Bernd Thanks for this - we now match perfectly. But to me this seems like an extreme measure. Banned because the HELO is mydomain.com rather than mail.mydomain.com. The company doing the banning is one of these outsourced security companies called epasecure.com. A shower of ....... if you ask me. No other such company has taken such drastic action in 3 years. Andy
> From: bwai...@intarsys.de > To: server-user@james.apache.org > Subject: AW: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned] > Date: Thu, 18 Sep 2014 09:48:27 +0000 > > Sorry, forgotten type=mx, should be: > > C:\Users\bwa.IS>nslookup -type=mx mydomain.com .... > > -----Ursprüngliche Nachricht----- > Von: Bernd Waibel [mailto:bwai...@intarsys.de] > Gesendet: Donnerstag, 18. September 2014 11:46 > An: James Users List > Betreff: AW: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned] > > Yes, this may be the problem. Or part of it. > > The mail server should always use exactly the name of the mx record, und > should always use the IP address of the mx record. > If you have a firewall and using NAT or SMTP Proxy, the external IP address > of your mailserver could be hidden by the firewall. > So only in this case the A-Record of "mail.mydomain.com" should be the ip > address of your firewall. > > Easy to check (for the incoming side, not as easy on outgoing): > > From extern: > 1. nslookup the mx-record for your domain. > 2. nslookup the a-record for your mx > 3. ping the name, to verify the ip > 4. telnet to your smtp on port 25 server and see what he answers. > > > For example, at home, I am using company domain " mydomain.com " with > mailserver "mail.mydomain.com " here: > > C:\Users\bwa.IS>nslookup -type=mydomain.com .... > mydomain.com MX preference = 50, mail exchanger = mail.mydomain.com > > C:\Users\bwa.IS>nslookup mail.mydomain.com .... > Name: mail.mydomain.com > Address: 123.123.123.123 > > C:\Users\bwa.IS>ping mail.mydomain.com > Ping wird ausgeführt für mail.mydomain.com [123.123.123.123] mit 32 Bytes > Daten: > Antwort von 123.123.123.123: Bytes=32 Zeit=42ms TTL=57 ... > > C:\Users\bwa.IS>telnet mail.mydomain.com 25 > 20 mail.mydomain.com SMTP Server (JAMES SMTP Server 2.3.2) ready Thu, 18 Sep > 2014 11:39:00 +0200 (CEST) > > Ciao, > Bernd. > > > -----Ursprüngliche Nachricht----- > Von: Pete Williams [mailto:pxc...@hotmail.com] > Gesendet: Mittwoch, 17. September 2014 19:30 > An: James Users List > Betreff: RE: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned] > > Thanks for this. > My mx record said 'mail.mydomain.com' > My entry is the config.xml file said 'mydomain.com' > Could this be it? > Pete > > > From: bwai...@intarsys.de > > To: server-user@james.apache.org > > Subject: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned] > > Date: Wed, 17 Sep 2014 13:11:22 +0000 > > > > Hello Pete, > > > > check your config.xml. > > > > 1. > > In your "RemoteDelivery" mailet (or the mailets, could be more than one), > > you should set your hostname for the "sender" side. > > The hostname must be the same as defined in your MX Record in the public > > DNS. > > > > So if your Sender-Domain is "mydomain.de", and your MX-record in dns is > > "mymailserver.mydomain.de", and your A-Record for > > "mymailserver.mydomain.de" is 217.172.xxx, then use: > > > > <mailet match="All" class="RemoteDelivery"> ..... > > <mail.smtp.localhost>mymailserver.mydomain.de</mail.smtp.localhost> > > </mailet> > > Do not (!) use the numeric IP here. > > > > > > 2. > > You should also need to set the hostname for the "listen" side, so you need > > to change the "smtpserver" section. > > <smtpserver enabled="true"> > > .... > > <handler> > > <helloName > > autodetect="false">mymailserver.mydomain.de</helloName> > > ... > > </handler> > > ... > > </smtpserver> > > > > 3. > > Also in the "<James"> Section there is a hostname. > > This is the default if none is set. You should use the same name here. This > > entry does mean: for which domains is this server responsible. So you could > > have more than one name here. > > <servernames autodetect="false" autodetectIP="true"> > > <servername>mymailserver.mydomain.de </servername> </servernames> > > > > Ciao, > > Bernd > > > > -----Ursprüngliche Nachricht----- > > Von: Pete Williams [mailto:pxc...