Spam problem

Use this forum for discussions about SpamAssassin and anti-spam in general.
Post Reply
gtsolid
Normal user
Normal user
Posts: 137
Joined: 2016-06-14 12:02

Spam problem

Post by gtsolid » 2018-01-29 17:07

Hi everyone!
I think i'm finished in a Spam list: http://multirbl.valli.org/lookup/93.64.48.44.html
i receive some messages like this:
93.64.48.44 is listed on the Trend Micro Dynamic User List (DUL) because it appears to be an IP address not clearly labeled as static.

This email is designed to help you solve the problem.
If you are an ISP, you can

1. Add the rDNS of this IP to clearly indicate static.
ex: mail.mail-abuse.com (O)
99-47-70-150.dynamic-IP.mail-abuse.com (X)

2. Add a statement in WHOIS information indicating the space is
statically assigned.

If you are an end user, please check your email configuration (STEP 1 below). If that does not stop the IP from being blocked, you can contact your ISP for further action (STEP 2 below).


STEP 1: CHECK YOUR EMAIL CONFIGURATION

Here are two things to check about your mail configuration:

Email Client
============
Check that the Outgoing Mail Server (SMTP) setting on your email client (such as Outlook Express or Mail) is using the outgoing mail server for your ISP. Most ISPs require that you use their mail server to avoid spamming incidents.

Email Server or Proxy Server
============================
If you run a mail server on your computer, or if your local network uses a proxy server, set the SMTP Gateway setting on the mail server or proxy server to your ISP's outgoing mail server. This will force your mail server or proxy server to send all outgoing mail to the ISP first, and then the ISP will relay it to its final destination.

====
Note: If you are a RoadRunner business customer, you may need to contact your ISP to get your business IP marked as static. They will then let Trend know of the change.


STEP 2: CONTACT YOUR ISP

If the step above does not solve the blocking issue, the rDNS for the IP may need to be corrected to clearly indicate it is a static IP.

Trend's Spam Investigations team can work with your ISP to solve the problem. You can find the correct email address to use when contacting your ISP to use by going to the following web page and typing in your IP address:

http://ip-lookup.net/

Then click on the Domain owner info (Whois /Abuse) link and look for an email address. You can use this address to contact your ISP and ask them to work with Trend Micro.

The ISP can start this process by sending an email from their Domain owner email address to dul@mail-abuse.com.

Thank you for contacting Trend Micro and we hope this email has helped you to resolve the IP blocking issue.


Kind regards,
Spam Investigation Team
Trend Micro, Inc.
https://ers.trendmicro.com/
what's the procedure in this case? My IP has been changed in these days because i changed the ISP. Maybe is this the cause?

User avatar
mattg
Moderator
Moderator
Posts: 22437
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spam problem

Post by mattg » 2018-01-30 01:10

gtsolid wrote:
93.64.48.44 is listed on the Trend Micro Dynamic User List (DUL) because it appears to be an IP address not clearly labeled as static.

STEP 2: CONTACT YOUR ISP

If the step above does not solve the blocking issue, the rDNS for the IP may need to be corrected to clearly indicate it is a static IP.
looks pretty straight forward to me...your new IP address isn't labeled as being a static IP, hence your mail server is not trusted.

Contact your NEW ISP
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

gtsolid
Normal user
Normal user
Posts: 137
Joined: 2016-06-14 12:02

Re: Spam problem

Post by gtsolid » 2018-01-30 11:29

My ISP is disappointing.
i read in spamrats.com:

Code: Select all

Does IP Address comply with reverse hostname naming convention
i think is an issue for ISP, what's the reverse hostname naming convention?

User avatar
mattg
Moderator
Moderator
Posts: 22437
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spam problem

Post by mattg » 2018-01-30 12:26

probably should be a FQDN (mail.example.com)

This article is pretty good
http://simpledns.com/kb/153/what-is-rev ... -i-need-it
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

gtsolid
Normal user
Normal user
Posts: 137
Joined: 2016-06-14 12:02

Re: Spam problem

Post by gtsolid » 2018-01-30 13:13

Maybe is the problem here?
Attachments
Capture.PNG

User avatar
RvdH
Senior user
Senior user
Posts: 3235
Joined: 2008-06-27 14:42
Location: The Netherlands

Re: Spam problem

Post by RvdH » 2018-01-30 13:53

Lookup the PTR record for your IP address, fill it in the field where it now reads "WIN-TEE9EM814FJ..." in your screenshot above

Code: Select all

net-93-64-48-44.cust.vodafonedsl.it
Are you sure your ISP offers static IP? Look like it is recognized as a ISP that offer a dynamic IP, eg: thats why some spam check fail (dynamic = bad!)

But i think you need to contact spamrats directly to get off that list (reclassification request)
This is a Worst Offender Alert and this means that not only this IP address, but the whole class 'C' is also on the indicated SpamRats List. Usually this means the whole range has the same issue of naming conventions or no reverse DNS AND that many IP's from this Class C have been used in Spam Attacks, Dictionary attacks or other forms of attacks, as detected by Mail Servers in the Data Collection Grid. You will NOT be able to use the removal form to remove your IP Addresses. If you have recently been assigned the IP Addresses, or have changed what these IP Addresses are used for, you can use the contact form and ask for a reclassification, but you will have to provide full disclosure, including whois for the ip addresses, your affiliation with the company that owns them, and a description of what the IP's were previously used for, and what they will be used for, in order for a Spam Auditor to consider reclassification. Remember, the majority of the IP's in this space WERE detected as being involved in some form of attack or abusive behavior, so you had better have a good reason to ask for removal, and you need to own or control the IP addresses, as evidenced by ARIN whois.
CIDR to RegEx: d-fault.nl/cidrtoregex
DNS Lookup: d-fault.nl/dnstools
DKIM Generator: d-fault.nl/dkimgenerator
DNSBL Lookup: d-fault.nl/dnsbllookup
GEOIP Lookup: d-fault.nl/geoiplookup

gtsolid
Normal user
Normal user
Posts: 137
Joined: 2016-06-14 12:02

Re: Spam problem

Post by gtsolid » 2018-01-30 18:51

As SMTP server what do i use? i have only external account configured, i think they manage also outgoing mails.

gtsolid
Normal user
Normal user
Posts: 137
Joined: 2016-06-14 12:02

Re: Spam problem

Post by gtsolid » 2018-02-01 18:02

Now i changed the local host name, i receive error of this kind:

Code: Select all

   Remote server replied: 554 5.7.1 <net-93-64-48-44.cust.vodafonedsl.it>: Helo command rejected: generic HELO hostname - please contact postmaster@seeweb.it
what can i do?

User avatar
mattg
Moderator
Moderator
Posts: 22437
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spam problem

Post by mattg » 2018-02-01 18:37

something like
mail.tecnovida.net

But only if that matches your ptr record
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

gtsolid
Normal user
Normal user
Posts: 137
Joined: 2016-06-14 12:02

Re: Spam problem

Post by gtsolid » 2018-02-02 08:24

I think to put it into the correct form
Image

gtsolid
Normal user
Normal user
Posts: 137
Joined: 2016-06-14 12:02

Re: Spam problem

Post by gtsolid » 2018-02-08 07:08

I don't understand very well why hmail asks me for a host name. It implies that i have to keep some relation with ISP and expose me to some trouble like this

User avatar
mattg
Moderator
Moderator
Posts: 22437
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spam problem

Post by mattg » 2018-02-08 10:09

gtsolid wrote:I don't understand very well why hmail asks me for a host name. It implies that i have to keep some relation with ISP and expose me to some trouble like this
I suspect something is lost in the translation here.

You need a hostname in hMailserver because when other servers ask for your server's name, it needs to reply with something reasonable.
This has nothing to do with your PTR record.

Except that SOME mail servers once they ask your server it's name, then check the PTR record from the connecting IP address, before allowing any mail to be received.
The PTR record doesn't need to match exactly the hostname, however it is better if it does, because the conversation is like this

Your server : Hi (IP address used is (caller ID) 123.123.123.123
Other Server : HI, what is your name
Your server : may name is abc23.com
Other server : just a minute I'll check the caller ID (your IP address) and search a reverse phonebook for your name (RDNS or PTR search)
Other Server : Oh I see that 123.123.123.123 is the IP Address of abc123.com, OK, I'll trust you not send SPAM, go ahead


Now if the PTR record doesn't match then it goes like this

Your server : Hi (IP address used is (caller ID) 123.123.123.123
Other Server : HI, what is your name
Your server : may name is abc23.com
Other server : just a minute I'll check the caller ID (your IP address) and search a reverse phonebook for your name (RDNS or PTR search)
Other Server : Oh I see that 123.123.123.123 is the IP Address of ZYX678.com , OK, That looks legit enough , I'll trust you THIS TIME not send SPAM, go ahead, but be careful


If the PTR record is just a mesh of letters and numbers then it goes like this

Your server : Hi (IP address used is (caller ID) 123.123.123.123
Other Server : HI, what is your name
Your server : may name is 'Elephants have big ears and are very heavy'
Other server : Close connection
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply