Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. ipv6
Anyone else have problems emailing Cisco? (senderbase)
tjc at ecs
Sep 24, 2014, 1:24 AM
Post #1 of 6 (4948 views)
Permalink
My emails to Cisco people are now bouncing.

It seems the cause is a poor rep on one of our MTAs:
http://www.senderbase.org/lookup/?search_string=2001%3A630%3Ad0%3Af102%3A%3A25e
The DNS reverse seems fine for falcon.ecs.soton.ac.uk

But the email bounce (with username deleted) says:

Final-Recipient: RFC822; xxxxxxxxxx@cisco.com
Action: failed
Status: 5.1.1
Remote-MTA: DNS; alln-mx-01.cisco.com
Diagnostic-Code: SMTP; 550 Connections from the host falcon.ecs.soton.ac.uk (2001:630:d0:f102::25e), originating from SenderBase Network Owner ID: None, are being rejected due to a low SenderBase Reputation Score. See http://www.senderbase.org for more information or contact your IT support team.

If any Cisco people are on this list, please have someone have a look. I think Andrew Yourtchenko is, and he is one person with bounces.

Tim
Re: Anyone else have problems emailing Cisco? (senderbase) [ In reply to ]
ayourtch at gmail
Sep 24, 2014, 5:41 AM
Post #2 of 6 (4954 views)
Permalink
Tim,

Roger that!

We're checking internally what's going on.

Changing just one nibble in the host portion of the address makes
SenderBase score "neutral", so something must be up for that
particular /128.

When I learn more, will ping you.

--a


On 9/24/14, Tim Chown <tjc@ecs.soton.ac.uk> wrote:
> My emails to Cisco people are now bouncing.
>
> It seems the cause is a poor rep on one of our MTAs:
> http://www.senderbase.org/lookup/?search_string=2001%3A630%3Ad0%3Af102%3A%3A25e
> The DNS reverse seems fine for falcon.ecs.soton.ac.uk
>
> But the email bounce (with username deleted) says:
>
> Final-Recipient: RFC822; xxxxxxxxxx@cisco.com
> Action: failed
> Status: 5.1.1
> Remote-MTA: DNS; alln-mx-01.cisco.com
> Diagnostic-Code: SMTP; 550 Connections from the host falcon.ecs.soton.ac.uk
> (2001:630:d0:f102::25e), originating from SenderBase Network Owner ID: None,
> are being rejected due to a low SenderBase Reputation Score. See
> http://www.senderbase.org for more information or contact your IT support
> team.
>
> If any Cisco people are on this list, please have someone have a look. I
> think Andrew Yourtchenko is, and he is one person with bounces.
>
> Tim
>
>
Re: Anyone else have problems emailing Cisco? (senderbase) [ In reply to ]
tjc at ecs
Sep 24, 2014, 5:58 AM
Post #3 of 6 (4899 views)
Permalink
The IPv4 rep for the same MTA is Good.

http://www.senderbase.org/lookup/?search_string=152.78.0.0/16

Would be interesting to see why the IPv6 rep would be different. Spam from that MTA would presumably go out over whichever protocol was available. Perhaps because there’s a much smaller sample size on IPv6 (maybe 3% of our outbound is IPv6 last time I looked) it’s more susceptible to a small amount of email that’s deemed spam.

Anyway, thanks :)

Tim

On 24 Sep 2014, at 13:41, Andrew 👽 Yourtchenko <ayourtch@gmail.com> wrote:

