Mailing List Archive

1 2  View All
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On Sun Jun 21 16:22:26 2015, Dianne Skoll wrote:
> I don't approve of Barracuda's behaviour. If they're blocking
> /24s because of some bad machines, you should not have to pay for
> delisting one IP. If they can prove that your specific IP was responsible
> for a spam run, then it's legit to charge for delisting, but not
> otherwise.

I don’t know how Barracuda manages /24 blacklisting, but generally the
abuse contact is contacted (in fact the ISP, unless you have your own IP
block) and if there isn’t answer for some IPs, the block is blacklisted.

--
Alarig Le Lay
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On Sun, 21 Jun 2015 22:55:41 +0200
Reindl Harald <h.reindl@thelounge.net> wrote:

> the question is *how* is that de-listing managed and how do you
> manage "i will take care in the future" and if that's not true
> because de-listing is just a click how easy is it for spammers to not
> realy care

I delist anyone who asks without questioning them. The server stays
delisted for 45 days and then we once again re-evaluate it based
on observed reputation. We have the whole process pretty much
automated.

This system has worked very well for us.

Regards,

Dianne.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Hi Jered,

I'm not a Barracuda customer myself I can only report my own interaction
with them. I run several public mailservers.

1) I don't run public mailing lists and if I ever was going to do that I
would run them on a separate server with a separate IP address

2) I don't run my webserver on the same server as my mailservers.

3) I have gotten BLed by Barracuda a couple of times. It usually takes
about 3-4 days to get delisted so while I'm waiting I route outgoing
mail through an alternate server. I get BLed when a customer falls for
a phish mail and gives out their password.

My recommendation is you have at least 4 public IP address with servers,
one for your webserver, one for your mailserver and one for an alternate
mailserver and one for a mailing list server.

As for the "class C block" I think that is likely that you are trying to
do everything with a single static IP. If you had a subnet of public
IPs then the ISP that issued it to you would SWIP them to you and
you would have no problems proving to Barracuda that your not part of
the rabble.

I realize you said your in a data center. Contact the data center
provider and tell them you want a block they will SWIP to you. I
realize this may cost you some more money. But email is not one of
those things you can do well on the cheap.

Ted


On 6/20/2015 8:38 AM, Jered Floyd wrote:
>
> Hello SA-users,
>
> I have a question on the other side of things: outgoing mail. I know
> this is off-topic but this seems to the only venue where there might be
> knowledge of the problem, and the offender is a spamassassin "customer".
>
> (I operate an MTA host on which I run SpamAssassin -- it works
> flawlessly. (I am running Debian Postfix 2.7.1-1+squeeze1 with
> spamassassin 3.3.1-1.1) This system is in an Internap data center, and
> provides mail services for about a half-dozen organizations that I
> support. SPF and DKIM are correctly configured for hosted domains, as is
> user authentication for submitted mail.)
>
> I appear to be getting a shakedown scam from Barracuda Networks. They
> seem to be getting out of the "anti-spam" and into the "protection
> racket" business.
>
> A small number of recipients have been getting bounce-unsubscribed a
> community mailing list that I administer. The most recent bounces say
> that this "blocked using Barracuda Reputation;
> http://www.barracudanetworks.com/reputation/" Visiting that page
> provides no information on the specific reason my MTA has been blocked
> so I can't determine if there is a configuration issue, but there is a
> link for one-time removal.
>
> Below that the page says "One way to get your email through spam filters
> even if you are listed on the BRBL is to register your domain and IPs at
> EmailReg.org." OK, sounds good, I can prove that my IP address is
> allowed to send for my domains -- I thought that was what SPF and DKIM
> are for (which are configured) but whatever.
>
> However, I click through to emailreg.org <http://emailreg.org> and AFTER
> signing up for an account and configuring it they then reveal that there
> is a $20 "administrative fee" per domain.
>
> This sounds like a scam to me. They're blacklisting mail servers, not
> telling why, and then offering to take you off the list (without even
> correcting any problems) for "just" a $20 fee. I don't see how any
> legitimate RBL can operate with that model.
>
> Has anyone else here run into this? Is there a way out other than
> bribing Barracuda to not block my mail?
>
> Thanks,
> --Jered
>
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Hi Ted,

Thanks for the advice. I'm doing pretty much all of that except reserving an alternate IP as a backup relay/smarthost. That's a good idea.

I use one IP for almost all web traffic (going through a reverse proxy to a VM farm), one for DNS/Kerberos, one for a legacy install of my MUA, and one as both my MX and MTA. All my internal services relay to the MTA which is listed in SPF and handles DKIM signing; on the inbound side it handles SA and relay to appropriate internal host based on domain.

Having everything relay through one system gives me the opportunity to monitor for unusual mail volume across all services/clients.

Having an "emergency MTA" in my SPF records that I can relay to (or just bring up as another address on the existing server) would definitely help as long as the netblock isn't listed... getting a spare address on a different network would be useful, but I'm not sure how hard that will be to pry from Internap.

The form does seem to have worked, and I'm not currently on the BRBL, although this morning I got bounces from a Barracuda customer for a very benign message with "rejected due to spam content," so who knows. I wish there was better visibility into the process.

Best,
--Jered


----- On Jun 23, 2015, at 12:00 AM, Ted Mittelstaedt tedm@ipinc.net wrote:

> Hi Jered,
>
> I'm not a Barracuda customer myself I can only report my own interaction
> with them. I run several public mailservers.
>
> 1) I don't run public mailing lists and if I ever was going to do that I
> would run them on a separate server with a separate IP address
>
> 2) I don't run my webserver on the same server as my mailservers.
>
> 3) I have gotten BLed by Barracuda a couple of times. It usually takes
> about 3-4 days to get delisted so while I'm waiting I route outgoing
> mail through an alternate server. I get BLed when a customer falls for
> a phish mail and gives out their password.
>
> My recommendation is you have at least 4 public IP address with servers,
> one for your webserver, one for your mailserver and one for an alternate
> mailserver and one for a mailing list server.
>
> As for the "class C block" I think that is likely that you are trying to
> do everything with a single static IP. If you had a subnet of public
> IPs then the ISP that issued it to you would SWIP them to you and
> you would have no problems proving to Barracuda that your not part of
> the rabble.
>
> I realize you said your in a data center. Contact the data center
> provider and tell them you want a block they will SWIP to you. I
> realize this may cost you some more money. But email is not one of
> those things you can do well on the cheap.
>
> Ted
>
>
> On 6/20/2015 8:38 AM, Jered Floyd wrote:
>>
>> Hello SA-users,
>>
>> I have a question on the other side of things: outgoing mail. I know
>> this is off-topic but this seems to the only venue where there might be
>> knowledge of the problem, and the offender is a spamassassin "customer".
>>
>> (I operate an MTA host on which I run SpamAssassin -- it works
>> flawlessly. (I am running Debian Postfix 2.7.1-1+squeeze1 with
>> spamassassin 3.3.1-1.1) This system is in an Internap data center, and
>> provides mail services for about a half-dozen organizations that I
>> support. SPF and DKIM are correctly configured for hosted domains, as is
>> user authentication for submitted mail.)
>>
>> I appear to be getting a shakedown scam from Barracuda Networks. They
>> seem to be getting out of the "anti-spam" and into the "protection
>> racket" business.
>>
>> A small number of recipients have been getting bounce-unsubscribed a
>> community mailing list that I administer. The most recent bounces say
>> that this "blocked using Barracuda Reputation;
>> http://www.barracudanetworks.com/reputation/" Visiting that page
>> provides no information on the specific reason my MTA has been blocked
>> so I can't determine if there is a configuration issue, but there is a
>> link for one-time removal.
>>
>> Below that the page says "One way to get your email through spam filters
>> even if you are listed on the BRBL is to register your domain and IPs at
>> EmailReg.org." OK, sounds good, I can prove that my IP address is
>> allowed to send for my domains -- I thought that was what SPF and DKIM
>> are for (which are configured) but whatever.
>>
>> However, I click through to emailreg.org <http://emailreg.org> and AFTER
>> signing up for an account and configuring it they then reveal that there
>> is a $20 "administrative fee" per domain.
>>
>> This sounds like a scam to me. They're blacklisting mail servers, not
>> telling why, and then offering to take you off the list (without even
>> correcting any problems) for "just" a $20 fee. I don't see how any
>> legitimate RBL can operate with that model.
>>
>> Has anyone else here run into this? Is there a way out other than
>> bribing Barracuda to not block my mail?
>>
>> Thanks,
>> --Jered
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Am 23.06.2015 um 14:47 schrieb Jered Floyd:
> The form does seem to have worked, and I'm not currently on the BRBL, although this morning I got bounces from a Barracuda customer for a very benign message with "rejected due to spam content," so who knows. I wish there was better visibility into the process.

then it was not blocked by the RBL but by the contentfilter

making the process not visible is by intention on a spamfilter because
otherwise you leak informations how to bypass it

anyways, the biggest drawback of barracuda appliances is that you can
add additional blacklists but you can *not* score - the choices are
reject, quarantine, tag and that don't work senseful because if the
first response is froma RBL with "quarantine" it will not get rejected
at all while without that RBL listed on a differnt one it would have been
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
>> The form does seem to have worked, and I'm not currently on the BRBL, although
>> this morning I got bounces from a Barracuda customer for a very benign message
>> with "rejected due to spam content," so who knows. I wish there was better
>> visibility into the process.
>
> then it was not blocked by the RBL but by the contentfilter

Yes, I am aware of that. My point was that if they are feeling that benign content (I'm happy to forward to you) is spam, that may be a prelude to being on the BRBL again. (Although that does appear to have been due to a colleague's WordPress mishap.)


> making the process not visible is by intention on a spamfilter because
> otherwise you leak informations how to bypass it

Of course! With SA I can see what rules are being hit, though, which is nice. I'm not sure if the same is possible for a Barracuda client -- I have asked the affected recipient.

--Jered
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Am 23.06.2015 um 14:57 schrieb Jered Floyd:
>>> The form does seem to have worked, and I'm not currently on the BRBL, although
>>> this morning I got bounces from a Barracuda customer for a very benign message
>>> with "rejected due to spam content," so who knows. I wish there was better
>>> visibility into the process.
>>
>> then it was not blocked by the RBL but by the contentfilter
>
> Yes, I am aware of that. My point was that if they are feeling that benign content (I'm happy to forward to you) is spam, that may be a prelude to being on the BRBL again. (Although that does appear to have been due to a colleague's WordPress mishap.)

maybe the RCPT did train his appliance wrong?

most people do that because they don't realize that train ham is more
important than training spam after a suiteable amount is trained

>> making the process not visible is by intention on a spamfilter because
>> otherwise you leak informations how to bypass it
>
> Of course! With SA I can see what rules are being hit, though, which is nice. I'm not sure if the same is possible for a Barracuda client -- I have asked the affected recipient.
surely, you see even more on a Barracuda like which tokes of the message
was a hit and how often that token was marked as spam and as ham in case
of bayes via the webinterface

a highly customized spamassassin is part of the barracuda appliance
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Jered Floyd <jered@convivian.com> wrote:

>
> Hi Ted,
>
> Thanks for the advice. I'm doing pretty much all of that except reserving an alternate IP as a backup relay/smarthost. That's a good idea.
>
> I use one IP for almost all web traffic (going through a reverse proxy to a VM farm), one for DNS/Kerberos, one for a legacy install of my MUA, and one as both my MX and MTA. All my internal services relay to the MTA which is listed in SPF and handles DKIM signing; on the inbound side it handles SA and relay to appropriate internal host based on domain.

One thing to keep in mind is that you may need to rotate your spare IPs in now and then. Others can correct me, but my understanding is that all the major email providers are going to treat an IP that regularly sends email to them very differently than a “new” IP. You’d essentially be starting to send from an IP that has no reputation (or a reputation based on it’s neighbors).

It’s a tempting idea, we had a misconfiguration (a forgotten “mynetworks” entry) allow a hacked biz customer to send a giant phishing campaign. Quick to clean up, but it is a PITA to sort things out with AOL and Verizon (and a few others that seem to have lightly-staffed postmaster departments). Being able to swap to some new IPs would have been handy, but I’m not confident it’s a silver bullet.

Charles

>
> Having everything relay through one system gives me the opportunity to monitor for unusual mail volume across all services/clients.
>
> Having an "emergency MTA" in my SPF records that I can relay to (or just bring up as another address on the existing server) would definitely help as long as the netblock isn't listed... getting a spare address on a different network would be useful, but I'm not sure how hard that will be to pry from Internap.
>
> The form does seem to have worked, and I'm not currently on the BRBL, although this morning I got bounces from a Barracuda customer for a very benign message with "rejected due to spam content," so who knows. I wish there was better visibility into the process.
>
> Best,
> --Jered
>
>
> ----- On Jun 23, 2015, at 12:00 AM, Ted Mittelstaedt tedm@ipinc.net wrote:
>
>> Hi Jered,
>>
>> I'm not a Barracuda customer myself I can only report my own interaction
>> with them. I run several public mailservers.
>>
>> 1) I don't run public mailing lists and if I ever was going to do that I
>> would run them on a separate server with a separate IP address
>>
>> 2) I don't run my webserver on the same server as my mailservers.
>>
>> 3) I have gotten BLed by Barracuda a couple of times. It usually takes
>> about 3-4 days to get delisted so while I'm waiting I route outgoing
>> mail through an alternate server. I get BLed when a customer falls for
>> a phish mail and gives out their password.
>>
>> My recommendation is you have at least 4 public IP address with servers,
>> one for your webserver, one for your mailserver and one for an alternate
>> mailserver and one for a mailing list server.
>>
>> As for the "class C block" I think that is likely that you are trying to
>> do everything with a single static IP. If you had a subnet of public
>> IPs then the ISP that issued it to you would SWIP them to you and
>> you would have no problems proving to Barracuda that your not part of
>> the rabble.
>>
>> I realize you said your in a data center. Contact the data center
>> provider and tell them you want a block they will SWIP to you. I
>> realize this may cost you some more money. But email is not one of
>> those things you can do well on the cheap.
>>
>> Ted
>>
>>
>> On 6/20/2015 8:38 AM, Jered Floyd wrote:
>>> Hello SA-users,
>>>
>>> I have a question on the other side of things: outgoing mail. I know
>>> this is off-topic but this seems to the only venue where there might be
>>> knowledge of the problem, and the offender is a spamassassin "customer".
>>>
>>> (I operate an MTA host on which I run SpamAssassin -- it works
>>> flawlessly. (I am running Debian Postfix 2.7.1-1+squeeze1 with
>>> spamassassin 3.3.1-1.1) This system is in an Internap data center, and
>>> provides mail services for about a half-dozen organizations that I
>>> support. SPF and DKIM are correctly configured for hosted domains, as is
>>> user authentication for submitted mail.)
>>>
>>> I appear to be getting a shakedown scam from Barracuda Networks. They
>>> seem to be getting out of the "anti-spam" and into the "protection
>>> racket" business.
>>>
>>> A small number of recipients have been getting bounce-unsubscribed a
>>> community mailing list that I administer. The most recent bounces say
>>> that this "blocked using Barracuda Reputation;
>>> http://www.barracudanetworks.com/reputation/" Visiting that page
>>> provides no information on the specific reason my MTA has been blocked
>>> so I can't determine if there is a configuration issue, but there is a
>>> link for one-time removal.
>>>
>>> Below that the page says "One way to get your email through spam filters
>>> even if you are listed on the BRBL is to register your domain and IPs at
>>> EmailReg.org." OK, sounds good, I can prove that my IP address is
>>> allowed to send for my domains -- I thought that was what SPF and DKIM
>>> are for (which are configured) but whatever.
>>>
>>> However, I click through to emailreg.org <http://emailreg.org> and AFTER
>>> signing up for an account and configuring it they then reveal that there
>>> is a $20 "administrative fee" per domain.
>>>
>>> This sounds like a scam to me. They're blacklisting mail servers, not
>>> telling why, and then offering to take you off the list (without even
>>> correcting any problems) for "just" a $20 fee. I don't see how any
>>> legitimate RBL can operate with that model.
>>>
>>> Has anyone else here run into this? Is there a way out other than
>>> bribing Barracuda to not block my mail?
>>>
>>> Thanks,
>>> —Jered
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Am 23.06.2015 um 21:28 schrieb Charles Sprickman:
> One thing to keep in mind is that you may need to rotate your spare IPs in now and then. Others can correct me, but my understanding is that all the major email providers are going to treat an IP that regularly sends email to them very differently than a “new” IP. You’d essentially be starting to send from an IP that has no reputation (or a reputation based on it’s neighbors).

and *because* you have *no* reputation you will get a bad result if it
comes to greylisting and similar spam prevention by treat a completly
new IP as suspect and hence premature rotate IP's until something bad
happened is exactly what you should *not* do
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Heh Heh Heh Heh Heh

Since you and Charles have obviously never done this before why do you
feel qualified to comment?

Go ahead and not do this based on these logic castles you have built
that are not founded on any experience of reality. Your customers will
be suffering for a few days while you wait to get off a blacklist while
mine won't.

I have used this trick over many years while waiting for
AOL/Barracuda/etc. to pull their heads out on a de-list request. Of
course, adding a little sophistication in use helps. I ASSUMED I could
point you mules-heads in the right direction and you would use your
brains to figure out how to properly do this instead of figuring out how
to justify ass-sitting and not even trying it out.

But since your obviously too lazy to put any thought into the
technique, I don't see why I should waste my time elaborating any
further on it.

Jered, feel free to email me privately and I'll explain what you need to
do and how to set this up so that it works, if your interested.

Disgustedly,
Ted

On 6/23/2015 12:32 PM, Reindl Harald wrote:
>
> Am 23.06.2015 um 21:28 schrieb Charles Sprickman:
>> One thing to keep in mind is that you may need to rotate your spare
>> IPs in now and then. Others can correct me, but my understanding is
>> that all the major email providers are going to treat an IP that
>> regularly sends email to them very differently than a “new” IP. You’d
>> essentially be starting to send from an IP that has no reputation (or
>> a reputation based on it’s neighbors).
>
> and *because* you have *no* reputation you will get a bad result if it
> comes to greylisting and similar spam prevention by treat a completly
> new IP as suspect and hence premature rotate IP's until something bad
> happened is exactly what you should *not* do
>
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Am 26.06.2015 um 18:43 schrieb Ted Mittelstaedt:
> Heh Heh Heh Heh Heh
>
> Since you and Charles have obviously never done this before why do you
> feel qualified to comment?

*lol*

> Go ahead and not do this based on these logic castles you have built
> that are not founded on any experience of reality. Your customers will
> be suffering for a few days while you wait to get off a blacklist while
> mine won't.
>
> I have used this trick over many years while waiting for
> AOL/Barracuda/etc. to pull their heads out on a de-list request. Of
> course, adding a little sophistication in use helps. I ASSUMED I could
> point you mules-heads in the right direction and you would use your
> brains to figure out how to properly do this instead of figuring out how
> to justify ass-sitting and not even trying it out.
>
> But since your obviously too lazy to put any thought into the
> technique, I don't see why I should waste my time elaborating any
> further on it.
>
> Jered, feel free to email me privately and I'll explain what you need to
> do and how to set this up so that it works, if your interested.
>
> Disgustedly,
> Ted
>
> On 6/23/2015 12:32 PM, Reindl Harald wrote:
>>
>> Am 23.06.2015 um 21:28 schrieb Charles Sprickman:
>>> One thing to keep in mind is that you may need to rotate your spare
>>> IPs in now and then. Others can correct me, but my understanding is
>>> that all the major email providers are going to treat an IP that
>>> regularly sends email to them very differently than a “new” IP. You’d
>>> essentially be starting to send from an IP that has no reputation (or
>>> a reputation based on it’s neighbors).
>>
>> and *because* you have *no* reputation you will get a bad result if it
>> comes to greylisting and similar spam prevention by treat a completly
>> new IP as suspect and hence premature rotate IP's until something bad
>> happened is exactly what you should *not* do
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Although what you describe is a "workaround", the key is to keep your
house in order so you don't get listed, especially if you have not
actually fixed up the problem, DNBSBL's are just like local sys admins,
they get tired of adding in /32's after /32's for the same @$#holes,
thats when the /32's get removed and /24's get added, it wont take too
long to end up blocking all of your ranges. In fact since you've made
public your stance, it is likely anyone blocking your IP range, and
discovering its your service, may decide to block all of your IP ranges
first off to avoid wack-a-mole games.

Not many people I know have any faith in reputation services that try
"whitelist", but there are a tiny minority that apparently do, though
I've not known or in 25 years heard of, anyone getting blocked because
your using a new IP address on a system sending mail (why should we care
if its a new IP, or a 20yo IP - whats more of interest to us is how new
your "domain" is, who your registrar is, what your authoritative NS's
are, thats where we spam score you, backing off a bit as days and weeks
go by), I'd be more concerned for the users of such a wacky reputation
service than the fact they might block a new IP of mine or whosever.

