You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Bernd Waibel <BW...@intarsys.de> on 2014/09/17 13:12:34 UTC
AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Hi,
this may not be a matter of james, but it need to get fixed.
Maybe check this:
Do your server accept mails from extern addressed "from: someone@somewhere.de" to "unknownuser@yourdomain.de"?
So the Reply may be the spam.
Do your server accept mails from extern addressed "from: <null>" (means no from) to "someone@somewhere.de"?
It seems to me that not all mailets in james handle the From==null.
Could everybody subscribe to your service, with a wrong e-mail address?
In the past we had an "subscribe newsletter" on our webpage, even with captcha, and had a lot of "fake" subscriptions.
The used e-mail address got the "thank your for subscribing", and some users marked this as spam.
So it may be a matter of a third system, not the mail system directly.
Mfg
Bernd
-----Ursprüngliche Nachricht-----
Von: Pete Williams [mailto:pxc433@hotmail.com]
Gesendet: Mittwoch, 17. September 2014 11:50
An: server-user@james.apache.org
Betreff: Urgent Spamhaus Help Needed - james 2.3.2
Hi
I have been successfully running a James email server for about the last 3 years. It is not an open relay. It checks clean with things like MX toolbox.
Our fixed IP address keeps getting listed on Spamhaus. I am certain that we are not infected, and that James is configured OK.
Our cloud based service sends emails that subscribers have asked for. It runs reports and emails them, and sends email notifications. They pay for this service, so this is stuff they want to see.
I need to find out why we are being listed, and if these emails are being seen as spam by 'a trusted third party' as the spamhaus website puts it.
If you can help at all, please do. I don't know how to proceed.
Thanks Pete.
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Posted by Bernd Waibel <BW...@intarsys.de>.
Forgotten something...
You could integrate spamassasin in james (we did).
So you could filter out the spam yourself.
But only if your server sends the spam (this must not be true, everybody could send spam with your address).
Maybe just someone is using your e-mail addresses....?
-----Ursprüngliche Nachricht-----
Von: Bernd Waibel [mailto:BWaibel@intarsys.de]
Gesendet: Mittwoch, 17. September 2014 13:13
An: James Users List
Betreff: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Hi,
this may not be a matter of james, but it need to get fixed.
Maybe check this:
Do your server accept mails from extern addressed "from: someone@somewhere.de" to "unknownuser@yourdomain.de"?
So the Reply may be the spam.
Do your server accept mails from extern addressed "from: <null>" (means no from) to "someone@somewhere.de"?
It seems to me that not all mailets in james handle the From==null.
Could everybody subscribe to your service, with a wrong e-mail address?
In the past we had an "subscribe newsletter" on our webpage, even with captcha, and had a lot of "fake" subscriptions.
The used e-mail address got the "thank your for subscribing", and some users marked this as spam.
So it may be a matter of a third system, not the mail system directly.
Mfg
Bernd
-----Ursprüngliche Nachricht-----
Von: Pete Williams [mailto:pxc433@hotmail.com]
Gesendet: Mittwoch, 17. September 2014 11:50
An: server-user@james.apache.org
Betreff: Urgent Spamhaus Help Needed - james 2.3.2
Hi
I have been successfully running a James email server for about the last 3 years. It is not an open relay. It checks clean with things like MX toolbox.
Our fixed IP address keeps getting listed on Spamhaus. I am certain that we are not infected, and that James is configured OK.
Our cloud based service sends emails that subscribers have asked for. It runs reports and emails them, and sends email notifications. They pay for this service, so this is stuff they want to see.
I need to find out why we are being listed, and if these emails are being seen as spam by 'a trusted third party' as the spamhaus website puts it.
If you can help at all, please do. I don't know how to proceed.
Thanks Pete.
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
AW: AW: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Posted by Bernd Waibel <BW...@intarsys.de>.
Hi,
every mail system had to look for correct dns and reverse-dns settings.
Not only james, MS Exchange too. So this is not a matter of james but a matter of email systems.
If you use ssl with smtp, it could become more complicated:
If you use SSL I suggest to use exactly the name of the mailserver as "common name" in the ssl certificate. Just to be sure it matches.
If you use MS Exchange, you need more than one name to match (e.g. autodiscover.mydomain.com) und need a SSL certificate with more than one domain name (Subject Alternative Name (SAN) SSL Certificate).
In the past we used an ip address for our mailserver, which has been marked by the internet provider as "dynamic".
This means, that this ip address range is normaly used by "users" using DHCP (normal home users using DSL).
Because of this " dynamic" ip, we had been banned by one large internet provider, cause they don't trust dynamic ip address ranges.
We had to change the ip address to get rid of this.
We had also been banned one time for exactly the same reason you had. But with another background.
Some of our developers tried "sending emails directly from their development environment".
They used our outside MX IP address, but used the wrong name.
So we had been banned, too.
But we did talk to the developers, and closed the possibility to do this.
So: Your firewall should block all incoming and outgoing smtp traffic, except from your james server.
One more:
Few years ago our internet provider did configure the reverse-dns wrong.
So he configured:
- mail.mydomain.com == 123.123.123.123, and
- 123.123.123.123=someotherserver.mydomain.com
This could lead to the same problem you had.
To fix this you need a DNS update by your internet provider.
Last one:
Some years ago we got banned by a north-european "security firm", can't remember the name.
They offered two options:
First: you could wait to get unbanned, when your "reputation" gets better by not sending spam again.
Or, second: you could pay for get unbanned. About 300 Euros, I think. Yes.
;-)
So the question, which e-mail server sould be trustworthy or not, is not easy to answer.
So you have to stay tuned to not get banned again....
And is not always your fault.
Ciao
Bernd
-----Ursprüngliche Nachricht-----
Von: Pete Williams [mailto:pxc433@hotmail.com]
Gesendet: Donnerstag, 18. September 2014 11:59
An: James Users List
Betreff: RE: AW: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Bernd
Thanks for this - we now match perfectly.
But to me this seems like an extreme measure. Banned because the HELO is mydomain.com rather than mail.mydomain.com.
The company doing the banning is one of these outsourced security companies called epasecure.com. A shower of ....... if you ask me. No other such company has taken such drastic action in 3 years.
Andy
> From: BWaibel@intarsys.de
> To: server-user@james.apache.org
> Subject: AW: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2
> [unsigned]
> Date: Thu, 18 Sep 2014 09:48:27 +0000
>
> Sorry, forgotten type=mx, should be:
>
> C:\Users\bwa.IS>nslookup -type=mx mydomain.com ....
>
> -----Ursprüngliche Nachricht-----
> Von: Bernd Waibel [mailto:BWaibel@intarsys.de]
> Gesendet: Donnerstag, 18. September 2014 11:46
> An: James Users List
> Betreff: AW: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2
> [unsigned]
>
> Yes, this may be the problem. Or part of it.
>
> The mail server should always use exactly the name of the mx record, und should always use the IP address of the mx record.
> If you have a firewall and using NAT or SMTP Proxy, the external IP address of your mailserver could be hidden by the firewall.
> So only in this case the A-Record of "mail.mydomain.com" should be the ip address of your firewall.
>
> Easy to check (for the incoming side, not as easy on outgoing):
>
> From extern:
> 1. nslookup the mx-record for your domain.
> 2. nslookup the a-record for your mx
> 3. ping the name, to verify the ip
> 4. telnet to your smtp on port 25 server and see what he answers.
>
>
> For example, at home, I am using company domain " mydomain.com " with mailserver "mail.mydomain.com " here:
>
> C:\Users\bwa.IS>nslookup -type=mydomain.com ....
> mydomain.com MX preference = 50, mail exchanger = mail.mydomain.com
>
> C:\Users\bwa.IS>nslookup mail.mydomain.com ....
> Name: mail.mydomain.com
> Address: 123.123.123.123
>
> C:\Users\bwa.IS>ping mail.mydomain.com Ping wird ausgeführt für
> mail.mydomain.com [123.123.123.123] mit 32 Bytes Daten:
> Antwort von 123.123.123.123: Bytes=32 Zeit=42ms TTL=57 ...
>
> C:\Users\bwa.IS>telnet mail.mydomain.com 25
> 20 mail.mydomain.com SMTP Server (JAMES SMTP Server 2.3.2) ready Thu,
> 18 Sep 2014 11:39:00 +0200 (CEST)
>
> Ciao,
> Bernd.
>
>
> -----Ursprüngliche Nachricht-----
> Von: Pete Williams [mailto:pxc433@hotmail.com]
> Gesendet: Mittwoch, 17. September 2014 19:30
> An: James Users List
> Betreff: RE: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2
> [unsigned]
>
> Thanks for this.
> My mx record said 'mail.mydomain.com'
> My entry is the config.xml file said 'mydomain.com'
> Could this be it?
> Pete
>
> > From: BWaibel@intarsys.de
> > To: server-user@james.apache.org
> > Subject: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2
> > [unsigned]
> > Date: Wed, 17 Sep 2014 13:11:22 +0000
> >
> > Hello Pete,
> >
> > check your config.xml.
> >
> > 1.
> > In your "RemoteDelivery" mailet (or the mailets, could be more than one), you should set your hostname for the "sender" side.
> > The hostname must be the same as defined in your MX Record in the public DNS.
> >
> > So if your Sender-Domain is "mydomain.de", and your MX-record in dns is "mymailserver.mydomain.de", and your A-Record for "mymailserver.mydomain.de" is 217.172.xxx, then use:
> >
> > <mailet match="All" class="RemoteDelivery"> .....
> > <mail.smtp.localhost>mymailserver.mydomain.de</mail.smtp.localhost>
> > </mailet>
> > Do not (!) use the numeric IP here.
> >
> >
> > 2.
> > You should also need to set the hostname for the "listen" side, so you need to change the "smtpserver" section.
> > <smtpserver enabled="true">
> > ....
> > <handler>
> > <helloName
> > autodetect="false">mymailserver.mydomain.de</helloName>
> > ...
> > </handler>
> > ...
> > </smtpserver>
> >
> > 3.
> > Also in the "<James"> Section there is a hostname.
> > This is the default if none is set. You should use the same name here. This entry does mean: for which domains is this server responsible. So you could have more than one name here.
> > <servernames autodetect="false" autodetectIP="true">
> > <servername>mymailserver.mydomain.de </servername> </servernames>
> >
> > Ciao,
> > Bernd
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Pete Williams [mailto:pxc433@hotmail.com]
> > Gesendet: Mittwoch, 17. September 2014 14:38
> > An: James Users List
> > Betreff: RE: AW: Urgent Spamhaus Help Needed - james 2.3.2
> > [unsigned]
> >
> > Hi
> > Thanks for the replies.
> > We got an email reply back from CBL/Spamhaus. Does anyone know how I can check this, or what to do?
> > "Note: 217.172.xxx appeared to be suspicious because it was using thefollowing name to identify itself during email (port 25) connections via the SMTP HELO/EHLO commands:
> >
> > 217.172.xxx
> >
> > This is USUALLY spamware, but in some rare circumstances, it can be a misconfiguration in your mail server. The CBL attempts to distinguish real mail server software from malware SMTP clients by expecting users to name their mail server[s] to indicate who _they_ are, not their provider and be consistent with Internet protocol standards.
> >
> > Use of a bare IP address in the HELO is a violation of
> > RFC2821 section 4.1.1.1, which says that the HELO value MUST be either a fully qualified domain name (such as "mail01.example.com") or an IP address enclosed in square brackets (such as "[217.172.xxx]")."
> > > From: BWaibel@intarsys.de
> > > To: server-user@james.apache.org
> > > Subject: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> > > Date: Wed, 17 Sep 2014 11:12:34 +0000
> > >
> > > Hi,
> > >
> > > this may not be a matter of james, but it need to get fixed.
> > >
> > > Maybe check this:
> > >
> > > Do your server accept mails from extern addressed "from: someone@somewhere.de" to "unknownuser@yourdomain.de"?
> > > So the Reply may be the spam.
> > >
> > > Do your server accept mails from extern addressed "from: <null>" (means no from) to "someone@somewhere.de"?
> > > It seems to me that not all mailets in james handle the From==null.
> > >
> > > Could everybody subscribe to your service, with a wrong e-mail address?
> > > In the past we had an "subscribe newsletter" on our webpage, even with captcha, and had a lot of "fake" subscriptions.
> > > The used e-mail address got the "thank your for subscribing", and some users marked this as spam.
> > > So it may be a matter of a third system, not the mail system directly.
> > >
> > > Mfg
> > > Bernd
> > >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Pete Williams [mailto:pxc433@hotmail.com]
> > > Gesendet: Mittwoch, 17. September 2014 11:50
> > > An: server-user@james.apache.org
> > > Betreff: Urgent Spamhaus Help Needed - james 2.3.2
> > >
> > > Hi
> > >
> > > I have been successfully running a James email server for about the last 3 years. It is not an open relay. It checks clean with things like MX toolbox.
> > >
> > > Our fixed IP address keeps getting listed on Spamhaus. I am certain that we are not infected, and that James is configured OK.
> > >
> > > Our cloud based service sends emails that subscribers have asked for. It runs reports and emails them, and sends email notifications. They pay for this service, so this is stuff they want to see.
> > >
> > > I need to find out why we are being listed, and if these emails are being seen as spam by 'a trusted third party' as the spamhaus website puts it.
> > >
> > > If you can help at all, please do. I don't know how to proceed.
> > >
> > > Thanks Pete.
> > >
> > >
> > > ------------------------------------------------------------------
> > > --
> > > - To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> > > For additional commands, e-mail: server-user-help@james.apache.org
> > >
> >
> >
> > --------------------------------------------------------------------
> > - To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> > For additional commands, e-mail: server-user-help@james.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: AW: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Posted by Pete Williams <px...@hotmail.com>.
Bernd
Thanks for this - we now match perfectly.
But to me this seems like an extreme measure. Banned because the HELO is mydomain.com rather than mail.mydomain.com.
The company doing the banning is one of these outsourced security companies called epasecure.com. A shower of ....... if you ask me. No other such company has taken such drastic action in 3 years.
Andy
> From: BWaibel@intarsys.de
> To: server-user@james.apache.org
> Subject: AW: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> Date: Thu, 18 Sep 2014 09:48:27 +0000
>
> Sorry, forgotten type=mx, should be:
>
> C:\Users\bwa.IS>nslookup -type=mx mydomain.com ....
>
> -----Ursprüngliche Nachricht-----
> Von: Bernd Waibel [mailto:BWaibel@intarsys.de]
> Gesendet: Donnerstag, 18. September 2014 11:46
> An: James Users List
> Betreff: AW: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
>
> Yes, this may be the problem. Or part of it.
>
> The mail server should always use exactly the name of the mx record, und should always use the IP address of the mx record.
> If you have a firewall and using NAT or SMTP Proxy, the external IP address of your mailserver could be hidden by the firewall.
> So only in this case the A-Record of "mail.mydomain.com" should be the ip address of your firewall.
>
> Easy to check (for the incoming side, not as easy on outgoing):
>
> From extern:
> 1. nslookup the mx-record for your domain.
> 2. nslookup the a-record for your mx
> 3. ping the name, to verify the ip
> 4. telnet to your smtp on port 25 server and see what he answers.
>
>
> For example, at home, I am using company domain " mydomain.com " with mailserver "mail.mydomain.com " here:
>
> C:\Users\bwa.IS>nslookup -type=mydomain.com ....
> mydomain.com MX preference = 50, mail exchanger = mail.mydomain.com
>
> C:\Users\bwa.IS>nslookup mail.mydomain.com ....
> Name: mail.mydomain.com
> Address: 123.123.123.123
>
> C:\Users\bwa.IS>ping mail.mydomain.com
> Ping wird ausgeführt für mail.mydomain.com [123.123.123.123] mit 32 Bytes Daten:
> Antwort von 123.123.123.123: Bytes=32 Zeit=42ms TTL=57 ...
>
> C:\Users\bwa.IS>telnet mail.mydomain.com 25
> 20 mail.mydomain.com SMTP Server (JAMES SMTP Server 2.3.2) ready Thu, 18 Sep 2014 11:39:00 +0200 (CEST)
>
> Ciao,
> Bernd.
>
>
> -----Ursprüngliche Nachricht-----
> Von: Pete Williams [mailto:pxc433@hotmail.com]
> Gesendet: Mittwoch, 17. September 2014 19:30
> An: James Users List
> Betreff: RE: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
>
> Thanks for this.
> My mx record said 'mail.mydomain.com'
> My entry is the config.xml file said 'mydomain.com'
> Could this be it?
> Pete
>
> > From: BWaibel@intarsys.de
> > To: server-user@james.apache.org
> > Subject: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> > Date: Wed, 17 Sep 2014 13:11:22 +0000
> >
> > Hello Pete,
> >
> > check your config.xml.
> >
> > 1.
> > In your "RemoteDelivery" mailet (or the mailets, could be more than one), you should set your hostname for the "sender" side.
> > The hostname must be the same as defined in your MX Record in the public DNS.
> >
> > So if your Sender-Domain is "mydomain.de", and your MX-record in dns is "mymailserver.mydomain.de", and your A-Record for "mymailserver.mydomain.de" is 217.172.xxx, then use:
> >
> > <mailet match="All" class="RemoteDelivery"> .....