> Tim,
>
> Roger that!
>
> We're checking internally what's going on.
>
> Changing just one nibble in the host portion of the address makes
> SenderBase score "neutral", so something must be up for that
> particular /128.
>
> When I learn more, will ping you.
>
> --a
>
>
> On 9/24/14, Tim Chown <tjc@ecs.soton.ac.uk> wrote:
>> My emails to Cisco people are now bouncing.
>>
>> It seems the cause is a poor rep on one of our MTAs:
>> http://www.senderbase.org/lookup/?search_string=2001%3A630%3Ad0%3Af102%3A%3A25e
>> The DNS reverse seems fine for falcon.ecs.soton.ac.uk
>>
>> But the email bounce (with username deleted) says:
>>
>> Final-Recipient: RFC822; xxxxxxxxxx@cisco.com
>> Action: failed
>> Status: 5.1.1
>> Remote-MTA: DNS; alln-mx-01.cisco.com
>> Diagnostic-Code: SMTP; 550 Connections from the host falcon.ecs.soton.ac.uk
>> (2001:630:d0:f102::25e), originating from SenderBase Network Owner ID: None,
>> are being rejected due to a low SenderBase Reputation Score. See
>> http://www.senderbase.org for more information or contact your IT support
>> team.
>>
>> If any Cisco people are on this list, please have someone have a look. I
>> think Andrew Yourtchenko is, and he is one person with bounces.
>>
>> Tim
>>
>>
Re: Anyone else have problems emailing Cisco? (senderbase) [ In reply to ]
bjorn at mork
Sep 24, 2014, 6:22 AM
Post #4 of 6 (4946 views)
Permalink
Tim Chown <tjc@ecs.soton.ac.uk> writes:

> The IPv4 rep for the same MTA is Good.
>
> http://www.senderbase.org/lookup/?search_string=152.78.0.0/16
>
> Would be interesting to see why the IPv6 rep would be different. Spam from that MTA would presumably go out over whichever protocol was available. Perhaps because there’s a much smaller sample size on IPv6 (maybe 3% of our outbound is IPv6 last time I looked) it’s more susceptible to a small amount of email that’s deemed spam.

It might be related to the second bullet point here:
http://www.senderbase.org/support/#problem=3

"Your IP exhibits DNS patterns that indicate compromise by a
SpamBot. Make sure your DNS is configured according to the protocol
for RFC2821, section 4.1.1.1
(http://www.imc.org/ietf-smtp/mail-archive/msg00827.html)"

A gold star to anyone who is able to explain what they mean by that,
ignoring the fact that RFC2821 was obsoleted by RFC5321 more than 5
years ago.


Bjørn
Re: Anyone else have problems emailing Cisco? (senderbase) [ In reply to ]
ayourtch at gmail
Sep 24, 2014, 10:07 AM
Post #5 of 6 (4904 views)
Permalink
On 9/24/14, Tim Chown <tjc@ecs.soton.ac.uk> wrote:
> The IPv4 rep for the same MTA is Good.
>
> http://www.senderbase.org/lookup/?search_string=152.78.0.0/16
>
> Would be interesting to see why the IPv6 rep would be different. Spam from
> that MTA would presumably go out over whichever protocol was available.
> Perhaps because there’s a much smaller sample size on IPv6 (maybe 3% of our
> outbound is IPv6 last time I looked) it’s more susceptible to a small amount
> of email that’s deemed spam.
>
> Anyway, thanks :)
>

np, looks like you should have something in your inbox now to take a
look at on your end...

--a

p.s. unrelated data point: sent myself an email from this account, it
came over IPv6 with no issues, here's some pudding to prove :-) :

Received: from mail-ig0-x231.google.com
([IPv6:2607:f8b0:4001:c05::231]) by alln-inbound-m.cisco.com with
ESMTP/TLS/RC4-SHA; 24 Sep 2014 14:49:23 +0000


