On Mar 22, 2024, at 10:58 AM, Matus UHLAR - fantomas via mailop
<mailop@mailop.org> wrote:
the result code and the spamhaus search didn't provide any relevant info.
On 22.03.24 16:32, Robert L Mathews via mailop wrote:
Hmmm. Not relevant to you, perhaps, but it may be relevant to someone else
who can help. I can't imagine how anyone could begin helping you without
knowing the exact "127.0.x.x" Spamhaus code as a starting point.
When you ask for help, and people ask for more details, it isn't helpful
to say "that isn't relevant" or "that info isn't useful" or whatever. As
the bible [1] says, "If your diagnostic theories were such hot stuff,
would you be consulting others for help?" People wouldn't ask for a detail
if they didn't think it might help them to help you.
On 22.03.24 18:55, Richard W via mailop wrote:
I've never understood why people post for help but withhold
information. They seem to be afraid to reveal the affected IP. Why?
Afraid we'll all run to block it?
Given the IP, others can tell you what we are seeing from that IP and
possibly what is causing listings with different BLs.
Sorry, guys, I was thinking that since those two IP addresses send nearly no
mail, there's not much to advise knowing those IPs without knowing the real
reason they were listed.
Perhaps I should have shared those IPs to the list immediately.
Both IPs are dedicated to single machines with no mail, proxy or similar
services and no indication that they have been compromised.
They both have proper DNS records and SPF records (one of them got
listed 3rd time this year while sending nearly no mail)
There were no other dnsbl listings (I use 2 dnsbl searchers to confirm).
IIRC(*) they both have been listed in CSS (code 127.0.0.3) and searching
spamhaus web for detailed info only produced:
https://check.spamhaus.org/faqs/?id=CSS_what_is_it
- this is what I meant by no relevant info. I could see something happened
but not what was it.
(*) I see 2 separate results (different time) from one machine in mail logs,
but for the other IP I asked for delisting immediately and haven't kept the
lookup info
I got contacted off-list so I hope I have enough hints to avoid for next time.
On 22.03.24 16:32, Robert L Mathews via mailop wrote:
This is also not ideal. The list is a place to share knowledge and help
other people having similar issues. (The sacred text has a chapter on
this, too [2].)
I have noticed that some problems are often resolved off-list.
I assume that some admins want to keep their info like their e-mail address
or their sources like spamtraps private, so others can't see or find them in
the archive.
Since I'm glad spamhaus and others do the job they do, I don't want to
spoil their work by revealing such info.
So... What were the hints you got? What do you think was wrong in the
first place? How can other people who might stumble across this thread in
the future fix it?
The hint was that we (my employer) should take care of spam originating from
our network, it seems that too many IP addresses are listed which may affect
listings of other IPs in our network (similar to that UCEPROTECT-L2 and
UCEPROTECT-L3 are doing).
I've met this problem at my former employer, where we have "solved" it by
blocking access from end-users to port 25 in the Internet. AFAIK my current
employer does not do that currently
I will suggest implementing this measure globally if possible.
Question for the list:
I am curious how do people configure hosts that send mail.
For years I recommended using separate IP address (if possible) to send mail
from such servers directly, so one host getting listed in dnsbl does not
affect others.
However, if logic like the mentioned one can result into IP being listed
when a sudden (small) mail peak happens, it would make sense to send all
mail through one mailhub which sends mail more often, so it has good score
and does not get listed (but if it gets listed, all mail gets rejected).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
