You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by David Jones <dj...@ena.com> on 2018/02/11 19:37:57 UTC
smtp.centurylink.net 206.152.134.66
Anyone on this list that knows the mail admins/contacts for
centurylink.net and embarqmail.com? This mail server has legit email
for centurylink.net and embarqmail.com plus a lot of other spam coming
out of it.
It's listed on a number of RBLs making this very hard to allow ham
through and block spam.
http://multirbl.valli.org/lookup/206.152.134.66.html
The PTR and A records for this IP are mail.onyx.syn-alias.com which is
also a bit odd since the SMTP HELO is smtp.centurylink.net. These don't
have to match but it's best if they did to help prove ownership and
trustworthiness.
https://pastebin.com/YidWCqp8
I have had a customer of ours request whitelisting of centurylink.net
and embarqmail.com email based on this problem and it's causing
problems. It can't be whitelisted due to a lot of junk coming from it
so I had to make some custom local rules to do this.
It would be best if the centurylink.net and embarqmail.com mail didn't
egress onto the Internet from an IP that was listed on so many RBLs.
SOLUTION: Setup a new mail relay with FCrDNS and the SMTP HELO matching
and get SPF and DKIM working properly for centurylink.net and
embarqmail.com so the rest of the Internet can properly filter/allow
this email.
--
David Jones
Re: smtp.centurylink.net 206.152.134.66
Posted by Rob McEwen <ro...@invaluement.com>.
On 2/11/2018 2:37 PM, David Jones wrote:
> This mail server has legit email for centurylink.net and
> embarqmail.com plus a lot of other spam coming out of it.
> It's listed on a number of RBLs making this very hard to allow ham
> through and block spam.
> http://multirbl.valli.org/lookup/206.152.134.66.html
> <snip>
> https://pastebin.com/YidWCqp8
I've downgraded the whitelisting entry for this IP at invaluement. It
still won't get blacklisted due to the large amount of collateral damage
that such a listing would cause. (And others lists having this
blacklisted is probably a GOOD thing! I'm not disputing their decision
for their list. Different lists serve different purposes, etc.) But with
this downgrade at invaluement, future spam that comes from this IP will
be examined with greater scrutiny by invaluement, in order to possibly
blacklist other domains and IPs related to the spam.
Also, the spam sample shows a Google shortner being used as the payload
link. I've seen many of those lately - and I think Google needs to work
on improving their ability to prevent these, or at least get the
shortner terminated faster. At the moment, this one is still "live". I
reported this particular one as spam to their shortner abuse form. So,
it will be interesting to see how long it persists from this point forward?
btw - if anyone ever wants to learn more about one of these google
shortners without actually visiting the link (which can be dangerous...
for example, some of the more malicious links arrive at a page that
tries to install a virus), add ".info" to the end of the google shortner
URL and you can then see more info about the shortner, including its
intended destination. For example, for this one:
https://goo.gl/s7XxhD.info
--
Rob McEwen
https://www.invaluement.com
Re: smtp.centurylink.net 206.152.134.66
Posted by Charles Sprickman <sp...@bway.net>.
> On Feb 11, 2018, at 7:13 PM, David Jones <dj...@ena.com> wrote:
>
> On 02/11/2018 03:56 PM, @lbutlr wrote:
>> On 2018-02-11 (12:37 MST), David Jones <dj...@ena.com> wrote:
>>>
>>> Anyone on this list that knows the mail admins/contacts for centurylink.net and embarqmail.com? This mail server has legit email for centurylink.net and embarqmail.com plus a lot of other spam coming out of it.
>> As a customer of CenturyLink (we have symmetric Gigabit through them) I can say that their support personal are less than worthless.
>> They still have a very "Bell telephone" attitude where everything they do is automatically correct because they are the telephone company, so any problem issue, or misconfiguration is someone else's fault.
>> Whatever solutions you need, you'll have to manage them on your own and do your best to work around their incompetence.
>
> Centurylink recently purchased Level 3 which has/had excellent support. Hopefully Level 3 tech support wasn't laid off to keep the status quo.
The bellheads always win in these acquisitions. :(
> --
> David Jones
Re: smtp.centurylink.net 206.152.134.66
Posted by David Jones <dj...@ena.com>.
On 02/11/2018 03:56 PM, @lbutlr wrote:
> On 2018-02-11 (12:37 MST), David Jones <dj...@ena.com> wrote:
>>
>> Anyone on this list that knows the mail admins/contacts for centurylink.net and embarqmail.com? This mail server has legit email for centurylink.net and embarqmail.com plus a lot of other spam coming out of it.
>
>
> As a customer of CenturyLink (we have symmetric Gigabit through them) I can say that their support personal are less than worthless.
>
> They still have a very "Bell telephone" attitude where everything they do is automatically correct because they are the telephone company, so any problem issue, or misconfiguration is someone else's fault.
>
> Whatever solutions you need, you'll have to manage them on your own and do your best to work around their incompetence.
>
Centurylink recently purchased Level 3 which has/had excellent support.
Hopefully Level 3 tech support wasn't laid off to keep the status quo.
--
David Jones
Re: smtp.centurylink.net 206.152.134.66
Posted by "@lbutlr" <kr...@kreme.com>.
On 2018-02-11 (12:37 MST), David Jones <dj...@ena.com> wrote:
>
> Anyone on this list that knows the mail admins/contacts for centurylink.net and embarqmail.com? This mail server has legit email for centurylink.net and embarqmail.com plus a lot of other spam coming out of it.
As a customer of CenturyLink (we have symmetric Gigabit through them) I can say that their support personal are less than worthless.
They still have a very "Bell telephone" attitude where everything they do is automatically correct because they are the telephone company, so any problem issue, or misconfiguration is someone else's fault.
Whatever solutions you need, you'll have to manage them on your own and do your best to work around their incompetence.
--
'Today Is A Good Day For Someone Else To Die!' --Feet of Clay
Re: smtp.centurylink.net 206.152.134.66
Posted by Chris <cp...@embarqmail.com>.
On Sun, 2018-02-11 at 13:37 -0600, David Jones wrote:
> Anyone on this list that knows the mail admins/contacts for
> centurylink.net and embarqmail.com? This mail server has legit
> email
> for centurylink.net and embarqmail.com plus a lot of other spam
> coming
> out of it.
>
David, as you can see I use embarqmail (centurylink as my ISP). I got
this email address off of DSLreports.com - TalkToUs@CenturyLink.com as
the name of the CenturyLink tech who posts there so you might give them
a try. I've found that their Tech Support is pretty lame especially
when it comes to problems I've had before in regards to anything
dealing with Linux or mailer issues. They're also on Twitter
- @CenturyLinkHelp and I've sent them DMs before and pretty much get a
quick reply however they've never been helpful except to shake their
virtual heads and tell me to go into chat (which was useless also) or
call. You might try them though.
Sorry I couldn't be of more help.
Chris
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
15:31:38 up 9 days, 23:04, 1 user, load average: 0.94, 0.83, 0.74
Description: Ubuntu 16.04.3 LTS, kernel 4.13.0-32-generic