Jump to content
Sign in to follow this  
Wazoo

chicago webs mail3 server being blocked

Recommended Posts

Brought here from a PM

Hello, We've been blocked for some time now and we can't figure out why, we get no alerts, reports or any indication, only from oru clients that we're being blocked.

In the FAQ's, it states to turn off auto-responders and bounce, we can't do either of these as we are a shared hosting company. we also have a zero tolerance for spam and have been regular users of SpamCop for several years.

We need to get to the bottom of this and get off of the list.

Please advise as to the best and quickest way to accomplish this.

Thanx!

PM responded to with a pointer to "here" ...

Share this post


Link to post
Share on other sites

ns2.chicagowebs.com reports the following MX records:

Preference Host Name IP Address TTL

10 mail4.chicagowebs.com 64.37.122.4 3600

50 mail.chicagowebs.com 64.37.122.2 3600

100 mail2.chicagowebs.com 64.37.122.8 3600

500 mail3.chicagowebs.com 64.37.122.199 3600

64.37.122.4 not listed in bl.spamcop.net

64.37.122.8 not listed in bl.spamcop.net

64.37.122.199 not listed in bl.spamcop.net

http://www.spamcop.net/w3m?action=checkblock&ip=64.37.122.2

64.37.122.2 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 1 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

http://www.senderbase.org/?searchBy=ipaddr...ing=64.37.122.2

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 3.8 .. -59%

Last 30 days .. 4.2 .... -8%

Average ........ 4.2

Spamtraps do not generate reports. Asking for some specific "may" get some answers from deputies[at]admin.spamcop.net, but .... I don't recall much data available in the (various) SpamCop FAQs on the toolset I see advertised on your web-site, but in today's climate, auto-responders and returning "delayed" bounces just isn't the way to handle things these days. There are other FAQ entries available in the SpamCop FAQ found "here" and much dialog from others in this Forum section that deal with this spammer abuse of a once-trusted way of e-mail handling.

Share this post


Link to post
Share on other sites

Brought here from a PM

PM responded to with a pointer to "here" ...

37481[/snapback]

Thanx for the info. We're huge fans of SpamCop, and have been for years, even use thee RBL in our filtering in house with 7 mail servers. We're a shared hosting company so we'll occasionally get the noob who wants to abuse the system and they're soon removed from our network. We have a zero tolerance for spam, but Imail doesn't have a lot of tools nor does it do a "real" good job with filtering.

We really can't disable auto-responders, and we pretty much have to enable "bounce"

Does anyone have any suggestions on how to configure the system so we're not blocked again? I'm certainly all ears here as when we get listed, it's a HUGE inconvenience to thousands of clients.

Thanx again!

CW

Share this post


Link to post
Share on other sites
We really can't disable auto-responders, and we pretty much have to enable "bounce" 

37488[/snapback]

First of all for an unknown user IMail's SMTP service responds with a 550 unknown user error and does not accept the message unless you have it configured diferently.

There is no need to bounce messages to the "From" address for any mail system.

Share this post


Link to post
Share on other sites
<snip>

We really can't disable auto-responders, and we pretty much have to enable "bounce"

<snip>

37488[/snapback]

...Can you explain a bit more? My initial reaction to this was to reply with a rude retort but first I thought I'd give you a chance to explain. :) <g> Thanks.

Share this post


Link to post
Share on other sites
We really can't disable auto-responders, and we pretty much have to enable "bounce" 

Does anyone have any suggestions on how to configure the system so we're not blocked again? I'm certainly all ears here as when we get listed, it's a HUGE inconvenience to thousands of clients.

37488[/snapback]

Those two statements are mutually exclusive. If you do not turn off auto-responders, it is likely your system will continue to send messages to innocent email addresses forged as the sender of those messages (spam and viruses), including spam trap addresses.

However, a quick test of the mailserver we think is on the list seems to show you are NOT bouncing messages for fake addresses, instead using the better "error code rejection".

220 mail.chicagowebs.com (IMail 8.15 639151-15) NT-ESMTP Server X1

250 hello mail.chicagowebs.com

250 ok

550 not local host chicagowebs.com, not a gateway

221 Goodbye

Share this post


Link to post
Share on other sites
If you do not turn off auto-responders, it is likely your system will continue to send messages to innocent email addresses forged as the sender of those messages (spam and viruses), including spam trap addresses.

So then we will need to disable the auto-responders for all accounts? What other steps can be taken to ensure our mail servers don't end up on the blacklist again?

Share this post


Link to post
Share on other sites

As people have suggested, auto-responders and after acceptance bounces mean that you will be listed. The reason is that both go to the forged return-path and to innocent recipients - who are sometimes overwhelmed by the after acceptance replies to the forged From or return path.

There is another topic discussing possible strategies for getting your clients to accept no auto-responders and no 'bounces' - I don't know if it applies to your situation or not.

Post #10

But since you seem willing to shut them down, maybe you won't have to go to those lengths.

Server admins here may have some other suggestions about how to avoid blocklists in your situation. Glad that you are working hard to be 'part of the solution'!

Miss Betsy

Share this post


Link to post
Share on other sites
So then we will need to disable the auto-responders for all accounts? What other steps can be taken to ensure our mail servers don't end up on the blacklist again?

37516[/snapback]

Yes, and not for that reason alone but in todays spam filled internet it will stop you from abusing the internet also.

People who never sent you anything surely do not want to receive junk from you that you pass on because their address was forged in the "From". Many spammers use autoresponders to send their crap.

HTH HAND.

Share this post


Link to post
Share on other sites
Yes, and not for that reason alone but in todays spam filled internet it will stop you from abusing the internet also.

People who never sent you anything surely do not want to receive junk from you that you pass on because their address was forged in the "From".  Many spammers use autoresponders to send their crap.

HTH HAND.

37523[/snapback]

They may be using forged addresses, however, maintaining a well functional Friend's system makes the reduction of junk mail 100% reduced. However, Spamcop is not this solution... SPF is. Therefore, to fix that problem, SPF should be more widely used.

Share this post


Link to post
Share on other sites

Spamcop is certainly the best solution for those of us who use spamcop to filter junkmail. Its use was never intended and is not recommended as a block but merely a means to tag and filter spam.

Edited by dra007

Share this post


Link to post
Share on other sites

I don't know what you mean by 'functional Friends' system' If that means whitelisting, my vote is against it. IMHO, the receiver of email should have to do nothing to sort spam and any messages that the server admin filters for him should be returned at the server level to the sender to deal with.

The only whitelisting I would permit is for bulk email when all bulk email is blocked except for what has been whitelisted.

Miss Betsy

Share this post


Link to post
Share on other sites
Spamcop is certainly the best solution for those of us who use spamcop to filter junkmail.

37620[/snapback]

...And also for those responsible server admins whose network is, unbeknownst to them, being used to send spam.
Its use was never intended and is not recommended as a block but merely a means to tag and filter spam.

37620[/snapback]

...Which is not to say that only tagging and filtering is a valid approach. Were I an e-mail admin I might (assuming my agreements with my customers permitted) want to not have to deal with the spam at all. Were I a paying subscriber to an ISP or MSP (e-mail service provider), I would want the admins of my system to block suspected spam rather than having to pay for its storage and having to deal with a "suspected spam" folder.

Share this post


Link to post
Share on other sites

It appears that our mail server was listed again today. Is anyone familiar with IMail and if there's a way to disable auto-responders? Also, can anyone suggest other options or products to help keep these servers off the blacklists?

Share this post


Link to post
Share on other sites
It appears that our mail server was listed again today.  Is anyone familiar with IMail and if there's a way to disable auto-responders? Also, can anyone suggest other options or products to help keep these servers off the blacklists?

37673[/snapback]

This time it appears to be: http://mailsc.spamcop.net/w3m?action=blche...p=64.37.122.199

And again: Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

The good news: If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 3 hours.

Is IMail a list-serv server? I notice one of the reports against the .2 address is:Submitted: Thursday, September 15, 2005 4:00:25 AM -0400:

Illegal IMail List Server Command!

If so, you may not be able to disable the auto-responder for the list serv. I almost hate to suggest this (rater having you fix the problem) but you may want to have that server output on only one IP address with normal traffic using the other addresses?

Share this post


Link to post
Share on other sites
Is IMail a list-serv server?  I notice one of the reports against the .2 address is:Submitted: Thursday, September 15, 2005 4:00:25 AM -0400:

Illegal IMail List Server Command!

37674[/snapback]

Imail has a list-server within its functions as well as the standard POP/SMTP/IMAIL functions.

We ran Imail for awhile and I remember that we managed to disable bounces and auto-responses but as I don't have access to Imail any longer and I can't remember which combination of settings we used.

I do recall that Ipswitch were exceedingly helpful in supporting us when we had issues and their online knowledge base was pretty good too. Chiwebs may want to pop on over to http://www.Ipswitch.com

Andrew

Edited by agsteele

Share this post


Link to post
Share on other sites
I do recall that Ipswitch were exceedingly helpful in supporting us when we had issues and their online knowledge base was pretty good too.  Chiwebs may want to pop on over to http://www.Ipswitch.com

37752[/snapback]

Please note, however, that Ipswitch's own email advertising machinery has ignored years of bounces.

Share this post


Link to post
Share on other sites

Hey guys,

One of our servers is listed again, and it's really becoming a PITA... We're a legit company, we use Imail 8.x and we're being reported because of bounces and/or mail sent to spamtraps.

Now, my question, how can we secure Imail to not send bounces or turn off auto-responders? We can't find it and Ipswitch is absolutely useless and no responses via their forums, etc.

We have a couple hundred thousand users and switching mail server software is just not an option for us, not right now anyway.

I need a way to secure this so we can stay off the SCBL...

Thanx in advance for your help

CW

Sorry, the mail server in question is: 64.37.122.199 ( mail3.chicagowebs.com )

Moderator Edit: Merged this "new" Topic into the existing one ...same subject, same issues ....

Edited by Wazoo

Share this post


Link to post
Share on other sites

ipswitch has a pretty good user forum accessible from the "Support" option on their website (www.ipswitch.com). You might try posting a request there and see if anyone else has figured out how to bounce during SMTP instead of sending misdirected NDRs.

Share this post


Link to post
Share on other sites
Now, my question, how can we secure Imail to not send bounces or turn off auto-responders? We can't find it and Ipswitch is absolutely useless and no responses via their forums, etc.

39837[/snapback]

My response isn't going to be very practical other than to say that when we ran Imail for our Email servers I'm sure that we did manage to turn off bounce messages. Sadly, we no longer use Imail so don't have access to the server to check the settings and share them with you.

But I encourage you to keep on searching for the answer to your questions. Someone must know what to do <_<

I do recall that Imail offers the option of creating vacation messages by each user and this can cause the listings that you refer to. I seem to recall that vacation messages are always enabled if you allow web messaging. So you cannot prevent vacation messages if you give your users access to web messaging. So anyone receiving spam from forged Email addresses will bounce back a vacation message (if using the option) and thus risk getting your IP re-listed.

You can enable a range of DNSbls in Imail and we found this to be effective in stopping the forged messages from getting into the system in the first place.

Checking an old manual I've found I see that there is a bounce messages option in the Domain Administration section of Imail relating to sub-mailboxes. Worth switching that off I guess. We also refused messages which arrived with a null sender and that seemed to reduce the messages arriving.

I see that the online manual offers a few entries that might be pertinent. I searched for 'bounce' at: http://www.ipswitch.com/support/imail/guid...r_wh/iadmin.htm

Andrew

Share this post


Link to post
Share on other sites

It could be just clueless users being hosted there.

Yes I know it's old but it is a good example:

Submitted: Wednesday, January 04, 2006 9:36:20 PM -0500:

Thank you for contacting <x>. You have reached an email address that...

This is not an IMail message that was reported, it was an autoreply from <x> who's mail is on that same server. They accepted the mail and auto replied to the invalid "From" address.

I believe the complete subject was:

Thank you for contacting <x>. You have reached an email address that is no longer active.

Share this post


Link to post
Share on other sites
It could be just clueless users being hosted there.

Yes I know it's old but it is a good example:

Submitted: Wednesday, January 04, 2006 9:36:20 PM -0500:

Thank you for contacting <x> You have reached an email address that...

This is not an IMail message that was reported, it was an autoreply from SitesDynamic who's mail is on that same server. They accepted the mail and auto replied to the invalid "From" address.

I believe the complete subject was:

Thank you for contacting <x>. You have reached an email address that is no longer active.

39843[/snapback]

Thanx guys, I'll look a bit deeper into this. But for the record, we can't disable webmail, so that's not an option.

CW

Share this post


Link to post
Share on other sites
Thanx guys, I'll look a bit deeper into this. But for the record, we can't disable webmail, so that's not an option.

CW

39845[/snapback]

How would a warning and explanation to your users about the dangers of using Out of Office replies in this age of spam?

Share this post


Link to post
Share on other sites
We also refused messages which arrived with a null sender and that seemed to reduce the messages arriving.

39842[/snapback]

Please don't do that. Those messages don't cause misdirected bounces, most of them probably ARE bounces. Domains whose mailservers refuse those messages in violation of RFCs 821, 2821, 2505, and 1123 are subject to listing by dsn.rfc-ignorant.org - see Listing policy for dsn.rfc-ignorant.org zone for details.

Share this post


Link to post
Share on other sites
Thanx guys, I'll look a bit deeper into this. But for the record, we can't disable webmail, so that's not an option.

CW

39845[/snapback]

You could insist that users use a 'whitelist' for OOO messages. That helped someone I think.

If you handle your PR correctly, by telling your users that the OOO messages are sending spam to innocent people, you might be able to get them to actually do it. I don't know whether this is a good idea or not - I can't remember - but filtering for spam on /outgoing/ messages could also reduce OOOs responding to spam.

Miss Betsy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×