Elrond Posted July 14, 2006 Share Posted July 14, 2006 Hi all, i have a problem that i can't resolve. I have setuped email server with SPF, DomainKeys, Reverse DNS, but every time when i send email to yahoo, yahoo mark my email as Bulk mail. My domain is private so only i can send email from this domain. Here are my full header: Return-Path: <condor[at]myhost.net> Delivered-To: condor[at]test.com Received: (qmail 2426 invoked from network); 13 Jul 2006 07:48:03 -0000 Received: from myhost.net (213.169.37.103) by ns.test.com with SMTP; 13 Jul 2006 07:48:03 -0000 Received: (qmail 32579 invoked by uid 0); 13 Jul 2006 07:43:34 -0000 Received: by simscan 1.2.0 ppid: 32574, pid: 32575, t: 0.0064s scanners: attach: 1.2.0 clamav: 0.88.3/m:34/d:1082 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=myhost.net; b=cqKZEiCm8LWuPtQDT3SA6nCnBnTI6xdcPH9EuTMEPI3ZmSL6bgdgdfgddfgbjlCD95h8JfBXzH8CeBpgAqsTY6k9jp/m4UCRrfa0UWPf4gdm2b7LWrW68qGbSJ ; Received: from unknown (HELO mail.myhost.net) (condor[at]myhost.net[at]213.169.37.103) by 0 with ESMTPA; 13 Jul 2006 07:43:34 -0000 Received: from 82.103.71.18 (SquirrelMail authenticated user condor[at]myhost.net) by mail.myhost.net with HTTP; Thu, 13 Jul 2006 10:43:34 +0300 (EEST) Message-ID: <50380.82.103.71.18.1152776614.squirrel[at]mail.myhost.net> Date: Thu, 13 Jul 2006 10:43:34 +0300 (EEST) Subject: test From: "Condor" <condor[at]myhost.net> To: condor[at]test.com Reply-To: condor[at]myhost.net User-Agent: SquirrelMail/1.4.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Do any body can say me what is wrong in my header that yahoo mark all my email as bulk mail ? I replace my host with myhost.net and domain that recive email with test.com Link to comment Share on other sites More sharing options...
Farelf Posted July 14, 2006 Share Posted July 14, 2006 ... what is wrong in my header that yahoo mark all my email as bulk mail ?Hi Elrond. You say you have rDNS set up but you seem to be going through 82.103.71.18 which is not showing rDNS - ref http://www.dnsstuff.com/tools/ptr.ch?ip=82.103.71.18 It may just be a little slow in working its way into the records and may not have anything to do with your problem but it is something I can see. Also, according to http://www.dnsreport.com/tools/dnsreport.ch?domain=spnet.net FAIL Open DNS servers ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are: ...Again, I don't know if that would be enough to cause you problems with the classification of your mail by Yahoo. Hopefully someone who knows more can step in and comment. Can't tell a lot from your headers - they are a bit mangled by wrapped lines by the way, can only assume that is just due to the way they were copied and pasted "here". I don't think I've helped much, but something to kick the discussion off perhaps? Link to comment Share on other sites More sharing options...
Elrond Posted July 14, 2006 Author Share Posted July 14, 2006 Hi again, top of header is: Received: from myhost.net (213.169.37.103) So : http://www.dnsstuff.com/tools/ptr.ch?ip=213.169.37.103 seem's that it's fine rDNS. The 82.103.71.18 ip is my home ip that i send email, because i have SMTP Auth, not server ip. Link to comment Share on other sites More sharing options...
Merlyn Posted July 14, 2006 Share Posted July 14, 2006 If I lookup 213.169.37.103 I get canonical name stz-bg.com. addresses 213.169.37.103 SMTP - 25 220 ixip.net ESMTP --------------------------------- If I lookup ixip.net I get canonical name ixip.net. addresses 213.169.37.101 SMTP - 25 220 ixip.net ESMTP --------------------------------- Then looking up a different way I get another IP 213.169.37.100 - IP hosts 2 Total Domains ... Showing 1 - 2 out of 2 Domain Name 1 IXIP.NET. 2 STZ-BG.COM. Link to comment Share on other sites More sharing options...
dbiel Posted July 14, 2006 Share Posted July 14, 2006 What I would do if I were still looking for answers would be: note: requires having a Yahoo email account and a SpamCop reporting account (both free) Send an email message to my Yahoo account. Parse (submit) the message to your SpamCop reporting account (be sure to cancel the reports so that you do not end up reporting yourself) and then post the tracking URL here. I may show that one of your internal handoffs is not posting correctly to the headers. It may also indicate what logic Yahoo applied which resulted in the "Bulk mail" designation; if it is based on headers or content. Anyway, just my thoughts on the subject. Link to comment Share on other sites More sharing options...
Elrond Posted July 14, 2006 Author Share Posted July 14, 2006 Here are a tracing url: http://www.spamcop.net/sc?id=z999950197zab...caf8ce6ad0c45cz Merlyn: I know, but i can't find solution of this problem. I have one server with multiple domains. Link to comment Share on other sites More sharing options...
Wazoo Posted July 14, 2006 Share Posted July 14, 2006 Busy doing other things, having some issues pulling up some sites on this system for some reason .... but has anyone else tried looking up a DUL listing .. for instance, look at how "empty" http://www.senderbase.org/?searchBy=ipaddr...=213.169.37.103 appears ..... I'm of the thought that the IP addres involved is likely in a pool not 'defined' as something other than the "custmer of ...." that I keep seeing .. suggesting that it fits more into the 'profile' of a compromised computer being involved with the sending of the e-mail comcerned .... Is there any reason why it's "only" Yahoo that's been brought up in this conversation? Link to comment Share on other sites More sharing options...
Elrond Posted July 14, 2006 Author Share Posted July 14, 2006 The reason is why my email has been treated as spam, i just want to know and also how i fix my problem. Link to comment Share on other sites More sharing options...
dbiel Posted July 14, 2006 Share Posted July 14, 2006 The problem appears to be the IP address being used: See: http://www.senderbase.org/search?searchString=213.169.37.103 The headers show that Yahoo received the mail from 213.169.37.103 but if you do a lookup on that address there is a great lack of information. You need to do something about getting that address properly registered or simply use a SMTP server that is registered for you out going mail. Also take note of the following: Received: (qmail 4689 invoked (uid 0)); 14 Jul 2006 19:01:43 -0000 no from Ignored Received: by simscan 1.2.0 ppid: 4684, pid: 4685, t: 0.0059s scanners: attach: 1.2.0 clamav: 0.88.3/m:34/d:1082 no from Ignored The lack of a from line in the headers that matches the sent by in the previous header might in itself be enough for some one to consider the mail spam. If these can be clearly seen as simply internal hand offs, it really should not be a problem. The bigger problem is that lack of information for the IP address that Yahoo actually received the mail from which is probably why they are sending to the bulk mail folder. But it becomes impossible to tack the mail back past the first break in the chain of header handoffs. As you noticed Sender Base does not show any mail coming from 213.169.37.103 Yahoo and many others do not like receiving mail from someone that is not easily identified and as SenderBase indicates 213.169.37.103 (who Yahoo received the mail from) is not identified very well at all. Link to comment Share on other sites More sharing options...
Merlyn Posted July 14, 2006 Share Posted July 14, 2006 Here are a tracing url: http://www.spamcop.net/sc?id=z999950197zab...caf8ce6ad0c45cz Merlyn: I know, but i can't find solution of this problem. I have one server with multiple domains. Yes I agree that is ok but from my lookups I see that domain on multiple IPs????????????? Link to comment Share on other sites More sharing options...
Elrond Posted July 15, 2006 Author Share Posted July 15, 2006 dbiel: Thanks for help. How i register my domains in Sender Base ? I search in site but i not found any documentation how i can register. Merlyn: I have 3 domains with 3 different ip addresses. Every domain have own ip and PTR and work with same server. eth0, eth0:1, eth0:2... Link to comment Share on other sites More sharing options...
dbiel Posted July 15, 2006 Share Posted July 15, 2006 dbiel: Thanks for help. How i register my domains in Sender Base ? I search in site but i not found any documentation how i can register.You don't. SenderBse pull information that is on file as public record for each IP address. Who owns the IP addresses? or put another way, where did you get them from? That source is the one that need to register them. But I am getting over my head on this issue and you are asking a very technical question, so will leave it to someone else to reply Merlyn: I have 3 domains with 3 different ip addresses. Every domain have own ip and PTR and work with same server. eth0, eth0:1, eth0:2...What are the IP addresses of the other two? Who set up your SMTP server? rDNS for 213.169.37.103 indicates: 213.169.37.103 PTR record: stz-bg.com. WHOIS results for stz-bg.com Generated by www.DNSstuff.com Registrar: TUCOWS INC. Status: REGISTRAR-LOCK [the normal status for a domain when it is locked] Dates: Created 14-mar-2004 Updated 18-jan-2006 Expires 14-mar-2007 DNS Servers: NS1.TWISTED4LIFE.COM NS.IXIP.NET The following is probably the answer to your original question as to why Yahoo is dumping your mail into a spam folder: WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record. stz-bg.com claims to be host ixip.net [but that host is at 213.169.37.101 (may be cached), not 213.169.37.103]. Looks like I failed to review the entire thread before posting. You stated that you set up your email server. The problem is that you are running a single mail server for multiple domains with different IP addresses and using the IP address of one of the domains as the IP address for the mail server. If your are going to use as single mail server, it must have it's own IP address. Link to comment Share on other sites More sharing options...
Elrond Posted July 15, 2006 Author Share Posted July 15, 2006 Hi again. I have one server -> 213.169.37.100 with two other ip addresses: ixip.net -> 213.169.37.101 and stz-bg.com -> 213.169.37.103. I use only last two domains, ixip.net and stz-bg.com. I setup qmail and install qmail + vpopmail. For rDNS i use http://rno-consultores.com./mail/qmail/qma...tgoingips.patch with mapping. May be whois from www.DNSstuff.com is old or cached because when i make whois stz-bg.com from consle output is: Domain Name: STZ-BG.COM Registrar: TUCOWS INC. Whois Server: whois.opensrs.net Referral URL: http://domainhelp.tucows.com Name Server: NS.STZ-BG.COM Name Server: NS1.TWISTED4LIFE.COM Status: REGISTRAR-LOCK EPP Status: clientUpdateProhibited EPP Status: clientDeleteProhibited EPP Status: clientTransferProhibited Updated Date: 07-Jul-2006 Creation Date: 14-Mar-2004 Expiration Date: 14-Mar-2007 Domain servers in listed order: NS.STZ-BG.COM 213.169.37.103 NS1.TWISTED4LIFE.COM 202.157.182.142 Every domain have own ip address but looks like the problem is in SMTP greeting message. Unfortunately the qmail give SMTP greeting message from control file me or helohost, but it's give only the first line. I have in my helohost both two domains: ixip.net stz-bg.com Do any body know i fix this problem without i setup another server? I don't believe that qmail can't work with multiple domains, but i unable to found any documentation how to setting up. Link to comment Share on other sites More sharing options...
dbiel Posted July 15, 2006 Share Posted July 15, 2006 I can not help on how to fix it but can correct some terminalogy. You do not have one server. You have one computer that is presenting itself as multiple servers. The mail server should have it own IP address and name that is different from the other 3 domain servers It should acknowledge receiving mail from each of the 3 separate domains and and identify itself as the sender with a common name used regardless of which domain the message orginated from. In theory you could use the existing setup, but it must identify itself as the sender, not the other two domains which are claiming to be sending mail when in reality they are using the first one to send their mail. Link to comment Share on other sites More sharing options...
Elrond Posted July 15, 2006 Author Share Posted July 15, 2006 Thanks to every one that help. I fix the problem Yes, the problem really is in SMTP greeting message and i fix the problem. Thanks again for help. Link to comment Share on other sites More sharing options...
turetzsr Posted July 18, 2006 Share Posted July 18, 2006 Thanks to every one that help. I fix the problem Yes, the problem really is in SMTP greeting message and i fix the problem. Thanks again for help. Hi, Elrond! ...Thank you for returning here and letting us know the good news! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.