. I know we have a fixed ip, and connect through the janet (joint academic) network. We arent listed in any of the blacklisted sites everyone is submitted, so i'll assume its a temporary problem at freeserve's end. Thanks for everyone's suggestions Elf.

Ray Dillinger

12 Oct 12 Oct

16:02

New subject: [suse-security] email wierdness.

It's saying you're blacklisted. If you're running a mailer in promiscuous mode, and the fact can be detected from the outside, a fair number of mail-admin hosts will automatically blacklist you. Conversely, if you subscribe to an ISP that spammers operate from, your entire ISP's block of addresses may be blacklisted. Bear On Fri, 12 Oct 2001, elfed lewis wrote:

...

I got this message today (names have been changed to protect the innocent!). Is it saying i'm blacklisted, or the host i'm emailing to is blacklisted?

----------email-------------------

from localhost

� �----- The following addresses had permanent fatal errors ----- (email i'm mailing to) � � (expanded from: (their local alias name))

� �----- Transcript of session follows ----- ... while talking to mail-in.pol.net.uk.:(email i'm mailing to)

...
...
...
�RCPT To:

<<<�550- <<<�550 mail from (my emailer ip address) rejected: administrative prohibition (host is blacklisted) 550 (email i'm mailing to)... User unknown

----------email-------------------

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

John Trickey

19:23

New subject: [suse-security] email wierdness.

...

I got this message today (names have been changed to protect the innocent!). Is it saying i'm blacklisted, or the host i'm emailing to is blacklisted?

----------email-------------------

from localhost

----- The following addresses had permanent fatal errors ----- (email i'm mailing to) (expanded from: (their local alias name))

----- Transcript of session follows ----- ... while talking to mail-in.pol.net.uk.:(email i'm mailing to)

...
...
...
RCPT To:

<<< 550- <<< 550 mail from (my emailer ip address) rejected: administrative prohibition (host is blacklisted) 550 (email i'm mailing to)... User unknown

----------email-------------------

Sorry for the long quote, but I didn't want to lose the context. Are you on a dialup line? Do you have an upstream mailhub you should have used? A useful reference is spam.abuse.net . There are lists of ip addresses out there for known spam domains, open relays and dial-up lines. If you fall into the latter, you will only be able to send mail through your ISP's hub to a host that uses these lists. To fix, just reconfigure your mailer to use the mailhub as its "smarthost". For example, if we are both on dial-ups, our mail path would be:- me -> my isp -> your isp -> you John

8237

Age (days ago)

8240

Last active (days ago)

List overview

Download

7 comments

7 participants

participants (7)

Andrew Hougie
Avi Schwartz
Boris Lorenz
elfed lewis
Fluffy Bananachunks
John Trickey
Ray Dillinger

email wierdness.

elfed lewis

Avi Schwartz

Boris Lorenz

Andrew Hougie

Fluffy Bananachunks

elfed lewis

Ray Dillinger

John Trickey

tags

participants (7)