Re: [GTALUG] Spamhaus block

[ac via talk]

Uhm, no. For example: If you would ask 8.8.4.4 the in-addr.arpa for
"your" rented OVH ip resource, then 8.8.4.4 would go and ask OVH for the
answer. And no, Spamhaus does not "red flag" any ipv4/6 resource for lack of 
a reverse name. 

So no mystery for me here... 

OVH is known for being less than responsive to abuse complaints. 
Also, judging from your post, OVH is also economic with the truth?

Your reverse setting took a day or two because OVH did not update your
request and as far as Spamhaus goes: OVH had to promise that their abuse
has stopped, to have their resources removed. No IP becomes listed
simply because it has no reverse name setup. In fact, there is no 
technical requirement to even have a reverse name setup. But, for some
types of spam, 99.9% of the time, that specific type of abuse resource
has no reverse, which is why over 50% (by volume of servers) of mail
servers do not talk to you without your ipv having a reverse name...
Then again, by volume of email (not by volume of servers), over 87% of
email boxes will accept email from you, with no reverse name
configured. (The reason for this is partly the large dominance of Google
& Microsoft  - One of which accepts email from ipv with no reverse and
the other being unpredictable as it does anything at any time)

Anyway, as usual, ymmv.

hth

Andre


On Wed, 27 Feb 2019 10:38:09 -0500
Marc Lijour via talk  wrote:

> Happy to report that OVH got it fixed for me. They replied to the
> support ticket within 24 hours. After two interactions we were done.
> They said it took some time for the reverse DNS to replicate (for the
> reverse record I did setup days earlier). Whether it was just that
> delay or they did something in the backend, the dig -x command now
> reports the correct information. No Spamhaus red flag since then.
> Happy end.
> 
> On Fri, Feb 22, 2019, 20:20 D. Hugh Redelmeier via talk,
>  wrote:
> 
> > | From: Val Kulkov via talk 
> >
> > | Do you have a permanent static IP address? If not, you may
> > occasionally be
> > | picking up a "dirty" IP address.
> >
> > It's clear (now) that Marc has a static IP address.
> >
> > It really isn't worth trying to use a dynamic IP address for mail.
> > But I did it.
> >
> > I used to use a Rogers connection for a secondary email server.  I
> > could use the domain name they gave me, and the reverse domain would
> > agree (but was out of my control).  The IP address would change at
> > the rate of roughly once a year.  That would cause a bit of
> > disruption because the transition was carelessly managed by Rogers.
> >
> > I still use Rogers for bulk IP traffic but maybe not for long: they
> > are kind of doubling the cost for my "bundle" and I find that
> > annoying.
> >
> > | From: Don Tai via talk 
> >
> > | You're on a shared host with any number of other web sites and
> > owners. When
> > | one goes rogue and launches bots at the world the IP is logged
> > and is used
> > | to ban all the sites on that IP, which might include your own.
> > Bots | reappear on a regular basis, using the same IP, so bans, in
> > general, are | for life.
> >
> > It's clear (now) that Marc has a dedicated IP address.
> >
> > It depends on what you mean by "shared host".  Normally that means
> > several web sites sharing one IP address.  I don't think that you
> > can do that with SMTP.
> >
> > You could mean several people sharing one box, but with each having
> > their own IP address.  That should work for email.
> >
> > I, for example, rent a couple of OpenVZ instances in the cloud, each
> > with their own IP address.  Each physical box is shared by untold
> > numbers of OpenVZ instances.  I'm allowed to set the reverse domain
> > records for them.  (Control of one's own forward domain is not a
> > problem.)  They each cost less than $20 per year.  I don't run mail
> > servers on them but I'm sure that I could.  They both run CentOS 7.
> > ---
> > Talk Mailing List
> > talk@gtalug.org
> > https://gtalug.org/mailman/listinfo/talk
> >  

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Marc Lijour via talk]

Happy to report that OVH got it fixed for me. They replied to the support
ticket within 24 hours. After two interactions we were done. They said it
took some time for the reverse DNS to replicate (for the reverse record I
did setup days earlier). Whether it was just that delay or they did
something in the backend, the dig -x command now reports the correct
information. No Spamhaus red flag since then. Happy end.

On Fri, Feb 22, 2019, 20:20 D. Hugh Redelmeier via talk, 
wrote:

> | From: Val Kulkov via talk 
>
> | Do you have a permanent static IP address? If not, you may occasionally
> be
> | picking up a "dirty" IP address.
>
> It's clear (now) that Marc has a static IP address.
>
> It really isn't worth trying to use a dynamic IP address for mail.
> But I did it.
>
> I used to use a Rogers connection for a secondary email server.  I
> could use the domain name they gave me, and the reverse domain would
> agree (but was out of my control).  The IP address would change at the
> rate of roughly once a year.  That would cause a bit of disruption
> because the transition was carelessly managed by Rogers.
>
> I still use Rogers for bulk IP traffic but maybe not for long: they
> are kind of doubling the cost for my "bundle" and I find that
> annoying.
>
> | From: Don Tai via talk 
>
> | You're on a shared host with any number of other web sites and owners.
> When
> | one goes rogue and launches bots at the world the IP is logged and is
> used
> | to ban all the sites on that IP, which might include your own. Bots
> | reappear on a regular basis, using the same IP, so bans, in general, are
> | for life.
>
> It's clear (now) that Marc has a dedicated IP address.
>
> It depends on what you mean by "shared host".  Normally that means
> several web sites sharing one IP address.  I don't think that you can
> do that with SMTP.
>
> You could mean several people sharing one box, but with each having
> their own IP address.  That should work for email.
>
> I, for example, rent a couple of OpenVZ instances in the cloud, each
> with their own IP address.  Each physical box is shared by untold
> numbers of OpenVZ instances.  I'm allowed to set the reverse domain
> records for them.  (Control of one's own forward domain is not a
> problem.)  They each cost less than $20 per year.  I don't run mail
> servers on them but I'm sure that I could.  They both run CentOS 7.
> ---
> Talk Mailing List
> talk@gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[D. Hugh Redelmeier via talk]

| From: Val Kulkov via talk 

| Do you have a permanent static IP address? If not, you may occasionally be
| picking up a "dirty" IP address.

It's clear (now) that Marc has a static IP address.

It really isn't worth trying to use a dynamic IP address for mail.
But I did it.

I used to use a Rogers connection for a secondary email server.  I
could use the domain name they gave me, and the reverse domain would
agree (but was out of my control).  The IP address would change at the
rate of roughly once a year.  That would cause a bit of disruption
because the transition was carelessly managed by Rogers.

I still use Rogers for bulk IP traffic but maybe not for long: they
are kind of doubling the cost for my "bundle" and I find that
annoying.

| From: Don Tai via talk 

| You're on a shared host with any number of other web sites and owners. When
| one goes rogue and launches bots at the world the IP is logged and is used
| to ban all the sites on that IP, which might include your own. Bots
| reappear on a regular basis, using the same IP, so bans, in general, are
| for life.

It's clear (now) that Marc has a dedicated IP address.

It depends on what you mean by "shared host".  Normally that means
several web sites sharing one IP address.  I don't think that you can
do that with SMTP.

You could mean several people sharing one box, but with each having
their own IP address.  That should work for email.

I, for example, rent a couple of OpenVZ instances in the cloud, each
with their own IP address.  Each physical box is shared by untold
numbers of OpenVZ instances.  I'm allowed to set the reverse domain
records for them.  (Control of one's own forward domain is not a
problem.)  They each cost less than $20 per year.  I don't run mail
servers on them but I'm sure that I could.  They both run CentOS 7.
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Don Tai via talk]

Here's an example of a request header. The IP and host name are in the
request header. This is a Bingbot request. For a ban I usually only use the
IP.

2019-02-11:00:03:53
URL: /wp/tag/fire-code/
IP: 157.55.39.xxx
Accept: */*
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Connection: Keep-Alive
From: bingbot(at)microsoft.com
Host: ewxample.com
Pragma: no-cache
User-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +
http://www.bing.com/bingbot.htm)
X-Https: 1

On Fri, 22 Feb 2019 at 11:32, Giles Orr via talk  wrote:

> On Fri, 22 Feb 2019 at 11:12, James Knott via talk 
> wrote:
>
>> On 02/22/2019 11:00 AM, Don Tai wrote:
>> > A host will have a number of IPs, a box is on a specific IP, there
>> > will be a number of web sites on the same box, many domain names
>> > pointing to the same IP. For example my sites are on a box with 25
>> > different sites that I know of, all pointing to the same IP. If one of
>> > them causes a ban on the IP then all sites are affected/banned.
>>
>> If each server has the same IP, how are they differentiated?  The only
>> ways I know are to use non standard port numbers or extend the host name
>> with a suffix after a /.
>>
>
> A single instance of Apache or Nginx (and probably most other HTTP
> servers) can handle multiple names on one port at one IP address.  We use
> this ability a fair bit at my work: the web server determines what name
> you're looking for from the incoming header, looks at its own config to
> find out where on the box that website is stored, and responds with the
> proper information.  The most obvious implementation of this is hosting
> sites who have used this ability for around 20 years.
>
> Presumably similar things can be done with most other incoming services,
> although I'm most familiar with the behaviour of web servers.
>
> --
> Giles
> https://www.gilesorr.com/
> giles...@gmail.com
> ---
> Talk Mailing List
> talk@gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[James Knott via talk]

On 02/22/2019 12:11 PM, Giles Orr wrote:
> But your use-case is vanishingly small: no one uses IP addresses anymore

As I mentioned in another note, there is one case where IP address is
mandatory.  It's when I connect to my cable modem for management.  It
works only if I specify the IP address.  It will not work if I use a
host name.

