• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

SPAM_DNS issues part II

R

reicherb

Platinum Member
After working out what I though was a reverse DNS issue in a previous post, apparently I?ve got another problem.

Some mail servers are rejecting mail from my server. They are flagging it as SPAM.

The domain is skateblade.net
The IP address is 69.41.7.240
I?m running a GroupWise 7.0 server and have SMTP relaying turned off.
I?ve got a single IP address that I?m currently using both to host this server and to browse the net.
I?m forwarding ports 25, 80, 110, and 443 to 192.168.1.5 the address of the server on my lan.
I?ve got an A record that says server1.skateblade.net is at 69.41.7.240
I?ve got an MX record that says server1.skateblade.net handles mail for skateblade.net

Doing a DNS lookup everything comes back correct.
Doing a Reverse DNS lookup I get:

Preparation:
The reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 69.41.7.240 is found by looking up the PTR record for
240.7.41.69.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking b.root-servers.net for 240.7.41.69.in-addr.arpa PTR record:
b.root-servers.net says to go to indigo.arin.net. (zone: 69.in-addr.arpa.)
Asking indigo.arin.net. for 240.7.41.69.in-addr.arpa PTR record: Timed out [at 192.31.80.32]. Trying again.
Asking indigo.arin.net. for 240.7.41.69.in-addr.arpa PTR record: Timed out [at 192.31.80.32]. Trying again.
Asking dill.arin.net. for 240.7.41.69.in-addr.arpa PTR record: Timed out [at 192.35.51.32]. Trying again.
Asking henna.arin.net. for 240.7.41.69.in-addr.arpa PTR record:
henna.arin.net [192.26.92.32] says to go to ns1.michonline.net. (zone: 7.41.69.in-addr.arpa.)
Asking ns1.michonline.net. for 240.7.41.69.in-addr.arpa PTR record: Reports server1.skateblade.net. [from 69.41.0.4]

Answer:
69.41.7.240 PTR record: server1.skateblade.net. [TTL 604800s] [A=69.41.7.240]
69.41.7.240 PTR record: dyn7-240-dsl.michonline.net. [TTL 604800s] [A=69.41.7.240]
69.41.7.240 PTR record: mail.skateblade.net. [TTL 604800s] [A=69.41.7.240]

Details:
You have more than one PTR record for 69.41.7.240. This is legal, but most programs will only use
the first PTR record listed (which may vary).

To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.


I assume everything is ok there.


The message I?m getting back is:
Return-path: <>
Received: from server1.skateblade.net ([192.168.1.5])by server1.skateblade.net with ESMTP; Tue, 27 Sep 2005 15:19:56 -0400
Received: from skatedom-MTA by server1.skateblade.netwith Novell_GroupWise; Tue, 27 Sep 2005 15:19:55 -0400
Message-Id: <s339631b.011@server1.skateblade.net>
X-Mailer: Novell GroupWise Internet Agent 7.0
Received: Tue, 27 Sep 2005 15:19:55 -0400
From: Mailer-Daemon@server1.skateblade.net
To: XXX@skateblade.net
Subject: Message status - undeliverable
Mime-Version: 1.0
Content-Type: multipart_mixed; boundary="=__PartC2E0B54B.0__="

Content-Type: text_plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

The attached file had the following undeliverable recipient(s):
XXX@verizon.net
Transcript of session follows:
Command: MAIL FROM:<XXX@skateblade.net>
Response: 550 Email from your Email Service Provider is currently =
blocked by Verizon Online's anti-spam system. The email "sender" or Em


Content-Type: message_rfc822


The only thing I can see that might be the problem is that the server has a private IP and some mail serves don?t like that. Any thoughts on how to resolve this?

Thanks.
 
You need to find a colo. Behind your ISP is not going to work out in the long run since per the previous thread, typically ISPs IPs are on black lists.

PTR [n/a: misc]MISSING! 240.7.41.69 has no reverse DNS entry; some mail servers may not accept your mail.

CASA-CBL+ LISTED (127.0.8.6) TXT= "Mail from 240.0.0.0/8 refused, see http://anti-spam.org.cn/services/rblquery.php?IP=240.0.0.0" 10800 seconds 0 ms
CASA-CBL- LISTED (127.0.8.5) TXT= "Mail from 240.0.0.0/8 refused, see http://anti-spam.org.cn/services/rblquery.php?IP=240.0.0.0" 10800 seconds 0 ms
CASA-CDL LISTED (127.0.8.4) TXT= "Mail from 240.0.0.0/8 refused, see http://anti-spam.org.cn/services/rblquery.php?IP=240.0.0.0" 10800 seconds 0 ms

NOMOREFUNN LISTED (127.0.0.9) TXT= "IP not supposed to be routed. See http://www.cymru.com/Documents/bogon-list.html 2100 seconds 0 ms

 
Why would they black list an ISPs addresses? I just don't get it. Isn't a spam filter suficient? I'm not looking to run a big mail server here. Just my own personal mail. It's much cheaper if I host it that if I pay for the service and I have more control.