Given most medium and large networks use multiple servers for sending
customer mails, when the load balancers are showing the existing cluster
needs expanding, we add more into the cluster, so I cant see anyone
stupid enough to use a service blocking new IP's, if they do, they
deserve all the hell they bring upon themselves :)

On 27/06/2015 02:43, Ted Mittelstaedt wrote:

> Heh Heh Heh Heh Heh
>
> Since you and Charles have obviously never done this before why do you
> feel qualified to comment?
>
> Go ahead and not do this based on these logic castles you have built
> that are not founded on any experience of reality. Your customers will be suffering for a few days while you wait to get off a blacklist while mine won't.
>
> I have used this trick over many years while waiting for AOL/Barracuda/etc. to pull their heads out on a de-list request. Of course, adding a little sophistication in use helps. I ASSUMED I could point you mules-heads in the right direction and you would use your brains to figure out how to properly do this instead of figuring out how to justify ass-sitting and not even trying it out.
>
> But since your obviously too lazy to put any thought into the technique, I don't see why I should waste my time elaborating any further on it.
>
> Jered, feel free to email me privately and I'll explain what you need to
> do and how to set this up so that it works, if your interested.
>
> Disgustedly,
> Ted
>
> On 6/23/2015 12:32 PM, Reindl Harald wrote:
> Am 23.06.2015 um 21:28 schrieb Charles Sprickman: One thing to keep in mind is that you may need to rotate your spare
> IPs in now and then. Others can correct me, but my understanding is
> that all the major email providers are going to treat an IP that
> regularly sends email to them very differently than a "new" IP. You'd
> essentially be starting to send from an IP that has no reputation (or
> a reputation based on it's neighbors).
> and *because* you have *no* reputation you will get a bad result if it
> comes to greylisting and similar spam prevention by treat a completly
> new IP as suspect and hence premature rotate IP's until something bad
> happened is exactly what you should *not* do
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On 6/27/2015 4:02 AM, Noel Butler wrote:
> Although what you describe is a "workaround", the key is to keep your
> house in order so you don't get listed, especially if you have not
> actually fixed up the problem,

Oh Noel, why are you giving me fish in a barrel to shoot?

OK, now that you put your foot in it, please elaborate on how a
"house is kept in order" that will protect it from idiots. This is
going to be fun!

Oh and don't forget to define the difference between chronic offenders
and just regular people who get nailed for no reason.

DNBSBL's are just like local sys admins,
> they get tired of adding in /32's after /32's for the same @$#holes,
> thats when the /32's get removed and /24's get added, it wont take too
> long to end up blocking all of your ranges. In fact since you've made
> public your stance, it is likely anyone blocking your IP range, and
> discovering its your service, may decide to block all of your IP ranges
> first off to avoid wack-a-mole games.
>

Did it ever, possibly, occur to you that my 'workaround' wouldn't work
if someone has a chronic problem? Nor would it work if someone was just
doing it because they were too lazy to fix an open relay because
the backup IP would just instantly get RBLed again.

Why do you think I RECOMMENDED doing it? Do you think that _I_ want to
get spammed by the OP if he doesn't know WTF he is doing?

The beauty of my suggestion is if the OP is just going to try doing
it because he doesn't want to clean up his setup, it won't work.

Get it, now?

That's precisely why anyone out there reading this who is running an RBL
is going to ignore "my stance" as you put it.

They know that if I can defeat their RBL by simply switching IP's then
their RBL has a problem. Because, switching IPs is what snowshoe
spammers do every day and if they cannot block me switching an IP then
they cannot block them and their RBL isn't worth a bucket of hog slop.

> Not many people I know have any faith in reputation services that try
> "whitelist", but there are a tiny minority that apparently do, though
> I've not known or in 25 years heard of, anyone getting blocked because
> your using a new IP address on a system sending mail

Nor have I which is one of the primary reasons I thought that what
Reindl said about new IPs was a load of baloney.

(why should we care
> if its a new IP, or a 20yo IP - whats more of interest to us is how new
> your "domain" is, who your registrar is, what your authoritative NS's
> are, thats where we spam score you, backing off a bit as days and weeks
> go by), I'd be more concerned for the users of such a wacky reputation
> service than the fact they might block a new IP of mine or whosever.
>

Agreed. Unfortunately, there ARE such wacky reputation service out
there - fortunately they are in the minority - and occasionally users
will want to email people who are using them and you have to know how
to get around those wacky services.

Ted

> Given most medium and large networks use multiple servers for sending
> customer mails, when the load balancers are showing the existing cluster
> needs expanding, we add more into the cluster, so I cant see anyone
> stupid enough to use a service blocking new IP's, if they do, they
> deserve all the hell they bring upon themselves :)
>
> On 27/06/2015 02:43, Ted Mittelstaedt wrote:
>
>> Heh Heh Heh Heh Heh
>>
>> Since you and Charles have obviously never done this before why do you
>> feel qualified to comment?
>>
>> Go ahead and not do this based on these logic castles you have built
>> that are not founded on any experience of reality. Your customers will
>> be suffering for a few days while you wait to get off a blacklist
>> while mine won't.
>>
>> I have used this trick over many years while waiting for
>> AOL/Barracuda/etc. to pull their heads out on a de-list request. Of
>> course, adding a little sophistication in use helps. I ASSUMED I could
>> point you mules-heads in the right direction and you would use your
>> brains to figure out how to properly do this instead of figuring out
>> how to justify ass-sitting and not even trying it out.
>>
>> But since your obviously too lazy to put any thought into the
>> technique, I don't see why I should waste my time elaborating any
>> further on it.
>>
>> Jered, feel free to email me privately and I'll explain what you need to
>> do and how to set this up so that it works, if your interested.
>>
>> Disgustedly,
>> Ted
>>
>> On 6/23/2015 12:32 PM, Reindl Harald wrote:
>>>
>>> Am 23.06.2015 um 21:28 schrieb Charles Sprickman:
>>>> One thing to keep in mind is that you may need to rotate your spare
>>>> IPs in now and then. Others can correct me, but my understanding is
>>>> that all the major email providers are going to treat an IP that
>>>> regularly sends email to them very differently than a "new" IP. You'd
>>>> essentially be starting to send from an IP that has no reputation (or
>>>> a reputation based on it's neighbors).
>>>
>>> and *because* you have *no* reputation you will get a bad result if it
>>> comes to greylisting and similar spam prevention by treat a completly
>>> new IP as suspect and hence premature rotate IP's until something bad
>>> happened is exactly what you should *not* do
>>>
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Ted, there is one ISP who insisted on blocking all emails sent from my system
because the internal network is "odd". It's not "localhost.localdomain" or
whatever it was they were looking for. And it appears on my email headers. They
decided "wizardess.wiz" is an illegal domain so the email from it should not be
allowed. Unfortunately one of my regular correspondents is on knology.net. So he
complained enough and they fixed it. Every once and awhile it kicks in again.
(Note that I do NOT run an MTA here. Email goes directly to dslextreme or
earthlink from here. Both were blocked at the same time. The only thing in
common with the two MTAs is the received from header from this machine I am on.)

There are any number of poorly thought out block lists. I rather carefully
consider their use here. At one point I got into a somewhat heated email
argument with Paul Vixie over his blocking my email addresses because of what we
now call "Joe Jobs". I made some unfortunate conclusions about his being a total
jerk despite his being one of the bind utility's chief daddies. He did good
work. He just had a screwdriver and needed a hammer which was more than 20' out
of his way so he banged on the problem with his Jolly Green Giant size
screwdriver handle. (And I am jerk enough I'd still like to stick his
screwdriver blade up his nose after subduing him with my rolling-pin stereotype.)

Fortunately or unfortunately it is impossible in the US to make it formally
illegal to be a total jerk. So we will always have jerks to deal with. Block
lists seem to be run by people who devolve into being total self-righteous jerks
over time. Sadly we have to deal with whatever we face.

{^_^} Joanne

On 2015-06-29 10:16, Ted Mittelstaedt wrote:
>
> On 6/27/2015 4:02 AM, Noel Butler wrote:
>> Although what you describe is a "workaround", the key is to keep your
>> house in order so you don't get listed, especially if you have not
>> actually fixed up the problem,
>
> Oh Noel, why are you giving me fish in a barrel to shoot?
>
> OK, now that you put your foot in it, please elaborate on how a
> "house is kept in order" that will protect it from idiots. This is
> going to be fun!
>
> Oh and don't forget to define the difference between chronic offenders
> and just regular people who get nailed for no reason.
>
> DNBSBL's are just like local sys admins,
>> they get tired of adding in /32's after /32's for the same @$#holes,
>> thats when the /32's get removed and /24's get added, it wont take too
>> long to end up blocking all of your ranges. In fact since you've made
>> public your stance, it is likely anyone blocking your IP range, and
>> discovering its your service, may decide to block all of your IP ranges
>> first off to avoid wack-a-mole games.
>>
>
> Did it ever, possibly, occur to you that my 'workaround' wouldn't work
> if someone has a chronic problem? Nor would it work if someone was just doing
> it because they were too lazy to fix an open relay because
> the backup IP would just instantly get RBLed again.
>
> Why do you think I RECOMMENDED doing it? Do you think that _I_ want to
> get spammed by the OP if he doesn't know WTF he is doing?
>
> The beauty of my suggestion is if the OP is just going to try doing
> it because he doesn't want to clean up his setup, it won't work.
>
> Get it, now?
>
> That's precisely why anyone out there reading this who is running an RBL
> is going to ignore "my stance" as you put it.
>
> They know that if I can defeat their RBL by simply switching IP's then
> their RBL has a problem. Because, switching IPs is what snowshoe spammers do
> every day and if they cannot block me switching an IP then
> they cannot block them and their RBL isn't worth a bucket of hog slop.
>
>> Not many people I know have any faith in reputation services that try
>> "whitelist", but there are a tiny minority that apparently do, though
>> I've not known or in 25 years heard of, anyone getting blocked because
>> your using a new IP address on a system sending mail
>
> Nor have I which is one of the primary reasons I thought that what
> Reindl said about new IPs was a load of baloney.
>
> (why should we care
>> if its a new IP, or a 20yo IP - whats more of interest to us is how new
>> your "domain" is, who your registrar is, what your authoritative NS's
>> are, thats where we spam score you, backing off a bit as days and weeks
>> go by), I'd be more concerned for the users of such a wacky reputation
>> service than the fact they might block a new IP of mine or whosever.
>>
>
> Agreed. Unfortunately, there ARE such wacky reputation service out there -
> fortunately they are in the minority - and occasionally users will want to email
> people who are using them and you have to know how
> to get around those wacky services.
>
> Ted
>
>> Given most medium and large networks use multiple servers for sending
>> customer mails, when the load balancers are showing the existing cluster
>> needs expanding, we add more into the cluster, so I cant see anyone
>> stupid enough to use a service blocking new IP's, if they do, they
>> deserve all the hell they bring upon themselves :)
>>
>> On 27/06/2015 02:43, Ted Mittelstaedt wrote:
>>
>>> Heh Heh Heh Heh Heh
>>>
>>> Since you and Charles have obviously never done this before why do you
>>> feel qualified to comment?
>>>
>>> Go ahead and not do this based on these logic castles you have built
>>> that are not founded on any experience of reality. Your customers will
>>> be suffering for a few days while you wait to get off a blacklist
>>> while mine won't.
>>>
>>> I have used this trick over many years while waiting for
>>> AOL/Barracuda/etc. to pull their heads out on a de-list request. Of
>>> course, adding a little sophistication in use helps. I ASSUMED I could
>>> point you mules-heads in the right direction and you would use your
>>> brains to figure out how to properly do this instead of figuring out
>>> how to justify ass-sitting and not even trying it out.
>>>
>>> But since your obviously too lazy to put any thought into the
>>> technique, I don't see why I should waste my time elaborating any
>>> further on it.
>>>
>>> Jered, feel free to email me privately and I'll explain what you need to
>>> do and how to set this up so that it works, if your interested.
>>>
>>> Disgustedly,
>>> Ted
>>>
>>> On 6/23/2015 12:32 PM, Reindl Harald wrote:
>>>>
>>>> Am 23.06.2015 um 21:28 schrieb Charles Sprickman:
>>>>> One thing to keep in mind is that you may need to rotate your spare
>>>>> IPs in now and then. Others can correct me, but my understanding is
>>>>> that all the major email providers are going to treat an IP that
>>>>> regularly sends email to them very differently than a "new" IP. You'd
>>>>> essentially be starting to send from an IP that has no reputation (or
>>>>> a reputation based on it's neighbors).
>>>>
>>>> and *because* you have *no* reputation you will get a bad result if it
>>>> comes to greylisting and similar spam prevention by treat a completly
>>>> new IP as suspect and hence premature rotate IP's until something bad
>>>> happened is exactly what you should *not* do
>>>>
>
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On 6/29/2015 1:37 PM, jdow wrote:
> Ted, there is one ISP who insisted on blocking all emails sent from my
> system because the internal network is "odd". It's not
> "localhost.localdomain" or whatever it was they were looking for. And it
> appears on my email headers. They decided "wizardess.wiz" is an illegal
> domain so the email from it should not be allowed. Unfortunately one of
> my regular correspondents is on knology.net. So he complained enough and
> they fixed it. Every once and awhile it kicks in again. (Note that I do
> NOT run an MTA here. Email goes directly to dslextreme or earthlink from
> here. Both were blocked at the same time. The only thing in common with
> the two MTAs is the received from header from this machine I am on.)
>

I've seen the same thing. Not with any of my servers but I have had
that happen over the years with customers running Exchange servers
behind scanning firewalls back when I was working for an ISP that did
connectivity. They would call us when their recipient's sysadmin
started speculating that it was the sender ISPs (us) fault. Naturally
the recipient IT manager never assumed their own crap was to blame, that
it was triggering off the internal pass between Exchange server and
firewall. I got so tired of explaining the problem I finally gave
up and when a customer would call I'd tell them I'd only fix it if
I could webex into their Exchange server console. Then I'd fix it
in front of them while they watched so they would get a clue. That
usually was right after they had gotten done explaining why it must
be our fault for not being able to route to the recipient's ISP or
some such rubbish.

> There are any number of poorly thought out block lists. I rather
> carefully consider their use here. At one point I got into a somewhat
> heated email argument with Paul Vixie over his blocking my email
> addresses because of what we now call "Joe Jobs". I made some
> unfortunate conclusions about his being a total jerk despite his being
> one of the bind utility's chief daddies. He did good work. He just had a
> screwdriver and needed a hammer which was more than 20' out of his way
> so he banged on the problem with his Jolly Green Giant size screwdriver
> handle. (And I am jerk enough I'd still like to stick his screwdriver
> blade up his nose after subduing him with my rolling-pin stereotype.)
>
> Fortunately or unfortunately it is impossible in the US to make it
> formally illegal to be a total jerk. So we will always have jerks to
> deal with. Block lists seem to be run by people who devolve into being
> total self-righteous jerks over time. Sadly we have to deal with
> whatever we face.
>

And, for some reason the absolute worst offenders are the commercial
blocklists. It's not so much their dizzying methods to get delisted
as much as their faulty logic that lists you in the first place.

Governments also have to be right up there. I had one time once where
City of Portland was running it's own DNS servers and had a number of
separate subdomains for various departments - and NONE of the subdomains
had MX records even though all of them had different mailservers
accepting mail, and the users in the departments were using the
subdomain email address instead of some global thing like
user@cityofportland.gov. I had users wanting to mail to
billybob@police.pdx.or.us or whatever they were using (I forget) and DNS
showed no MX record for police.pdx.or.us

Later, the City "fixed" this (a couple years later) by creating MX
records - except they were not consistent - not all of the city-run DNS
servers had them.

I had to just shortcut it in the mail
configuration to deliver straight to the IP addresses they used.
That configuration stayed in the server for almost a decade, in fact
I removed it last year just to see what would happen. Nobody complained
so I guess the city must have finally fixed it.

I'm so glad to be out of the connectivity market these days. I never
have to hear "I'm losing thousands of dollars because your service is
down" again. It never ceases to amaze me how people will fall apart
when the Internet connection is down. Particularly when I can clearly
recall 25 years ago when I would tell people about the new Internet and
they would get that expression of "why would anyone want that"

Ted

> {^_^} Joanne
>
> On 2015-06-29 10:16, Ted Mittelstaedt wrote:
>>
>> On 6/27/2015 4:02 AM, Noel Butler wrote:
>>> Although what you describe is a "workaround", the key is to keep your
>>> house in order so you don't get listed, especially if you have not
>>> actually fixed up the problem,
>>
>> Oh Noel, why are you giving me fish in a barrel to shoot?
>>
>> OK, now that you put your foot in it, please elaborate on how a
>> "house is kept in order" that will protect it from idiots. This is
>> going to be fun!
>>
>> Oh and don't forget to define the difference between chronic offenders
>> and just regular people who get nailed for no reason.
>>
>> DNBSBL's are just like local sys admins,
>>> they get tired of adding in /32's after /32's for the same @$#holes,
>>> thats when the /32's get removed and /24's get added, it wont take too
>>> long to end up blocking all of your ranges. In fact since you've made
>>> public your stance, it is likely anyone blocking your IP range, and
>>> discovering its your service, may decide to block all of your IP ranges
>>> first off to avoid wack-a-mole games.
>>>
>>
>> Did it ever, possibly, occur to you that my 'workaround' wouldn't work
>> if someone has a chronic problem? Nor would it work if someone was
>> just doing
>> it because they were too lazy to fix an open relay because
>> the backup IP would just instantly get RBLed again.
>>
>> Why do you think I RECOMMENDED doing it? Do you think that _I_ want to
>> get spammed by the OP if he doesn't know WTF he is doing?
>>
>> The beauty of my suggestion is if the OP is just going to try doing
>> it because he doesn't want to clean up his setup, it won't work.
>>
>> Get it, now?
>>
>> That's precisely why anyone out there reading this who is running an RBL
>> is going to ignore "my stance" as you put it.
>>
>> They know that if I can defeat their RBL by simply switching IP's then
>> their RBL has a problem. Because, switching IPs is what snowshoe
>> spammers do
>> every day and if they cannot block me switching an IP then
>> they cannot block them and their RBL isn't worth a bucket of hog slop.
>>
>>> Not many people I know have any faith in reputation services that try
>>> "whitelist", but there are a tiny minority that apparently do, though
>>> I've not known or in 25 years heard of, anyone getting blocked because
>>> your using a new IP address on a system sending mail
>>
>> Nor have I which is one of the primary reasons I thought that what
>> Reindl said about new IPs was a load of baloney.
>>
>> (why should we care
>>> if its a new IP, or a 20yo IP - whats more of interest to us is how new
>>> your "domain" is, who your registrar is, what your authoritative NS's
>>> are, thats where we spam score you, backing off a bit as days and weeks
>>> go by), I'd be more concerned for the users of such a wacky reputation
>>> service than the fact they might block a new IP of mine or whosever.
>>>
>>
>> Agreed. Unfortunately, there ARE such wacky reputation service out
>> there -
>> fortunately they are in the minority - and occasionally users will
>> want to email
>> people who are using them and you have to know how
>> to get around those wacky services.
>>
>> Ted
>>
>>> Given most medium and large networks use multiple servers for sending
>>> customer mails, when the load balancers are showing the existing cluster
>>> needs expanding, we add more into the cluster, so I cant see anyone
>>> stupid enough to use a service blocking new IP's, if they do, they
>>> deserve all the hell they bring upon themselves :)
>>>
>>> On 27/06/2015 02:43, Ted Mittelstaedt wrote:
>>>
>>>> Heh Heh Heh Heh Heh
>>>>
>>>> Since you and Charles have obviously never done this before why do you
>>>> feel qualified to comment?
>>>>
>>>> Go ahead and not do this based on these logic castles you have built
>>>> that are not founded on any experience of reality. Your customers will
>>>> be suffering for a few days while you wait to get off a blacklist
>>>> while mine won't.
>>>>
>>>> I have used this trick over many years while waiting for
>>>> AOL/Barracuda/etc. to pull their heads out on a de-list request. Of
>>>> course, adding a little sophistication in use helps. I ASSUMED I could
>>>> point you mules-heads in the right direction and you would use your
>>>> brains to figure out how to properly do this instead of figuring out
>>>> how to justify ass-sitting and not even trying it out.
>>>>
>>>> But since your obviously too lazy to put any thought into the
>>>> technique, I don't see why I should waste my time elaborating any
>>>> further on it.
>>>>
>>>> Jered, feel free to email me privately and I'll explain what you
>>>> need to
>>>> do and how to set this up so that it works, if your interested.
>>>>
>>>> Disgustedly,
>>>> Ted
>>>>
>>>> On 6/23/2015 12:32 PM, Reindl Harald wrote:
>>>>>
>>>>> Am 23.06.2015 um 21:28 schrieb Charles Sprickman:
>>>>>> One thing to keep in mind is that you may need to rotate your spare
>>>>>> IPs in now and then. Others can correct me, but my understanding is
>>>>>> that all the major email providers are going to treat an IP that
>>>>>> regularly sends email to them very differently than a "new" IP. You'd
>>>>>> essentially be starting to send from an IP that has no reputation (or
>>>>>> a reputation based on it's neighbors).
>>>>>
>>>>> and *because* you have *no* reputation you will get a bad result if it
>>>>> comes to greylisting and similar spam prevention by treat a completly
>>>>> new IP as suspect and hence premature rotate IP's until something bad
>>>>> happened is exactly what you should *not* do
>>>>>
>>

1 2  View All