> > <mail.smtp.localhost>mymailserver.mydomain.de</mail.smtp.localhost>
> > </mailet>
> > Do not (!) use the numeric IP here.
> >
> >
> > 2.
> > You should also need to set the hostname for the "listen" side, so you need to change the "smtpserver" section.
> > <smtpserver enabled="true">
> > ....
> > <handler>
> > <helloName
> > autodetect="false">mymailserver.mydomain.de</helloName>
> > ...
> > </handler>
> > ...
> > </smtpserver>
> >
> > 3.
> > Also in the "<James"> Section there is a hostname.
> > This is the default if none is set. You should use the same name here. This entry does mean: for which domains is this server responsible. So you could have more than one name here.
> > <servernames autodetect="false" autodetectIP="true">
> > <servername>mymailserver.mydomain.de </servername> </servernames>
> >
> > Ciao,
> > Bernd
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Pete Williams [mailto:pxc433@hotmail.com]
> > Gesendet: Mittwoch, 17. September 2014 14:38
> > An: James Users List
> > Betreff: RE: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> >
> > Hi
> > Thanks for the replies.
> > We got an email reply back from CBL/Spamhaus. Does anyone know how I can check this, or what to do?
> > "Note: 217.172.xxx appeared to be suspicious because it was using thefollowing name to identify itself during email (port 25) connections via the SMTP HELO/EHLO commands:
> >
> > 217.172.xxx
> >
> > This is USUALLY spamware, but in some rare circumstances, it can be a misconfiguration in your mail server. The CBL attempts to distinguish real mail server software from malware SMTP clients by expecting users to name their mail server[s] to indicate who _they_ are, not their provider and be consistent with Internet protocol standards.
> >
> > Use of a bare IP address in the HELO is a violation of
> > RFC2821 section 4.1.1.1, which says that the HELO value MUST be either a fully qualified domain name (such as "mail01.example.com") or an IP address enclosed in square brackets (such as "[217.172.xxx]")."
> > > From: BWaibel@intarsys.de
> > > To: server-user@james.apache.org
> > > Subject: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> > > Date: Wed, 17 Sep 2014 11:12:34 +0000
> > >
> > > Hi,
> > >
> > > this may not be a matter of james, but it need to get fixed.
> > >
> > > Maybe check this:
> > >
> > > Do your server accept mails from extern addressed "from: someone@somewhere.de" to "unknownuser@yourdomain.de"?
> > > So the Reply may be the spam.
> > >
> > > Do your server accept mails from extern addressed "from: <null>" (means no from) to "someone@somewhere.de"?
> > > It seems to me that not all mailets in james handle the From==null.
> > >
> > > Could everybody subscribe to your service, with a wrong e-mail address?
> > > In the past we had an "subscribe newsletter" on our webpage, even with captcha, and had a lot of "fake" subscriptions.
> > > The used e-mail address got the "thank your for subscribing", and some users marked this as spam.
> > > So it may be a matter of a third system, not the mail system directly.
> > >
> > > Mfg
> > > Bernd
> > >
> > > -----Ursprüngliche Nachricht-----
> > > Von: Pete Williams [mailto:pxc433@hotmail.com]
> > > Gesendet: Mittwoch, 17. September 2014 11:50
> > > An: server-user@james.apache.org
> > > Betreff: Urgent Spamhaus Help Needed - james 2.3.2
> > >
> > > Hi
> > >
> > > I have been successfully running a James email server for about the last 3 years. It is not an open relay. It checks clean with things like MX toolbox.
> > >
> > > Our fixed IP address keeps getting listed on Spamhaus. I am certain that we are not infected, and that James is configured OK.
> > >
> > > Our cloud based service sends emails that subscribers have asked for. It runs reports and emails them, and sends email notifications. They pay for this service, so this is stuff they want to see.
> > >
> > > I need to find out why we are being listed, and if these emails are being seen as spam by 'a trusted third party' as the spamhaus website puts it.
> > >
> > > If you can help at all, please do. I don't know how to proceed.
> > >
> > > Thanks Pete.
> > >
> > >
> > > --------------------------------------------------------------------
> > > - To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> > > For additional commands, e-mail: server-user-help@james.apache.org
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> > For additional commands, e-mail: server-user-help@james.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
AW: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Posted by Bernd Waibel <BW...@intarsys.de>.
Sorry, forgotten type=mx, should be:
C:\Users\bwa.IS>nslookup -type=mx mydomain.com ....
-----Ursprüngliche Nachricht-----
Von: Bernd Waibel [mailto:BWaibel@intarsys.de]
Gesendet: Donnerstag, 18. September 2014 11:46
An: James Users List
Betreff: AW: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Yes, this may be the problem. Or part of it.
The mail server should always use exactly the name of the mx record, und should always use the IP address of the mx record.
If you have a firewall and using NAT or SMTP Proxy, the external IP address of your mailserver could be hidden by the firewall.
So only in this case the A-Record of "mail.mydomain.com" should be the ip address of your firewall.
Easy to check (for the incoming side, not as easy on outgoing):
>From extern:
1. nslookup the mx-record for your domain.
2. nslookup the a-record for your mx
3. ping the name, to verify the ip
4. telnet to your smtp on port 25 server and see what he answers.
For example, at home, I am using company domain " mydomain.com " with mailserver "mail.mydomain.com " here:
C:\Users\bwa.IS>nslookup -type=mydomain.com ....
mydomain.com MX preference = 50, mail exchanger = mail.mydomain.com
C:\Users\bwa.IS>nslookup mail.mydomain.com ....
Name: mail.mydomain.com
Address: 123.123.123.123
C:\Users\bwa.IS>ping mail.mydomain.com
Ping wird ausgeführt für mail.mydomain.com [123.123.123.123] mit 32 Bytes Daten:
Antwort von 123.123.123.123: Bytes=32 Zeit=42ms TTL=57 ...
C:\Users\bwa.IS>telnet mail.mydomain.com 25
20 mail.mydomain.com SMTP Server (JAMES SMTP Server 2.3.2) ready Thu, 18 Sep 2014 11:39:00 +0200 (CEST)
Ciao,
Bernd.
-----Ursprüngliche Nachricht-----
Von: Pete Williams [mailto:pxc433@hotmail.com]
Gesendet: Mittwoch, 17. September 2014 19:30
An: James Users List
Betreff: RE: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Thanks for this.
My mx record said 'mail.mydomain.com'
My entry is the config.xml file said 'mydomain.com'
Could this be it?
Pete
> From: BWaibel@intarsys.de
> To: server-user@james.apache.org
> Subject: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> Date: Wed, 17 Sep 2014 13:11:22 +0000
>
> Hello Pete,
>
> check your config.xml.
>
> 1.
> In your "RemoteDelivery" mailet (or the mailets, could be more than one), you should set your hostname for the "sender" side.
> The hostname must be the same as defined in your MX Record in the public DNS.
>
> So if your Sender-Domain is "mydomain.de", and your MX-record in dns is "mymailserver.mydomain.de", and your A-Record for "mymailserver.mydomain.de" is 217.172.xxx, then use:
>
> <mailet match="All" class="RemoteDelivery"> .....
> <mail.smtp.localhost>mymailserver.mydomain.de</mail.smtp.localhost>
> </mailet>
> Do not (!) use the numeric IP here.
>
>
> 2.
> You should also need to set the hostname for the "listen" side, so you need to change the "smtpserver" section.
> <smtpserver enabled="true">
> ....
> <handler>
> <helloName
> autodetect="false">mymailserver.mydomain.de</helloName>
> ...
> </handler>
> ...
> </smtpserver>
>
> 3.
> Also in the "<James"> Section there is a hostname.
> This is the default if none is set. You should use the same name here. This entry does mean: for which domains is this server responsible. So you could have more than one name here.
> <servernames autodetect="false" autodetectIP="true">
> <servername>mymailserver.mydomain.de </servername> </servernames>
>
> Ciao,
> Bernd
>
> -----Ursprüngliche Nachricht-----
> Von: Pete Williams [mailto:pxc433@hotmail.com]
> Gesendet: Mittwoch, 17. September 2014 14:38
> An: James Users List
> Betreff: RE: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
>
> Hi
> Thanks for the replies.
> We got an email reply back from CBL/Spamhaus. Does anyone know how I can check this, or what to do?
> "Note: 217.172.xxx appeared to be suspicious because it was using thefollowing name to identify itself during email (port 25) connections via the SMTP HELO/EHLO commands:
>
> 217.172.xxx
>
> This is USUALLY spamware, but in some rare circumstances, it can be a misconfiguration in your mail server. The CBL attempts to distinguish real mail server software from malware SMTP clients by expecting users to name their mail server[s] to indicate who _they_ are, not their provider and be consistent with Internet protocol standards.
>
> Use of a bare IP address in the HELO is a violation of
> RFC2821 section 4.1.1.1, which says that the HELO value MUST be either a fully qualified domain name (such as "mail01.example.com") or an IP address enclosed in square brackets (such as "[217.172.xxx]")."
> > From: BWaibel@intarsys.de
> > To: server-user@james.apache.org
> > Subject: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> > Date: Wed, 17 Sep 2014 11:12:34 +0000
> >
> > Hi,
> >
> > this may not be a matter of james, but it need to get fixed.
> >
> > Maybe check this:
> >
> > Do your server accept mails from extern addressed "from: someone@somewhere.de" to "unknownuser@yourdomain.de"?
> > So the Reply may be the spam.
> >
> > Do your server accept mails from extern addressed "from: <null>" (means no from) to "someone@somewhere.de"?
> > It seems to me that not all mailets in james handle the From==null.
> >
> > Could everybody subscribe to your service, with a wrong e-mail address?
> > In the past we had an "subscribe newsletter" on our webpage, even with captcha, and had a lot of "fake" subscriptions.
> > The used e-mail address got the "thank your for subscribing", and some users marked this as spam.
> > So it may be a matter of a third system, not the mail system directly.
> >
> > Mfg
> > Bernd
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Pete Williams [mailto:pxc433@hotmail.com]
> > Gesendet: Mittwoch, 17. September 2014 11:50
> > An: server-user@james.apache.org
> > Betreff: Urgent Spamhaus Help Needed - james 2.3.2
> >
> > Hi
> >
> > I have been successfully running a James email server for about the last 3 years. It is not an open relay. It checks clean with things like MX toolbox.
> >
> > Our fixed IP address keeps getting listed on Spamhaus. I am certain that we are not infected, and that James is configured OK.
> >
> > Our cloud based service sends emails that subscribers have asked for. It runs reports and emails them, and sends email notifications. They pay for this service, so this is stuff they want to see.
> >
> > I need to find out why we are being listed, and if these emails are being seen as spam by 'a trusted third party' as the spamhaus website puts it.
> >
> > If you can help at all, please do. I don't know how to proceed.
> >
> > Thanks Pete.
> >
> >
> > --------------------------------------------------------------------
> > - To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> > For additional commands, e-mail: server-user-help@james.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
AW: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Posted by Bernd Waibel <BW...@intarsys.de>.
Yes, this may be the problem. Or part of it.
The mail server should always use exactly the name of the mx record, und should always use the IP address of the mx record.
If you have a firewall and using NAT or SMTP Proxy, the external IP address of your mailserver could be hidden by the firewall.
So only in this case the A-Record of "mail.mydomain.com" should be the ip address of your firewall.
Easy to check (for the incoming side, not as easy on outgoing):
>From extern:
1. nslookup the mx-record for your domain.
2. nslookup the a-record for your mx
3. ping the name, to verify the ip
4. telnet to your smtp on port 25 server and see what he answers.
For example, at home, I am using company domain " mydomain.com " with mailserver "mail.mydomain.com " here:
C:\Users\bwa.IS>nslookup -type=mydomain.com
....
mydomain.com MX preference = 50, mail exchanger = mail.mydomain.com
C:\Users\bwa.IS>nslookup mail.mydomain.com
....
Name: mail.mydomain.com
Address: 123.123.123.123
C:\Users\bwa.IS>ping mail.mydomain.com
Ping wird ausgeführt für mail.mydomain.com [123.123.123.123] mit 32 Bytes Daten:
Antwort von 123.123.123.123: Bytes=32 Zeit=42ms TTL=57
...
C:\Users\bwa.IS>telnet mail.mydomain.com 25
20 mail.mydomain.com SMTP Server (JAMES SMTP Server 2.3.2) ready Thu, 18 Sep 2014 11:39:00 +0200 (CEST)
Ciao,
Bernd.
-----Ursprüngliche Nachricht-----
Von: Pete Williams [mailto:pxc433@hotmail.com]
Gesendet: Mittwoch, 17. September 2014 19:30
An: James Users List
Betreff: RE: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Thanks for this.
My mx record said 'mail.mydomain.com'
My entry is the config.xml file said 'mydomain.com'
Could this be it?
Pete
> From: BWaibel@intarsys.de
> To: server-user@james.apache.org
> Subject: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> Date: Wed, 17 Sep 2014 13:11:22 +0000
>
> Hello Pete,
>
> check your config.xml.
>
> 1.
> In your "RemoteDelivery" mailet (or the mailets, could be more than one), you should set your hostname for the "sender" side.
> The hostname must be the same as defined in your MX Record in the public DNS.
>
> So if your Sender-Domain is "mydomain.de", and your MX-record in dns is "mymailserver.mydomain.de", and your A-Record for "mymailserver.mydomain.de" is 217.172.xxx, then use:
>
> <mailet match="All" class="RemoteDelivery"> .....
> <mail.smtp.localhost>mymailserver.mydomain.de</mail.smtp.localhost>
> </mailet>
> Do not (!) use the numeric IP here.
>
>
> 2.
> You should also need to set the hostname for the "listen" side, so you need to change the "smtpserver" section.
> <smtpserver enabled="true">
> ....
> <handler>
> <helloName
> autodetect="false">mymailserver.mydomain.de</helloName>
> ...
> </handler>
> ...
> </smtpserver>
>
> 3.
> Also in the "<James"> Section there is a hostname.
> This is the default if none is set. You should use the same name here. This entry does mean: for which domains is this server responsible. So you could have more than one name here.
> <servernames autodetect="false" autodetectIP="true">
> <servername>mymailserver.mydomain.de </servername> </servernames>
>
> Ciao,
> Bernd
>
> -----Ursprüngliche Nachricht-----
> Von: Pete Williams [mailto:pxc433@hotmail.com]
> Gesendet: Mittwoch, 17. September 2014 14:38
> An: James Users List
> Betreff: RE: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
>
> Hi
> Thanks for the replies.
> We got an email reply back from CBL/Spamhaus. Does anyone know how I can check this, or what to do?
> "Note: 217.172.xxx appeared to be suspicious because it was using thefollowing name to identify itself during email (port 25) connections via the SMTP HELO/EHLO commands:
>
> 217.172.xxx
>
> This is USUALLY spamware, but in some rare circumstances, it can be a misconfiguration in your mail server. The CBL attempts to distinguish real mail server software from malware SMTP clients by expecting users to name their mail server[s] to indicate who _they_ are, not their provider and be consistent with Internet protocol standards.
>
> Use of a bare IP address in the HELO is a violation of
> RFC2821 section 4.1.1.1, which says that the HELO value MUST be either a fully qualified domain name (such as "mail01.example.com") or an IP address enclosed in square brackets (such as "[217.172.xxx]")."
> > From: BWaibel@intarsys.de
> > To: server-user@james.apache.org
> > Subject: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> > Date: Wed, 17 Sep 2014 11:12:34 +0000
> >
> > Hi,
> >
> > this may not be a matter of james, but it need to get fixed.
> >
> > Maybe check this:
> >
> > Do your server accept mails from extern addressed "from: someone@somewhere.de" to "unknownuser@yourdomain.de"?
> > So the Reply may be the spam.
> >
> > Do your server accept mails from extern addressed "from: <null>" (means no from) to "someone@somewhere.de"?
> > It seems to me that not all mailets in james handle the From==null.
> >
> > Could everybody subscribe to your service, with a wrong e-mail address?
> > In the past we had an "subscribe newsletter" on our webpage, even with captcha, and had a lot of "fake" subscriptions.
> > The used e-mail address got the "thank your for subscribing", and some users marked this as spam.
> > So it may be a matter of a third system, not the mail system directly.
> >
> > Mfg
> > Bernd
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Pete Williams [mailto:pxc433@hotmail.com]
> > Gesendet: Mittwoch, 17. September 2014 11:50
> > An: server-user@james.apache.org
> > Betreff: Urgent Spamhaus Help Needed - james 2.3.2
> >
> > Hi
> >
> > I have been successfully running a James email server for about the last 3 years. It is not an open relay. It checks clean with things like MX toolbox.
> >
> > Our fixed IP address keeps getting listed on Spamhaus. I am certain that we are not infected, and that James is configured OK.
> >
> > Our cloud based service sends emails that subscribers have asked for. It runs reports and emails them, and sends email notifications. They pay for this service, so this is stuff they want to see.
> >
> > I need to find out why we are being listed, and if these emails are being seen as spam by 'a trusted third party' as the spamhaus website puts it.
> >
> > If you can help at all, please do. I don't know how to proceed.
> >
> > Thanks Pete.
> >
> >
> > --------------------------------------------------------------------
> > - To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> > For additional commands, e-mail: server-user-help@james.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Posted by Pete Williams <px...@hotmail.com>.