@hotmail.com] > > Gesendet: Mittwoch, 17. September 2014 14:38 > > An: James Users List > > Betreff: RE: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned] > > > > Hi > > Thanks for the replies. > > We got an email reply back from CBL/Spamhaus. Does anyone know how I can > > check this, or what to do? > > "Note: 217.172.xxx appeared to be suspicious because it was using > > thefollowing name to identify itself during email (port 25) connections via > > the SMTP HELO/EHLO commands: > > > > 217.172.xxx > > > > This is USUALLY spamware, but in some rare circumstances, it can be a > > misconfiguration in your mail server. The CBL attempts to distinguish real > > mail server software from malware SMTP clients by expecting users to name > > their mail server[s] to indicate who _they_ are, not their provider and be > > consistent with Internet protocol standards. > > > > Use of a bare IP address in the HELO is a violation of > > RFC2821 section 4.1.1.1, which says that the HELO value MUST be either a > > fully qualified domain name (such as "mail01.example.com") or an IP address > > enclosed in square brackets (such as "[217.172.xxx]")." > > > From: bwai...@intarsys.de > > > To: server-user@james.apache.org > > > Subject: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned] > > > Date: Wed, 17 Sep 2014 11:12:34 +0000 > > > > > > Hi, > > > > > > this may not be a matter of james, but it need to get fixed. > > > > > > Maybe check this: > > > > > > Do your server accept mails from extern addressed "from: > > > some...@somewhere.de" to "unknownu...@yourdomain.de"? > > > So the Reply may be the spam. > > > > > > Do your server accept mails from extern addressed "from: <null>" (means > > > no from) to "some...@somewhere.de"? > > > It seems to me that not all mailets in james handle the From==null. > > > > > > Could everybody subscribe to your service, with a wrong e-mail address? > > > In the past we had an "subscribe newsletter" on our webpage, even with > > > captcha, and had a lot of "fake" subscriptions. > > > The used e-mail address got the "thank your for subscribing", and some > > > users marked this as spam. > > > So it may be a matter of a third system, not the mail system directly. > > > > > > Mfg > > > Bernd > > > > > > -----Ursprüngliche Nachricht----- > > > Von: Pete Williams [mailto:pxc...@hotmail.com] > > > Gesendet: Mittwoch, 17. September 2014 11:50 > > > An: server-user@james.apache.org > > > Betreff: Urgent Spamhaus Help Needed - james 2.3.2 > > > > > > Hi > > > > > > I have been successfully running a James email server for about the last > > > 3 years. It is not an open relay. It checks clean with things like MX > > > toolbox. > > > > > > Our fixed IP address keeps getting listed on Spamhaus. I am certain that > > > we are not infected, and that James is configured OK. > > > > > > Our cloud based service sends emails that subscribers have asked for. It > > > runs reports and emails them, and sends email notifications. They pay for > > > this service, so this is stuff they want to see. > > > > > > I need to find out why we are being listed, and if these emails are being > > > seen as spam by 'a trusted third party' as the spamhaus website puts it. > > > > > > If you can help at all, please do. I don't know how to proceed. > > > > > > Thanks Pete. > > > > > > > > > -------------------------------------------------------------------- > > > - To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > > > For additional commands, e-mail: server-user-h...@james.apache.org > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > > For additional commands, e-mail: server-user-h...@james.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org > For additional commands, e-mail: server-user-h...@james.apache.org >
