EmailDiscussions.com  

Go Back   EmailDiscussions.com > Discussions about Email Services > Email Help Needed!
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Email Help Needed! Having problems with your email service, or with the email software you're using? Post your questions and answers here!

Reply
 
Thread Tools
Old 23 Jan 2021, 04:55 AM   #16
Rich_A
Junior Member
 
Join Date: Jan 2021
Posts: 11
Quote:
Originally Posted by garland View Post
Interesting problem. It is as others mentioned normal for a residential IP to be on RBLs. In fact, many of them request their ranges to be listed at spamhaus proactively because they have in their policies that customers shouldn't run mail servers on them. However, as you also noted, you're not running a mail server but your mail server is including your connecting IP in a Received header, and a content filter is checking Received headers against blacklists.

I've noticed an increase in this as well. One of my filter servers fell in a /24 that got SBL'd (cloud provider IP range) and we saw email rejections due to this, even though the filter server doesn't deliver the mail but merely passes it to the relays.

I think if this is going to be the trend, the email provider removing the client IP from the Received headers before sending it on isn't an unreasonable ask. It can be argued as a violation of accepted RFC standard, but standards are less important than working around unfair algorithms.

I would recommend bringing it to your mail provider with that request in mind: That they remove your IP from headers before sending the email on. It is the SMTP server that you connect to which writes that Received header, so it is the job of that server or one after it to remove it and it's not something you can influence withot their help. Unless of course you are running your own mail server, in which case I'd highly recommend removing a Received header before sending it on.
First thanks to JeremyNicoll for the detailed explanation and help. Also to garland for the help. After absorbing all that info I've tried a few things.

Here's what a I found. Yes this odd-ball problem is most likely going to become more of a problem in the future. I'm going to talk to my domain and email provider to see if they can do something to modify my outgoing emails to not include the IP address in the header.

Also I checked here and tried a different VPN service which DOES work with my emails. Now my sent emails using my preferred email client software no longer has that troublesome IP address in the headers. This is a "sorta" fix for my problem with my emails being blocked or not fixed. However, it's not perfect. Now I've found that "some" of my emails are being sent to people's spam filters.

I'm assuming that various security things are seeing no return IP address in the headers which is probably bringing up a "red flag" and kicking my emails to the user's spam folders. I am now in the process testing with a few of my email contacts to instruct them to add me to any "white list" or what-ever their software has to handle a false positive incoming potential spammer.

Meanwhile on the web site access .. as I mentioned in the beginning using a VPN service works for me most of the time. BUT as the anti-virus/spam techniques get more and more advanced (and overly aggressive?) I find some web sites will now not even allow a user who has an unknown (or) totally missing originating IP to even view the site.

FWIW, I think in the future the people designing and implementing these measures and applications need to do a little more thinking about the impact such measures can have on innocent, honest people.

Thanks everyone for some interesting observations and of course your help. For now I'll use a VPN application which will solve about 90 percent of the problems.

Last edited by Rich_A : 23 Jan 2021 at 05:00 AM. Reason: Typo
Rich_A is offline   Reply With Quote
Old 23 Jan 2021, 08:42 AM   #17
SideshowBob
Essential Contributor
 
Join Date: Jan 2017
Posts: 278
Quote:
Originally Posted by jarland View Post
Interesting problem. It is as others mentioned normal for a residential IP to be on RBLs. In fact, many of them request their ranges to be listed at spamhaus proactively because they have in their policies that customers shouldn't run mail servers on them. However, as you also noted, you're not running a mail server but your mail server is including your connecting IP in a Received header, and a content filter is checking Received headers against blacklists.

I've noticed an increase in this as well. One of my filter servers fell in a /24 that got SBL'd (cloud provider IP range) and we saw email rejections due to this, even though the filter server doesn't deliver the mail but merely passes it to the relays.
That isn't new, for example SpamAssassin has done deep SBL checks pretty much forever. It does last-hop tests for XBL and PBL because, unlike SBL, they contain mostly dynamic addresses. The only thing that's changed there is that previously people didn't have abused cloud servers as internal relays.

What the OP is seeing suggests that spam is coming from his IP address which he says he's had for years. I'm not familiar with all the lists, at least one is a pure dynamic address list, but CBL is the most worrying. From https://www.abuseat.org/

Quote:
The CBL only lists IPs exhibiting characteristics which are specific to open proxies of various sorts (HTTP, socks, AnalogX, wingate, Bagle call-back proxies etc) and dedicated Spam BOTs (such as Cutwail, Rustock, Lethic, Kelihos, Necurs etc) which have been abused to send spam, worms/viruses that do their own direct mail transmission, or some types of trojan-horse or "stealth" spamware, dictionary mail harvesters etc.
SideshowBob is offline   Reply With Quote
Old 23 Jan 2021, 11:40 AM   #18
Rich_A
Junior Member
 
Join Date: Jan 2021
Posts: 11
Thanks SideshowBob. I tried the link you referenced just to see what was there and ultimately drilled down to where I could check my IP for black listing. I was also able to get to an area where I could run the on-line user "de-listing" thing.

