dbiel Posted December 7, 2005 Posted December 7, 2005 Are you sure it is the IP address being used to send mail. Could other IP addresses be involved either directly or via forwarding? A complete set of headers of the mail that is being blocked would be helpful in determining what is going on.
moltar Posted December 7, 2005 Author Posted December 7, 2005 Yes I am sure. As I said before I don't think this is a problem with SpamCop. I am not sure if everyone noticed that message. [at]canada.com admitted that it is their fault and they will be looking at it today and tomorrow. The SpamCop theory was before I read them the error message.
dbiel Posted December 7, 2005 Posted December 7, 2005 I am sorry that we miss read your post #24. We read into it that you were still looking for help. Your last post indicates that you have located the problem as being outside of SpamCop influence so we will mark this topic as resolved. Thank you for your participation in our forums. We hope that you are able to resolve the problem with canada.com.
moltar Posted December 7, 2005 Author Posted December 7, 2005 I am sorry if you missunderstood me dbiel, but I didn't even mean this as a support topic. It was more of a question which lead into a discussion. I just wanted to underline the fact the SpamCop here was not in question anymore as I felt many were thinking. Well, as I said earlier I would call canada.com and talk to them and report back here. So I called in today. Of course, the problen was not fixed. It's been two month, why would it be fixed in just one day? Today's rep denied everything that yesterday's rep said. I did not write down the name of the rep I spoke with yesterday. Didn't learn my lesson and didn't not write today's rep's name either. Dammit. Today's rep said that I do not need to certify with SpamCop, but this was even more of a circuis. Here is a summary of a half an hour argument: - My IP does not match the domain (I assume he referred to rDNS, I could not confirm that this is what he meant) - I must get "Trusted Privacy Seal - Bonded Sender" (anyone know where can I get one?) - Canada.com has a "tight security" and they reject all mail that does not come from certified senders. - They cannot do anything about it. They cannot lower the security and they cannot white list the IP/domain in question. Basically they told me off. Even though the person has a paid email account. He also pointed out that the IP address has no information listed in SenderBase under the "Other information about this IP address" header. After I did a lookup for Canada.com itself, there was no information either. His excuse was "we are currently having a problem that canada.com is blocking itself" (i have no idea how is that possible or what to even make out of this).
Miss Betsy Posted December 7, 2005 Posted December 7, 2005 And I thought trying to communicate with Hotmail was bad! <g> Ironport that owns SpamCop also has a hand in Bonded Sender - that's probably where the confusion is. Since I am not a server admin, I can't help very much with the technical details. I googled Bonded Sender and found two sites bondedsender.com and bondedsender.org The .com mentions Ironport And every time I forget to get the person's name is the time I need to have it! HTH Miss Betsy
moltar Posted December 7, 2005 Author Posted December 7, 2005 It's ok. The solution is: client told Canada.com to go to hell. Got a free gmail account with more space and features. Forward all the mail from the old account into gmail. Now that I think about it, I should have told him to get spamcop account. Maybe it's not too late
Wazoo Posted December 7, 2005 Posted December 7, 2005 The lack of SenderBase data was why I was asking if this was the correct IP address. 12/07/05 11:59:44 dns 69.64.32.230 nslookup 69.64.32.230 Canonical name: terrahost.ca Addresses: 69.64.32.230 ns1.terrahost.ca reports the following MX records: Preference Host Name IP Address TTL 10 mail.terrahost.ca 69.64.32.230 86400 http://www.mxtoolbox.com/diagnostic.aspx?H...il.terrahost.ca RESULT: mail.terrahost.ca Banner: TIMEOUT waiting for banner after 10.531 seconds Connect Time: 0.109 seconds - Good Transaction Time: 10.640 seconds - Not good! Relay Check: OK - This server is not an open relay. Rev DNS Check: OK - 69.64.32.230 resolves to terrahost.ca GeoCode Info: Geocoding server is unavailable 12/07/05 11:57:38 IP block 69.64.32.230 Trying 69.64.32.230 at ARIN Trying 69.64.32 at ARIN OrgName: Server4You Inc. OrgID: SERVE-6 Address: 710 North Tucker Blvd Address: Suite 610 City: St. Louis StateProv: MO PostalCode: 63101 Country: US NetRange: 69.64.32.0 - 69.64.63.255 CIDR: 69.64.32.0/19 NetName: S4Y1-NET NetHandle: NET-69-64-32-0-1 Parent: NET-69-0-0-0-0 NetType: Direct Allocation NameServer: NS1.NAMESERVERSERVICE.COM NameServer: NS2.NAMESERVERSERVICE.COM Comment: http://www.server4you.com RegDate: 2003-07-30 Updated: 2004-04-29 RAbuseHandle: SWI19-ARIN RAbuseName: Wintz, Sascha RAbusePhone: +1-866-342-5749 RAbuseEmail: abuse[at]server4you.net Some more wierdness; http://www.senderbase.org/search?searchString=terrahost.ca Volume Statistics for this Domain Magnitude Vol Change vs. 30 Day Last day ........ 2.3 .. 39% Last 30 days .. 2.2 Yet: No address list shown since no email was detected from terrahost.ca. The "problem" I think is showing here is that the MX and IP address showing thus far is handling the incoming e-mail. (or at least I'm trying to say that there's a possibility here) What seems to be missing is where the outgoing e-mail is actually being handled .. the IP address of that system, what the headers actually indiciate, etc. Server4you may actually be handling outgoing via some sort of "smarthost" setup, and "your" e-mail is being outward routed by one of their other servers, thus possible leading into the "it's not coming from where it says it is" scenario ???? (just tossing out the question) http://www.senderbase.org/search?searchString=server4you.net
moltar Posted December 7, 2005 Author Posted December 7, 2005 The outgoing email is handled through the same server. I guess the amount of outgoing mail is so small that is not noticed by senderbase? I personally don't even use my own server's SMTP - I send everything through my ISP. That terrahost.ca domain is my domain, not clients. Though his is on the same IP. I never used SMTP on terrahost.ca server to send email. That a pretty simple setup on the server. It's one server running qmail. It handles both incoming and outgoing mail. Uses all 5 IPs that are available on the server. that *.30 IP is shared among all the customers. 2 reserved for DNS. 2 Reserved for my own stuff.
Jeff G. Posted December 7, 2005 Posted December 7, 2005 I'm glad you and your client found a solution. I think this one is better for you than paying the fees at http://www.bondedsender.com/fees.html and http://www.bondedsender.com/partners.html#pricing.
moltar Posted December 7, 2005 Author Posted December 7, 2005 Haha what a joke... Who's gonna pay that?
moltar Posted December 7, 2005 Author Posted December 7, 2005 thus possible leading into the "it's not coming from where it says it is" scenario ???? (just tossing out the question) 37396[/snapback] Here is a test that I did. I created a test[at] email account. Logged in into the webmail (to make sure that all the headers are original). Sent a test mail to my spamcop.net email account. Here is the lightly edited email I received: X-AntiVirus: Checked by Dr.Web [version: 4.33, engine: 4.33.0.10250, virus records: 95116, updated: 6.11.2005] Return-Path: <test[at]clientdomain.ca> Delivered-To: spamcop-net-moltar[at]nospamcop.net Received: (qmail 28510 invoked from network); 7 Dec 2005 18:36:55 -0000 X-spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on blade2.cesmail.net X-spam-Level: X-spam-Status: hits=0.6 tests=NO_REAL_NAME version=3.1.0 Received: from unknown (192.168.1.101) by blade2.cesmail.net with QMQP; 7 Dec 2005 18:36:55 -0000 Received: from ns1.terrahost.ca (HELO hunox.ca) (69.64.32.229) by mailgate.cesmail.net with SMTP; 7 Dec 2005 18:36:55 -0000 Received: (qmail 973 invoked from network); 7 Dec 2005 13:36:54 -0500 Received: from localhost (127.0.0.1) by localhost with SMTP; 7 Dec 2005 13:36:54 -0500 Received: from CPE000c41490566-CM014170123447.cpe.net.cable.rogers.com (CPE000c41490566-CM014170123447.cpe.net.cable.rogers.com [72.139.xx.xxx]) by webmail.clientdomain.ca (Horde MIME library) with HTTP; Wed, 7 Dec 2005 13:36:54 -0500 Message-ID: <20051207133654.f7fttwjke54ckcww[at]webmail.clientdomain.ca> Date: Wed, 7 Dec 2005 13:36:54 -0500 From: test[at]clientdomain.ca To: moltar[at]nospamcop.net Subject: test MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) X-SpamCop-Checked: 192.168.1.101 69.64.32.229 127.0.0.1 72.139.xx.xxx test
Wazoo Posted December 7, 2005 Posted December 7, 2005 Received: from ns1.terrahost.ca (HELO hunox.ca) (69.64.32.229) HELO string???? But compare the listing seen at http://www.senderbase.org/search?searchString=69.64.32.229 to those seen for the .230 previously referenced. The "no listings" note is still there, but .... other lines have data .. for instance; Date of first message seen from this address 2004-10-17 12/07/05 13:09:07 Slow traceroute hunox.ca Trace hunox.ca (69.64.40.175) ... 64.159.0.62 RTT: 27ms TTL:112 (ge-9-0.hsa1.StLouis1.Level3.net ok) 63.208.32.162 RTT: 29ms TTL:112 (server4you-gw.stl1.us.inetbone.net bogus rDNS: host not found [authoritative]) 69.64.40.175 RTT: 27ms TTL: 53 (hunox.ca ok) ns1.terrahost.ca reports the following MX records: Preference Host Name IP Address TTL 10 mail.hunox.ca 69.64.40.175 86400 http://www.senderbase.org/search?searchString=69.64.40.175 shows more "no data"
dbiel Posted December 7, 2005 Posted December 7, 2005 I am sorry if you missunderstood me dbiel, but I didn't even mean this as a support topic. It was more of a question which lead into a discussion. I just wanted to underline the fact the SpamCop here was not in question anymore as I felt many were thinking.37393[/snapback] Not a problem. Thank you for your posts. It adds to the pool of shared information. We just wanted to be sure that your needs were being met in the best way that we know how. Thank you again for your participation.
moltar Posted December 7, 2005 Author Posted December 7, 2005 Ok I see that the IPs are different now. They are both mine though. I can only set one HELO string per server. If there are many domains hosted, it's impossible to know which one is which. Maybe I should remove it all together? As for IP difference. Why is this causing a problem? What should I do? I've never experienced anything like that.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.