> Tim
>
> On 24 Sep 2014, at 13:41, Andrew 👽 Yourtchenko <ayourtch@gmail.com> wrote:
>
>> Tim,
>>
>> Roger that!
>>
>> We're checking internally what's going on.
>>
>> Changing just one nibble in the host portion of the address makes
>> SenderBase score "neutral", so something must be up for that
>> particular /128.
>>
>> When I learn more, will ping you.
>>
>> --a
>>
>>
>> On 9/24/14, Tim Chown <tjc@ecs.soton.ac.uk> wrote:
>>> My emails to Cisco people are now bouncing.
>>>
>>> It seems the cause is a poor rep on one of our MTAs:
>>> http://www.senderbase.org/lookup/?search_string=2001%3A630%3Ad0%3Af102%3A%3A25e
>>> The DNS reverse seems fine for falcon.ecs.soton.ac.uk
>>>
>>> But the email bounce (with username deleted) says:
>>>
>>> Final-Recipient: RFC822; xxxxxxxxxx@cisco.com
>>> Action: failed
>>> Status: 5.1.1
>>> Remote-MTA: DNS; alln-mx-01.cisco.com
>>> Diagnostic-Code: SMTP; 550 Connections from the host
>>> falcon.ecs.soton.ac.uk
>>> (2001:630:d0:f102::25e), originating from SenderBase Network Owner ID:
>>> None,
>>> are being rejected due to a low SenderBase Reputation Score. See
>>> http://www.senderbase.org for more information or contact your IT
>>> support
>>> team.
>>>
>>> If any Cisco people are on this list, please have someone have a look. I
>>> think Andrew Yourtchenko is, and he is one person with bounces.
>>>
>>> Tim
>>>
>>>
>
>
Re: Anyone else have problems emailing Cisco? (senderbase) [ In reply to ]
tjc at ecs
Sep 24, 2014, 3:57 PM
Post #6 of 6 (4901 views)
Permalink
On 24 Sep 2014, at 18:07, Andrew 👽 Yourtchenko <ayourtch@gmail.com> wrote:

> On 9/24/14, Tim Chown <tjc@ecs.soton.ac.uk> wrote:
>> The IPv4 rep for the same MTA is Good.
>>
>> http://www.senderbase.org/lookup/?search_string=152.78.0.0/16
>>
>> Would be interesting to see why the IPv6 rep would be different. Spam from
>> that MTA would presumably go out over whichever protocol was available.
>> Perhaps because there’s a much smaller sample size on IPv6 (maybe 3% of our
>> outbound is IPv6 last time I looked) it’s more susceptible to a small amount
>> of email that’s deemed spam.
>>
>> Anyway, thanks :)
>>
>
> np, looks like you should have something in your inbox now to take a
> look at on your end…

Thanks - will report back on the outcome, might be of interest here,
(If you get this directly as well as to list, let me know :)

Tim

> p.s. unrelated data point: sent myself an email from this account, it
> came over IPv6 with no issues, here's some pudding to prove :-) :
>
> Received: from mail-ig0-x231.google.com
> ([IPv6:2607:f8b0:4001:c05::231]) by alln-inbound-m.cisco.com with
> ESMTP/TLS/RC4-SHA; 24 Sep 2014 14:49:23 +0000
>
>
>> Tim
>>
>> On 24 Sep 2014, at 13:41, Andrew 👽 Yourtchenko <ayourtch@gmail.com> wrote:
>>
>>> Tim,
>>>
>>> Roger that!
>>>
>>> We're checking internally what's going on.
>>>
>>> Changing just one nibble in the host portion of the address makes
>>> SenderBase score "neutral", so something must be up for that
>>> particular /128.
>>>
>>> When I learn more, will ping you.
>>>
>>> --a
>>>
>>>
>>> On 9/24/14, Tim Chown <tjc@ecs.soton.ac.uk> wrote:
>>>> My emails to Cisco people are now bouncing.
>>>>
>>>> It seems the cause is a poor rep on one of our MTAs:
>>>> http://www.senderbase.org/lookup/?search_string=2001%3A630%3Ad0%3Af102%3A%3A25e
>>>> The DNS reverse seems fine for falcon.ecs.soton.ac.uk
>>>>
>>>> But the email bounce (with username deleted) says:
>>>>
>>>> Final-Recipient: RFC822; xxxxxxxxxx@cisco.com
>>>> Action: failed
>>>> Status: 5.1.1
>>>> Remote-MTA: DNS; alln-mx-01.cisco.com
>>>> Diagnostic-Code: SMTP; 550 Connections from the host
>>>> falcon.ecs.soton.ac.uk
>>>> (2001:630:d0:f102::25e), originating from SenderBase Network Owner ID:
>>>> None,
>>>> are being rejected due to a low SenderBase Reputation Score. See
>>>> http://www.senderbase.org for more information or contact your IT
>>>> support
>>>> team.
>>>>
>>>> If any Cisco people are on this list, please have someone have a look. I
>>>> think Andrew Yourtchenko is, and he is one person with bounces.
>>>>
>>>> Tim
>>>>
>>>>
>>
>>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal