Re: gmail and hotmail blocking mail sent from my IP

2017-08-12 Thread Craig Skinner
Hi Rui,

On Fri, 11 Aug 2017 12:36:34 +0100 Rui Ribeiro wrote:
> There were even customized ports of Qmail in the past that had
> options that could be easily be enabled to downright refuse email
> from emails hosts not matching A/PTR or HELO

Postfix has these types of filters built in by default.

Similar to spamd's standard greylisting & stuttering options,
these lightweight DNS tests are simply superb spam nukers.

Why? Zombies can't set a machine's (r)DNS, nor make them match.


These Postfix options kill spam (be careful about using on port 587):


smtpd_client_restrictions =
reject_unknown_client_hostname

smtpd_helo_restrictions =
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
reject_unknown_helo_hostname

smtpd_sender_restrictions =
reject_non_fqdn_sender
reject_unlisted_sender
reject_unknown_sender_domain

smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_unknown_recipient_domain


For testing, each can be prefixed with 'warn_if_reject'.
Warnings are logged while the session continues as usual.


There are other more and less aggressive (RFC derived) settings.
See http://www.Postfix.Org/postconf.5.html

Cool,
-- 
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7



Re: gmail and hotmail blocking mail sent from my IP

2017-08-11 Thread Allan Streib
Rui Ribeiro  writes:

> There were even customized ports of Qmail in the past that had options
> that could be easily be enabled to downright refuse email from emails
> hosts not matching A/PTR or HELO...not exactly good citizenship

Well it's like anything else, a couple of bad neighbors ruin things for
everyone.

Same reason my /etc/hosts file has 15,000 lines of known mal/ad-ware
domains.

Allan



Re: gmail and hotmail blocking mail sent from my IP

2017-08-11 Thread Rui Ribeiro
There were even customized ports of Qmail in the past that had options that
could be easily be enabled to downright refuse email from emails hosts not
matching A/PTR or HELO...not exactly good citizenship

Cheers

On 11 August 2017 at 10:49, Craig Skinner  wrote:

> On Thu, 10 Aug 2017 17:18:45 Stuart Henderson wrote:
> > You can't expect to reliably deliver email unless you have a PTR
> > record and an A/ record (at least within the same domain, though
> > in some cases the full hostname needs to match).
>
> Yes - matching DNS PTR/A records, and HELO hostname generally seem to be
> ranked higher for delivery than the SPF/DMARC/DKIM/etc optional extras.
>
> Cheers,
> --
> Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
>
>


-- 
Regards,

--
Rui Ribeiro
Senior Linux Architect and Network Administrator
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434


Re: gmail and hotmail blocking mail sent from my IP

2017-08-11 Thread Craig Skinner
On Thu, 10 Aug 2017 17:18:45 Stuart Henderson wrote:
> You can't expect to reliably deliver email unless you have a PTR
> record and an A/ record (at least within the same domain, though
> in some cases the full hostname needs to match).

Yes - matching DNS PTR/A records, and HELO hostname generally seem to be
ranked higher for delivery than the SPF/DMARC/DKIM/etc optional extras.

Cheers,
-- 
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7



Re: gmail and hotmail blocking mail sent from my IP

2017-08-10 Thread Stuart Henderson
On 2017-08-10, Rui Ribeiro  wrote:
> An email server in a residential setting will fail PTR unless you are
> working with a medium sized/an ISP that cares about their customers.
>
> see answer here
> https://unix.stackexchange.com/questions/371329/bind-proper-reverse-config

You can't expect to reliably deliver email unless you have a PTR record and
an A/ record (at least within the same domain, though in some cases
the full hostname needs to match).




Re: gmail and hotmail blocking mail sent from my IP

2017-08-10 Thread Rui Ribeiro
An email server in a residential setting will fail PTR unless you are
working with a medium sized/an ISP that cares about their customers.

see answer here
https://unix.stackexchange.com/questions/371329/bind-proper-reverse-config

On 9 August 2017 at 23:34, Rupert Gallagher  wrote:

> The dns still fails RFC1912 (ptr).
>
> Sent from ProtonMail Mobile
>
> On Wed, Aug 9, 2017 at 6:39 PM, Walter Alejandro Iglesias <
> w...@roquesor.com> wrote:
>
> > Hello Rupert, In article you wrote: > https://www.dnsinspect.com/
> roquesor.com/10171765 Try the link again. The reason it showed false
> results was because dnsinspect.com IP was blocked in my pf firewall. I
> have a script to detect hacking attempts in my port 25 and block those IPs
> automatically. Thanks for your help anyways. And sorry if I didn't answer
> you before. lhvy93s=@protonmail.com>




-- 
Regards,

--
Rui Ribeiro
Senior Linux Architect and Network Administrator
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434


Re: gmail and hotmail blocking mail sent from my IP

2017-08-09 Thread Rupert Gallagher
The dns still fails RFC1912 (ptr).

Sent from ProtonMail Mobile

On Wed, Aug 9, 2017 at 6:39 PM, Walter Alejandro Iglesias  
wrote:

> Hello Rupert, In article you wrote: > 
> https://www.dnsinspect.com/roquesor.com/10171765 Try the link again. The 
> reason it showed false results was because dnsinspect.com IP was blocked in 
> my pf firewall. I have a script to detect hacking attempts in my port 25 and 
> block those IPs automatically. Thanks for your help anyways. And sorry if I 
> didn't answer you before. lhvy93s=@protonmail.com>

Re: gmail and hotmail blocking mail sent from my IP

2017-08-09 Thread Walter Alejandro Iglesias
Hello Rupert,

In article 

Re: gmail and hotmail blocking mail sent from my IP

2017-08-09 Thread Krzysztof Strzeszewski

Your ISP must delete ip from sorbs.net,..:

http://www.dnsbl.info/dnsbl-database-check.php


Krzysztof Strzeszewski

W dniu 06.08.2017 o 16:51, Walter Alejandro Iglesias pisze:

Hello everyone,

I was using smtpd(8) (static IP and FQDN resolving direct and reverse)
for a year without problems.  Today sending from my server (from the
same address I'm using now) to gmail and hotmail they answered the
following (MAILER-DAEMON answer).

Sending to gmail addresses:

   *@gmail.com: 550-5.7.1 [185.37.212.61] The IP you're using to send
   mail is not authorized to send email directly to our servers.  Please
   use the SMTP relay at your service provider instead. Learn more at
   https://support.google.com/mail/?p=NotAuthorizedError
   e1si6736354wra.236 - gsmtp

Sending to hotmail:

   *@hotmail.com: 550 DY-001 (SNT004-MC3F42) Unfortunately, messages from
   185.37.212.61 weren't sent. Please contact your Internet service
   provider. You can tell them that Hotmail does not relay
   dynamically-assigned IP ranges. You can also refer your provider to
   http://mail.live.com/mail/troubleshooting.aspx#errors.


On the hotmail link above the explanaition for code DY-001 is:

   Mail rejected by Outlook.com for policy reasons. We generally do not
   accept email from dynamic IP's as they are not typically used to
   deliver unauthenticated SMTP email to an Internet mail server. If you
   are not an email/network admin please contact your Email/Internet
   Service Provider for help. http://www.spamhaus.org maintains lists of
   dynamic and residential IP addresses.

It doesn't happen with yahoo.

I visited spamhaus.org site and found out my IP is included in a list
called PBL that, as they  explain is not a spammers list, it just
includes dynamic and "non mail server IP ranges".

Does someone here know what is "non mail server IP ranges" about?  Or,
how could my static IP could be taken as dynamic (some DNS faliure at my
ISP end?).






Re: gmail and hotmail blocking mail sent from my IP

2017-08-09 Thread Gareth Nelson
With all due respect, there's a legit question here - it's not just
"philosophical crap".

I believe people have already suggested ensuring DNS (including SPF records
etc) is properly setup too.

---
“Lanie, I’m going to print more printers. Lots more printers. One for
everyone. That’s worth going to jail for. That’s worth anything.” -
Printcrime by Cory Doctrow

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

On Wed, Aug 9, 2017 at 10:57 AM, Rupert Gallagher 
wrote:

> We reject tons of junk from static ISP-branded IPs with a broken or absent
> DNS. If one wants to serve their own email from their static IP, they
> should have the decency to serve their own authoritative DNS, instead of
> blaming the ISP or writing philosophical crap on mailing lists.
>
> Sent from ProtonMail Mobile
>
> On Wed, Aug 9, 2017 at 10:47 AM, Rui Ribeiro  wrote:
>
> > I would advise not assuming the email ISP will forward blindly all the
> email it gets. Back then years ago I ran an ISP, and the most strange ever
> support call I get was a competitor buying a modem of ours, and escalating
> a support call our email server was not forwarding *their* email. C: Well,
> our main server queue is full of messages and spam, and we just pointed our
> email server to yours to alleviate it...and it does not goes through
> ME: You know our central email server besides having anti-spam and grey
> listing, only forwards our own domain, right? (we had other email servers
> for corner cases, but it even then it would not fit their...special case)
> On 8 August 2017 at 22:39, Kevin Chadwick wrote: > I understand that given
> everyone uses gmail, hotmail or mail provided by > some multinational
> hosting service they assume mail coming from > residential connections
> cannot be other thing but spam sent from hacked > machines. But someone
> paying for a static IP in a residential > connection is the opposite case.
> When you have to deal with thousands > of users you resort to any trick you
> find on the Internet and start to > blindly blacklist all; this is a big
> servers problem. And the more > users you have to deal with the worse. On
> the contrary, from my part, I > have just a pair of personal addresses, so
> it's not a big deal for me to > audit my server and use more sane, less
> harmful and, overall, more > effective measures to filter spam and to
> prevent spam be sent from my > machine. And I think this is the direction
> everyone should point to > instead of resting day after day more and more
> on big companies for > everything. In general, everyone should tend to
> decentralize instead of > monopolize. The real problem is the passive
> attitude most people assume > in the use of the Internet (and life in
> general but I don't want to bore > you with cheap philosophy. :-)) > > > >
> > > Regards, > > > Thank you for your advice. > > > > +1, way more spam
> comes from universities and enterprise machines than > residential static
> ips with PTR records. It is not your error to fix. > > BTW Microsoft have
> their own SPF sign up thing but if I recall it was too > much hastle and
> maybe pay for. > > Keep ignoring those that suggest using your ISP, why
> would you send *all* > your mail through a likely untrustworthy mail
> system. > > Just accept that hotmail users often fish mail out of spam
> because the big > mail systems are crappy. > -- Regards, -- Rui Ribeiro
> Senior Linux Architect and Network Administrator ISCTE-IUL
> https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434 @gmail.com>


