[TriLUG] recent "Poor Reputation Sender" bounces
Matt Flyer via TriLUG
trilug at trilug.org
Wed Jul 10 17:02:20 EDT 2019
On Wed, 2019-07-10 at 16:30 +0000, Joseph Mack NA3T via TriLUG wrote:
> On Wed, 10 Jul 2019, ac via TriLUG wrote:
>
> >
> > http://multirbl.valli.org/lookup/208.79.82.66.html
> thanks Andre,
>
> I'm unfamiliar with many of your tests.
>
> However I went to the URL above and saw the results. We have about a
> dozen fails
> because our(?) DNS server was not accessible. I have no idea how
> serious this
> is.
I've never seen these reputation tests before either, quite
interesting.
Actually this post came up at a convenient time. It turns out I
started having this problem with my (email) server recently.
Here's the background information: It is a Linode server that runs
multiple (web) domains and (virtual) email domains. As SNI is
unreliable, the machine has two IPV4 addresses, and a bank of IPV6
addresses (one is assigned - I have some questions / issues on this for
a different thread).
The one domain and IP address is used as a local forum. The other I
use for my private stuff. Postfix had defaulted to using the forum IP
address as the outbound SMTP. This wasn't a problem as I had SPF and
DKIM records set up for both. Reverse DNS worked for both.
The only potential 'gotcha' that I caught (yesterday) was the the IPV6
address was in the AAAA record for the forum IP and the reverse was set
to my private domain. This was an left over from some previous
configuration.
Anyway, on July 5th Spectrum / RoadRunner (a lot of people still use RR
addresses) started blocking the server. Example error: Jul 9 09:08:54
telvos postfix/smtp[14815]: CDED51F99B: to=<redacted at triad.rr.com>,
relay=dnvrco-cmedge01.email.rr.com[69.134.155.135]:25, delay=172706,
delays=172706/0.02/0.28/0, dsn=4.0.0, status=deferred (host dnvrco-
cmedge01.email.rr.com[69.134.155.135] refused to talk to me: 554
dnvrco-cmimta05 esmtp ESMTP server not available AUP#I-1000)
>From what I can tell, the 554 means invalid r-dns and the AUP#I-1000
means blocked. This really puzzles me as the reverse DNS on the IPV4
(the interface being used) was fine and resolved to the same as the
forward domain. Mxtoolbox indicated no issues with the domain and it
is not blacklisted. In fact, I have been getting the weekly reports
for this address for almost two years without showing any issues. Today
I ran the reputation tool and it gave this domain a score of 99 out of
100. I do not send bulk or unsolicited email, except perhaps to the
legislators.
I have zero clue as to why this was being blocked.
What I did was figure out how to smtp_bind Postfix to the other IP
address, which basically switched it to the other domain, my personal
one. This too has an SPF record and DKIM. Work around worked.
However, as best as I can tell, there is no real way to try to contact
Spectrum (Rectum as I call them) to inquire what the hell is causing
them to block the other IP?
More information about the TriLUG
mailing list