Jump to content

[Resolved] May be problem with header


Elrond

Recommended Posts

Posted

Hi all,

i have a problem that i can't resolve. I have setuped email server with SPF, DomainKeys, Reverse DNS, but every time when i send email to yahoo, yahoo mark my email as Bulk mail. My domain is private so only i can send email from this domain. Here are my full header:

Return-Path: <condor[at]myhost.net>

Delivered-To: condor[at]test.com

Received: (qmail 2426 invoked from network); 13 Jul 2006 07:48:03 -0000

Received: from myhost.net (213.169.37.103)

by ns.test.com with SMTP; 13 Jul 2006 07:48:03 -0000

Received: (qmail 32579 invoked by uid 0); 13 Jul 2006 07:43:34 -0000

Received: by simscan 1.2.0 ppid: 32574, pid: 32575, t: 0.0064s

scanners: attach: 1.2.0 clamav: 0.88.3/m:34/d:1082

Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

s=default; d=myhost.net;

b=cqKZEiCm8LWuPtQDT3SA6nCnBnTI6xdcPH9EuTMEPI3ZmSL6bgdgdfgddfgbjlCD95h8JfBXzH8CeBpgAqsTY6k9jp/m4UCRrfa0UWPf4gdm2b7LWrW68qGbSJ ;

Received: from unknown (HELO mail.myhost.net) (condor[at]myhost.net[at]213.169.37.103)

by 0 with ESMTPA; 13 Jul 2006 07:43:34 -0000

Received: from 82.103.71.18

(SquirrelMail authenticated user condor[at]myhost.net)

by mail.myhost.net with HTTP;

Thu, 13 Jul 2006 10:43:34 +0300 (EEST)

Message-ID: <50380.82.103.71.18.1152776614.squirrel[at]mail.myhost.net>

Date: Thu, 13 Jul 2006 10:43:34 +0300 (EEST)

Subject: test

From: "Condor" <condor[at]myhost.net>

To: condor[at]test.com

Reply-To: condor[at]myhost.net

User-Agent: SquirrelMail/1.4.7

MIME-Version: 1.0

Content-Type: text/plain;charset=iso-8859-1

Content-Transfer-Encoding: 8bit

X-Priority: 3 (Normal)

Importance: Normal

Do any body can say me what is wrong in my header that yahoo mark all my email as bulk mail ?

I replace my host with myhost.net and domain that recive email with test.com

Posted
... what is wrong in my header that yahoo mark all my email as bulk mail ?
Hi Elrond. You say you have rDNS set up but you seem to be going through 82.103.71.18 which is not showing rDNS - ref http://www.dnsstuff.com/tools/ptr.ch?ip=82.103.71.18 It may just be a little slow in working its way into the records and may not have anything to do with your problem but it is something I can see. Also, according to http://www.dnsreport.com/tools/dnsreport.ch?domain=spnet.net
FAIL Open DNS servers ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are: ...
Again, I don't know if that would be enough to cause you problems with the classification of your mail by Yahoo. Hopefully someone who knows more can step in and comment. Can't tell a lot from your headers - they are a bit mangled by wrapped lines by the way, can only assume that is just due to the way they were copied and pasted "here".

I don't think I've helped much, but something to kick the discussion off perhaps?

Posted

If I lookup 213.169.37.103 I get

canonical name stz-bg.com.

addresses 213.169.37.103

SMTP - 25 220 ixip.net ESMTP

---------------------------------

If I lookup ixip.net I get

canonical name ixip.net.

addresses 213.169.37.101

SMTP - 25 220 ixip.net ESMTP

---------------------------------

Then looking up a different way I get another IP

213.169.37.100 - IP hosts 2 Total Domains ...

Showing 1 - 2 out of 2

Domain Name

1 IXIP.NET.

2 STZ-BG.COM.

Posted

What I would do if I were still looking for answers would be:

note: requires having a Yahoo email account and a SpamCop reporting account (both free)

Send an email message to my Yahoo account. Parse (submit) the message to your SpamCop reporting account (be sure to cancel the reports so that you do not end up reporting yourself) and then post the tracking URL here. I may show that one of your internal handoffs is not posting correctly to the headers.

It may also indicate what logic Yahoo applied which resulted in the "Bulk mail" designation; if it is based on headers or content.

Anyway, just my thoughts on the subject.

Posted

Busy doing other things, having some issues pulling up some sites on this system for some reason .... but has anyone else tried looking up a DUL listing .. for instance, look at how "empty" http://www.senderbase.org/?searchBy=ipaddr...=213.169.37.103 appears ..... I'm of the thought that the IP addres involved is likely in a pool not 'defined' as something other than the "custmer of ...." that I keep seeing .. suggesting that it fits more into the 'profile' of a compromised computer being involved with the sending of the e-mail comcerned ....

Is there any reason why it's "only" Yahoo that's been brought up in this conversation?

Posted

The reason is why my email has been treated as spam, i just want to know and also how i fix my problem.

Posted

The problem appears to be the IP address being used: See: http://www.senderbase.org/search?searchString=213.169.37.103

The headers show that Yahoo received the mail from 213.169.37.103 but if you do a lookup on that address there is a great lack of information. You need to do something about getting that address properly registered or simply use a SMTP server that is registered for you out going mail.

Also take note of the following:

Received: (qmail 4689 invoked (uid 0)); 14 Jul 2006 19:01:43 -0000

no from

Ignored

Received: by simscan 1.2.0 ppid: 4684, pid: 4685, t: 0.0059s scanners: attach: 1.2.0 clamav: 0.88.3/m:34/d:1082

no from

Ignored

The lack of a from line in the headers that matches the sent by in the previous header might in itself be enough for some one to consider the mail spam.

If these can be clearly seen as simply internal hand offs, it really should not be a problem. The bigger problem is that lack of information for the IP address that Yahoo actually received the mail from which is probably why they are sending to the bulk mail folder. But it becomes impossible to tack the mail back past the first break in the chain of header handoffs.

As you noticed Sender Base does not show any mail coming from 213.169.37.103

Yahoo and many others do not like receiving mail from someone that is not easily identified and as SenderBase indicates 213.169.37.103 (who Yahoo received the mail from) is not identified very well at all.

Posted

dbiel: Thanks for help. How i register my domains in Sender Base ? I search in site but i not found any documentation how i can register.

Merlyn: I have 3 domains with 3 different ip addresses. Every domain have own ip and PTR and work with same server. eth0, eth0:1, eth0:2...

Posted
dbiel: Thanks for help. How i register my domains in Sender Base ? I search in site but i not found any documentation how i can register.
You don't. SenderBse pull information that is on file as public record for each IP address. Who owns the IP addresses? or put another way, where did you get them from? That source is the one that need to register them. But I am getting over my head on this issue and you are asking a very technical question, so will leave it to someone else to reply

Merlyn: I have 3 domains with 3 different ip addresses. Every domain have own ip and PTR and work with same server. eth0, eth0:1, eth0:2...
What are the IP addresses of the other two?

Who set up your SMTP server?

rDNS for 213.169.37.103 indicates: 213.169.37.103 PTR record: stz-bg.com.

WHOIS results for stz-bg.com

Generated by www.DNSstuff.com

Registrar: TUCOWS INC.

Status: REGISTRAR-LOCK [the normal status for a domain when it is locked]

Dates: Created 14-mar-2004 Updated 18-jan-2006 Expires 14-mar-2007

DNS Servers: NS1.TWISTED4LIFE.COM NS.IXIP.NET

The following is probably the answer to your original question as to why Yahoo is dumping your mail into a spam folder:

WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

stz-bg.com claims to be host ixip.net [but that host is at 213.169.37.101 (may be cached), not 213.169.37.103].

Looks like I failed to review the entire thread before posting.

You stated that you set up your email server.

The problem is that you are running a single mail server for multiple domains with different IP addresses and using the IP address of one of the domains as the IP address for the mail server.

If your are going to use as single mail server, it must have it's own IP address.

Posted

Hi again.

I have one server -> 213.169.37.100 with two other ip addresses: ixip.net -> 213.169.37.101 and

stz-bg.com -> 213.169.37.103. I use only last two domains, ixip.net and stz-bg.com. I setup qmail and install qmail + vpopmail. For rDNS i use http://rno-consultores.com./mail/qmail/qma...tgoingips.patch with mapping. May be whois from www.DNSstuff.com is old or cached because when i make whois stz-bg.com from consle output is:

Domain Name: STZ-BG.COM

Registrar: TUCOWS INC.

Whois Server: whois.opensrs.net

Referral URL: http://domainhelp.tucows.com

Name Server: NS.STZ-BG.COM

Name Server: NS1.TWISTED4LIFE.COM

Status: REGISTRAR-LOCK

EPP Status: clientUpdateProhibited

EPP Status: clientDeleteProhibited

EPP Status: clientTransferProhibited

Updated Date: 07-Jul-2006

Creation Date: 14-Mar-2004

Expiration Date: 14-Mar-2007

Domain servers in listed order:

NS.STZ-BG.COM 213.169.37.103

NS1.TWISTED4LIFE.COM 202.157.182.142

Every domain have own ip address but looks like the problem is in SMTP greeting message. Unfortunately the qmail give SMTP greeting message from control file me or helohost, but it's give only the first line. I have in my helohost both two domains:

ixip.net

stz-bg.com

Do any body know i fix this problem without i setup another server? I don't believe that qmail can't work with multiple domains, but i unable to found any documentation how to setting up.

Posted

I can not help on how to fix it but can correct some terminalogy.

You do not have one server. You have one computer that is presenting itself as multiple servers.

The mail server should have it own IP address and name that is different from the other 3 domain servers

It should acknowledge receiving mail from each of the 3 separate domains and and identify itself as the sender with a common name used regardless of which domain the message orginated from. In theory you could use the existing setup, but it must identify itself as the sender, not the other two domains which are claiming to be sending mail when in reality they are using the first one to send their mail.

Posted

Thanks to every one that help. I fix the problem :)

Yes, the problem really is in SMTP greeting message and i fix the problem. Thanks again for help.

Posted
Thanks to every one that help. I fix the problem :)

Yes, the problem really is in SMTP greeting message and i fix the problem. Thanks again for help.

Hi, Elrond!

...Thank you for returning here and letting us know the good news!

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...