Flutterby™! : Blacklists

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

Blacklists

2002-10-25 00:21:09+00 by Dan Lyke 11 comments

Aaargh! Okay, it started as just one self-administered box run by someone who didn't know what 127.0.0.1 was, but now Earthlink is giving mail from this server, 66.129.1.132,

550 Dialups/open relays blocked...

When I try to send mail to users there (well, at Mindspring, but who's nitpicking?). This box relays from 8 IP addresses, all known, and I've removed the address I'm sitting on and tried to send mail and had it blocked by my machine. The big meta list at relays.osirusoft.com shows this machine as not blocked by every list it knows about. None of the help messages are at all useful. WTF?

[ related topics: Dan's Life Flutterby Meta Net Culture ]

comments in ascending chronological order (reverse):

#Comment made: 2002-10-25 02:01:16+00 by: variablizer

Having the same problem with our server. We've verified thru a bunch of services that our box is not an open relay and attempted to decipher the instructions from Earthlink's open relay robot.

The really confusing part is that to test against their open relay list, you have to send an email back to them with the IP address being blocked, and headers from a bounced email if you have one. But if they're blocking email from your server, how are you supposed to send them email? Grrrr...

#Comment made: 2002-10-25 05:16:23+00 by: Mark A. Hershberger

variablizer: that's why I have a yahoo mail account.

For future reference: http://www.openrbl.com/ is a little better than relays.osirusoft.com.

#Comment made: 2002-10-25 12:53:20+00 by: ziffle

hhmm are you using somethn@earthlnk.net as your return address? They want the return address to be one of their customers... else its spam

we use spamcop.net - we like it.

Aiffle

#Comment made: 2002-10-25 15:18:29+00 by: pharm

I keep hearing bad things about spamcop. Too many clueless individuals submitting obviously non-spam as spam and then the spamcop admins refusing to remove it from the database.

Don't use spamcop to block mail IOW. To be slightly fairer to spamcop, they do say not to use it to block email: http://spamcop.net/bl.shtml

Phil

#Comment made: 2002-10-25 16:36:40+00 by: Dan Lyke

Thanks for the OpenRBL link, but it gave no clues either. At this point I think it's got to be that some Earthlink[Wiki] database (because the backup email address for the self-administ(ered|ated) box is Earthlink[Wiki] hosted I suspect he's using the same database) has my IP listed as a dial-up or dynamic address. Even if some luser on one of the mailing lists I run had reported my box somewhere I think I'd be able to see something.

#Comment made: 2002-10-25 17:18:55+00 by: other_todd

'Scuse my disgression, but this is really getting intolerable. The open relay martinets are trying to terrorize the world with their blacklists (The Institvte has been fighting with ORBS for years), and the anti-spam filters are clearly too easy to misapply, misconfigure, and abuse. I've got a spammer sending mail using a falsified From: address that points to one of my domains (I know because I'm getting his bounced mail), and neither I nor my ISP has been able to stop him. I have people who keep journals on that domain and a widely-used chunk of webring software, and this content is probably being blocked somewhere even as I speak because of my mystery spammer.

Isn't there another way? I mean, what happened to attempts to try to kill the spam at the source? Am I being naive? Is the problem simply too prevalent and too big to fight with harsher anti-spam penalties and so forth?

#Comment made: 2002-10-25 17:59:13+00 by: Dan Lyke

What ticks me off most about this is not that I'm blocked, it's that neither of the two parties that have blocked me appear willing to give me any indication about why. Earthlink[Wiki] already has a relay questions address I've sent a lot of diagnostic information to, would it be too much to have the auto-responder look at the "received" lines and say "this host is listed in..." or "...as..." so I even know what I'm up against?

I could go to the people I'm trying to send email to and say "your ISP is run by a bunch of fsckwits who couldn't pour piss out of a boot if the instructions were written on the sole", but my guess is that I'd still be the one who takes the heat. And, if you think about it, at some point the big ISPs have a vested interest in making it as difficult as possible for little hosts to communicate with their users. Maybe Earthlink[Wiki] has passed that point.

#Comment made: 2002-10-25 23:37:28+00 by: meuon

The blacklists are all FUBAR.. We stopped using them as they are now all so poisened by dreck induced from stupid users as well as spammers hoping to poisen the well.

SpamAssassin works very well if you tune it for your uses.. --Mike--

#Comment made: 2002-10-27 04:54:11+00 by: TC

These guys seems to kinda have their act together. I took an IP address I didn't mind fubaring and setup up a server with promicuous relay enabled. I reported it and got it banned within 10 minutes and fixed it and reported it and got it unbanned within 30 minutes although it took 3 hours for the zone files to renew.

speaking of spam

#Comment made: 2002-10-28 22:41:57+00 by: Dan Lyke

Just got this:

Hello,

This email is in reply to a message you've sent to openrelay@abuse.earthlink.net or a similar address on the week of October 21st, ending on the 25th.

During the week indicated, the Earthlink mail servers erroneously refused mail connections from many hosts across the Internet. This problem happened due to a bug in the the way our mail server software loads configuration data used to block spam destined to our members.

The error message you received: 550 Dialups/open relays blocked. Contact <openrelay@abuse.earthlink.net>

... is normally intended for mail hosts that Earthlink has blocked in order to protect our subscribers from unwanted commercial email. However during this week, the error was passed to many mail servers which were not intentionally blocked by Earthlink. If you received this error during this time frame, it's likely that you or your email providor are not being blocked, and have been able to successfully route mail to the Earthlink network as of the evening hours of 10/25. If you find yourself still running into this error at the time you receive this message, then your host has been blocked and you are asked to please reply to this mail or contact openrelay@abuse.earthlink.net for assitance in being unblocked.

We sincerely apologize for the inconvenience this problem created. We strive for uninterrupted service for all of our customers (and those trying to communicate with them), and we realize the disturbance that such an outage creates impacts people in important ways. This is why we've already implemented, and placed into production new means to prevent these errors from happening again. Additionally, we have launched an internal invesitgation, triggered by this event, in ways to ensure better responsiveness to matters such as this. We are dedicated to improving our reliability, and we thank you for your patience. We do not expect any issues of this nature to affect our network ever again.

Thank you for contacting Earthlink.

Regards,
Larry Fine
Earthlink Abuse Department
http://earthlink.net/about/policies

#Comment made: 2002-10-29 16:54:14+00 by: td

Larry Fine, Earthlink Abuse Department? I know him -- he reports to Moe Howard, the head abuser.