Topic: DUL and my server

[Quade]

Disclaimer: This may not be the appropriate forum for this, since it's not *directly* SME-related, but I've exhausted my other resources with this, so I'm asking if any SME users or developers have seen this problem.

My server sits on the web, with a legitimate external IP address, assigned by my ISP. However, this IP address is listed on their Dial-Up List as a residential IP (accurate).

Most Real-Time Blackhole spam filters, including AOL and various local ISPs, block ay incoming e-mail from a domain or IP listed on a DUL. This means me.

My ISP (Comcast) refuses to remove me from their DUL, and that's understandable I guess, even though I'm a "Pro" customer, which entitles me to static IPs, and the end-user rights to run a server. Ultimately though, I'm still just a residential customer. And seeing as they're the big company, and I'm the little guy, I'll probably stay on their list.

So, my question here is this: is there any way around this, short of outsourcing my e-mail (which I'm loathe to do)? Can I make qmail or SME be more trustworthy? Has anyone else run into this problem? Do I just live with not being able to e-mail my mom on AOL anymore?

Thanks guys, and sorry for the not-100%-SME-related post.

(I'm running SME 5.1)

[Dan Brown]

This would be a situation where you'd just funnel your outgoing mail through your ISP's mail server.  Enter that address in the "other e-mail settings" panel in the server manager.

Really, your only options are to (1) get off the list, or (2) convince those who are using the list not to.  How "trustworthy" qmail or SME is is irrelevant--the people using those lists have decided, for whatever reason, that residential IPs shouldn't be hosting mail servers (or more precisely, that they don't want to talk to mail servers hosted at residential IPs).  Outsourcing your mail (by using your ISP's mail server, as above) is just a special case of option 1--you're getting off the list by using a different server.

[Bill Talcott]

Try contacting the people running the blacklist. Many simply lump all DHCP addresses (dialup, cable, DSL) in, and know that it's not 100% accurate. If you explain the situation to them, including what steps you've taken to secure the server, they may simply remove your IP from their list. I've done that before for our commercial cable account.

http://relays2.osirusoft.com/cgi-bin/rbcheck.cgi is a good check of a lot of blacklists, if you want to see who's got you listed...

[Charlie Brady]

Bill Talcott wrote:

> Try contacting the people running the blacklist. Many simply
> lump all DHCP addresses (dialup, cable, DSL) in, and know
> that it's not 100% accurate.

You can get off an open relay list if you are not an open relay, but I will bet you can't get off a DUL if you are on it - it probably isn't even technically possible - the whole block of addresses has been listed by the ISP.

Dan has posted the correct solution.

Charlie

[Quade]

Charlie Brady wrote:
>
> Bill Talcott wrote:
>
> > Try contacting the people running the blacklist. Many simply
> > lump all DHCP addresses (dialup, cable, DSL) in, and know
> > that it's not 100% accurate.
>
> You can get off an open relay list if you are not an open
> relay, but I will bet you can't get off a DUL if you are on
> it - it probably isn't even technically possible - the whole
> block of addresses has been listed by the ISP.
>
> Dan has posted the correct solution.
>
> Charlie

Well, perhaps not the correct solution, but the most appropriate. The correct solution would be to lease a T1 line, with no residential IP address.

As much as I hate not having absolute control over my mail, I went with Dan's solution. I hadn't thought about it before, as I'd simply put the idea of using my  ISP for anything other than raw connection out of my head a long time ago.  Thanks Dan.

And Bill, Charlie's 100% right. I've tried for weeks now to get my ISP to remove me off of the DUL, which they can't/won't. I'm sure they could if they wanted to, but that's assuming a lot. Their explanation is that the entire class C is on the list, and there's nothing they can do. I'd be willing to bet that even if they removed _me_, my class C that I'm on would still be blocked.

And I've written people that use these lists -- I can't even reach them, b/c they're blocking me... >:/

But thanks guys. I know this wasn't an SME problem, but there was definitely an SME solution.

[Boris]

>Do I just live with not being able to e-mail my mom on AOL anymore?

Give to you Mom e-mail box on your server in addition or instead of her AOL account. Mom comes first

[Bill Talcott]

Quade wrote:
>
> And Bill, Charlie's 100% right. I've tried for weeks now to
> get my ISP to remove me off of the DUL, which they
> can't/won't. I'm sure they could if they wanted to, but
> that's assuming a lot. Their explanation is that the entire
> class C is on the list, and there's nothing they can do. I'd
> be willing to bet that even if they removed _me_, my class C
> that I'm on would still be blocked.

I agree that it's probably not even possible for your ISP to give you an IP outside the blacklisted range. Rather than trying to switch things with your ISP, contact the person who has *incorrect information in their blacklist*. I guarantee that you can be removed from at least some of these dialup blacklists, as I have done it. I contacted another one, and nothing's changed yet.

What it comes down to is that someone somewhere has your IP in a "bad" list. If you can clear up the situation with the person maintaining that list, you can have them take your IP out of their list. That may or may not be a challenge, depending on who runs the list and how concerned they are about losing legitimate email...

[Quade]

Bill Talcott wrote:

> I agree that it's probably not even possible for your ISP to
> give you an IP outside the blacklisted range. Rather than
> trying to switch things with your ISP, contact the person who
> has *incorrect information in their blacklist*. I guarantee
> that you can be removed from at least some of these dialup
> blacklists, as I have done it. I contacted another one, and
> nothing's changed yet.
>
> What it comes down to is that someone somewhere has your IP
> in a "bad" list. If you can clear up the situation with the
> person maintaining that list, you can have them take your IP
> out of their list. That may or may not be a challenge,
> depending on who runs the list and how concerned they are
> about losing legitimate email...

Bill, I'm interested in which blacklists you've been removed from. I'd be willing to give them a go. My experience (read: problem) has been that these guys don't care so much about blocking someone who will likely never send e-mail to someone they protect. The other daunting part of this is contacting every single blacklist that has my IP blocked and/or contacting the ISP or e-mail admin to remove a block on me.

Seems to me like e-mail administration a big game of Yu-gi-o (or whatever the currently popular card game is) where you're constantly trumping someone else's trump until you win. Someone sends spam, so I block their domain, then they switch, so I block their group of domains, then they switch IPs, so I block that class C, then they switch ISPs, then I block all residential IPs...  

Maybe I'll just use ICQ for all correspondence...

[Bill Talcott]

Did you check http://relays2.osirusoft.com/cgi-bin/rbcheck.cgi to see which lists you were on? We were only on two of them. five-ten-sg.com removed our IPs almost instantly when I sent an email to them, but we're still on dun.dnsrbl.net (which is probably more widely used).

Like you said, it's sort of back and forth with a lot of "collateral damage". But it does really come down to someone having a blacklist of IPs, and your valid server is on that list. It's up to them to decide who they want to accept mail from, but the more valid users they chop out with the spammers, the less useful their list will be. Obviously, some people will take a little spam if it allows a whole lot of legitimate mail, while others will block off half the internet to keep from getting two spam emails. I think that ideally most people would like to have their list be 100% accurate, so they will try to make corrections if you can prove to them that it won't cause them to get 4 billion more spam emails...

Here's the email I sent them...
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Hello.  I recently noticed through http://relays2.osirusoft.com/cgi-bin/rbcheck.cgi that you incorrectly list our IPs as dialup-equivalent.  x.x.x.x, x.x.x.x, and x.x.x.x are our static IP addresses for our business cable modem account.  We are running a Linux mail server (see http://www.e-smith.org for details) which is not an open relay.  You will find that the data at http://www.*ourdomain*.com and our WHOIS information match as well.  I would just like to get our IPs removed from your list, in case someone does happen to be using it to filter out junk mail servers, as this could negatively affect our legitimate business.

Thanks,
Bill Talcott
Network Admin
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Like I said, one fixed it almost instantly, while another hasn't yet. There's not much you can do but let the admins know when they've got incorrect info... As others have said, the easiest solution may just be to have your SME pass the mail through to your ISP's server so that other servers see it coming from a "legitimate" source.

[dave]

Quade,

Consider this an off topic (non SME related) question...

How'd you get a static IP through Comcast and do you host web a site(s)?  

I live in lower michigan, between detroit and ann arbor, Comcast is our cable provider and used to be our ISP.  They started blocking ALL local traffic on port 80 so I lost the ability to host web sites.  My server was up 24/7 and the IP rarely changed.  After they started blocking port 80, my IP also started rotating much more frequently and they flatly refused (then and still do) to allow me to 1: have a static IP and 2: host web traffic on port 80.  They say I can have a web site, but they want to host it - for an additional monthly fee.

Now I have (relatively unreliable) ADSL service and would LOVE to go back to cable, they authenticated by the external NIC's MAC address and I never had to reboot to re-establish my internet connection if service was interrupted on their end.  With ADSL, they frequently change some parameter(s) on their network and when service drops, the only way I can reconnect is by rebooting my DSL modem and my server.

Anyway, if you have a contact or a specific service I could ask for, I'd appreciate it if you could let me know...

Thanks,
Dave

[Tom Carroll]

Try comcast pro.  It's $95 per month, up to 3.5mbs, and 5 persistant IP addresses.  I do believe they are telling people they cannot host their own server however.  Everyone needs their pound of flesh...

Tom