Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


nzgeek

617 posts

Ultimate Geek


#143402 14-Apr-2014 01:03
Send private message

Is anyone else having issues getting email to send? Specifically, bounce emails from Snap's Ironport server?

I'm having issues with the automatic emails my Fritz!Box is sending out. I've set things up on the Fritz so that it's doing SMTP + auth, and it's sending via an email forwarder that I've got set up with my hosting provider (kiwihosting.net). Everything was working up until a week ago, now I'm getting issues.

Here's an example bounce message:
The following message to <fritzbox@redacted> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'Server IP 202.37.100.98 listed as abusive. See http://www.linuxmagic.com/power_of_ip_reputation.html for more information. Protection provided by MagicSpam 1.0.6-1.3 http://www.magicspam.com'

Reporting-MTA: dns; mx1.ironport.snap.net.nz

Final-Recipient: rfc822;fritzbox@redacted
Action: failed
Status: 5.1.0
Remote-MTA: dns; [74.53.201.75]
Diagnostic-Code: smtp; 5.1.0 - Unknown address error 550-'Server IP 202.37.100.98 listed as abusive. See http://www.linuxmagic.com/power_of_ip_reputation.html for more information. Protection provided by MagicSpam 1.0.6-1.3 http://www.magicspam.com' (delivery attempts: 0)

202.37.100.98 is the IP address of Snap's Ironport box. 74.53.201.75 is the address of my hosting provider's email server.

I'm not 100% sure, but it looks like my hosting provider is using MagicSpam and is preventing the Ironport box from sending the email. If this is the case, why would Snap's outgoing mail server be seen as "abusive" by a mail reputation service?

Create new topic
insane
3170 posts

Uber Geek

ID Verified
Trusted

  #1024651 14-Apr-2014 01:42
Send private message

Because it only take one snap user account to get compromised, or one persons PC to get infected and send mountains of spam in a short period of time through their email service. The ironports are great mail filtering appliances, possibly the best (we use them too) but they still don't stop 100% of spam.

They've just ended up on some RBL, part and parcel of running an ISP mail system, just having a filtering device by itself is not enough, you still need to place further limits per user and have systems in place which will auto ban compromised accounts to make any attempt to keep your mail servers clean.



 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
timmmay
19639 posts

Uber Geek

Trusted
Lifetime subscriber

  #1024662 14-Apr-2014 06:59
Send private message

Use a different email account - Gmail, AuthSMTP, and FastMail.fm all work well for me. I don't use ISP supplied email, if Snap supplied me with one I never checked it.

ChrisNZL
308 posts

Ultimate Geek


  #1024679 14-Apr-2014 08:38
Send private message

nzgeek: Is anyone else having issues getting email to send? Specifically, bounce emails from Snap's Ironport server?


I was having issues last week. I use Snap's SMTP servers to send mail.

I can't find the system email detailing the problem unfortunately (I must've deleted it), but it had a useful webpage linked that analysed the Ironport's email sending history or something.

As @insane said above, if one person's computer gets infected...

The system website I looked at had a graph with a scale of 0-10 for the amount of email that was being sent from Snap's Ironport server. From Feb-March it was scored a 0 (hardly any email being sent in the global scheme of things), then towards the end of March and through until now, it magically jumped up to like, 5 or 6 I think it said. Heaps of email suddenly going out.

So, it makes sense that some Snap customer's computer has turned into a spambot (or their login credentials were compromised from afar) and is sending mass amounts of spam, which is setting off flags for anti-spam systems, thus becoming a hindrance for the rest of us.


Perhaps Snap could look at customer email sending records and see which customer's account is being used to send all this extra mail?



insane
3170 posts

Uber Geek

ID Verified
Trusted

  #1024772 14-Apr-2014 11:08
Send private message

ChrisNZL:
I can't find the system email detailing the problem unfortunately (I must've deleted it), but it had a useful webpage linked that analysed the Ironport's email sending history or something....

.....Perhaps Snap could look at customer email sending records and see which customer's account is being used to send all this extra mail?


Would have been www.senderbase.org/


ChrisNZL
308 posts

Ultimate Geek


  #1024798 14-Apr-2014 11:39
Send private message

 Would have been www.senderbase.org/ 


That's the one, thanks!

