FA+
Shop
This is why we can't have nice things
12 years ago
General
Over a decade ago when I de-mothballed my "server" and began tinkering with Linux (something that would alter the entire course of my life... but that's a story for a different journal), it quickly went from an experimental server to being integrated into the family household, first sharing dial-up and later sharing cable internet.
One of the things that happened was a lot of "why not?" reasoning. FTP server? Why not. Helix Server? Sure, why not. E-mail? Why the heck not. Industrial strength BIND DNS services? Well why not!
Having your own e-mail server is an interesting experience. Back when I started with it, I could almost send e-mail to anyone I wanted. Almost... because already at that time some places were checking the e-mail source. And because my DNS entry failed a reverse-lookup, some mail providers would block me. That's fair, of course. No legitimate e-mail server wouldn't have a real DNS record with a proper reverse-lookup PTR record. As time wore on, it got worse. Now there are very few mail servers that will accept mail from me, because my IP address range is blacklisted. Again, this is totally understandable as no legitimate mail server would reside on a domestic IP block.
So what about incoming mail? That's a story in itself! When the internet was fresh and new, e-mail servers could relay mail... that is, if a mail was sent to your server that didn't originate from your domain and wasn't destined for your domain, your server would happily pass it along. E-mail servers can still relay mail, but that's a quick way to make a lot of people mad because spammers love open relay sites to help cover their tracks.
Because I run a proper mailserver, relaying is forbidden. That didn't keep me from getting a lot of reports from my mailserver about illegal relay attempts. It was interesting to watch, and I found out there were two kinds of spammers: those that when given the "554 Relay Access Denied Error" would politely wrap things up with a QUIT command... and those who couldn't slam the connection closed fast enough once you dropped the 554 on them. Apparently they were in a hurry to go spam someone else!
Back in February of this year I noticed that all my illegal relay notices stopped. It wouldn't be until 6 months later I'd figure out the truth: sadly for us home-hobbyists, Comcast shut down incoming port 25 to all their residential customers. I know this is to fight the continuing fight against spambot networks on people's home machines, but some of us who had properly-configured mail services got caught in the blast radius. I know, I know... no legitimate mailserver would be... but it still kinda sucks. And I'm sure no amount of begging would convince Comcast to open my port 25 back up.
So you see? This is why we can't have nice things. Because sooner or later, they get exploited and shut down. It happened with the original mail relay concept, and now it's happened with home-brew mail servers.
Every now and then I'd get a funny session transcript from my mailserver. It happens when the originating server refuses to pay attention to the error messages and keeps plowing ahead as if nothing was wrong...
Transcript of session follows.
Out: 220 xxx.aviary.dyndns.org ESMTP Postfix (Debian/GNU)
In: EHLO 127.0.0.1
Out: 250-xxx.aviary.dyndns.org
Out: 250-PIPELINING
Out: 250-SIZE 10240000
Out: 250-VRFY
Out: 250-ETRN
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: AUTH LOGIN
Out: 503 5.5.1 Error: authentication not enabled
In: mail from: testing[at]testers.com
Out: 250 2.1.0 Ok
In: rcpt to: csclus.smtp[at]gmail.com
Out: 554 5.7.1 <csclus.smtp@gmail.com>: Relay access denied
In: data
Out: 554 5.5.1 Error: no valid recipients
In: Content-Type: text/html
Out: 221 2.7.0 Error: I can break rules, too. Goodbye.
Silly geeks... always sneaking humor in unlikely places...
Then there was the time I clicked on my local server mailbox, only to hear the server's hard drive churn. It churned for close to 15 seconds and then Thunderbird reported over a thousand new messages. Hundreds of illegal relay messages, most of them not even 5 seconds apart, sometimes three with the same time stamp! Over the course of four days!
I'll never know for sure, but I think I was the target of a DoS attack! I made the big-time! ^_^
One of the things that happened was a lot of "why not?" reasoning. FTP server? Why not. Helix Server? Sure, why not. E-mail? Why the heck not. Industrial strength BIND DNS services? Well why not!
Having your own e-mail server is an interesting experience. Back when I started with it, I could almost send e-mail to anyone I wanted. Almost... because already at that time some places were checking the e-mail source. And because my DNS entry failed a reverse-lookup, some mail providers would block me. That's fair, of course. No legitimate e-mail server wouldn't have a real DNS record with a proper reverse-lookup PTR record. As time wore on, it got worse. Now there are very few mail servers that will accept mail from me, because my IP address range is blacklisted. Again, this is totally understandable as no legitimate mail server would reside on a domestic IP block.