Thanks for this.
My mx record said 'mail.mydomain.com'
My entry is the config.xml file said 'mydomain.com'
Could this be it?
Pete
> From: BWaibel@intarsys.de
> To: server-user@james.apache.org
> Subject: AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> Date: Wed, 17 Sep 2014 13:11:22 +0000
>
> Hello Pete,
>
> check your config.xml.
>
> 1.
> In your "RemoteDelivery" mailet (or the mailets, could be more than one), you should set your hostname for the "sender" side.
> The hostname must be the same as defined in your MX Record in the public DNS.
>
> So if your Sender-Domain is "mydomain.de", and your MX-record in dns is "mymailserver.mydomain.de", and your A-Record for "mymailserver.mydomain.de" is 217.172.xxx, then use:
>
> <mailet match="All" class="RemoteDelivery">
> .....
> <mail.smtp.localhost>mymailserver.mydomain.de</mail.smtp.localhost>
> </mailet>
> Do not (!) use the numeric IP here.
>
>
> 2.
> You should also need to set the hostname for the "listen" side, so you need to change the "smtpserver" section.
> <smtpserver enabled="true">
> ....
> <handler>
> <helloName autodetect="false">mymailserver.mydomain.de</helloName>
> ...
> </handler>
> ...
> </smtpserver>
>
> 3.
> Also in the "<James"> Section there is a hostname.
> This is the default if none is set. You should use the same name here. This entry does mean: for which domains is this server responsible. So you could have more than one name here.
> <servernames autodetect="false" autodetectIP="true">
> <servername>mymailserver.mydomain.de </servername>
> </servernames>
>
> Ciao,
> Bernd
>
> -----Ursprüngliche Nachricht-----
> Von: Pete Williams [mailto:pxc433@hotmail.com]
> Gesendet: Mittwoch, 17. September 2014 14:38
> An: James Users List
> Betreff: RE: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
>
> Hi
> Thanks for the replies.
> We got an email reply back from CBL/Spamhaus. Does anyone know how I can check this, or what to do?
> "Note: 217.172.xxx appeared to be suspicious because it was using thefollowing name to identify itself during email (port 25) connections via the SMTP HELO/EHLO commands:
>
> 217.172.xxx
>
> This is USUALLY spamware, but in some rare circumstances, it can be a misconfiguration in your mail server. The CBL attempts to distinguish real mail server software from malware SMTP clients by expecting users to name their mail server[s] to indicate who _they_ are, not their provider and be consistent with Internet protocol standards.
>
> Use of a bare IP address in the HELO is a violation of
> RFC2821 section 4.1.1.1, which says that the HELO value MUST be either a fully qualified domain name (such as "mail01.example.com") or an IP address enclosed in square brackets (such as "[217.172.xxx]")."
> > From: BWaibel@intarsys.de
> > To: server-user@james.apache.org
> > Subject: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> > Date: Wed, 17 Sep 2014 11:12:34 +0000
> >
> > Hi,
> >
> > this may not be a matter of james, but it need to get fixed.
> >
> > Maybe check this:
> >
> > Do your server accept mails from extern addressed "from: someone@somewhere.de" to "unknownuser@yourdomain.de"?
> > So the Reply may be the spam.
> >
> > Do your server accept mails from extern addressed "from: <null>" (means no from) to "someone@somewhere.de"?
> > It seems to me that not all mailets in james handle the From==null.
> >
> > Could everybody subscribe to your service, with a wrong e-mail address?
> > In the past we had an "subscribe newsletter" on our webpage, even with captcha, and had a lot of "fake" subscriptions.
> > The used e-mail address got the "thank your for subscribing", and some users marked this as spam.
> > So it may be a matter of a third system, not the mail system directly.
> >
> > Mfg
> > Bernd
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Pete Williams [mailto:pxc433@hotmail.com]
> > Gesendet: Mittwoch, 17. September 2014 11:50
> > An: server-user@james.apache.org
> > Betreff: Urgent Spamhaus Help Needed - james 2.3.2
> >
> > Hi
> >
> > I have been successfully running a James email server for about the last 3 years. It is not an open relay. It checks clean with things like MX toolbox.
> >
> > Our fixed IP address keeps getting listed on Spamhaus. I am certain that we are not infected, and that James is configured OK.
> >
> > Our cloud based service sends emails that subscribers have asked for. It runs reports and emails them, and sends email notifications. They pay for this service, so this is stuff they want to see.
> >
> > I need to find out why we are being listed, and if these emails are being seen as spam by 'a trusted third party' as the spamhaus website puts it.
> >
> > If you can help at all, please do. I don't know how to proceed.
> >
> > Thanks Pete.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> > For additional commands, e-mail: server-user-help@james.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
AW: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Posted by Bernd Waibel <BW...@intarsys.de>.
Hello Pete,
check your config.xml.
1.
In your "RemoteDelivery" mailet (or the mailets, could be more than one), you should set your hostname for the "sender" side.
The hostname must be the same as defined in your MX Record in the public DNS.
So if your Sender-Domain is "mydomain.de", and your MX-record in dns is "mymailserver.mydomain.de", and your A-Record for "mymailserver.mydomain.de" is 217.172.xxx, then use:
<mailet match="All" class="RemoteDelivery">
.....
<mail.smtp.localhost>mymailserver.mydomain.de</mail.smtp.localhost>
</mailet>
Do not (!) use the numeric IP here.
2.
You should also need to set the hostname for the "listen" side, so you need to change the "smtpserver" section.
<smtpserver enabled="true">
....
<handler>
<helloName autodetect="false">mymailserver.mydomain.de</helloName>
...
</handler>
...
</smtpserver>
3.
Also in the "<James"> Section there is a hostname.
This is the default if none is set. You should use the same name here. This entry does mean: for which domains is this server responsible. So you could have more than one name here.
