[TriLUG] "Poor Reputation Sender" bounces - part deux
Matt Flyer via TriLUG
trilug at trilug.org
Tue Dec 8 15:45:49 EST 2020
Trilug,
Back in July of 2019, the subject came up about mail from Pilot
bouncing due to "poor sender reputation". The nuts and bolts of the
conversation are that some institutions get really paranoid about the
stuff that they allow in, and that they are gravitating towards a
"reputation" score that is different than the RBL listings.
One of the big ones is http://multirbl.valli.org/lookup/insert-ip.html
The other one that Joe Mack was running into was Cloudmark Sender
Intelligence (CSI) http://csi.cloudmark.com
Interestingly, a couple of weeks ago, I started having trouble sending
to Charter/TWC/Spectrum accounts, caused by this system. I don't know
why. Looking at the valli.org "reputation" site showed a very clean
history with only one obscure RBL blocking me and something like 245
positive "green" tests and a neutral reputation.
A day or two ago, I started getting bounced by centurylink.net and
another (private) domain that i don't know who they're using for an MX
also claiming csi.cloudmark.com having a poor reputation with address
66.175.210.233. Note the Valli test showed no issues, but doesn't sow
Cloudmark and there is only a de-listing no checking page for them.
This is where things get even more weird. This morning I started having
trouble sending messages to Google users and I started getting the
following:
host gmail-smtp-in.l.google.com[2607:f8b0:400d:c0b::1b] said: 550-5.7.1
[2600:3c03::f03c:91ff:fe69:a6aa 19] Our system has detected that
550-5.7.1 this message is likely suspicious due to the very low
reputation of 550-5.7.1 the sending domain. To best protect our users
from spam, the message 550-5.7.1 has been blocked. Please visit 550
5.7.1 https://support.google.com/mail/answer/188131 for more
information. l17si8931823qtl.147 - gsmtp (in reply to end of DATA
command)
The INTERESTING part is that the postfix server is bound to the IPV4
address. I suspect one of two things is going on. One, even with
Postfix bound to an address Google is doing an A or AAAA record lookup,
finding the IPv6 address and declaring it "bad". Or two, the mail is
going out on the IPv6 address even though the gateway is set to an IPv4
address (which is actually different than the 66.175.210.233 that
Postfix is bound to).
To troubleshoot, I deleted the IPv6 DNS records for now and I am going
to turn off IPv6 in the network interface next as this didn't seem to
effect the Google sending attempt.
I also singed up for the Google Postmaster Tools and as much as I hated
doing so as I believe them to be an evil company I registered the
domains to my account with them. Of course, it says "no data available"
on their tools, but I don't send a lot of email.
It seems that this shadowy "reputation" services which are likely
geared towards bulk / spam type emails are hammering smaller operations
and simply don't care. Then again, I could put on a foil hat and
easily believe that it is a conspiracy to get people to run all their
mail through a big system or an ISP base SMTP server for scanning and
processing.
Anyone have any thoughts or suggestions?
More information about the TriLUG
mailing list