So what about incoming mail? That's a story in itself! When the internet was fresh and new, e-mail servers could relay mail... that is, if a mail was sent to your server that didn't originate from your domain and wasn't destined for your domain, your server would happily pass it along. E-mail servers can still relay mail, but that's a quick way to make a lot of people mad because spammers love open relay sites to help cover their tracks.
Because I run a proper mailserver, relaying is forbidden. That didn't keep me from getting a lot of reports from my mailserver about illegal relay attempts. It was interesting to watch, and I found out there were two kinds of spammers: those that when given the "554 Relay Access Denied Error" would politely wrap things up with a QUIT command... and those who couldn't slam the connection closed fast enough once you dropped the 554 on them. Apparently they were in a hurry to go spam someone else!
Back in February of this year I noticed that all my illegal relay notices stopped. It wouldn't be until 6 months later I'd figure out the truth: sadly for us home-hobbyists, Comcast shut down incoming port 25 to all their residential customers. I know this is to fight the continuing fight against spambot networks on people's home machines, but some of us who had properly-configured mail services got caught in the blast radius. I know, I know... no legitimate mailserver would be... but it still kinda sucks. And I'm sure no amount of begging would convince Comcast to open my port 25 back up.
So you see? This is why we can't have nice things. Because sooner or later, they get exploited and shut down. It happened with the original mail relay concept, and now it's happened with home-brew mail servers.
Every now and then I'd get a funny session transcript from my mailserver. It happens when the originating server refuses to pay attention to the error messages and keeps plowing ahead as if nothing was wrong...
Transcript of session follows.
Out: 220 xxx.aviary.dyndns.org ESMTP Postfix (Debian/GNU)
In: EHLO 127.0.0.1
Out: 250-xxx.aviary.dyndns.org
Out: 250-PIPELINING
Out: 250-SIZE 10240000
Out: 250-VRFY
Out: 250-ETRN
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: AUTH LOGIN
Out: 503 5.5.1 Error: authentication not enabled
In: mail from: testing[at]testers.com
Out: 250 2.1.0 Ok
In: rcpt to: csclus.smtp[at]gmail.com
Out: 554 5.7.1 <csclus.smtp@gmail.com>: Relay access denied
In: data
Out: 554 5.5.1 Error: no valid recipients
In: Content-Type: text/html
Out: 221 2.7.0 Error: I can break rules, too. Goodbye.
Silly geeks... always sneaking humor in unlikely places...
Then there was the time I clicked on my local server mailbox, only to hear the server's hard drive churn. It churned for close to 15 seconds and then Thunderbird reported over a thousand new messages. Hundreds of illegal relay messages, most of them not even 5 seconds apart, sometimes three with the same time stamp! Over the course of four days!
I'll never know for sure, but I think I was the target of a DoS attack! I made the big-time! ^_^
We've been having a lot of trouble at work. Some idiot managed to get a virus (We think it came in via USB stick) that was smart enough to pull the exchange server's address from Outlook and commence heavy spamming, so we got added to the spamhaus blacklist. Getting *off* of the list is not easy.
That said, if you really want to get your emails accepted, you should make sure your domain has both SPF and DKIM records filled and correct. PTR records are rarely used because the resolution almost always takes a long time -- and their contents can be easily spoofed as well.
P.S. At the site I used to manage, we would get flagged as spammers about once a year... usually because some "public relationships" person sending a "merry Christmas" type message to all ~20000 past and present students at once... >.<
I would be interested in steps to convince a cable company you are not a spam threat. Any details would be welcome. Of course, since I work literally next door to the Comcast offices, you'd think I'd have an inside contact...
Getting your IP delisted might be a problem, but it depends on which list you are. I suggest checking spamhaus' residential address list ( http://www.spamhaus.org/pbl/ ) first and then casting a wider net; there are precious few blocklists running these days, since spammers tend to mount truly staggering DDoS attacks against them.
That said, as long as you're on a dynamic IP, delisting is probably a futile game. Once again, I'd advise checking with the helpline, getting a static IP might be just a case of paying a few $ a month more.
That said, I offer mail server advice freely, since poorly configured and not fully compliant remote mail servers are the bane of an admin's existence. What do you say to your CEO when he comes in angry for not getting a 'very important email' from a domain you find listed in spamhaus' list? Or one that only makes a single attempt at delivery?