Re: gmail and hotmail blocking mail sent from my IP

2017-08-09 Thread Rupert Gallagher
We reject tons of junk from static ISP-branded IPs with a broken or absent DNS. 
If one wants to serve their own email from their static IP, they should have 
the decency to serve their own authoritative DNS, instead of blaming the ISP or 
writing philosophical crap on mailing lists.

Sent from ProtonMail Mobile

On Wed, Aug 9, 2017 at 10:47 AM, Rui Ribeiro  wrote:

> I would advise not assuming the email ISP will forward blindly all the email 
> it gets. Back then years ago I ran an ISP, and the most strange ever support 
> call I get was a competitor buying a modem of ours, and escalating a support 
> call our email server was not forwarding *their* email. C: Well, our main 
> server queue is full of messages and spam, and we just pointed our email 
> server to yours to alleviate it...and it does not goes through ME: You 
> know our central email server besides having anti-spam and grey listing, only 
> forwards our own domain, right? (we had other email servers for corner cases, 
> but it even then it would not fit their...special case) On 8 August 2017 at 
> 22:39, Kevin Chadwick wrote: > I understand that given everyone uses gmail, 
> hotmail or mail provided by > some multinational hosting service they assume 
> mail coming from > residential connections cannot be other thing but spam 
> sent from hacked > machines. But someone paying for a static IP in a 
> residential > connection is the opposite case. When you have to deal with 
> thousands > of users you resort to any trick you find on the Internet and 
> start to > blindly blacklist all; this is a big servers problem. And the more 
> > users you have to deal with the worse. On the contrary, from my part, I > 
> have just a pair of personal addresses, so it's not a big deal for me to > 
> audit my server and use more sane, less harmful and, overall, more > 
> effective measures to filter spam and to prevent spam be sent from my > 
> machine. And I think this is the direction everyone should point to > instead 
> of resting day after day more and more on big companies for > everything. In 
> general, everyone should tend to decentralize instead of > monopolize. The 
> real problem is the passive attitude most people assume > in the use of the 
> Internet (and life in general but I don't want to bore > you with cheap 
> philosophy. :-)) > > > > > > Regards, > > > Thank you for your advice. > > > 
> > +1, way more spam comes from universities and enterprise machines than > 
> residential static ips with PTR records. It is not your error to fix. > > BTW 
> Microsoft have their own SPF sign up thing but if I recall it was too > much 
> hastle and maybe pay for. > > Keep ignoring those that suggest using your 
> ISP, why would you send *all* > your mail through a likely untrustworthy mail 
> system. > > Just accept that hotmail users often fish mail out of spam 
> because the big > mail systems are crappy. > -- Regards, -- Rui Ribeiro 
> Senior Linux Architect and Network Administrator ISCTE-IUL 
> https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434 @gmail.com>

Re: gmail and hotmail blocking mail sent from my IP

2017-08-09 Thread Rui Ribeiro
I would advise not assuming the email ISP will forward blindly all the
email it gets.

Back then years ago I ran an ISP, and the most strange ever support call I
get was a competitor buying a modem of ours, and escalating a support call
our email server was not forwarding *their* email.

C: Well, our main server queue is full of messages and spam, and we just
pointed our email server to yours to alleviate it...and it does not goes
through
ME: You know our central email server besides having anti-spam and grey
listing, only forwards our own domain, right? (we had other email servers
for corner cases, but it even then it would not fit their...special case)



On 8 August 2017 at 22:39, Kevin Chadwick  wrote:

> I understand that given everyone uses gmail, hotmail or mail provided by
> some multinational hosting service they assume mail coming from
> residential connections cannot be other thing but spam sent from hacked
> machines.  But someone paying for a static IP in a residential
> connection is the opposite case.  When you have to deal with thousands
> of users you resort to any trick you find on the Internet and start to
> blindly blacklist all; this is a big servers problem.  And the more
> users you have to deal with the worse.  On the contrary, from my part, I
> have just a pair of personal addresses, so it's not a big deal for me to
> audit my server and use more sane, less harmful and, overall, more
> effective measures to filter spam and to prevent spam be sent from my
> machine.  And I think this is the direction everyone should point to
> instead of resting day after day more and more on big companies for
> everything.  In general, everyone should tend to decentralize instead of
> monopolize.  The real problem is the passive attitude most people assume
> in the use of the Internet (and life in general but I don't want to bore
> you with cheap philosophy. :-))
>
>
> >
> > Regards,
>
>
> Thank you for your advice.
>
>
>
> +1, way more spam comes from universities and enterprise machines than
> residential static ips with PTR records. It is not your error to fix.
>
> BTW Microsoft have their own SPF sign up thing but if I recall it was too
> much hastle and maybe pay for.
>
> Keep ignoring those that suggest using your ISP, why would you send *all*
> your mail through a likely untrustworthy mail system.
>
> Just accept that hotmail users often fish mail out of spam because the big
> mail systems are crappy.
>



-- 
Regards,

--
Rui Ribeiro
Senior Linux Architect and Network Administrator
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434


Re: gmail and hotmail blocking mail sent from my IP

2017-08-08 Thread Kevin Chadwick
I understand that given everyone uses gmail, hotmail or mail provided by
some multinational hosting service they assume mail coming from
residential connections cannot be other thing but spam sent from hacked
machines.  But someone paying for a static IP in a residential
connection is the opposite case.  When you have to deal with thousands
of users you resort to any trick you find on the Internet and start to
blindly blacklist all; this is a big servers problem.  And the more
users you have to deal with the worse.  On the contrary, from my part, I
have just a pair of personal addresses, so it's not a big deal for me to
audit my server and use more sane, less harmful and, overall, more
effective measures to filter spam and to prevent spam be sent from my
machine.  And I think this is the direction everyone should point to
instead of resting day after day more and more on big companies for
everything.  In general, everyone should tend to decentralize instead of
monopolize.  The real problem is the passive attitude most people assume
in the use of the Internet (and life in general but I don't want to bore
you with cheap philosophy. :-))


>
> Regards,


Thank you for your advice.



+1, way more spam comes from universities and enterprise machines than
residential static ips with PTR records. It is not your error to fix.

BTW Microsoft have their own SPF sign up thing but if I recall it was too
much hastle and maybe pay for.

Keep ignoring those that suggest using your ISP, why would you send *all*
your mail through a likely untrustworthy mail system.

Just accept that hotmail users often fish mail out of spam because the big
mail systems are crappy.


Re: gmail and hotmail blocking mail sent from my IP

2017-08-08 Thread Gareth Nelson
My suggestion to resolve the whole issue: forward mail through your ISP's
mailserver or go and buy a cheap VPS.

Amazon EC2 micro instances work fine for the purpose, and it is possible
with some hackery to install OpenBSD on them.

---
“Lanie, I’m going to print more printers. Lots more printers. One for
everyone. That’s worth going to jail for. That’s worth anything.” -
Printcrime by Cory Doctrow

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

On Tue, Aug 8, 2017 at 5:25 PM, Walter Alejandro Iglesias 
wrote:

> In article <20170808121343.46a8ddb9@fir.internal> you wrote:
> > Hi Walter:
> >
> > On Sun, 6 Aug 2017 19:45:22 +0200 Walter Alejandro Iglesias wrote:
> > > What determines those "ranges", who regulates that?
> >
> > Some ISPs submit IP blocks to various blacklists. e.g:
> > https://www.Spamhaus.Org/faq/section/Spamhaus%20PBL#242
> > http://www.Sorbs.Net/faq/dul.shtml
> >
> > Asking your ISP to exclude your addresses might help.
>
>
> I sent an email to my ISP, they don't even know about this lists. :-)
>
> Besides, I sent an email to spamhaus.org suggesting them not to include
> static IPs in their PBL list by default as they do.
>
>
> I'll take this chance to share my thinking with everyone here.
>
> I understand that given everyone uses gmail, hotmail or mail provided by
> some multinational hosting service they assume mail coming from
> residential connections cannot be other thing but spam sent from hacked
> machines.  But someone paying for a static IP in a residential
> connection is the opposite case.  When you have to deal with thousands
> of users you resort to any trick you find on the Internet and start to
> blindly blacklist all; this is a big servers problem.  And the more
> users you have to deal with the worse.  On the contrary, from my part, I
> have just a pair of personal addresses, so it's not a big deal for me to
> audit my server and use more sane, less harmful and, overall, more
> effective measures to filter spam and to prevent spam be sent from my
> machine.  And I think this is the direction everyone should point to
> instead of resting day after day more and more on big companies for
> everything.  In general, everyone should tend to decentralize instead of
> monopolize.  The real problem is the passive attitude most people assume
> in the use of the Internet (and life in general but I don't want to bore
> you with cheap philosophy. :-))
>
>
> >
> > Regards,
>
>
> Thank you for your advice.
>
>


Re: gmail and hotmail blocking mail sent from my IP

2017-08-08 Thread Walter Alejandro Iglesias
In article <20170808121343.46a8ddb9@fir.internal> you wrote:
> Hi Walter:
> 
> On Sun, 6 Aug 2017 19:45:22 +0200 Walter Alejandro Iglesias wrote:
> > What determines those "ranges", who regulates that?
> 
> Some ISPs submit IP blocks to various blacklists. e.g:
> https://www.Spamhaus.Org/faq/section/Spamhaus%20PBL#242
> http://www.Sorbs.Net/faq/dul.shtml
> 
> Asking your ISP to exclude your addresses might help.


I sent an email to my ISP, they don't even know about this lists. :-)

Besides, I sent an email to spamhaus.org suggesting them not to include
static IPs in their PBL list by default as they do.


I'll take this chance to share my thinking with everyone here.

I understand that given everyone uses gmail, hotmail or mail provided by
some multinational hosting service they assume mail coming from
residential connections cannot be other thing but spam sent from hacked
machines.  But someone paying for a static IP in a residential
connection is the opposite case.  When you have to deal with thousands
of users you resort to any trick you find on the Internet and start to
blindly blacklist all; this is a big servers problem.  And the more
users you have to deal with the worse.  On the contrary, from my part, I
have just a pair of personal addresses, so it's not a big deal for me to
audit my server and use more sane, less harmful and, overall, more
effective measures to filter spam and to prevent spam be sent from my
machine.  And I think this is the direction everyone should point to
instead of resting day after day more and more on big companies for
everything.  In general, everyone should tend to decentralize instead of
monopolize.  The real problem is the passive attitude most people assume
in the use of the Internet (and life in general but I don't want to bore
you with cheap philosophy. :-))


> 
> Regards,


Thank you for your advice.



Re: gmail and hotmail blocking mail sent from my IP

2017-08-08 Thread Craig Skinner
Hi Walter:

On Sun, 6 Aug 2017 19:45:22 +0200 Walter Alejandro Iglesias wrote:
> What determines those "ranges", who regulates that?

Some ISPs submit IP blocks to various blacklists. e.g:
https://www.Spamhaus.Org/faq/section/Spamhaus%20PBL#242
http://www.Sorbs.Net/faq/dul.shtml

Asking your ISP to exclude your addresses might help.

Regards,
-- 
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7



Re: gmail and hotmail blocking mail sent from my IP

2017-08-07 Thread Jesper Wallin
On Sun, Aug 06, 2017 at 04:42:09PM -0500, Eric Johnson wrote:
> It can be very aggravating when an ISP still blocks port 25.  With the
> great expansion of smart phones and people getting e-mail on them, it gets
> in the way far more than it helps.  You can't expect every smart phone
> user to change the SMTP settings for every hot spot where they want to use
> it.

Correct, and that's what submission (587) is used for, which normally is
open as it most likely require authentication.



Re: gmail and hotmail blocking mail sent from my IP

2017-08-07 Thread Eric Johnson


On Sun, 6 Aug 2017, Jesper Wallin wrote:

> On Sun, Aug 06, 2017 at 05:29:04PM +0200, Walter Alejandro Iglesias wrote:
> Like Martijn pointed out, you're sending mail from a IP which is not
> intended for mail-servers. Most ISPs block outgoing traffic on port 25
> to prevent their customers sending spam when they get infected with
> viruses and such. Even if your ISP allow you to send mail, most
> providers will most likely classify it as spam/junk.

It can be very aggravating when an ISP still blocks port 25.  With the
great expansion of smart phones and people getting e-mail on them, it gets
in the way far more than it helps.  You can't expect every smart phone
user to change the SMTP settings for every hot spot where they want to use
it.

Eric



Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Kurt H Maier
You're the last person anyone wants email advice from, Rupert.

khm



Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Rupert Gallagher
https://www.dnsinspect.com/roquesor.com/10171765
Sent from ProtonMail Mobile

On Sun, Aug 6, 2017 at 4:51 PM, Walter Alejandro Iglesias  
wrote:

> Hello everyone, I was using smtpd(8) (static IP and FQDN resolving direct and 
> reverse) for a year without problems. Today sending from my server (from the 
> same address I'm using now) to gmail and hotmail they answered the following 
> (MAILER-DAEMON answer). Sending to gmail addresses: *@gmail.com: 550-5.7.1 
> [185.37.212.61] The IP you're using to send mail is not authorized to send 
> email directly to our servers. Please use the SMTP relay at your service 
> provider instead. Learn more at 
> https://support.google.com/mail/?p=NotAuthorizedError e1si6736354wra.236 - 
> gsmtp Sending to hotmail: *@hotmail.com: 550 DY-001 (SNT004-MC3F42) 
> Unfortunately, messages from 185.37.212.61 weren't sent. Please contact your 
> Internet service provider. You can tell them that Hotmail does not relay 
> dynamically-assigned IP ranges. You can also refer your provider to 
> http://mail.live.com/mail/troubleshooting.aspx#errors. On the hotmail link 
> above the explanaition for code DY-001 is: Mail rejected by Outlook.com for 
> policy reasons. We generally do not accept email from dynamic IP's as they 
> are not typically used to deliver unauthenticated SMTP email to an Internet 
> mail server. If you are not an email/network admin please contact your 
> Email/Internet Service Provider for help. http://www.spamhaus.org maintains 
> lists of dynamic and residential IP addresses. It doesn't happen with yahoo. 
> I visited spamhaus.org site and found out my IP is included in a list called 
> PBL that, as they explain is not a spammers list, it just includes dynamic 
> and "non mail server IP ranges". Does someone here know what is "non mail 
> server IP ranges" about? Or, how could my static IP could be taken as dynamic 
> (some DNS faliure at my ISP end?).

Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Walter Alejandro Iglesias
In article  you wrote:
> On 2017-08-06, Walter Alejandro Iglesias  wrote:
> > I visited spamhaus.org site and found out my IP is included in a list
> > called PBL that, as they  explain is not a spammers list, it just
> > includes dynamic and "non mail server IP ranges".
> >
> > Does someone here know what is "non mail server IP ranges" about?  Or,
> > how could my static IP could be taken as dynamic (some DNS faliure at my
> > ISP end?).
> 
> You should add ypur IP to dnswl.org. I can't guarantes it will help
> everywhere, but it will help some places and won't hurt others.
> 
> 

I'll take a look to dnswl.org.  Thanks.

It seems that after removing my IP from spamhaus pbl the issue is fixed.



Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Stuart Henderson
On 2017-08-06, Walter Alejandro Iglesias  wrote:
> I visited spamhaus.org site and found out my IP is included in a list
> called PBL that, as they  explain is not a spammers list, it just
> includes dynamic and "non mail server IP ranges".
>
> Does someone here know what is "non mail server IP ranges" about?  Or,
> how could my static IP could be taken as dynamic (some DNS faliure at my
> ISP end?).

You should add ypur IP to dnswl.org. I can't guarantes it will help
everywhere, but it will help some places and won't hurt others.



Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Niels Kobschätzki

> On 6. Aug 2017, at 19:45, Walter Alejandro Iglesias  wrote:
> 
> Hi Niels,
> 
>> On Sun, Aug 06, 2017 at 07:19:04PM +0200, Niels Kobschätzki wrote:
>> 
 On 6. Aug 2017, at 18:40, Walter Alejandro Iglesias  
 wrote:
 
 On Sun, Aug 06, 2017 at 06:02:25PM +0200, Jesper Wallin wrote:
 Like Martijn pointed out, you're sending mail from a IP which is not
 intended for mail-servers.
>>> 
>>> This was my main question.  What is an "IP intended for mail-servers"?
>> 
>> The question should be "what are IPs **not** intended for mail-servers?"
>> 
>> The ranges of ISPs for home-users and the dsl-, cable-, whatever-connection 
>> are well-known and pretty much on all of the blacklists since the only thing 
>> you can usually expect from them is spam from botnets. Legitimate mails are 
>> rather rare from those ranges, thus they get blocked. 
> 
> I cannot tell what happens in pratice, I've never run a big mail server.
> But the reasons that come to my mind someone wants to run their own
> server (at home or at a small enterprise) are opposed to what you state.
> Why would you want to send spam from the fixed IP you're paying for (in
> my case 5 euros mouth)?

I run a mail server-setup with an upper five-digit number of accounts. So it is 
not huge but quite some users and I have to deal with a lot of spam (incoming 
and outgoing from phished accounts for example). The thing is that I do not 
know which IPs an ISP dedicates for fixed IPs and which IPs are legitimately 
sent from mail servers and have probably responsible admins behind them. But I 
subscribe to blacklists that have for example the whole IP-range of Vodafone 
home-user IPs. And as I have written before: the chance is really low that from 
those ranges a legitimate mail is sent. It's more like 99% are sent via botnets 
from enslaved computers from those ranges. Thus "we" prefer to overblock in 
that case. 

> The question is still unanswered.  What determines those "ranges", who
> regulates that?

Blacklist-providers and Google and co have properly their own and the bigger 
setups rely on them. If I wouldn't have a blacklist for those IP-ranges, I 
would build such a list for myself because it cuts down spam a lot. Luckily 
other people did that already.  

>> To not get blocked by google and hotmail you need an IP from some
>> hosting-provider, university or something like this;
> 
> Which is the procedure followed by those entities to get an IP in what
> you called the "authorized range"?  Authorized by who?

Get an ASN and ask the IANA, RIPE to provide you an IP. Or you get your server 
placed in a colocation who can you provide with an IP or rent a server or VPN 
from a hoster. 


>> and at least an SPF-, even better a DKIM-record.
> 
> I had these at first and removed them after seeing they don't help.

Even if you have a "proper" IP you need an SPF-record for Google and hotmail. 
Otherwise you will run into problems (I am speaking from experience). 