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[James Knott via talk]

On 02/22/2019 12:08 PM, Val Kulkov via talk wrote:
> Since HTTP 1.1, a request may contain the "Host"
> header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host
> which web servers can they use to serve proper content for a given
> host name. See, for
> example, http://nginx.org/en/docs/http/request_processing.html for
> information how nginx deals with multiple servers on the same IP address.
>
> For https, there is
> SNI: https://en.wikipedia.org/wiki/Server_Name_Indication

That could explain why I can connect to my cable modem config using IP
address, but not a host name & DNS.  While the login screen appears
either way, connections made via host name are not accepted with "Login
Failed"

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Giles Orr via talk]

On Fri, 22 Feb 2019 at 11:58, James Knott via talk  wrote:

> On 02/22/2019 11:33 AM, Giles Orr wrote:
> > We use this ability a fair bit at my work: the web server determines
> > what name you're looking for from the incoming header,
>
> What would be in the header?  All IP has in the header to differentiate
> connections is IP address and port number.  For example, if I wanted to
> access the Mississauga Library ebook collection, I could open a browser
> to 13.92.99.128 and it would connect to port 443 for https.  I have not
> provided any other information.  So, how would the appropriate server be
> accessed from that, when multiple servers share a single IP?
>

You're correct: if the user provides only an IP address, the web server
doesn't necessarily know how to respond.  You can set a default in the web
server (at a hosting site it would almost certainly be to the hosting
provider's main page).  But your use-case is vanishingly small: no one uses
IP addresses anymore, and I'd suggest it's an actively bad idea since cloud
services allow us (the web site creators) to change IP addresses as
frequently as people change their clothes.  That's how it is now: the
_name_ remains constant, but the IP changes intermittently.

This random changing of IP addresses is also why we're having a parallel
discussion of "bad" and "good" IP neighbourhoods: if you take your name and
move it from one neighbourhood to another, places like Spamhaus associate
you (and thus your behaviour, warranted or not) with that of your
neighbours.

-- 
Giles
https://www.gilesorr.com/
giles...@gmail.com
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Val Kulkov via talk]

On Fri, 22 Feb 2019 at 11:58, James Knott via talk  wrote:

> On 02/22/2019 11:33 AM, Giles Orr wrote:
> > We use this ability a fair bit at my work: the web server determines
> > what name you're looking for from the incoming header,
>
> What would be in the header?  All IP has in the header to differentiate
> connections is IP address and port number.  For example, if I wanted to
> access the Mississauga Library ebook collection, I could open a browser
> to 13.92.99.128 and it would connect to port 443 for https.  I have not
> provided any other information.  So, how would the appropriate server be
> accessed from that, when multiple servers share a single IP?
>

Since HTTP 1.1, a request may contain the "Host" header:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host which web
servers can they use to serve proper content for a given host name. See,
for example, http://nginx.org/en/docs/http/request_processing.html for
information how nginx deals with multiple servers on the same IP address.

For https, there is SNI:
https://en.wikipedia.org/wiki/Server_Name_Indication
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[James Knott via talk]

On 02/22/2019 11:33 AM, Giles Orr wrote:
> We use this ability a fair bit at my work: the web server determines
> what name you're looking for from the incoming header,

What would be in the header?  All IP has in the header to differentiate
connections is IP address and port number.  For example, if I wanted to
access the Mississauga Library ebook collection, I could open a browser
to 13.92.99.128 and it would connect to port 443 for https.  I have not
provided any other information.  So, how would the appropriate server be
accessed from that, when multiple servers share a single IP?

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Giles Orr via talk]

On Fri, 22 Feb 2019 at 11:12, James Knott via talk  wrote:

> On 02/22/2019 11:00 AM, Don Tai wrote:
> > A host will have a number of IPs, a box is on a specific IP, there
> > will be a number of web sites on the same box, many domain names
> > pointing to the same IP. For example my sites are on a box with 25
> > different sites that I know of, all pointing to the same IP. If one of
> > them causes a ban on the IP then all sites are affected/banned.
>
> If each server has the same IP, how are they differentiated?  The only
> ways I know are to use non standard port numbers or extend the host name
> with a suffix after a /.
>

A single instance of Apache or Nginx (and probably most other HTTP servers)
can handle multiple names on one port at one IP address.  We use this
ability a fair bit at my work: the web server determines what name you're
looking for from the incoming header, looks at its own config to find out
where on the box that website is stored, and responds with the proper
information.  The most obvious implementation of this is hosting sites who
have used this ability for around 20 years.

Presumably similar things can be done with most other incoming services,
although I'm most familiar with the behaviour of web servers.

-- 
Giles
https://www.gilesorr.com/
giles...@gmail.com
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Jamon Camisso via talk]

On 22/02/2019 11:25, Val Kulkov via talk wrote:
> Most or all participants to this thread appear to agree that picking the
> right IP neighbourhood is key to success.
> 
> So, how does one pick a good neighbourhood? Are there any tried-and-true
> rules or methods?

Use a reputable cloud provider that gives you a dedicated IP for a VM.
Many will go to great lengths to keep their IP ranges off blocklists,
including terminating VMs that abuse port 25, knowingly or not.

Otherwise, use a 3rd party SaaS mail provider.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Val Kulkov via talk]

On Fri, 22 Feb 2019 at 00:36, ac via talk  wrote:

>
> Do not expect to be able to relay email communications properly, from
> such a poor IP neighborhood.
>

Most or all participants to this thread appear to agree that picking the
right IP neighbourhood is key to success.

So, how does one pick a good neighbourhood? Are there any tried-and-true
rules or methods?
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[James Knott via talk]

On 02/22/2019 11:00 AM, Don Tai wrote:
> A host will have a number of IPs, a box is on a specific IP, there
> will be a number of web sites on the same box, many domain names
> pointing to the same IP. For example my sites are on a box with 25
> different sites that I know of, all pointing to the same IP. If one of
> them causes a ban on the IP then all sites are affected/banned.

If each server has the same IP, how are they differentiated?  The only
ways I know are to use non standard port numbers or extend the host name
with a suffix after a /.

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Don Tai via talk]

A host will have a number of IPs, a box is on a specific IP, there will be
a number of web sites on the same box, many domain names pointing to the
same IP. For example my sites are on a box with 25 different sites that I
know of, all pointing to the same IP. If one of them causes a ban on the IP
then all sites are affected/banned.

On Fri, 22 Feb 2019 at 10:20, James Knott via talk  wrote:

> On 02/21/2019 08:38 PM, Don Tai via talk wrote:
> > You're on a shared host with any number of other web sites and owners.
> > When one goes rogue and launches bots at the world the IP is logged
> > and is used to ban all the sites on that IP, which might include your
> > own. Bots reappear on a regular basis, using the same IP, so bans, in
> > general, are for life.
>
> Are you saying all hosts on a site use the same IP address?  That would
> make it impossible to access individual servers.  Perhaps you meant
> subnet?  Also, with many data centres, it's possible to arrange for your
> own Internet connection, completely independent of everyone else there.
> Of course, that becomes more difficult, though not impossible, if the
> servers are running virtual machines.
>
> ---
> Talk Mailing List
> talk@gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[James Knott via talk]

On 02/21/2019 08:38 PM, Don Tai via talk wrote:
> You're on a shared host with any number of other web sites and owners.
> When one goes rogue and launches bots at the world the IP is logged
> and is used to ban all the sites on that IP, which might include your
> own. Bots reappear on a regular basis, using the same IP, so bans, in
> general, are for life.

Are you saying all hosts on a site use the same IP address?  That would
make it impossible to access individual servers.  Perhaps you meant
subnet?  Also, with many data centres, it's possible to arrange for your
own Internet connection, completely independent of everyone else there. 
Of course, that becomes more difficult, though not impossible, if the
servers are running virtual machines.

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[ac via talk]

If you want to relay email and operate a working email server, you need
to start with ipv4 reputation. 

If you host in the middle of a criminal hotspot and at a socalled
"bullet proof" host (a host that does not care about abuse complaints
and has a bad reputation) 

Do not expect to be able to relay email communications properly, from
such a poor IP neighborhood.

The check your IPv4 reputation, I strongly suggest using this service:

http://multirbl.valli.org/

If your IP is listed by 10+ services, rather migrate to a better IP
neighborhood (Why would you want to support hosting providers that
proved safe haven to child pornographers, scammer, cyber crime and
other rubbish???)

If your ipv4 reputation is not too bad, apply for removal from wherever.

The services listed on multirbl.valli.org - are all ethical, decent and
moral, if you know different and have actual proof of non ethical
behavior, do please submit any such evidence to any RIR anti-abuse (or
even this) public mailing list.

Yes, you can operate your own email service, no, you cannot easily
spam, abuse and do any number of other weird things easily any longer...

hth

Andre



On Thu, 21 Feb 2019 19:10:16 -0800
Jason Shaw via talk  wrote:

> I gave up on trying to keep a local mail server off of spamhaus and
> similar lists and ended up getting an account at authsmtp.com to
> relay outbound mail through so that they can deal with the
> deliverability side of it. Sending 4000 messages a month is probably
> cheaper than the amount of time you've invested in trying to get your
> IP safelisted.
> 
> -jason
> 
> On Thu, Feb 21, 2019 at 10:33 AM Marc Lijour via talk
>  wrote:
> 
> > Does anyone has insights about dealing with Spamhaus?
> >
> > I'm getting increasingly frustrated by being listed without
> > explanation. I run a very low bandwidth mail server and a website
> > for my business. I am running postfix with SPF, DKIM, and DMARC.
> > I'd like to know what I am missing.
> >
> > Spamhaus is very popular which in turn affects Twitter, LInkedIn,
> > beyond just the mail.
> >
> > Is it possible to run one's own mail server this days?
> >
> > ---
> > Talk Mailing List
> > talk@gtalug.org
> > https://gtalug.org/mailman/listinfo/talk
> >  

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Jason Shaw via talk]

I gave up on trying to keep a local mail server off of spamhaus and similar
lists and ended up getting an account at authsmtp.com to relay outbound
mail through so that they can deal with the deliverability side of it.
Sending 4000 messages a month is probably cheaper than the amount of time
you've invested in trying to get your IP safelisted.

-jason

On Thu, Feb 21, 2019 at 10:33 AM Marc Lijour via talk 
wrote:

> Does anyone has insights about dealing with Spamhaus?
>
> I'm getting increasingly frustrated by being listed without explanation.
> I run a very low bandwidth mail server and a website for my business. I
> am running postfix with SPF, DKIM, and DMARC. I'd like to know what I am
> missing.
>
> Spamhaus is very popular which in turn affects Twitter, LInkedIn, beyond
> just the mail.
>
> Is it possible to run one's own mail server this days?
>
> ---
> Talk Mailing List
> talk@gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Jamon Camisso via talk]

On 21/02/2019 17:53, Stewart Russell via talk wrote:
> On Thu, Feb 21, 2019, 15:53 Marc Lijour,  > wrote:
> 
> +1
> 
> turns out that OVH is cheap and not-for-profit organizations are
> looking for cheap (same as spammers I guess), ...
> 
> We're not looking for cheap at all. A site hosted by WPEngine isn't
> cheap. It's the arbitrariness of spam blocking: we did _nothing_ wrong,
> we have no link to any spammer or blacklist, yet the anti-spam crowd
> held our business up. 

Looks like WPEngine allows you to use an external SMTP provider:

https://wpengine.com/support/using-3rd-party-email-provider-send-mail-wordpress/

$5/month for a VM with places like vultur, linode, digital ocean. I run
a few VMs, and all get 10/10 with that mail test site mentioned earlier.

Postfix with SPF, DKIM, and rDNS records are what I use. Ought to be
pretty solid for all but the most demanding users. I haven't needed to
look into DMARC at all, but could add it if needed.

Otherwise with WPEngine, mailgun, sendgrid, looks like there are options
to get your messages onto reliable mail gateways.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Don Tai via talk]

You're on a shared host with any number of other web sites and owners. When
one goes rogue and launches bots at the world the IP is logged and is used
to ban all the sites on that IP, which might include your own. Bots
reappear on a regular basis, using the same IP, so bans, in general, are
for life.

Spamhaus probably works on multiple complaint submissions, so it is not
just a couple that will get you on the list.

On Thu, 21 Feb 2019 at 17:53, Stewart Russell via talk 
wrote:

> On Thu, Feb 21, 2019, 15:53 Marc Lijour,  wrote:
>
>> +1
>>
>> turns out that OVH is cheap and not-for-profit organizations are looking
>> for cheap (same as spammers I guess), ...
>>
> We're not looking for cheap at all. A site hosted by WPEngine isn't cheap.
> It's the arbitrariness of spam blocking: we did _nothing_ wrong, we have no
> link to any spammer or blacklist, yet the anti-spam crowd held our business
> up.
>
> I'm really surprised they haven't been sued into oblivion under tort laws.
>
>  Stewart
>
>> ---
> Talk Mailing List
> talk@gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Stewart Russell via talk]

On Thu, Feb 21, 2019, 15:53 Marc Lijour,  wrote:

> +1
>
> turns out that OVH is cheap and not-for-profit organizations are looking
> for cheap (same as spammers I guess), ...
>
We're not looking for cheap at all. A site hosted by WPEngine isn't cheap.
It's the arbitrariness of spam blocking: we did _nothing_ wrong, we have no
link to any spammer or blacklist, yet the anti-spam crowd held our business
up.

I'm really surprised they haven't been sued into oblivion under tort laws.

 Stewart

>
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Don Tai via talk]

I forgot Planet Hoster in Montreal

On Thu, 21 Feb 2019 at 15:49, Marc Lijour  wrote:

> fair enough -I can understand that perspective
>
> What is my best bet? AWS? Azure?
> On 2019-02-21 3:41 p.m., Don Tai via talk wrote:
>
> OVH is a well known den of spam, scraper and malicious bots. This is your
> problem. I am sure Spamhaus has given up on the number of bots they need to
> block and banned the whole IP range. I know I have. You need to move to
> another host provider. OVH allows the rampant running of bots, so this is
> what they get. Total ban.
>
> On Thu, 21 Feb 2019 at 14:17, Alex Volkov via talk 
> wrote:
>
>> Do you have reverse DNS records set up -- this is pretty much a
>> requirement for running any mail server these days.
>>
>> This mailing list kept getting blocked by Spamhaus when we used IPv6
>> address to send out mail. I have no idea what was wrong with that, but
>> the minute I turned off IPv6 everything went back to normal.
>>
>> I remember there's an open-source mail config/blacklist checking website
>> tool, but I don't remember its name.
>>
>> Alex.
>>
>> On 2019-02-21 1:24 p.m., Marc Lijour via talk wrote:
>> > Does anyone has insights about dealing with Spamhaus?
>> >
>> > I'm getting increasingly frustrated by being listed without
>> > explanation. I run a very low bandwidth mail server and a website for
>> > my business. I am running postfix with SPF, DKIM, and DMARC. I'd like
>> > to know what I am missing.
>> >
>> > Spamhaus is very popular which in turn affects Twitter, LInkedIn,
>> > beyond just the mail.
>> >
>> > Is it possible to run one's own mail server this days?
>> >
>> > ---
>> > Talk Mailing List
>> > talk@gtalug.org
>> > https://gtalug.org/mailman/listinfo/talk
>>
>>
>> ---
>> Talk Mailing List
>> talk@gtalug.org
>> https://gtalug.org/mailman/listinfo/talk
>>
>
> ---
> Talk Mailing Listtalk@gtalug.orghttps://gtalug.org/mailman/listinfo/talk
>
>
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Marc Lijour via talk]