So even if I get the proper reverse DNS entries it's still not going to work?

 
Some "less than ethical spammers" like to exploit machines on big networks and use them to send out spam e-mails. Black list all of the non-official ISP ip addresses and you're set. Not sure if that's what the problem is or not, did you ask Verizon?

Does your IP show up on any publicly available blacklists?
 
I've run the report at dnsstuff and everything looks fine.
I have not contacted Verizon but even mail sent to Yahoo is marked as bulk.
 
My post was a partial report from DNSStuff. There are probably two issues here:

A) You're on an ISP subnet
B) You have multiple PTR records for that IP. Since your ISP owns the netblock, your PTR records you've specified won't be valid. You have to get your ISP to host the PTR record.
 
They did create a PTR record for me. Here is a reverse lookup

Location: United States [City: Owosso, Michigan]

Preparation:
The reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 69.41.7.240 is found by looking up the PTR record for
240.7.41.69.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking f.root-servers.net for 240.7.41.69.in-addr.arpa PTR record:
f.root-servers.net says to go to figwort.arin.net. (zone: 69.in-addr.arpa.)
Asking figwort.arin.net. for 240.7.41.69.in-addr.arpa PTR record:
figwort.arin.net [192.42.93.32] says to go to ns1.michonline.net. (zone: 7.41.69.in-addr.arpa.)
Asking ns1.michonline.net. for 240.7.41.69.in-addr.arpa PTR record: Reports server1.skateblade.net. [from 69.41.0.4]

Answer:
69.41.7.240 PTR record: server1.skateblade.net. [TTL 604800s] [A=69.41.7.240]
69.41.7.240 PTR record: dyn7-240-dsl.michonline.net. [TTL 604800s] [A=69.41.7.240]
69.41.7.240 PTR record: mail.skateblade.net. [TTL 604800s] [A=69.41.7.240]

Details:
You have more than one PTR record for 69.41.7.240. This is legal, but most programs will only use
the first PTR record listed (which may vary).

To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.
 
They created a PTR but didn't get rid of the other 2. And while it isn't 100% required, you don't have an MX record it looks like.
 
Wow you guys are circling but missed the perhaps the most obvious solution. Your MX records are OK. You will probably be OK if you have your ISP fix your reverse lookup information:

C:\Documents and Settings\randal>nslookup 69.41.7.240
Server: anubis.data102.com
Address: 69.67.108.3

Name: dyn7-240-dsl.michonline.net
Address: 69.41.7.240

The fact that your reverse lookup says "dyn" AND "dsl" is nearly a 100% flag to block your mail. The vast majority of ISPs/Datacenters/Everybody -- including everyone I have worked with -- will block email if those terms are in the reverse lookup. Have your ISP remove all of your pointer records entirely, then put in a new one that points 69.41.7.240 to `server1.skateblade.net` - make sure it's set to that, as that is what your MX records indicate (this will fix any SPF / MXVerify issues as well).
 
Originally posted by: randal
Wow you guys are circling but missed the perhaps the most obvious solution. Your MX records are OK. You will probably be OK if you have your ISP fix your reverse lookup information:

C:\Documents and Settings\randal>nslookup 69.41.7.240
Server: anubis.data102.com
Address: 69.67.108.3

Name: dyn7-240-dsl.michonline.net
Address: 69.41.7.240

The fact that your reverse lookup says "dyn" AND "dsl" is nearly a 100% flag to block your mail. The vast majority of ISPs/Datacenters/Everybody -- including everyone I have worked with -- will block email if those terms are in the reverse lookup. Have your ISP remove all of your pointer records entirely, then put in a new one that points 69.41.7.240 to `server1.skateblade.net` - make sure it's set to that, as that is what your MX records indicate (this will fix any SPF / MXVerify issues as well).
Click to expand...

nice catch!
 
I've just asked that they remove the 2 extra entries and will see what happens. Do reverse DNS entries take time to propagate?

Thanks.
 
It may take up to a day if other NS servers have cached it, but generally reverse/PTR records generally live for an hour or so. Once they make the change, though, it should be noticable very quickly.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top