Looking at that graph says it all.

nzgeek

617 posts

Ultimate Geek


  #1025069 14-Apr-2014 19:09
Send private message

insane: Because it only take one snap user account to get compromised, or one persons PC to get infected and send mountains of spam in a short period of time through their email service.

insane: They've just ended up on some RBL, part and parcel of running an ISP mail system, just having a filtering device by itself is not enough, you still need to place further limits per user and have systems in place which will auto ban compromised accounts to make any attempt to keep your mail servers clean.

I understand the basic reasons around how this can happen. I just expected that Snap would have measures in place to prevent this sort of things from happening. The SMTP server should be requiring authentication to send any outbound message, and it should be limiting the rate at which messages can be sent. Spammers are everywhere, and anyone could get infected with malware, so risk avoidance and mitigation is crucial for an ISP.

insane: The ironports are great mail filtering appliances, possibly the best (we use them too) but they still don't stop 100% of spam.

The Ironport appliances used to be really good, but have been slowly dropping behind since being bought by Cisco. I used to work for Marshal Software (now part of Trustwave), and we had a few customers who ran MailMarshal as a backstop to catch all the crap that the Ironport failed to stop. Then again, you are comparing a multi-purpose appliance with a very mature piece of specialised software, so it's not the fairest of comparisons.

ChrisNZL: The system website I looked at had a graph with a scale of 0-10 for the amount of email that was being sent from Snap's Ironport server. From Feb-March it was scored a 0 (hardly any email being sent in the global scheme of things), then towards the end of March and through until now, it magically jumped up to like, 5 or 6 I think it said. Heaps of email suddenly going out.

insane: Would have been www.senderbase.org/ 

Looking at the numbers, I would guess that the Ironport is fairly new and has only been in place since the end of March, which is when the scores started ramping up. Still, and significant change in email volume should be treated as a major red flag and should be investigated.

ChrisNZL: So, it makes sense that some Snap customer's computer has turned into a spambot (or their login credentials were compromised from afar) and is sending mass amounts of spam, which is setting off flags for anti-spam systems, thus becoming a hindrance for the rest of us.

Only if that email is being sent via Snap's servers. Many bots will either use open relays or will try to send email directly to the target systems. For the few that do connect via Snap's email servers, there should be measures in place to limit and detect this sort of suspicious activity.

Perhaps RalphFromSnap can chime in on this issue and let us know what's been happening...

Create new topic





News and reviews »

New Air Traffic Management Platform and Resilient Buildings a Milestone for Airways
Posted 6-Dec-2023 05:00


Logitech G Launches New Flagship Console Wireless Gaming Headset Astro A50 X
Posted 5-Dec-2023 21:00


NordVPN Helps Users Protect Themselves From Vulnerable Apps
Posted 5-Dec-2023 14:27


First-of-its-Kind Flight Trials Integrate Uncrewed Aircraft Into Controlled Airspace
Posted 5-Dec-2023 13:59


Prodigi Technology Services Announces Strategic Acquisition of Conex
Posted 4-Dec-2023 09:33


Samsung Announces Galaxy AI
Posted 28-Nov-2023 14:48


Epson Launches EH-LS650 Ultra Short Throw Smart Streaming Laser Projector
Posted 28-Nov-2023 14:38


Fitbit Charge 6 Review
Posted 27-Nov-2023 16:21


Cisco Launches New Research Highlighting Gap in Preparedness for AI
Posted 23-Nov-2023 15:50


Seagate Takes Block Storage System to New Heights Reaching 2.5 PB
Posted 23-Nov-2023 15:45


Seagate Nytro 4350 NVMe SSD Delivers Consistent Application Performance and High QoS to Data Centers
Posted 23-Nov-2023 15:38


Amazon Fire TV Stick 4k Max (2nd Generation) Review
Posted 14-Nov-2023 16:17


Over half of New Zealand adults surveyed concerned about AI shopping scams
Posted 3-Nov-2023 10:42


Super Mario Bros. Wonder Launches on Nintendo Switch
Posted 24-Oct-2023 10:56


Google Releases Nest WiFi Pro in New Zealand
Posted 24-Oct-2023 10:18









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







NordVPN