<servernames autodetect="false" autodetectIP="true">
<servername>mymailserver.mydomain.de </servername>
</servernames>
Ciao,
Bernd
-----Ursprüngliche Nachricht-----
Von: Pete Williams [mailto:pxc433@hotmail.com]
Gesendet: Mittwoch, 17. September 2014 14:38
An: James Users List
Betreff: RE: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Hi
Thanks for the replies.
We got an email reply back from CBL/Spamhaus. Does anyone know how I can check this, or what to do?
"Note: 217.172.xxx appeared to be suspicious because it was using thefollowing name to identify itself during email (port 25) connections via the SMTP HELO/EHLO commands:
217.172.xxx
This is USUALLY spamware, but in some rare circumstances, it can be a misconfiguration in your mail server. The CBL attempts to distinguish real mail server software from malware SMTP clients by expecting users to name their mail server[s] to indicate who _they_ are, not their provider and be consistent with Internet protocol standards.
Use of a bare IP address in the HELO is a violation of
RFC2821 section 4.1.1.1, which says that the HELO value MUST be either a fully qualified domain name (such as "mail01.example.com") or an IP address enclosed in square brackets (such as "[217.172.xxx]")."
> From: BWaibel@intarsys.de
> To: server-user@james.apache.org
> Subject: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> Date: Wed, 17 Sep 2014 11:12:34 +0000
>
> Hi,
>
> this may not be a matter of james, but it need to get fixed.
>
> Maybe check this:
>
> Do your server accept mails from extern addressed "from: someone@somewhere.de" to "unknownuser@yourdomain.de"?
> So the Reply may be the spam.
>
> Do your server accept mails from extern addressed "from: <null>" (means no from) to "someone@somewhere.de"?
> It seems to me that not all mailets in james handle the From==null.
>
> Could everybody subscribe to your service, with a wrong e-mail address?
> In the past we had an "subscribe newsletter" on our webpage, even with captcha, and had a lot of "fake" subscriptions.
> The used e-mail address got the "thank your for subscribing", and some users marked this as spam.
> So it may be a matter of a third system, not the mail system directly.
>
> Mfg
> Bernd
>
> -----Ursprüngliche Nachricht-----
> Von: Pete Williams [mailto:pxc433@hotmail.com]
> Gesendet: Mittwoch, 17. September 2014 11:50
> An: server-user@james.apache.org
> Betreff: Urgent Spamhaus Help Needed - james 2.3.2
>
> Hi
>
> I have been successfully running a James email server for about the last 3 years. It is not an open relay. It checks clean with things like MX toolbox.
>
> Our fixed IP address keeps getting listed on Spamhaus. I am certain that we are not infected, and that James is configured OK.
>
> Our cloud based service sends emails that subscribers have asked for. It runs reports and emails them, and sends email notifications. They pay for this service, so this is stuff they want to see.
>
> I need to find out why we are being listed, and if these emails are being seen as spam by 'a trusted third party' as the spamhaus website puts it.
>
> If you can help at all, please do. I don't know how to proceed.
>
> Thanks Pete.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
Posted by Pete Williams <px...@hotmail.com>.
Hi
Thanks for the replies.
We got an email reply back from CBL/Spamhaus. Does anyone know how I can check this, or what to do?
"Note: 217.172.xxx appeared to be suspicious because it was using thefollowing name to identify itself during email (port 25) connections
via the SMTP HELO/EHLO commands:
217.172.xxx
This is USUALLY spamware, but in some rare circumstances, it can be a
misconfiguration in your mail server. The CBL attempts to distinguish
real mail server software from malware SMTP clients by expecting users
to name their mail server[s] to indicate who _they_ are, not their
provider and be consistent with Internet protocol standards.
Use of a bare IP address in the HELO is a violation of
RFC2821 section 4.1.1.1, which says that the HELO value MUST
be either a fully qualified domain name (such as "mail01.example.com")
or an IP address enclosed in square brackets (such as "[217.172.xxx]")."
> From: BWaibel@intarsys.de
> To: server-user@james.apache.org
> Subject: AW: Urgent Spamhaus Help Needed - james 2.3.2 [unsigned]
> Date: Wed, 17 Sep 2014 11:12:34 +0000
>
> Hi,
>
> this may not be a matter of james, but it need to get fixed.
>
> Maybe check this:
>
> Do your server accept mails from extern addressed "from: someone@somewhere.de" to "unknownuser@yourdomain.de"?
> So the Reply may be the spam.
>
> Do your server accept mails from extern addressed "from: <null>" (means no from) to "someone@somewhere.de"?
> It seems to me that not all mailets in james handle the From==null.
>
> Could everybody subscribe to your service, with a wrong e-mail address?
> In the past we had an "subscribe newsletter" on our webpage, even with captcha, and had a lot of "fake" subscriptions.
> The used e-mail address got the "thank your for subscribing", and some users marked this as spam.
> So it may be a matter of a third system, not the mail system directly.
>
> Mfg
> Bernd
>
> -----Ursprüngliche Nachricht-----
> Von: Pete Williams [mailto:pxc433@hotmail.com]
> Gesendet: Mittwoch, 17. September 2014 11:50
> An: server-user@james.apache.org
> Betreff: Urgent Spamhaus Help Needed - james 2.3.2
>
> Hi
>
> I have been successfully running a James email server for about the last 3 years. It is not an open relay. It checks clean with things like MX toolbox.
>
> Our fixed IP address keeps getting listed on Spamhaus. I am certain that we are not infected, and that James is configured OK.
>
> Our cloud based service sends emails that subscribers have asked for. It runs reports and emails them, and sends email notifications. They pay for this service, so this is stuff they want to see.
>
> I need to find out why we are being listed, and if these emails are being seen as spam by 'a trusted third party' as the spamhaus website puts it.
>
> If you can help at all, please do. I don't know how to proceed.
>
> Thanks Pete.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>