Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
14349 posts

Uber Geek
+1 received by user: 1866


  Reply # 850917 8-Jul-2013 15:20
Send private message

Lazarui:
mattwnz:
Ragnor: Sorry to ask the obvious question but does your clients email server has spf, sender id and reverse dns setup?

Also I don't see any quicktime on https://support.msn.com/eform.aspx?productKey=edfsmsbl2&ct=eformts - the capatcha is straight html inputs/images?


Yes, not having reverse DNS can often cause that to happen. The OP hasn't said . If they provided the IP of the problem mailserver it could help.


First post op has noted this:

My client:
Runs their own mail server (server01.heatstore.co.nz )
Has a RIP, PTRs etc to server01.heatstore.co.nz
Has legetimate SPF records
Has a fixed / Static IP address for the last 6 years or so
Has no black listings anywhere
Is not selling viagara etc - they sell peeltt fires, wood fires etc.
Is not virused
Is not running an open spam relay.



Server resolved to: 119.224.53.23
From what I can tell it looks fine, but meh not a expert with domains and mail servers.




Not sure if it is a blacklist, but it gives and error for

Reported by ns3.discountdomains.co.nz on 7/7/2013 at 10:18:05 PM (UTC -5), 

8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 851049 8-Jul-2013 17:15
Send private message

Skipped the first page as I thought I read it the other day, looks fine for reverse dns and spf, and not on any of the main blacklists.

When connecting to the server the server disconnects before the banner is complete, maybe the timeout is too low?
http://mxtoolbox.com/SuperTool.aspx?action=smtp%3aserver01.heatstore.co.nz&run=toolpage

Next step would be to look at the content of the messages being sent that are being junked and analyse the language being used. There are server websites where you can paste in the text/html of an typical email and analyse for "spammy-ness"

Otherwise yeah hotmail/outlook.com being dumb.

8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 851052 8-Jul-2013 17:21
Send private message

Hmm... the emails that are being junked are they being sent by server01.heatstore.co.nz or mail.discountdomains.co.nz or 120.138.21.47?

SPF record is:
v=spf1 mx ip4:120.138.21.47 ptr:server01.heatstore.co.nz mx:mail.discountdomains.co.nz ip4:119.224.53.23 a:server01.heatstore.co.nz ~all



1229 posts

Uber Geek
+1 received by user: 251

Subscriber

  Reply # 853887 11-Jul-2013 14:18
Send private message

Ragnor: Sorry to ask the obvious question but does your clients email server has spf, sender id and reverse dns setup?

Also I don't see any quicktime on https://support.msn.com/eform.aspx?productKey=edfsmsbl2&ct=eformts - the capatcha is straight html inputs/images?


As per my post - 

SPF, RIP, etc all in place.

:)

As for quick time, depends on what browser you use but following the link from previous post FF asked for a quicktime plug in.





nunz



1229 posts

Uber Geek
+1 received by user: 251

Subscriber

  Reply # 853891 11-Jul-2013 14:21
Send private message

mattwnz:
nunz: 
1 - NZ ISPs rigourously work to keep spammers off their systems - if we cant trust our own countries ISP who can we trust.


Do they though. I have found ISPs difficult to deal with when their IP gets blacklisted, and their frontline staff don't know what it even means. They seem to react to problems rather than stopping them occurring in the first place from my experience. It largely comes down to cost as ISPs don't probably make anything by providing email, so they can't afford to put large resources into it, which is understandable. This is why I think ISPs should stop providing email altogether. I noticed that some of the newer ISPs no longer appear to provide email, which I think is a good thing. People do need to realise that providing email is expensive, especially a good reliable email service.

nunz: 
2 - NZ business need to know that their email will be delivered - it is a matter of National security at an economic level.

Please note - Black lists are only one part of a successful defence. Filtering, reporting and working together is even more important. Blacklists are designed to stop spammers and open relays - neither of those categories applies to the major NZ ISPs.



Malware on hijacked ISP customer computers is a major source of spam. Also ISPs seem to use just a single IP for sending email from 10's - 100's of thousands of customers. If they had multiple IPs, then it would be so much of the a problem. But I guess that comes down to cost too.

nunz: 
Take a real world analogy - If NZ Post Auckland stopped taking mail from NZ Post Wgtn because someone said their might be obsene materials or illegal drugs hidden in a piece of mail the economoy would collapse. Our internal post offices trust each other to send mail around - mail from other sources is checked.

For Vodafone to ban all mail from Slingshot (as they did last week) is crazy - slingshot are not spammers. what would happen if all ISPs banned vodafone when vodafone ends up on a black list? Or if they banned Telecom? All govt email, haf of NZ businesses would go nuts when mail wasnt delivered.

ISPs in Nz ar not spammers - blacklisting each other is a bad idea.



 



That is a poor analogy, because spam is largely about the quality of emails bombarding the email network. eg over 95% of email is spam. So ISPs want to stop that 95% otherwise their email would be unreliable and slow. Only 5% of all emails are legit. A correct anology would be if NZ was flooded with letters from overseas (eg say a 1000% increase), to deliver to NZ households, which they don't get paid to deliver. I don't think they would be delivering them. 
ISPs may not be spammers,but when a hijacked ISP customer is spamming, they get blacklisted on an RBL, and  it affects all custeomrs. If an ISP is wanting to provide email services, then they should have the resources to monitor this 24/7, and get blacklists removed and have hijacked customer computers booted off the network until they have fixed it.
When they blacklist with RBLs, they are only blacklisting a dirty IP, so once an ISP has proven that it is clean, it will get whitelisted again. IPs don't get blacklisted for no reason.


Every ISp in NZ probalby has a spammer coming off their IP range some where - should we abn all NZ isps for this reason? All the time?  blacklists are for dedicated spamemrs - Nz ISPs ar not in this category. Cocould they do a little betteR? Yes!





nunz



1229 posts

Uber Geek
+1 received by user: 251

Subscriber

  Reply # 853906 11-Jul-2013 14:27
Send private message

Ragnor: Hmm... the emails that are being junked are they being sent by server01.heatstore.co.nz or mail.discountdomains.co.nz or 120.138.21.47?

SPF record is:
v=spf1 mx ip4:120.138.21.47 ptr:server01.heatstore.co.nz mx:mail.discountdomains.co.nz ip4:119.224.53.23 a:server01.heatstore.co.nz ~all


Server01.heatstore.co.nz
IP 119.224.53.23

We added discountdomains as a couple f mobile users will use them for authenticated smtp or send web mail on behalf of the company when they cant access the company server directly. 








nunz



1229 posts

Uber Geek
+1 received by user: 251

Subscriber

  Reply # 853908 11-Jul-2013 14:30
Send private message

Ragnor: Skipped the first page as I thought I read it the other day, looks fine for reverse dns and spf, and not on any of the main blacklists.

When connecting to the server the server disconnects before the banner is complete, maybe the timeout is too low?
http://mxtoolbox.com/SuperTool.aspx?action=smtp%3aserver01.heatstore.co.nz&run=toolpage

Next step would be to look at the content of the messages being sent that are being junked and analyse the language being used. There are server websites where you can paste in the text/html of an typical email and analyse for "spammy-ness"

Otherwise yeah hotmail/outlook.com being dumb.


Prt 25 only receives email from highly authenticated users. 

all our email is received by discountdomains and then mail bagged for our server to pull on a scheduled basis. 

Port 25 is closing this week on server01.heatstore. as it is not used.






nunz

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.