LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-22-2010, 02:09 PM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Rep: Reputation: 77
Spamhaus PBL


OK so I have a question about how Spamhaus works. I read their site but there is something I don't understand so I will explain the scenario as clear as I can.

My Postfix email server is hosted with a company called ViUX and their IP address is not listed in any Spamhaus list what so ever from what I can tell. But the residential ISP my mail clients send mail from to the remote Postfix server appear to be on the Spamhaus PBL. This is not uncommon however my mail server is not the residential IP that's black listed so I don't understand why I tried to send the following email and got this message:

Code:
Failed Recipient: someone@brektek.org
Reason: Remote host said: 554 Service unavailable; Client host [vss155.webhosting-email.com] blocked by zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=74.235.192.80
Now above the 'client host' is listed as my remote mail provider but the IP is not from them, it's my residential IP that my mail client (Thunderbird) is originating the message to. So it goes like this:

Thunderbird (port 25) [74.235.192.80] > ViUX mail server (port 25) [64.38.48.101] > destination mail server.

Can anyone tell me then why my messages are being rejected via Spamhaus if my mail server IP is not blacklisted? The entire AT&T / Bell South block appears to black listed here but how does this matter? I sent an email to my friends mail server and the headers are shown below:

Code:
Return-Path: <david@harbormarketinggroup.com>
X-Original-To: carlos@iamghost.com
Delivered-To: carlos@iamghost.com
Received: by mail.iamghost.com (Postfix, from userid 5001)
    id 098F4207B4; Fri, 22 Oct 2010 13:55:34 -0400 (EDT)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.iamghost.com
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=6.3 tests=none autolearn=ham
    version=3.3.1
Received: from vss155.webhosting-email.com (vss155.webhosting-email.com [64.38.48.101])
    by mail.iamghost.com (Postfix) with ESMTP id B25E1207AE
    for <carlos@iamghost.com>; Fri, 22 Oct 2010 13:55:32 -0400 (EDT)
Received: from adsl-235-192-80.mco.bellsouth.net [74.235.192.80] by vss155.webhosting-email.com with SMTP;
    Fri, 22 Oct 2010 13:54:27 -0400
From: "David Hawks" <david@harbormarketinggroup.com>
To: "'Carlos Mennens'" <carlos@iamghost.com>
References: <042001cb6c7b$f634be20$e29e3a60$@harbormarketinggroup.com> <50fbfa956c20765d2d504f52aae60dcd@iamghost.com> <027101cb6c82$6a673c90$3f35b5b0$@com> <e85bc20489fe467936523e09a120b85e@iamghost.com>
In-Reply-To: <e85bc20489fe467936523e09a120b85e@iamghost.com>
Subject: RE: Policy Database Created For Finance
Date: Fri, 22 Oct 2010 13:48:08 -0400
Message-ID: <003601cb7211$49b46240$dd1d26c0$@com>
MIME-Version: 1.0
Content-Type: text/plain;
    charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: ActsiEWlogT11GVGRZCqoNd85tck+wFiP1aw
Content-Language: en-us
Can someone explain to me why mail from a mail server that's not blacklisted gets rejected based on the info above? I don't understand.
 
Old 10-24-2010, 09:35 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
What I think is happening is that the mail is shown as originating at your IP which is in the range of 74.234.0.0/15. This range appears to be part of Bell Souths DSL service. Since the mail is originating in a IP addresses range that is blocked, the message is being rejected. The most probable reason that the range is blocked is that it is part of their residential service block and most residential customers don't send mail directly onto the Internet but go through their ISPs designated mail server. Even though your mail server is a hop on the chain, your Bell South ADSL host is showing as the origin point and this is the problem.

How you get around this will depend on your setup and will probably involve how you set your originating mail server to 'relay'. For example, if you are running a mail server at home using Postfix, you can configure it to relay through your ISP which should get you around this type of trouble as the mail will appear to originate from a valid mail handler.
 
Old 10-24-2010, 11:38 AM   #3
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 77
I did some research on this and I think the problem is their mail server is scanning ever client the actual email connects to in hopping to the destination server. For whatever reason the recipient mail server is blocking email due to the residential IP range being blocked. Obviously my sending mail server is not sending email from the Bell South / residential IP but in my opinion, their mail server should only scan the last client IP in the message headers, not ever single client. I don't think their mail server's configured correctly.
 
Old 10-25-2010, 04:31 AM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Yes, I think you are right that they are scanning all of the hops in the mail chain and based on having what appears to be a residential ISP hop in the link is causing them to reject the message. Unfortunately, it is a common technique to attempt to spoof the originating location by tacking fake headers in at the bottom, meaning you can't look at the origin IP. Then attempting to whitelist / blacklist based on the last hop would be a massive undertaking and require a huge database of known "good" servers. Mindspring.com and their underlying provider Earthlink are notorious for this and everyone is blacklisted unless you complain and prove yourself to be a good player. Consequently, I don't think the recipient domain has a lot of choice in the matter and the only real solution is to scan all of the headers.

What is troublesome, and perhaps this bears some investigation on your end with your ISP, is why does your mail appear to be originating at your (residential) IP? I assume that it was forwarded through your ISP's mail handler, which would have been configured as your SMTP server. It would be better to have it appear to be from their SMTP server in the mail chain and would be less likely to cause problems. The way it is currently, it appears as if your machine is running the SMTP server and launching the mail directly (from the banned range).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
http://www.spamhaus.org/query/bl?xxx.xxx.xxx.xxx (Server cannot send email now!) RMLinux Linux - Server 3 05-08-2009 02:06 AM
LXer: Barracuda offers a new -- and free -- alternative to Spamhaus LXer Syndicated Linux News 0 12-18-2008 02:41 AM
Spamhaus Question carlosinfl Linux - Server 5 10-01-2008 03:01 PM
spamhaus/cbl keep blocking my ip! efm Linux - Networking 5 01-10-2007 12:40 AM
rblsmtpd & spamhaus.org ziggie216 Linux - General 1 12-19-2005 12:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration