Jump to content

Where is my email going?? is it me or my ISP??


Esherwood76

Recommended Posts

Posted
But none of these (except possibly point 1) account for the lost Email arriving with you.

He's not getting his inbound mail because it appears the server accepting mail for that domain is running an unpatched version of SpamAssassin, which is rejecting everything with a date after 1/1/2010. SA needs fixing.

Posted

An IP being listed in a blocklist doesn't prevent you from receiving email, though. If you're not getting mail, it's because something's misconfigured--the server, your email client, something. Your webhost needs to walk you through this step by step and make sure everything's correct.

Posted

From that other topic, these parts deal with my take on your mail receipt problem:

...The example you posted shows another problem - web099.gen2host.com is attached to an unpatched copy of SpamAssassin which is flagging anything with a 2010 date, giving it a high spam score. That may be affecting your inwards mail. Your inwards mail should be tagged and moved, not rejected, to guard against such false positives.

...You also need to get SpamAssassin patched....

"Patched" refers to getting the 2010 date thing fixed. This is a known issue, known 'fix', there is no excuse for having it unpatched this long after manifestation of the problem. No matter what your IT people are saying, with your present setup as described and shown, those issues must be addressed if you are to reliably receive mail (or to receive it at all). There may be other problems - but the evident ones are the ones to start with in seeking solutions.

The further point I made about two other domains using the same MX (mail exchange) may come into the picture as well although it shouldn't for inwards mail (but that should be tested).

The domain does not appear to be blacklisted: http://www.robtex.com/dns/staffbook.co.uk.html#blacklists

Posted

Just to give a baseline - test message via Yahoo sent (Subject: SpamCop user Farelf, test message - Date: Friday, January 22, 2010 0653 +0000). If that reaches you with SpamAssassin unpatched then you are not in dire straits, there will be some other reason some messages are not reaching you (maybe *their* IP addresses are blocked).

Posted
Thanks everyone that looked into my issue over missing emails yesterday. I have gone back to my hosts and passed on all your comments but I am afraid it was met with a resounding ...."thats not the problem"

I was going to say welcome back... But sadly you're back because the problem wasn't resolved :( Sorry!

However, I wonder if we're really the best folk to assist you. Your tech guys are adamant about what the problem isn't. If it was me, I'd be pressing them to tell you what it is... Trying to work with multiple support advice from all over the place then pass it through some higher authority may be a fruitless exercise for you.

Certainly the things that were identified previously are issues that you might wish to address. I suggested you remove the O2 mobile connection from the equation until you've got the issue resolved. That's an easy thing to do and could well resolve your sending problem.

If you can fix the sending then you then only have to resolve the receiving.

Let us know how you get on without O2 in the equation.

Andrew

Posted

Thanks everyone.

Andrew, I have stopped using o2 but I guess it will be a while before I can say definitively of that has helped. I have also told my hosts to patch the spam assasin thing in immediately.

I looked on the link that you sent but to be honest i wasnt sure what I was looking at; I guess you are telling me that the name 'staffbook.co.uk' is not/or cannot be blacklisted and that its is the old IP address that had a problem - not the domain name itself....how does that work for spammers who just move mail servers then???

Anyway, thanks again for trying, I know this is probably moving further and further away from what the forum is designed for but didnt really know where else to go......

Posted
...I looked on the link that you sent but to be honest i wasnt sure what I was looking at; I guess you are telling me that the name 'staffbook.co.uk' is not/or cannot be blacklisted and that its is the old IP address that had a problem - not the domain name itself....how does that work for spammers who just move mail servers then??? ...
Oh yes, the domain can be listed (that is just a different type of blacklist, one that is mostly helpful in recognising spammy, phishing or malicious websites - particularly if they are the 'payload' link in spam mail) but the link showed yours wasn't listed (not on those checked anyway and they are all the major ones). Spammers mostly send their mail though a network of hijacked computers - the From: and Reply-to: addresses are usually spoofed and usually bear no relationship to the many and varied routes the typical spammer will use.

Noting you received the Yahoo test mail so you retain (or have gained) a substantial ability to receive mail (for some value of "substantial"). If your IT advisers are so sure of what the problem is not then hopefully they are narrowing the field of possibilities as to what it actually is. I'm out of further suggestions for the moment.

Posted
As far as I can see the above would get you out of trouble. Wazoo was alert to some difficulties I didn't follow (he's far more technically aware than am I). Can he (or anyone) add to/support/refute the foregoing?

My ISP's HQ is a bit west of me, the storm was moving east. I lost connectivity for a couple of hours, then lost power here. Pictures seen on the TV show the power guys dealing with massive transmission lines with 2 to 3 inches of ice around them (picture that as about 8 inches / 20+ centimeters cross section) which of course those lines were not designed to support. Some folks not expected to see power restored until the week-end.

First skim of most of the data here seems OK, but noting that there's been a lot of traffic and a lot more detail provided by many .... My mode right now is 'catch up' and there sems to have been quite a lot of other things happening here while I've been sitting here freezing. Will come back and take some time to read everything in more depth in a bit. I'm generally left with the impression that this is definitely a ISP/Hosting issue for the most part at this point, and/or whoever is/was in charge of generating the DNS Records for the Domain involved.

Thanks folks for continuing to try to help.

Posted
Linear Post #1: I use Telefonica (o2) when I am at home through a mobile 3G dongle thingy.... I have an office with Regus and use their fixed line when I am at work

Just for the record, all Posts here seem to have come through the O2 connction(s). Not really described/defined is the "fixed line" connection. For example, Dial-up, cable/DSL. another wireless router involved, etc.

Linear Post #3; The outgoing and incoming mail settings are the same, they are set up in Outlook and I dont change them depending where I am working

This statement seems to suggest that a single (assumedly a) laptop involved, as compared to multiple computers/systems, i.e. a dedicated 'office' machine, a transportable laptop, and yet another 'home' system. The actual "Outlook settings" might be important, as is the actual connection to e-mail server involved. The mention of Outlook would suggest that web-mail isn't the connection mode, alng with the mention of SMTP elsewhere. For some reason, there's a question floating around in my head about whether there's an open Port25 connection or if there's an 'authenticated' connection over another Port. May not be important, but it's data not made known here.

Linear Post #16 - I suggested the FAQ entries, troubleshooting using CC: mode

I don't believe I saw any response to this, beyond the dialog that a couple of e-mails to other users here have worked. However, the question remains about results of e-mail sent to other users "that you say disappeared" with no error/status messages provided. This is where the CC: option would come in handy.

Linear Post #17 - includes SpamCopDNSBL listing of 82.132.248.199

OK, we now see the SpamCopDNSBL listing coming into play, but as noted by others, this listing was against the O2 wireless connection .... nothing against the folks hosting your site/servers. Other users in this mode have come here for questions, as their own ISP was found using the SpamCopDNSBL in a "blocking" fashion, thus they found that their own ISP wouldn't accept their outgoing e-mail for delivery as it was seen "coming from a spam source" .... disconnecting/re-connecting to get another connection IP Address could sometimes solve this problm.

Incoming e-mail issues:

Assumedly, bringing SpamAssassin up to date will resolve some of the more immediate issues.

As noted by others, an MX record does exist. However, there are still issues that some other outgoing e-mail servers may not like to deal with. per http://www.mxtoolbox.com/

mx:staffbook.co.uk mx

Pref Hostname IP Address TTL

10 www.staffbook.co.uk 89.151.77.58 60 min

Reported by ns0.serve.co.uk on Sunday, January 24, 2010 at 11:30:54 AM

a:staffbook.co.uk a

Type Domain Name IP Address TTL

A staffbook.co.uk 89.151.77.58 60 min

Reported by ns0.serve.net.uk on Sunday, January 24, 2010 at 11:30:23 AM

spf:www.staffbook.co.uk spf

No records found

smtp:www.staffbook.co.uk smtp

220 *********************************

Not an open relay.

0 seconds - Good on Connection time

0.484 seconds - Good on Transaction time

OK - 89.151.77.58 resolves to (Note the blank spot here)

Warning - Reverse DNS does not match SMTP Banner

Session Transcript:

HELO please-read-policy.mxtoolbox.com

250 web099.gen2host.com [125 ms]

MAIL FROM: <supertool[at]mxtoolbox.com>

250 2.1.0 Ok [109 ms]

RCPT TO: <test[at]example.com>

554 5.7.1 <test[at]example.com>: Relay access denied [125 ms]

QUIT

221 2.0.0 Bye [125 ms]

So although it technically works, some other servers/applications may not deal kindly with the rDNS configuration. Ths might be behind 'some' of your 'missing' incomng e-mails. You'd really want to see that content of the 'rejected/failure' messages from those folks for more details .... obviously, either through an alternate e-mail address/Domain or an actual phone call.

Outgoing e-mail:

Ouch!! Take a look at your typical spam these days. Your outgoing (example) headers contain a lot of similar structure and content.

Originating source of the e-mail is from an IP Address lsted in the SpamCopDNSBL, within a IP Address Block with a "poor" SendeBase Reputation score, and/or listed in other BLs. Some receivng e-mail servers will rehect anything coming from that environment. (This definitely applies to your O2 usage for connection.)

The 'normal' mode these days of "forged" From: and Reply-To: addresses .... e-mail coming from a user at staffbook.co.uk but the e-mail is being sourced from a server calling itself web099.gen2host.com .... Just the names involved invoke the appearance of an infected system and/or a hacked user account from somewhere soewing to the world. Many incoming e-mail servers/apps these days will take exception to this mis-matched data. The lack of SPF data doesn't help n this case either.

Questions remaining include:

Why are you not receiving any 'Rejection/Bounced/Status' messages about 'any' of the missing outgoing e-mails? Granted, some of the receiving systems may simply accepting them, then dropping them on the floor due to the 'spammy construct and data' seen by their anti-spam filters/tools, but this wouldn't be 'all' of them. (Of course, not known from this side of the screen is just how many different folks/systems are actually involved in your 'outgoing e-mails are disappearing' scenario.)

Do any of the other folks involved with "can't send you any e-mail" have any data on just why those e-mails failed?

Can your Host actually do something a bit better on the DNS/rDNS situation for their server to better handle your e-mails?

Should anyone here be asking questions about the type and/or content of the e-mails you're sending? Again, just looking for more 'spammy appearance' issues above and beyond the header issues already described.

Going to stop here, getting too massive .....

  • 3 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...