paul.hunt Posted November 29, 2006 Share Posted November 29, 2006 I have a cable ISP, Charter.net, and they assign me a dynamic IP address. I send out my emails through smtp.charter.net. Lately my emails are getting blocked, through SpamCop and others, because 68.187.233.223 and its entire range are listed on dnsbl.sorbs.net. My ISP says it is my job to get that delisted. SORBS tells me they won't delist it because it IS a dynamic IP address (That's all they'll tell me. They ignore any further questions ) And now, perhaps coincidentally, none of my emails to anyone at Yahoo go through. ("Your message was not delivered within 0 days and 12 hours. Host yahoo.com is not responding.") So I'm confused. Like most users of cable or dial-up, I DO have a dynamic address. Apparently SORBS lists all known dynamic address ranges. So are we all doomed to be blocked? Or is my ISP doing something wrong? Or SORBS? Thanks, Paul Link to comment Share on other sites More sharing options...
Telarin Posted November 29, 2006 Share Posted November 29, 2006 Not enough information here to do more than speculate. I do see that the entire 68.187.232.0/22 netblock is listed in SORBs as a Dynamic range, which would be a correct listing. Most ISPs are only going to filter on the CONNECTING address, which would be the smtp.charter.net server that you gave, however, a quick nslookup on smtp.charter.net does not give me an IP address. Perhaps this is only published on charters internal DNS. Can you post some of the rejection messages you are receiving? Can you send an email to a freemail account like yahoo or hotmail and post a copy of the headers so we can see the routing that is taking place and how smtp.charter.net handles appending of source headers? Nevermind on the IP of smtp.charter.net, my DNS server was just being slow to respond. It resolves to 209.225.8.224. It does not appear to be listed at anywher of any significance. Link to comment Share on other sites More sharing options...
Wazoo Posted November 29, 2006 Share Posted November 29, 2006 As above, not enough data to work with. For example, you seem to be suggesting that the e-mail blockage is happening to the same IP address that you poted with .... which surely would not be the charter SMTP host that should be handling your e-mail. On the other hand, a few minutes scratching around confuses the issue even more ... such that I'm not going to spend any more tme on it until there's something more substantial to deal woth ... http://www.mxtoolbox.com/index.aspx ns4.charter.com reports the following MX records: Preference Host Name IP Address 10 mail.hotmail.com 64.4.50.50 ????? Figuring some wierd mistake; http://www.dnsstuff.com/tools/dnsreport.ch...ain=charter.com Your 1 MX record is: 10 mail.hotmail.com. [TTL=86400] IP=65.54.190.50 (No Glue) [TTL=365] [uS] ERROR: I could not complete a connection to any of your mailservers! mail.hotmail.com: Timed out [Last data sent: [Did not connect]] ?????? Suspecting that the probable issue might tie into charter.net vice charter.com, but .... this is too screwed up to believe .... Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 29, 2006 Share Posted November 29, 2006 Lately my emails are getting blocked, through SpamCop and others, because 68.187.233.223 and its entire range are listed on dnsbl.sorbs.net.As stated already, not enough information to be clear. C:\>nslookup 223.233.187.68.dnsbl.sorbs.net Server: kopdc01.kopin.com Address: 10.1.75.11 Non-authoritative answer: Name: 223.233.187.68.dnsbl.sorbs.net Address: 127.0.0.10 Per a recent conversation here, SpamCop email service does not use the DUL (127.0.0.10 return code) part of dnsbl.sorbs.net. Also, a listing anywhere would not cause a rejection, but rather cause the message to be diverted to the users Held Mail folder. The SpamCop DNSBL does not use any other DNSBL in determining its listings. Because of both the above, and the fact I can find no evidence this IP address has ever been listed on the SpamCop DNSBL, I do not believe this is a blocking list issue to be dealt with here. My feelining is this thread should be moved to the lounge. If another moderator agrees, please comment here or move it. Link to comment Share on other sites More sharing options...
paul.hunt Posted November 29, 2006 Author Share Posted November 29, 2006 Here are headers from a blocked email I sent myself: Return-path: <Paul.Hunt[at]CustomSUPPORT.com> Envelope-to: clean[at]customsupport.com Delivery-date: Wed, 29 Nov 2006 13:15:04 -0500 Received: from c60.cesmail.net ([216.154.195.49]) by demodocus.site5.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.52) id 1GpTxV-0003GY-T4 for clean[at]customsupport.com; Wed, 29 Nov 2006 13:15:02 -0500 Received: from unknown (HELO beta.cesmail.net) ([192.168.1.150]) by c60.cesmail.net with SMTP; 29 Nov 2006 13:15:02 -0500 Received: (qmail 26350 invoked by uid 0); 29 Nov 2006 18:15:01 -0000 Delivered-To: spamcop-net-Paul.Hunt[at]spamcop.net Received: (qmail 3881 invoked from network); 29 Nov 2006 18:03:27 -0000 X-spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade6 X-spam-Level: X-spam-Status: hits=0.2 tests=AWL version=3.1.1 Received: from unknown (192.168.1.103) by blade6.cesmail.net with QMQP; 29 Nov 2006 18:03:27 -0000 Received: from demodocus.site5.com (70.47.36.18) by mx53.cesmail.net with SMTP; 29 Nov 2006 18:03:27 -0000 Received: from mtao01.charter.net ([209.225.8.186]) by demodocus.site5.com with esmtp (Exim 4.52) id 1GpTmH-0000Un-Bq for Paul.Hunt[at]CustomSupport.com; Wed, 29 Nov 2006 13:03:25 -0500 Received: from aa07.charter.net ([10.20.200.159]) by mtao01.charter.net (InterMail vM.6.01.06.01 201-2131-130-101-20060113) with ESMTP id <20061129180323.PFHP1474.mtao01.charter.net[at]aa07.charter.net> for <Paul.Hunt[at]CustomSupport.com>; Wed, 29 Nov 2006 13:03:23 -0500 Received: from [192.168.0.100] (really [68.187.233.223]) by aa07.charter.net with ESMTP id <20061129180323.IWBR10732.aa07.charter.net[at][192.168.0.100]> for <Paul.Hunt[at]CustomSupport.com>; Wed, 29 Nov 2006 13:03:23 -0500 Mime-Version: 1.0 (Apple Message framework v752.2) Content-Transfer-Encoding: 7bit Message-Id: <D8250DC1-653B-44D9-BACA-7AB6E0E7B514[at]CustomSUPPORT.com> Content-Type: text/plain; charset=US-ASCII; format=flowed To: Paul Hunt <Paul.Hunt[at]CustomSupport.com> From: Paul Hunt <Paul.Hunt[at]CustomSUPPORT.com> Subject: test Date: Wed, 29 Nov 2006 13:03:20 -0500 X-Mailer: Apple Mail (2.752.2) X-Chzlrs: 0 X-Antivirus-Scanner: This message has been scanned by ClamAV. X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - demodocus.site5.com X-AntiAbuse: Original Domain - customsupport.com X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - CustomSUPPORT.com X-Source: X-Source-Args: X-Source-Dir: X-SpamCop-Checked: 192.168.1.103 70.47.36.18 209.225.8.186 X-SpamCop-Disposition: Blocked dnsbl.sorbs.net X-Antivirus-Scanner: This message has been scanned by ClamAV. Link to comment Share on other sites More sharing options...
Wazoo Posted November 29, 2006 Share Posted November 29, 2006 X-SpamCop-Checked: 192.168.1.103 70.47.36.18 209.225.8.186 http://www.senderbase.org/search?searchString=209.225.8.186 Network Owner Savvis Domain charter.net Date of first message seen from this address 2003-12-17 Real-time blacklists dnsbl.njabl.org not in rbl list.dsbl.org not in rbl dnsbl.sorbs.net not in rbl sbl.spamhaus.org not in rbl opm.blitzed.org not in rbl bl.spamcop.net not in rbl dynablock.njabl.org not in rbl cbl.abuseat.org not in rbl nslookup 209.225.8.186.dnsbl.sorbs.net Server: 205.152.0.20 Address: 205.152.0.20#53 ** server can't find 209.225.8.186.dnsbl.sorbs.net: NXDOMAIN nslookup 223.233.187.68.dnsbl.sorbs.net Server: 205.152.0.20 Address: 205.152.0.20#53 Non-authoritative answer: Name: 223.233.187.68.dnsbl.sorbs.net Address: 127.0.0.10 hmmm, more research required on this ... fresh, fresh, fresh .... Address: 209.225.8.186 Record Created: Sat Dec 3 20:54:00 2005 GMT Record Updated: Wed Nov 29 15:30:07 2006 GMT Additional Information: [ Updated via: spam 'o Matic ] Received: from mtao01.charter.net (mtao01.charter.net [209.225.8.186]) by desperado.sorbs.net (Postfix) with ESMTP id 7900311468 for <>; Thu, 30 Nov 2006 01:08:51 +1000 (EST) Currently active and flagged to be published in DNS Bottom line, you've been asking about the wrong IP address, problem is bad spew from this charter.net e-mail server, obviously hitting spamtraps as being one of the issues. Link to comment Share on other sites More sharing options...
paul.hunt Posted November 29, 2006 Author Share Posted November 29, 2006 I'm just getting more confused. Please bear with me. I know little about this subject, and wish I didn't have to know anything, but real life (and spammers) don't always give us what we want .... http://www.senderbase.org/search?searchString=209.225.8.186 Thank you. I didn't know about this tool. So I tried it myself and it says (in part): dnsbl.sorbs.net not in rbl Just like you posted at first. But SpamCop says: X-SpamCop-Disposition: Blocked dnsbl.sorbs.net Which I thought was only a list of dynamic IP addresses. And 209.225.8.186 is in their list, or wait, no it's not, or ... Not to mention the fact that it isn't a dynamic address. Hence my confusion. Address: 209.225.8.186 Record Created: Sat Dec 3 20:54:00 2005 GMT Record Updated: Wed Nov 29 15:30:07 2006 GMT Additional Information: [ Updated via: spam 'o Matic ] Received: from mtao01.charter.net (mtao01.charter.net [209.225.8.186]) by desperado.sorbs.net (Postfix) with ESMTP id 7900311468 for <>; Thu, 30 Nov 2006 01:08:51 +1000 (EST) Currently active and flagged to be published in DNS Then you showed this thing about desperado.sorbs.net which I don't understand at all. Where did that come from and how does it relate to dnsbl.sorbs.net (which either is or isn't listing 209.225.8.186 for blocking)? Bottom line, you've been asking about the wrong IP address, problem is bad spew from this charter.net e-mail server, obviously hitting spamtraps as being one of the issues. OK. But if I'm going to scream at my ISP, I need to understand this better. And right now I don't. At all. Thanks, Paul Link to comment Share on other sites More sharing options...
