Mailing List Archive

PBL and rejects
Hi,

I'm hoping I can ask this question here. Somehow the PBL considered the IP
addresses given to us by our ISP (I can share this if needed) as ineligible
to send email, resulting in any recipient domain that checks the PBL to
reject our email, including every email sent to a Microsoft 365 domain.
This is also despite having a rule to bypass spam filtering on the M365
side with our own M365 domain - apparently that is not bypassed?

Does anyone know how this might happen? Would my ISP have listed them
intentionally? I've now delisted all of our IPs successfully, and mail is
again flowing, but it obviously resulted in a pretty significant impact on
our delivery.

I'm also trying to confirm I've configured my system properly to best
utilize RBLs.

Any ideas greatly appreciated.
Re: PBL and rejects [ In reply to ]
Alex <mysqlstudent@gmail.com> writes:

> I'm hoping I can ask this question here. Somehow the PBL considered the IP
> addresses given to us by our ISP (I can share this if needed) as ineligible
> to send email, resulting in any recipient domain that checks the PBL to
> reject our email,

AIUI, PBL is supposed to be for dynamic-type IP addresses for
residential service, so if you have business service something seems
off.

What did your ISP say when you asked them about this? I would expect
them to be concerned because giving customers addresses in RBL is
obviously going to get them sorted into giving not-really-ok service and
negative recommendations, if that's what is really going on.
Re: PBL and rejects [ In reply to ]
Hi,

>
> > I'm hoping I can ask this question here. Somehow the PBL considered the
> IP
> > addresses given to us by our ISP (I can share this if needed) as
> ineligible
> > to send email, resulting in any recipient domain that checks the PBL to
> > reject our email,
>
> AIUI, PBL is supposed to be for dynamic-type IP addresses for
> residential service, so if you have business service something seems
> off.
>
> What did your ISP say when you asked them about this? I would expect
> them to be concerned because giving customers addresses in RBL is
> obviously going to get them sorted into giving not-really-ok service and
> negative recommendations, if that's what is really going on.
>

They denied any knowledge of three /29s being listed or having any
involvement in it happening.

They said they have a spamhaus license, which I'm assuming is for their own
servers, and that they would leverage that to ask a support question, but
they're disclaiming any responsibility.

These aren't new netblocks for us from them, but it seems awfully weird
that we would be operating on these IPs for 2+ years then all of the sudden
have them listed like they're dialup IPs.

The message I received during the delisting process with spamhaus/PBL for
"MyProvider" was:

Outbound Email policy of MyProvider LLC for this IP range
It is the policy of MyProvider LLC that unauthenticated email sent from
this IP address should be sent out only via the designated outbound mail
server allocated to MyProvider LLC customers. To find the hostname of the
correct mail server to use, customers should consult the original signup
documentation or contact MyProvider LLC Technical Support.

I don't know if that's just a boilerplate message or it actually refers to
the precise reason why my IPs were added to the PBL.
Re: PBL and rejects [ In reply to ]
>> > I'm hoping I can ask this question here. Somehow the PBL considered
>> > the IP addresses given to us by our ISP (I can share this if needed) as
>> > ineligible to send email, resulting in any recipient domain that checks
>> > the PBL to reject our email,
>>
>> AIUI, PBL is supposed to be for dynamic-type IP addresses for
>> residential service, so if you have business service something seems
>> off.
>>
>> What did your ISP say when you asked them about this? I would expect
>> them to be concerned because giving customers addresses in RBL is
>> obviously going to get them sorted into giving not-really-ok service and
>> negative recommendations, if that's what is really going on.

On 14.11.22 20:23, Alex wrote:
>They denied any knowledge of three /29s being listed or having any
>involvement in it happening.
>
>They said they have a spamhaus license, which I'm assuming is for their own
>servers, and that they would leverage that to ask a support question, but
>they're disclaiming any responsibility.

spamhaus license is a different issue.

>These aren't new netblocks for us from them, but it seems awfully weird
>that we would be operating on these IPs for 2+ years then all of the sudden
>have them listed like they're dialup IPs.

generic/dialup DNS names can help here. If they aren't dynamically
allocated, their DNS records should contain at least string "static".

It's generally advised to use personalized DNS names (reverse and direct)
for mailservers or any hosts supposed to send e-mail.

Note that if you send mail using authentication, you usually don't need
this.

>The message I received during the delisting process with spamhaus/PBL for
>"MyProvider" was:
>
>Outbound Email policy of MyProvider LLC for this IP range
>It is the policy of MyProvider LLC that unauthenticated email sent from
>this IP address should be sent out only via the designated outbound mail
>server allocated to MyProvider LLC customers. To find the hostname of the
>correct mail server to use, customers should consult the original signup
>documentation or contact MyProvider LLC Technical Support.
>
>I don't know if that's just a boilerplate message or it actually refers to
>the precise reason why my IPs were added to the PBL.

yes, they are explicitly telling you to use mailserver outside of this
range.
If you have own mailserver, you should dedicate IP address for it, one that
won't be added to PBL by your ISP.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...
Re: PBL and rejects [ In reply to ]
Hi,

>
> >These aren't new netblocks for us from them, but it seems awfully weird
> >that we would be operating on these IPs for 2+ years then all of the
> sudden
> >have them listed like they're dialup IPs.
>
> generic/dialup DNS names can help here. If they aren't dynamically
> allocated, their DNS records should contain at least string "static".
>
> It's generally advised to use personalized DNS names (reverse and direct)
> for mailservers or any hosts supposed to send e-mail.
>
> Note that if you send mail using authentication, you usually don't need
> this.
>

These are bare metal servers dedicated to us in their datacenter. They
control reverse DNS, but we have given them the hostnames we have
explicitly defined for this, and to match our forward DNS.


> >I don't know if that's just a boilerplate message or it actually refers to
> >the precise reason why my IPs were added to the PBL.
>
> yes, they are explicitly telling you to use mailserver outside of this
> range.
> If you have own mailserver, you should dedicate IP address for it, one
> that
> won't be added to PBL by your ISP.
>

Our DNS entries and the way we operate our mail server (primarily relaying
scanned mail to M365 systems) hasn't changed in the two years we've been
with this provider.

So you believe these IPs would have been added to the PBL by our ISP? Do
you know how that might have been done?

I'm trying to understand why or how we would have been added to the PBL
when nothing was changed. It was the entirety of our netblocks, not even
just the IPs we're currently using.

Thanks so much for your help.
Re: PBL and rejects [ In reply to ]
>> >I don't know if that's just a boilerplate message or it actually refers to
>> >the precise reason why my IPs were added to the PBL.
>>
>> yes, they are explicitly telling you to use mailserver outside of this
>> range. If you have own mailserver, you should dedicate IP address for
>> it, one that won't be added to PBL by your ISP.

On 15.11.22 08:27, Alex wrote:
>Our DNS entries and the way we operate our mail server (primarily relaying
>scanned mail to M365 systems) hasn't changed in the two years we've been
>with this provider.
>
>So you believe these IPs would have been added to the PBL by our ISP? Do
>you know how that might have been done?

It is possible that your ISP listed their IP ranges there.

IP address can get to PBL and similar listing by DNS, whois data, and spam
detected from those can also help.

If your ISP told you to send mail through other mailservers, while you have
own mailserver, perhaps you should discuss this with your ISP.

ISP should be able to contact Spamhaus to delist those ranges, or provide
you with other range.


>I'm trying to understand why or how we would have been added to the PBL
>when nothing was changed. It was the entirety of our netblocks, not even
>just the IPs we're currently using.

Try providing IP address/range?

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I'm not interested in your website anymore.
If you need cookies, bake them yourself.