>> And if you
>> ever send out mail, you maybe want a secondary IP for temporary
>> failover-cases if you land  temporarily on a black list.
> 
> I have just two personal addresses.  I don't need that complication.  :-)

Yeah, most smaller mail servers don't need that. I do unfortunately :(

Niels



Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Walter Alejandro Iglesias
Hi Niels,

On Sun, Aug 06, 2017 at 07:19:04PM +0200, Niels Kobschätzki wrote:
> 
> > On 6. Aug 2017, at 18:40, Walter Alejandro Iglesias  
> > wrote:
> > 
> >> On Sun, Aug 06, 2017 at 06:02:25PM +0200, Jesper Wallin wrote:
> >> Like Martijn pointed out, you're sending mail from a IP which is not
> >> intended for mail-servers.
> > 
> > This was my main question.  What is an "IP intended for mail-servers"?
> 
> The question should be "what are IPs **not** intended for mail-servers?"
> 
> The ranges of ISPs for home-users and the dsl-, cable-, whatever-connection 
> are well-known and pretty much on all of the blacklists since the only thing 
> you can usually expect from them is spam from botnets. Legitimate mails are 
> rather rare from those ranges, thus they get blocked. 

I cannot tell what happens in pratice, I've never run a big mail server.
But the reasons that come to my mind someone wants to run their own
server (at home or at a small enterprise) are opposed to what you state.
Why would you want to send spam from the fixed IP you're paying for (in
my case 5 euros mouth)?

The question is still unanswered.  What determines those "ranges", who
regulates that?


> To not get blocked by google and hotmail you need an IP from some
> hosting-provider, university or something like this;

Which is the procedure followed by those entities to get an IP in what
you called the "authorized range"?  Authorized by who?


> a PTR-record for your server

I already have this.


> and at least an SPF-, even better a DKIM-record.

I had these at first and removed them after seeing they don't help.


> And if you
> ever send out mail, you maybe want a secondary IP for temporary
> failover-cases if you land  temporarily on a black list.

I have just two personal addresses.  I don't need that complication.  :-)



> 
> Niels




Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Niels Kobschätzki

> On 6. Aug 2017, at 18:40, Walter Alejandro Iglesias  wrote:
> 
>> On Sun, Aug 06, 2017 at 06:02:25PM +0200, Jesper Wallin wrote:
>> Like Martijn pointed out, you're sending mail from a IP which is not
>> intended for mail-servers.
> 
> This was my main question.  What is an "IP intended for mail-servers"?

The question should be "what are IPs **not** intended for mail-servers?"

The ranges of ISPs for home-users and the dsl-, cable-, whatever-connection are 
well-known and pretty much on all of the blacklists since the only thing you 
can usually expect from them is spam from botnets. Legitimate mails are rather 
rare from those ranges, thus they get blocked. 
To not get blocked by google and hotmail you need an IP from some 
hosting-provider, university or something like this; a PTR-record for your 
server and at least an SPF-, even better a DKIM-record. And if you ever send 
out mail, you maybe want a secondary IP for temporary failover-cases if you 
land  temporarily on a black list. 

Niels


Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Walter Alejandro Iglesias
On Sun, Aug 06, 2017 at 06:02:25PM +0200, Jesper Wallin wrote:
> Like Martijn pointed out, you're sending mail from a IP which is not
> intended for mail-servers.

This was my main question.  What is an "IP intended for mail-servers"?




Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Jesper Wallin
On Sun, Aug 06, 2017 at 05:29:04PM +0200, Walter Alejandro Iglesias wrote:
> Hi Gareth,
> 
> On Sun, Aug 06, 2017 at 04:12:45PM +0100, Gareth Nelson wrote:
> > I'm assuming that you have your SPF records setup correctly.
> > 
> 
> I did that at first, and all the tricks (dkim, etc) they ask to make you
> appear as a legal sender, but after confirming my mail still went to
> SPAM in both (gmail, hotmail) I remove all that trickery.

Why remove it? Having things like SPF and DKIM should be essential when
running your own mailserver. As for gmail and outlook/hotmail, they tend
to use IP reputation when it comes to classifying incoming mail.

Like Martijn pointed out, you're sending mail from a IP which is not
intended for mail-servers. Most ISPs block outgoing traffic on port 25
to prevent their customers sending spam when they get infected with
viruses and such. Even if your ISP allow you to send mail, most
providers will most likely classify it as spam/junk.

Your ISP most likely provide you with an outgoing mailserver. I would
suggest that you configure spamd to use that one to relay all outgoing
mail.



Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Walter Alejandro Iglesias
Hi Gareth,

On Sun, Aug 06, 2017 at 04:12:45PM +0100, Gareth Nelson wrote:
> I'm assuming that you have your SPF records setup correctly.
> 

I did that at first, and all the tricks (dkim, etc) they ask to make you
appear as a legal sender, but after confirming my mail still went to
SPAM in both (gmail, hotmail) I remove all that trickery.




Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Walter Alejandro Iglesias
Hi Martijn,

On Sun, Aug 06, 2017 at 05:09:10PM +0200, Martijn van Duren wrote:
> Not an authority on this, so take my reply for what you want.
> 
> As far as I know this list is used to keep track of ip-addresses by ISPs
> for home-addresses, which are not intended to be used for outgoing mail.
> 
> You can whitelist your ip-address on this list yourself and all should
> be back to normal.

I just did it from spamhause site.

> 
> I faced the same issues and adding my ip did solve the 550s.
> 
> Do note that my ip gets removed every year and thus should be re-added
> ever year.

I'll take this in care.  Thank you!



> 
> Sincerely,
> 
> martijn@
> 



Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Gareth Nelson
Sadly there's nothing you can do other than to contact spamhaus.org and see
if they'll remove your IP.

I'm assuming that you have your SPF records setup correctly.



On Sun, Aug 6, 2017 at 3:51 PM, Walter Alejandro Iglesias 
wrote:

> Hello everyone,
>
> I was using smtpd(8) (static IP and FQDN resolving direct and reverse)
> for a year without problems.  Today sending from my server (from the
> same address I'm using now) to gmail and hotmail they answered the
> following (MAILER-DAEMON answer).
>
> Sending to gmail addresses:
>
>   *@gmail.com: 550-5.7.1 [185.37.212.61] The IP you're using to send
>   mail is not authorized to send email directly to our servers.  Please
>   use the SMTP relay at your service provider instead. Learn more at
>   https://support.google.com/mail/?p=NotAuthorizedError
>   e1si6736354wra.236 - gsmtp
>
> Sending to hotmail:
>
>   *@hotmail.com: 550 DY-001 (SNT004-MC3F42) Unfortunately, messages from
>   185.37.212.61 weren't sent. Please contact your Internet service
>   provider. You can tell them that Hotmail does not relay
>   dynamically-assigned IP ranges. You can also refer your provider to
>   http://mail.live.com/mail/troubleshooting.aspx#errors.
>
>
> On the hotmail link above the explanaition for code DY-001 is:
>
>   Mail rejected by Outlook.com for policy reasons. We generally do not
>   accept email from dynamic IP's as they are not typically used to
>   deliver unauthenticated SMTP email to an Internet mail server. If you
>   are not an email/network admin please contact your Email/Internet
>   Service Provider for help. http://www.spamhaus.org maintains lists of
>   dynamic and residential IP addresses.
>
> It doesn't happen with yahoo.
>
> I visited spamhaus.org site and found out my IP is included in a list
> called PBL that, as they  explain is not a spammers list, it just
> includes dynamic and "non mail server IP ranges".
>
> Does someone here know what is "non mail server IP ranges" about?  Or,
> how could my static IP could be taken as dynamic (some DNS faliure at my
> ISP end?).
>
>


Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Martijn van Duren
Not an authority on this, so take my reply for what you want.

As far as I know this list is used to keep track of ip-addresses by ISPs
for home-addresses, which are not intended to be used for outgoing mail.

You can whitelist your ip-address on this list yourself and all should
be back to normal.

I faced the same issues and adding my ip did solve the 550s.

Do note that my ip gets removed every year and thus should be re-added
ever year.

Sincerely,

martijn@

On 08/06/17 16:51, Walter Alejandro Iglesias wrote:
> Hello everyone,
> 
> I was using smtpd(8) (static IP and FQDN resolving direct and reverse)
> for a year without problems.  Today sending from my server (from the
> same address I'm using now) to gmail and hotmail they answered the
> following (MAILER-DAEMON answer).
> 
> Sending to gmail addresses:
> 
>   *@gmail.com: 550-5.7.1 [185.37.212.61] The IP you're using to send
>   mail is not authorized to send email directly to our servers.  Please
>   use the SMTP relay at your service provider instead. Learn more at
>   https://support.google.com/mail/?p=NotAuthorizedError
>   e1si6736354wra.236 - gsmtp
> 
> Sending to hotmail:
> 
>   *@hotmail.com: 550 DY-001 (SNT004-MC3F42) Unfortunately, messages from
>   185.37.212.61 weren't sent. Please contact your Internet service
>   provider. You can tell them that Hotmail does not relay
>   dynamically-assigned IP ranges. You can also refer your provider to
>   http://mail.live.com/mail/troubleshooting.aspx#errors.
> 
> 
> On the hotmail link above the explanaition for code DY-001 is:
> 
>   Mail rejected by Outlook.com for policy reasons. We generally do not
>   accept email from dynamic IP's as they are not typically used to
>   deliver unauthenticated SMTP email to an Internet mail server. If you
>   are not an email/network admin please contact your Email/Internet
>   Service Provider for help. http://www.spamhaus.org maintains lists of
>   dynamic and residential IP addresses.
> 
> It doesn't happen with yahoo.
> 
> I visited spamhaus.org site and found out my IP is included in a list
> called PBL that, as they  explain is not a spammers list, it just
> includes dynamic and "non mail server IP ranges".
> 
> Does someone here know what is "non mail server IP ranges" about?  Or,
> how could my static IP could be taken as dynamic (some DNS faliure at my
> ISP end?).
>