petzl Posted November 29, 2006 Share Posted November 29, 2006 But if I'm going to scream at my ISP, I need to understand this better. And right now I don't. At all. Thanks, Paul I see you have a SpamCop email account Best to evade anything to do with an ISP's supposed email service. As you and most are finding they mostly/always incompetent. Never automatically accept an email address that a ISP dumps on you You can send email through your SpamCop account using smtp.cesmail.net Suggest you use smpt port 587 (port 25 will work if not blocked by ISP. Any half brained ISP should have this blocked) Ideally use your SpamCop email as only reply address letting all others fall into a non-used legacy Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 29, 2006 Share Posted November 29, 2006 Which I thought was only a list of dynamic IP addresses. And 209.225.8.186 is in their list, or wait, no it's not, or ... Not to mention the fact that it isn't a dynamic address. Hence my confusion. ... Then you showed this thing about desperado.sorbs.net which I don't understand at all. Where did that come from and how does it relate to dnsbl.sorbs.net (which either is or isn't listing 209.225.8.186 for blocking)? OK. But if I'm going to scream at my ISP, I need to understand this better. And right now I don't. At all. Thanks, Paul 1. Everything I see is showing that IP is listed, not for dialup space but for spamming. Spamcop email service definitely believed it is listed. Spamcop reporting service (I believe these are not using the same copy of the sorbs data) is showing 209.225.8.186 listed in dnsbl.sorbs.net ( 127.0.0.6). Manual lookup from my location is showing a listing as well. C:\>nslookup 186.8.225.209.dnsbl.sorbs.net Server: kopdc01.kopin.com Address: 10.1.75.11 Non-authoritative answer: Name: 186.8.225.209.dnsbl.sorbs.net Address: 127.0.0.6 sorbs classifies the many different reasons an IP is listed. A return value of 6 does not indicate dial up space, it indicates: Database of servers sending to spamtrap addresses Address: 209.225.8.186 Record Created: Sat Dec 3 20:54:00 2005 GMT Record Updated: Wed Nov 29 15:30:07 2006 GMT Additional Information: [ Updated via: spam 'o Matic ] Received: from mtao01.charter.net (mtao01.charter.net [209.225.8.186]) by desperado.sorbs.net (Postfix) with ESMTP id 7900311468 for <>; Thu, 30 Nov 2006 01:08:51 +1000 (EST) Currently active and flagged to be published in DNS If you wish to request a delisting please do so through the Support System. There is a complete list of the return codes and their meanings at: http://www.de.sorbs.net/using.shtml In addition, it is possible that spamcop has listed that IP address in the past, though not currently. I see the following spam submitted by spamcop users just in the last 7 days: Submitted: Wednesday, November 29, 2006 1:25:11 PM -0500: CONTACT CLAIMS OFFICER 2041057726 ( 209.225.8.105 ) To: spamcop[at]imaphost.com 2041057718 ( 209.225.8.186 ) To: abuse[at]charter.net 2041057715 ( 209.225.8.105 ) To: abuse[at]charter.net -------------------------------------------------------------------------------- Submitted: Tuesday, November 28, 2006 4:29:12 AM -0500: CONGRATULATION!!! YOUR EMAIL WON... 2038830140 ( 209.225.8.104 ) To: spamcop[at]imaphost.com 2038830130 ( 209.225.8.186 ) To: abuse[at]charter.net 2038830124 ( 209.225.8.104 ) To: abuse[at]charter.net -------------------------------------------------------------------------------- Submitted: Tuesday, November 28, 2006 4:24:35 AM -0500: Email Alert:Your email address has won you USD 250,000 2038864434 ( 209.225.8.106 ) To: spamcop[at]imaphost.com 2038864421 ( 209.225.8.186 ) To: abuse[at]charter.net 2038864404 ( 209.225.8.106 ) To: abuse[at]charter.net -------------------------------------------------------------------------------- Submitted: Monday, November 27, 2006 8:45:08 AM -0500: =?Windows-1251?Q?Re[3]:=D2=E5=F5=ED=EE=EB=EE=E3=E8=FF_=E4=EE=EB=E3=EE=F1=F0=E... 2037533787 ( 68.115.34.174 ) To: spamcop[at]imaphost.com 2037533704 ( 68.115.34.174 ) To: abuse[at]charter.net 2037533659 ( 209.225.8.186 ) To: abuse[at]charter.net Link to comment Share on other sites More sharing options...
turetzsr Posted November 29, 2006 Share Posted November 29, 2006 ...So what's the likely problem here -- malware spewing spam from the OP's machine? If so, we should suggest he scan with anti-virus and spyware products and install a firewall, right? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 30, 2006 Share Posted November 30, 2006 ...So what's the likely problem here -- malware spewing spam from the OP's machine? If so, we should suggest he scan with anti-virus and spyware products and install a firewall, right? No, that spam was being sent by the SMTP server he used for the test that failed. He needs to contact Charter about the issue and see if they can clean up their server then try to get off the sorbs list. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.