Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


nzgeek

618 posts

Ultimate Geek


#143402 14-Apr-2014 01:03
Send private message

Is anyone else having issues getting email to send? Specifically, bounce emails from Snap's Ironport server?

I'm having issues with the automatic emails my Fritz!Box is sending out. I've set things up on the Fritz so that it's doing SMTP + auth, and it's sending via an email forwarder that I've got set up with my hosting provider (kiwihosting.net). Everything was working up until a week ago, now I'm getting issues.

Here's an example bounce message:
The following message to <fritzbox@redacted> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'Server IP 202.37.100.98 listed as abusive. See http://www.linuxmagic.com/power_of_ip_reputation.html for more information. Protection provided by MagicSpam 1.0.6-1.3 http://www.magicspam.com'

Reporting-MTA: dns; mx1.ironport.snap.net.nz

Final-Recipient: rfc822;fritzbox@redacted
Action: failed
Status: 5.1.0
Remote-MTA: dns; [74.53.201.75]
Diagnostic-Code: smtp; 5.1.0 - Unknown address error 550-'Server IP 202.37.100.98 listed as abusive. See http://www.linuxmagic.com/power_of_ip_reputation.html for more information. Protection provided by MagicSpam 1.0.6-1.3 http://www.magicspam.com' (delivery attempts: 0)

202.37.100.98 is the IP address of Snap's Ironport box. 74.53.201.75 is the address of my hosting provider's email server.

I'm not 100% sure, but it looks like my hosting provider is using MagicSpam and is preventing the Ironport box from sending the email. If this is the case, why would Snap's outgoing mail server be seen as "abusive" by a mail reputation service?

Create new topic
insane
3239 posts

Uber Geek

ID Verified
Trusted

  #1024651 14-Apr-2014 01:42
Send private message

Because it only take one snap user account to get compromised, or one persons PC to get infected and send mountains of spam in a short period of time through their email service. The ironports are great mail filtering appliances, possibly the best (we use them too) but they still don't stop 100% of spam.

They've just ended up on some RBL, part and parcel of running an ISP mail system, just having a filtering device by itself is not enough, you still need to place further limits per user and have systems in place which will auto ban compromised accounts to make any attempt to keep your mail servers clean.





timmmay
20579 posts

Uber Geek

Trusted
Lifetime subscriber

  #1024662 14-Apr-2014 06:59
Send private message

Use a different email account - Gmail, AuthSMTP, and FastMail.fm all work well for me. I don't use ISP supplied email, if Snap supplied me with one I never checked it.

ChrisNZL
309 posts

Ultimate Geek


  #1024679 14-Apr-2014 08:38
Send private message

nzgeek: Is anyone else having issues getting email to send? Specifically, bounce emails from Snap's Ironport server?


I was having issues last week. I use Snap's SMTP servers to send mail.

I can't find the system email detailing the problem unfortunately (I must've deleted it), but it had a useful webpage linked that analysed the Ironport's email sending history or something.

As @insane said above, if one person's computer gets infected...

The system website I looked at had a graph with a scale of 0-10 for the amount of email that was being sent from Snap's Ironport server. From Feb-March it was scored a 0 (hardly any email being sent in the global scheme of things), then towards the end of March and through until now, it magically jumped up to like, 5 or 6 I think it said. Heaps of email suddenly going out.

So, it makes sense that some Snap customer's computer has turned into a spambot (or their login credentials were compromised from afar) and is sending mass amounts of spam, which is setting off flags for anti-spam systems, thus becoming a hindrance for the rest of us.


Perhaps Snap could look at customer email sending records and see which customer's account is being used to send all this extra mail?



insane
3239 posts

Uber Geek

ID Verified
Trusted

  #1024772 14-Apr-2014 11:08
Send private message

ChrisNZL:
I can't find the system email detailing the problem unfortunately (I must've deleted it), but it had a useful webpage linked that analysed the Ironport's email sending history or something....

.....Perhaps Snap could look at customer email sending records and see which customer's account is being used to send all this extra mail?


Would have been www.senderbase.org/


ChrisNZL
309 posts

Ultimate Geek


  #1024798 14-Apr-2014 11:39
Send private message

 Would have been www.senderbase.org/ 


That's the one, thanks!

Looking at that graph says it all.

nzgeek

618 posts

Ultimate Geek


  #1025069 14-Apr-2014 19:09
Send private message

insane: Because it only take one snap user account to get compromised, or one persons PC to get infected and send mountains of spam in a short period of time through their email service.

insane: They've just ended up on some RBL, part and parcel of running an ISP mail system, just having a filtering device by itself is not enough, you still need to place further limits per user and have systems in place which will auto ban compromised accounts to make any attempt to keep your mail servers clean.

I understand the basic reasons around how this can happen. I just expected that Snap would have measures in place to prevent this sort of things from happening. The SMTP server should be requiring authentication to send any outbound message, and it should be limiting the rate at which messages can be sent. Spammers are everywhere, and anyone could get infected with malware, so risk avoidance and mitigation is crucial for an ISP.

insane: The ironports are great mail filtering appliances, possibly the best (we use them too) but they still don't stop 100% of spam.

The Ironport appliances used to be really good, but have been slowly dropping behind since being bought by Cisco. I used to work for Marshal Software (now part of Trustwave), and we had a few customers who ran MailMarshal as a backstop to catch all the crap that the Ironport failed to stop. Then again, you are comparing a multi-purpose appliance with a very mature piece of specialised software, so it's not the fairest of comparisons.

ChrisNZL: The system website I looked at had a graph with a scale of 0-10 for the amount of email that was being sent from Snap's Ironport server. From Feb-March it was scored a 0 (hardly any email being sent in the global scheme of things), then towards the end of March and through until now, it magically jumped up to like, 5 or 6 I think it said. Heaps of email suddenly going out.

insane: Would have been www.senderbase.org/ 

Looking at the numbers, I would guess that the Ironport is fairly new and has only been in place since the end of March, which is when the scores started ramping up. Still, and significant change in email volume should be treated as a major red flag and should be investigated.

ChrisNZL: So, it makes sense that some Snap customer's computer has turned into a spambot (or their login credentials were compromised from afar) and is sending mass amounts of spam, which is setting off flags for anti-spam systems, thus becoming a hindrance for the rest of us.

Only if that email is being sent via Snap's servers. Many bots will either use open relays or will try to send email directly to the target systems. For the few that do connect via Snap's email servers, there should be measures in place to limit and detect this sort of suspicious activity.

Perhaps RalphFromSnap can chime in on this issue and let us know what's been happening...

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.