+1

turns out that OVH is cheap and not-for-profit organizations are looking 
for cheap (same as spammers I guess), we're caught in the same bag


On 2019-02-21 3:50 p.m., Stewart Russell via talk wrote:
On Thu, Feb 21, 2019, 15:42 Don Tai via talk, > wrote:


... You need to move to another host provider.


This is not always an option.

The not-for-profit I work for has a web site run from WP Engine. It 
can send e-mail for updates, subscriptions, etc.


Just one of the wp.com  hosts that the mail relays 
through got blacklisted. Consequently, our volunteers and clients - 
people with disabilities - got nothing from us if they had a gmail or 
hotmail account.


We have *no* control over this and no option to change. Spam blocking 
lists are extortion that hurt innocent people.


 Stewart


---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Stewart Russell via talk]

On Thu, Feb 21, 2019, 15:42 Don Tai via talk,  wrote:

> ... You need to move to another host provider.
>

This is not always an option.

The not-for-profit I work for has a web site run from WP Engine. It can
send e-mail for updates, subscriptions, etc.

Just one of the wp.com hosts that the mail relays through got blacklisted.
Consequently, our volunteers and clients - people with disabilities - got
nothing from us if they had a gmail or hotmail account.

We have *no* control over this and no option to change. Spam blocking lists
are extortion that hurt innocent people.

 Stewart
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Marc Lijour via talk]

fair enough -I can understand that perspective

What is my best bet? AWS? Azure?

On 2019-02-21 3:41 p.m., Don Tai via talk wrote:
OVH is a well known den of spam, scraper and malicious bots. This is 
your problem. I am sure Spamhaus has given up on the number of bots 
they need to block and banned the whole IP range. I know I have. You 
need to move to another host provider. OVH allows the rampant running 
of bots, so this is what they get. Total ban.


On Thu, 21 Feb 2019 at 14:17, Alex Volkov via talk > wrote:


Do you have reverse DNS records set up -- this is pretty much a
requirement for running any mail server these days.

This mailing list kept getting blocked by Spamhaus when we used IPv6
address to send out mail. I have no idea what was wrong with that,
but
the minute I turned off IPv6 everything went back to normal.

I remember there's an open-source mail config/blacklist checking
website
tool, but I don't remember its name.

Alex.

On 2019-02-21 1:24 p.m., Marc Lijour via talk wrote:
> Does anyone has insights about dealing with Spamhaus?
>
> I'm getting increasingly frustrated by being listed without
> explanation. I run a very low bandwidth mail server and a
website for
> my business. I am running postfix with SPF, DKIM, and DMARC. I'd
like
> to know what I am missing.
>
> Spamhaus is very popular which in turn affects Twitter, LInkedIn,
> beyond just the mail.
>
> Is it possible to run one's own mail server this days?
>
> ---
> Talk Mailing List
> talk@gtalug.org 
> https://gtalug.org/mailman/listinfo/talk


---
Talk Mailing List
talk@gtalug.org 
https://gtalug.org/mailman/listinfo/talk


---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Marc Lijour via talk]

On 2019-02-21 3:03 p.m., Kevin Cozens via talk wrote:


OVH allows you to set a reverse IP mapping if you are renting a full 
server using the website account/server management tools.


Yes it does (under IP in the cloud management tab of the web console), 
but this is what I got (thrown together with 7 other IPs and a dig -x 
that does not map directly to my DNS record).

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Don Tai via talk]

OVH is a well known den of spam, scraper and malicious bots. This is your
problem. I am sure Spamhaus has given up on the number of bots they need to
block and banned the whole IP range. I know I have. You need to move to
another host provider. OVH allows the rampant running of bots, so this is
what they get. Total ban.

On Thu, 21 Feb 2019 at 14:17, Alex Volkov via talk  wrote:

> Do you have reverse DNS records set up -- this is pretty much a
> requirement for running any mail server these days.
>
> This mailing list kept getting blocked by Spamhaus when we used IPv6
> address to send out mail. I have no idea what was wrong with that, but
> the minute I turned off IPv6 everything went back to normal.
>
> I remember there's an open-source mail config/blacklist checking website
> tool, but I don't remember its name.
>
> Alex.
>
> On 2019-02-21 1:24 p.m., Marc Lijour via talk wrote:
> > Does anyone has insights about dealing with Spamhaus?
> >
> > I'm getting increasingly frustrated by being listed without
> > explanation. I run a very low bandwidth mail server and a website for
> > my business. I am running postfix with SPF, DKIM, and DMARC. I'd like
> > to know what I am missing.
> >
> > Spamhaus is very popular which in turn affects Twitter, LInkedIn,
> > beyond just the mail.
> >
> > Is it possible to run one's own mail server this days?
> >
> > ---
> > Talk Mailing List
> > talk@gtalug.org
> > https://gtalug.org/mailman/listinfo/talk
>
>
> ---
> Talk Mailing List
> talk@gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Kevin Cozens via talk]

On 2019-02-21 2:49 p.m., Alex Volkov via talk wrote:
You can't set reverse DNS records yourself, so you will need to contact your 
service provider and ask them to change the record for IP 54.39.185.225 from 
ip-54-39-185.eu to your mail server dns name.

[snip]

On 2019-02-21 2:43 p.m., Marc Lijour wrote:


I thought I had, and I do. OVH is allocating my PTR in a group of 8 
addresses (*ip-54-39-185.eu.*). May be that's where the problem lies?


OVH allows you to set a reverse IP mapping if you are renting a full server 
using the website account/server management tools.


--
Cheers!

Kevin.

http://www.ve3syb.ca/   | "Nerds make the shiny things that
https://www.patreon.com/KevinCozens | distract the mouth-breathers, and
| that's why we're powerful"
Owner of Elecraft K2 #2172  |
#include  | --Chris Hardwick
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Alex Volkov via talk]

I think this might be it.

You can't set reverse DNS records yourself, so you will need to contact 
your service provider and ask them to change the record for IP 
54.39.185.225 from ip-54-39-185.eu to your mail server dns name.


Alex.

On 2019-02-21 2:43 p.m., Marc Lijour wrote:


I thought I had, and I do. OVH is allocating my PTR in a group of 8 
addresses (*ip-54-39-185.eu.*). May be that's where the problem lies? 
I sent a ticket to OVH.


$ dig -x 54.39.185.225

; <<>> DiG 9.11.4-3ubuntu5-Ubuntu <<>> -x 54.39.185.225
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25851
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;225.185.39.54.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
225.185.39.54.in-addr.arpa. 5990 IN    PTR *ip-54-39-185.eu.*

https://mxtoolbox.com/subnet/?filter=54.39.185.225/29=findmonitors=54.39.185.225 



On 2019-02-21 2:17 p.m., Alex Volkov wrote:
Do you have reverse DNS records set up -- this is pretty much a 
requirement for running any mail server these days.


This mailing list kept getting blocked by Spamhaus when we used IPv6 
address to send out mail. I have no idea what was wrong with that, 
but the minute I turned off IPv6 everything went back to normal.


I remember there's an open-source mail config/blacklist checking 
website tool, but I don't remember its name.


Alex.

On 2019-02-21 1:24 p.m., Marc Lijour via talk wrote:

Does anyone has insights about dealing with Spamhaus?

I'm getting increasingly frustrated by being listed without 
explanation. I run a very low bandwidth mail server and a website 
for my business. I am running postfix with SPF, DKIM, and DMARC. I'd 
like to know what I am missing.


Spamhaus is very popular which in turn affects Twitter, LInkedIn, 
beyond just the mail.


Is it possible to run one's own mail server this days?

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk





---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Marc Lijour via talk]

I thought I had, and I do. OVH is allocating my PTR in a group of 8 
addresses (*ip-54-39-185.eu.*). May be that's where the problem lies? I 
sent a ticket to OVH.


$ dig -x 54.39.185.225

; <<>> DiG 9.11.4-3ubuntu5-Ubuntu <<>> -x 54.39.185.225
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25851
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;225.185.39.54.in-addr.arpa.    IN    PTR

;; ANSWER SECTION:
225.185.39.54.in-addr.arpa. 5990 IN    PTR *ip-54-39-185.eu.*

https://mxtoolbox.com/subnet/?filter=54.39.185.225/29=findmonitors=54.39.185.225 



On 2019-02-21 2:17 p.m., Alex Volkov wrote:
Do you have reverse DNS records set up -- this is pretty much a 
requirement for running any mail server these days.


This mailing list kept getting blocked by Spamhaus when we used IPv6 
address to send out mail. I have no idea what was wrong with that, but 
the minute I turned off IPv6 everything went back to normal.


I remember there's an open-source mail config/blacklist checking 
website tool, but I don't remember its name.


Alex.

On 2019-02-21 1:24 p.m., Marc Lijour via talk wrote:

Does anyone has insights about dealing with Spamhaus?

I'm getting increasingly frustrated by being listed without 
explanation. I run a very low bandwidth mail server and a website for 
my business. I am running postfix with SPF, DKIM, and DMARC. I'd like 
to know what I am missing.


Spamhaus is very popular which in turn affects Twitter, LInkedIn, 
beyond just the mail.


Is it possible to run one's own mail server this days?

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk



---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Marc Lijour via talk]

I have 8.2/10

pretty good considering that I got a -2 from Pyzor for my blank email

On 2019-02-21 2:09 p.m., Val Kulkov via talk wrote:
On Thu, 21 Feb 2019 at 14:03, Val Kulkov > wrote:


Also, it seems to me that even permanent static IP addresses are
not made the same. I get a feeling that some spam databases do not
"like" certain ranges of IP addresses. Although I have no direct
evidence of it, I suspect that these spam database sites run
periodic checks on how much spam a subnet produces and when it
exceeds some threshold the entire subnet is marked "dirty".

Forgot to mention http://www.mail-tester.com/, a site I periodically 
use to check how spam databases treat my ip address.


---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Val Kulkov via talk]

On Thu, 21 Feb 2019 at 14:17, Alex Volkov via talk  wrote:

> I remember there's an open-source mail config/blacklist checking website
> tool, but I don't remember its name.
>

https://mxtoolbox.com/blacklists.aspx perhaps?
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Alex Volkov via talk]

Do you have reverse DNS records set up -- this is pretty much a 
requirement for running any mail server these days.


This mailing list kept getting blocked by Spamhaus when we used IPv6 
address to send out mail. I have no idea what was wrong with that, but 
the minute I turned off IPv6 everything went back to normal.


I remember there's an open-source mail config/blacklist checking website 
tool, but I don't remember its name.


Alex.

On 2019-02-21 1:24 p.m., Marc Lijour via talk wrote:

Does anyone has insights about dealing with Spamhaus?

I'm getting increasingly frustrated by being listed without 
explanation. I run a very low bandwidth mail server and a website for 
my business. I am running postfix with SPF, DKIM, and DMARC. I'd like 
to know what I am missing.


Spamhaus is very popular which in turn affects Twitter, LInkedIn, 
beyond just the mail.


Is it possible to run one's own mail server this days?

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk



---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Marc Lijour via talk]

I'm hosting at OVH, running a small VM with SSD. The IP is fixed.

A range of IP owned by the cloud provider might explain things, except 
that I'm not responsible (nor have any control) of bad neighbours.


On 2019-02-21 2:03 p.m., Val Kulkov via talk wrote:
On Thu, 21 Feb 2019 at 13:34, Marc Lijour via talk > wrote:


Does anyone has insights about dealing with Spamhaus?

I'm getting increasingly frustrated by being listed without
explanation.
I run a very low bandwidth mail server and a website for my
business. I
am running postfix with SPF, DKIM, and DMARC. I'd like to know
what I am
missing.


Do you have a permanent static IP address? If not, you may 
occasionally be picking up a "dirty" IP address.


Also, it seems to me that even permanent static IP addresses are not 
made the same. I get a feeling that some spam databases do not "like" 
certain ranges of IP addresses. Although I have no direct evidence of 
it, I suspect that these spam database sites run periodic checks on 
how much spam a subnet produces and when it exceeds some threshold the 
entire subnet is marked "dirty".



---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Val Kulkov via talk]

On Thu, 21 Feb 2019 at 14:03, Val Kulkov  wrote:

> Also, it seems to me that even permanent static IP addresses are not made
> the same. I get a feeling that some spam databases do not "like" certain
> ranges of IP addresses. Although I have no direct evidence of it, I suspect
> that these spam database sites run periodic checks on how much spam a
> subnet produces and when it exceeds some threshold the entire subnet is
> marked "dirty".
>

Forgot to mention http://www.mail-tester.com/, a site I periodically use to
check how spam databases treat my ip address.
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Val Kulkov via talk]

On Thu, 21 Feb 2019 at 13:34, Marc Lijour via talk  wrote:

> Does anyone has insights about dealing with Spamhaus?
>
> I'm getting increasingly frustrated by being listed without explanation.
> I run a very low bandwidth mail server and a website for my business. I
> am running postfix with SPF, DKIM, and DMARC. I'd like to know what I am
> missing.
>

Do you have a permanent static IP address? If not, you may occasionally be
picking up a "dirty" IP address.

Also, it seems to me that even permanent static IP addresses are not made
the same. I get a feeling that some spam databases do not "like" certain
ranges of IP addresses. Although I have no direct evidence of it, I suspect
that these spam database sites run periodic checks on how much spam a
subnet produces and when it exceeds some threshold the entire subnet is
marked "dirty".
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

[Tim Tisdall via talk]

On Thu, 21 Feb 2019 at 13:34, Marc Lijour via talk  wrote:
>
> Does anyone has insights about dealing with Spamhaus?

Is it being run on shared hosting?  I had an issue with a similar
service because the server shared an IP address with another site that
was hacked and was spamming people.
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk