Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




598 posts

Ultimate Geek


# 143402 14-Apr-2014 01:03
One person supports this post
Send private message

Is anyone else having issues getting email to send? Specifically, bounce emails from Snap's Ironport server?

I'm having issues with the automatic emails my Fritz!Box is sending out. I've set things up on the Fritz so that it's doing SMTP + auth, and it's sending via an email forwarder that I've got set up with my hosting provider (kiwihosting.net). Everything was working up until a week ago, now I'm getting issues.

Here's an example bounce message:
The following message to <fritzbox@redacted> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'Server IP 202.37.100.98 listed as abusive. See http://www.linuxmagic.com/power_of_ip_reputation.html for more information. Protection provided by MagicSpam 1.0.6-1.3 http://www.magicspam.com'

Reporting-MTA: dns; mx1.ironport.snap.net.nz

Final-Recipient: rfc822;fritzbox@redacted
Action: failed
Status: 5.1.0
Remote-MTA: dns; [74.53.201.75]
Diagnostic-Code: smtp; 5.1.0 - Unknown address error 550-'Server IP 202.37.100.98 listed as abusive. See http://www.linuxmagic.com/power_of_ip_reputation.html for more information. Protection provided by MagicSpam 1.0.6-1.3 http://www.magicspam.com' (delivery attempts: 0)

202.37.100.98 is the IP address of Snap's Ironport box. 74.53.201.75 is the address of my hosting provider's email server.

I'm not 100% sure, but it looks like my hosting provider is using MagicSpam and is preventing the Ironport box from sending the email. If this is the case, why would Snap's outgoing mail server be seen as "abusive" by a mail reputation service?

Create new topic
2411 posts

Uber Geek

Trusted
Subscriber

  # 1024651 14-Apr-2014 01:42
Send private message

Because it only take one snap user account to get compromised, or one persons PC to get infected and send mountains of spam in a short period of time through their email service. The ironports are great mail filtering appliances, possibly the best (we use them too) but they still don't stop 100% of spam.

They've just ended up on some RBL, part and parcel of running an ISP mail system, just having a filtering device by itself is not enough, you still need to place further limits per user and have systems in place which will auto ban compromised accounts to make any attempt to keep your mail servers clean.



15598 posts

Uber Geek

Trusted
Subscriber

  # 1024662 14-Apr-2014 06:59
Send private message

Use a different email account - Gmail, AuthSMTP, and FastMail.fm all work well for me. I don't use ISP supplied email, if Snap supplied me with one I never checked it.

 
 
 
 


305 posts

Ultimate Geek


  # 1024679 14-Apr-2014 08:38
Send private message

nzgeek: Is anyone else having issues getting email to send? Specifically, bounce emails from Snap's Ironport server?


I was having issues last week. I use Snap's SMTP servers to send mail.

I can't find the system email detailing the problem unfortunately (I must've deleted it), but it had a useful webpage linked that analysed the Ironport's email sending history or something.

As @insane said above, if one person's computer gets infected...

The system website I looked at had a graph with a scale of 0-10 for the amount of email that was being sent from Snap's Ironport server. From Feb-March it was scored a 0 (hardly any email being sent in the global scheme of things), then towards the end of March and through until now, it magically jumped up to like, 5 or 6 I think it said. Heaps of email suddenly going out.

So, it makes sense that some Snap customer's computer has turned into a spambot (or their login credentials were compromised from afar) and is sending mass amounts of spam, which is setting off flags for anti-spam systems, thus becoming a hindrance for the rest of us.


Perhaps Snap could look at customer email sending records and see which customer's account is being used to send all this extra mail?

2411 posts

Uber Geek

Trusted
Subscriber

  # 1024772 14-Apr-2014 11:08
One person supports this post
Send private message

ChrisNZL:
I can't find the system email detailing the problem unfortunately (I must've deleted it), but it had a useful webpage linked that analysed the Ironport's email sending history or something....

.....Perhaps Snap could look at customer email sending records and see which customer's account is being used to send all this extra mail?


Would have been www.senderbase.org/


305 posts

Ultimate Geek


  # 1024798 14-Apr-2014 11:39
Send private message

 Would have been www.senderbase.org/ 


That's the one, thanks!

Looking at that graph says it all.



598 posts

Ultimate Geek


  # 1025069 14-Apr-2014 19:09
One person supports this post
Send private message

insane: Because it only take one snap user account to get compromised, or one persons PC to get infected and send mountains of spam in a short period of time through their email service.

insane: They've just ended up on some RBL, part and parcel of running an ISP mail system, just having a filtering device by itself is not enough, you still need to place further limits per user and have systems in place which will auto ban compromised accounts to make any attempt to keep your mail servers clean.

I understand the basic reasons around how this can happen. I just expected that Snap would have measures in place to prevent this sort of things from happening. The SMTP server should be requiring authentication to send any outbound message, and it should be limiting the rate at which messages can be sent. Spammers are everywhere, and anyone could get infected with malware, so risk avoidance and mitigation is crucial for an ISP.

insane: The ironports are great mail filtering appliances, possibly the best (we use them too) but they still don't stop 100% of spam.

The Ironport appliances used to be really good, but have been slowly dropping behind since being bought by Cisco. I used to work for Marshal Software (now part of Trustwave), and we had a few customers who ran MailMarshal as a backstop to catch all the crap that the Ironport failed to stop. Then again, you are comparing a multi-purpose appliance with a very mature piece of specialised software, so it's not the fairest of comparisons.

ChrisNZL: The system website I looked at had a graph with a scale of 0-10 for the amount of email that was being sent from Snap's Ironport server. From Feb-March it was scored a 0 (hardly any email being sent in the global scheme of things), then towards the end of March and through until now, it magically jumped up to like, 5 or 6 I think it said. Heaps of email suddenly going out.

insane: Would have been www.senderbase.org/ 

Looking at the numbers, I would guess that the Ironport is fairly new and has only been in place since the end of March, which is when the scores started ramping up. Still, and significant change in email volume should be treated as a major red flag and should be investigated.

ChrisNZL: So, it makes sense that some Snap customer's computer has turned into a spambot (or their login credentials were compromised from afar) and is sending mass amounts of spam, which is setting off flags for anti-spam systems, thus becoming a hindrance for the rest of us.

Only if that email is being sent via Snap's servers. Many bots will either use open relays or will try to send email directly to the target systems. For the few that do connect via Snap's email servers, there should be measures in place to limit and detect this sort of suspicious activity.

Perhaps RalphFromSnap can chime in on this issue and let us know what's been happening...

Create new topic



Switch your broadband provider now - compare prices


Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.