Note, over the years I have done this many times but would always end up with 2 or 3 of the 10 or more Blacklist sites not being able to do the de-listing. The result is they always tell me that I should contact my ISP to fix this problem. Been there and done that and finally gave up. One of the sites that could not do the de-listing (even when I contacted them directly) was Spamhaus ?

While tooling around the web site you referenced above I tried the "de-listing" app. and was able to actually complete the whole process .. got the email from them for confirmation and was told, it should take 30 minutes or so for the de-listing process to complete around the world .. Last time I went thru the "de-listing" process (unsuccessfully) was several months ago. I wonder why it worked tonight ??

I believe I saw some reference to that "Spamhaus" entity while doing the cleaning procedure. The de-list confirming email had some notes one of which mentioned if the problem was not solved that my IP could be RE-listed again.

So, can you tell me if I should once again go back to the 10 or 12 other blacklist sites and go thru this de-listing process all over again for each one? While also knowing that there might be another 1 or 2 of the 10 remaining that might not be able to de-list me? Or could what I did tonight have cleared the other lists as well ??

Second question. Did I "really" clear the listing ?? Or is it going to show up again later? .

Over the past couple years while having this problem I've often been warned about my possibly being a spammer or using something nefarious etc. All I can say is I have NEVER knowingly done anything that could cause this problem.

For the record, I'm a 75 year guy who built his first computer back in the 60s, a kit-built SWTP computer and I've been virus free and solid up UNTIL I moved to this new location a few years ago. And when moving here, dropped my 30 plus year old ISP (APLUS and later Cox) and opened up an account with Comcast.

And that's when my problems started. I'm going to suggest that I could just nix Comcast and sign up with a new ISP which would change my IP address. But the service / speed / and content available to me would suffer and to match my current capability would be more than I could afford even it it were available. Like I keep saying .. Comcast / Xfinity here is great .. fast .. very reliable and great quality. I've been living with this blacklisted IP problem now for a few years ..

I don't want to mess around with this thing for the few years I have left. Cox is now adding new service here in my town in the last year. Unfortunately their service is not yet available to my street. I had Cox at my old house for a couple decades and service was fine .. no issues. So I'm just hoping I live long enough to see Cox add my street to their service.

Which is not looking good as I'm on a long unimproved dirt road in on a small mountain top in the middle of a forest. <grin> Oh well. Thanks for the help. I will post back what happens after the "de-listing" finishes.
Rich_A is offline   Reply With Quote
Old 23 Jan 2021, 12:37 PM   #19
Rich_A
Junior Member
 
Join Date: Jan 2021
Posts: 11
Opps .. I got side tracked and forgot something I wanted to tell JeremyNicoll. There is no WiFi here. About 18 months ago I removed the existing Router and installed a non-wifi 8 port gigabit router. The laptop is normally used when traveling and maintenance on that is done via a plug in hard wired Cat 7 LAN. All the computers in the house are hard wired and running gigabit speeds including the modem.

I don't have a smart phone and not even a smart TV. (wife says I'm also not smart) <grin>

The laptop I have is a Dell and is the only commercial PC I own. All my other PCs I've owned were build by me from scratch going back to the aforementioned first computer I built in the late 60s.

So I hope you can believe me when I say I've been messing with computers and electronics of all kinds for a very long time. Been retired from the computer business about 20 years now and I have to say a lot of water has gone under my bridge. A LOT has changed in the last couple decades. Suffice to say, I'm pretty impressed with the knowledge floating around this forum.

Glad I found this group ..but It's getting hard to keep up with you guys ..

I appreciate the combined effort put forth by the collective group here. Thanks guys.
Rich_A is offline   Reply With Quote
Old 23 Jan 2021, 09:36 PM   #20
JeremyNicoll
Essential Contributor
 
Join Date: Dec 2017
Location: Scotland
Posts: 483
I'm glad that you're making progress.

For the emails that you send that other people's systems think are spam... get them to forward examples of those mails back to you so that you can see the spam-scoring headers that their systems hopefully inserted ... and you may be able to find out why they don't like them.

Software other than email clients can send emails. Quite a lot of systems utilities offer to send emails if they detect a problem with whatever services they offer - so eg in the corporate world they can be set up to send an email to the IT dept if something's not right. Some products use email "under the covers" if you use some sort of "report a problem" dialog from their GUI. Lots of scripting languages (eg perl, python etc) support simple ways to send emails.

This discussion has some useful hints, not least that Comcast have apparently told lots of people that they're sending spam.... See:
https://community.spiceworks.com/top...ut-spam-emails

What model is your router?

What anti-virus/anti-malware software do you use?
Is it installed on every machine in your network?
Do you use it with default configuration or have you tailored it to be more rigorous (hopefully) or (possibly) less thorough?

Do you run any games? (It's not uncommon for people to have to tell their security software to 'trust' all games because otherwise the security software slows them down. That's always struck me as a colossal hole that sooner or later someone could take advantage of.)

Do any/all of your machines have third-party firewalls installed?
JeremyNicoll is offline   Reply With Quote
Old 23 Jan 2021, 10:33 PM   #21
JeremyNicoll
Essential Contributor
 
Join Date: Dec 2017
Location: Scotland
Posts: 483
Other thoughts:

What OSes are you running? Are they all uptodate, patched etc?

You mentioned an "HTPC" - what is that, and what does it run?

Do you have any NAS (network addressable storage) devices? Most of those run some flavour of linux, I think.

Do you have any network-attached security cameras, or anything else whose OS almost certainly never gets patched?

Have you ever allowed anyone to access any of your machines remotely, using RDP or something like TeamViewer? If you did, did you uninstall / turn off the feature afterwards?

Do you ever run other OSes in VMs (ie Virtual Machines), without properly/fully configuring those to make them secure?
JeremyNicoll is offline   Reply With Quote
Old 23 Jan 2021, 11:04 PM   #22
TenFour
Master of the @
 
Join Date: Feb 2017
Location: USA
Posts: 1,679
I doubt this is related, but I have discovered that if you don't let your router use whatever DNS server Comcast wants to use you get lots of DNS errors when trying to connect. I tried using both Cloudflare and Google DNS and ran into the same problems. Just today I switched back to Comcast DNS being set automatically and the DNS errors went away. Not sure why that would be, but could be a source of DNS problems you reported seeing in the Mailbird logs.
TenFour is offline   Reply With Quote
Old 24 Jan 2021, 03:56 AM   #23
Rich_A
Junior Member
 
Join Date: Jan 2021
Posts: 11
For Jeremy. Regarding your recent posts (#s 20 and 21) I have things going on here that need my immediate attention so I'll be busy for a while. As soon as I get some time freed up, I'll address all your questions and observations. The weather outside this weekend is "cold" (sub freezing) BUT it's nice and sunny and I have some antenna work I have to get done.

For TenFour .. That's interesting about your experience with the Comcast DNS thing. I'll have to do some research on that. Thanks for the tip,.

Weather permitting I should be back here soon. - Rich
Rich_A is offline   Reply With Quote
Old 19 Feb 2021, 01:19 AM   #25
Rich_A
Junior Member
 
Join Date: Jan 2021
Posts: 11
Been away .. Sorry

A quick note .. had a personal problem here .. granddaughter in hospital on life support for the last few weeks. (NOT Covid related) So my email problems are on hold at the moment. She's been hooked up to machines up until a couple days ago and is finally out of the ICU. This is first moment I've found time or even thought to respond here. Sorry to not respond sooner. I'll be back here with some new email notes after this weekend.
Rich_A is offline   Reply With Quote
Old 15 Apr 2021, 06:30 PM   #26
LukeDavis
Junior Member
 
Join Date: Apr 2021
Posts: 1
Quote:
Originally Posted by Rich_A View Post
A quick note .. had a personal problem here .. granddaughter in hospital on life support for the last few weeks. (NOT Covid related) So my email problems are on hold at the moment. She's been hooked up to machines up until a couple days ago and is finally out of the ICU. This is first moment I've found time or even thought to respond here. Sorry to not respond sooner. I'll be back here with some new email notes after this weekend.
How is your granddaughter? Any news with the emails?
Maybe you can try and check out https://securitygladiators.com/chang...other-country/ , since they cover how to get a fake IP and change your IP address, maybe that will help with your blacklist-related issue.
LukeDavis is offline   Reply With Quote
Old 9 Feb 2022, 04:11 AM   #27
Rich_A
Junior Member
 
Join Date: Jan 2021
Posts: 11
Quote:
Originally Posted by LukeDavis View Post
How is your granddaughter? Any news with the emails?
Maybe you can try and check out https://securitygladiators.com/chang...other-country/ , since they cover how to get a fake IP and change your IP address, maybe that will help with your blacklist-related issue.
Sorry to sorta "disappear" for so long. Had multiple personal problems here and for several months computers etc. needed to be put on a back burner while we took care of more important things.

Thanks for kind wishes etc. and our granddaughter survived a several month medical battle and is now fully recovered and doing well.

AND I recently solved my IP address problem. I'll give a synopsis of what happened recently regarding that blacklisted IP problem that I hope may help others.

For "years" I could not get my IP address to change.

Aboout a month ago, we needed to turn in our old 3G cell phones and get more modern units because our Cell provider was upgrading to 5G and our old 3g phones would no longer work. So decided to get a couple "smart phones". I wanted to take advantage of using the WiFi connectivity of the smart phones for various things but my in house computer environment had NO WifI connections.

My modem and router were all gigabit and latest docsis etc. Specitically the router was a robust 10 port thing that was bought for it's superior mechnanical grounding and RF sealed case. As a ham radio op I have a lot of sensitive radio equipment and had some problems with RF interference from modems and routers running at gigabit or higher speeds. So I replaced all the equipment and wirng with well designed, sheilded and grounded stuff ... This reduced the RF interference to my VHF and higher radio frequencies dramatically.

But that good working fast and well sheilded router was a straight wired only (no wifi) unit. And we needed WiFi for our new smart phones. So I got a new router with multiple wired gigabit lan connections and a great fast Wifi connection. Nice unit and the wifi is great and FAST ( almost 300 MB/s average) BUT the RF noise is back. Sigh. (Still looking at that problem) ..

HOWEVER, this time, after installing the new router .. our IP address was changed (as I expected) BUT this time it STAYED changed. In the past, if I removed the old router for even days and reinstalled it from scratch the OLD IP address would magically re-appear. And for years it would always come back like a static IP no matter what I did..

The problem (I'm guessing) is there was something built into the old router that was storing the IP address, possibly in some kind of non-volitile memory Eprom or something. There was a procedure to wipe all settings from that old router to set everything back to the factory default. I'm (again guessing) that something was wrong because I could NEVER get it back to factory defaults. The router in question WAS a kinda complicated thing (A Microtik router) and duriing the last conversation I had with the factory they said I should send it back. Well it was operating fine .. fast .. no RF problems so I just lived with it as was until I could get around to getting something to use while waiting for a repair. .

So I've now replaced it, and with the "new" router in place .. we of course were automatically assigned a new IP address and no more problems. Suddenly ALL the web sites I was being denied access to are now once again available to me. No problem with my IP address being blocked any more.

By the way .. before I completely replaced the old router I tried installing a 2nd small WiFi router in line with the old router so we could connect to the web with our new smart phones. That worked fine and we had WIFI capability (slow but worked OK) BUT of course the bad IP address was still causing problems. That's when I decided to invest in a newer combo wired with WIFI router which is now working great.

So I want thank everone with their help here. This problem was a head scratcher for me. My expertise is not in the networking area but I do have a good background in electronics ..

FWIW, the new router unfortunately has a plastic housing .. the internal circuitry is still radiating some hash on some of the VHF radio frequencies. Am looking at solutions for that. But that old Microtik router although working well, had a problem and looked to me like it was somehow "storing" that bad IP address somewhere ?? I "should" have been able to do a hard reset procedure to clear everything .. but that never worked and I'm "pretty sure" I was doing it correctly. (famous last words) <grin>
Rich_A is offline   Reply With Quote
Old 9 Feb 2022, 07:27 AM   #28
JeremyNicoll
Essential Contributor
 
Join Date: Dec 2017
Location: Scotland
Posts: 483
Quote:
Originally Posted by Rich_A View Post
Sorry to sorta "disappear" for so long...

AND I recently solved my IP address problem. I'll give a synopsis of what happened recently regarding that blacklisted IP problem that I hope may help others.
I'm pleased for you!


Quote:
Originally Posted by Rich_A View Post
... So I got a new router with multiple wired gigabit lan connections and a great fast Wifi connection. Nice unit and the wifi is great and FAST ( almost 300 MB/s average)
That seems (at least by UK standards) unlikely. I think you mean 300 Mb/s (ie megabits/sec, which is approximately one tenth of the speed of megabytes/sec)?


Quote:
Originally Posted by Rich_A View Post
HOWEVER, this time, after installing the new router .. our IP address was changed (as I expected) BUT this time it STAYED changed. In the past, if I removed the old router for even days and reinstalled it from scratch the OLD IP address would magically re-appear. And for years it would always come back like a static IP no matter what I did..

The problem (I'm guessing) is there was something built into the old router that was storing the IP address, possibly in some kind of non-volitile memory Eprom or something.
That also strikes me as unlikely; the IP address that is being assigned is part of your provider's network, not yours, and therefore not something that your router (or more likely the modem) should be able to dictate. I suppose it's just possible that a provider might supply a modem to a customer with a hard-coded ip address set inside it, but it'd give them no ability - unless they remotely reprogrammed that modem - to control their own network.

However maybe your new router also includes a modem, and maybe that logs in to your provider's network with different parameters and perhaps gets its connection to a different part of their network?
JeremyNicoll is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 05:23 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy