Spamhaus PBL
OK so I have a question about how Spamhaus works. I read their site but there is something I don't understand so I will explain the scenario as clear as I can.
My Postfix email server is hosted with a company called ViUX and their IP address is not listed in any Spamhaus list what so ever from what I can tell. But the residential ISP my mail clients send mail from to the remote Postfix server appear to be on the Spamhaus PBL. This is not uncommon however my mail server is not the residential IP that's black listed so I don't understand why I tried to send the following email and got this message: Code:
Failed Recipient: someone@brektek.org Thunderbird (port 25) [74.235.192.80] > ViUX mail server (port 25) [64.38.48.101] > destination mail server. Can anyone tell me then why my messages are being rejected via Spamhaus if my mail server IP is not blacklisted? The entire AT&T / Bell South block appears to black listed here but how does this matter? I sent an email to my friends mail server and the headers are shown below: Code:
Return-Path: <david@harbormarketinggroup.com> |
What I think is happening is that the mail is shown as originating at your IP which is in the range of 74.234.0.0/15. This range appears to be part of Bell Souths DSL service. Since the mail is originating in a IP addresses range that is blocked, the message is being rejected. The most probable reason that the range is blocked is that it is part of their residential service block and most residential customers don't send mail directly onto the Internet but go through their ISPs designated mail server. Even though your mail server is a hop on the chain, your Bell South ADSL host is showing as the origin point and this is the problem.
How you get around this will depend on your setup and will probably involve how you set your originating mail server to 'relay'. For example, if you are running a mail server at home using Postfix, you can configure it to relay through your ISP which should get you around this type of trouble as the mail will appear to originate from a valid mail handler. |
I did some research on this and I think the problem is their mail server is scanning ever client the actual email connects to in hopping to the destination server. For whatever reason the recipient mail server is blocking email due to the residential IP range being blocked. Obviously my sending mail server is not sending email from the Bell South / residential IP but in my opinion, their mail server should only scan the last client IP in the message headers, not ever single client. I don't think their mail server's configured correctly.
|
Yes, I think you are right that they are scanning all of the hops in the mail chain and based on having what appears to be a residential ISP hop in the link is causing them to reject the message. Unfortunately, it is a common technique to attempt to spoof the originating location by tacking fake headers in at the bottom, meaning you can't look at the origin IP. Then attempting to whitelist / blacklist based on the last hop would be a massive undertaking and require a huge database of known "good" servers. Mindspring.com and their underlying provider Earthlink are notorious for this and everyone is blacklisted unless you complain and prove yourself to be a good player. Consequently, I don't think the recipient domain has a lot of choice in the matter and the only real solution is to scan all of the headers.
What is troublesome, and perhaps this bears some investigation on your end with your ISP, is why does your mail appear to be originating at your (residential) IP? I assume that it was forwarded through your ISP's mail handler, which would have been configured as your SMTP server. It would be better to have it appear to be from their SMTP server in the mail chain and would be less likely to cause problems. The way it is currently, it appears as if your machine is running the SMTP server and launching the mail directly (from the banned range). |
All times are GMT -5. The time now is 02:28 AM. |