Overcoming MAPS Reverse-Lookup Oppression? 97
ArghBlarg asks: "Imagine the following scenario: you're the volunteer admin for a small, non-profit site for a few local artists and musicians. You run your web site and SMTP server out of your laundry room, via cable broadband. The broadband provider doesn't mind, as you only get a few hits a day; you keep your system secure and were only rooted once, over 4 years ago (hey, it happens). Your site has never, ever (to your knowledge) relayed spam. On the whole you've been an exemplary netizen. One day, some email you send bounces because your ISP's entire netblock has been placed on the MAPS DUL. True, your server's IP isn't technically static (though it hasn't changed in 12 months); because your domain is embedded within the broadband provider's larger IP block, reverse lookups don't give your domain name, rather that of the provider (with a huge number prefixed as the hostname). Hence you're considered a rogue SMTP node and blocked by MAPS. I've emailed MAPS but they won't agree to whitelist me. I have a proper MX record for my SMTP server, under my domain name. What can I do? Is there any way to make my legitimate domain take precedence in reverse-lookups, so I don't show up as being part of a spam-friendly network?"
"Please don't bother suggesting that I ask my provider to give me a static IP outside the affected block -- they won't, not without upgrading to a MUCH more expensive package which gives me no benefit for a small-traffic server like this.
What have you done to get your domain, running on a pseudo-static IP, out from under the thumb of the spam block lists? While I wholeheartedly support the efforts of the MAPS people and others like them to stamp out the vermin that are spammers, our domain has become collateral damage in the war!"
Re:That sux (Score:1, Troll)
That's exactly what MAPS wants you to do -- change ISPs. They think that if everyone in your situation leaves your ISP, your ISP will go out of business and that's one less spam channel. Of course, this logic has proven false in the real world. Your short-term solution is indeed to change ISPs, but that won't give you any assurance this won't happen again. The only way to prevent a future occurance is to take out MAPS and their vigilante cou
Relay through ISP (Score:5, Informative)
Re:Relay through ISP (Score:4, Informative)
The only possible negative I see to relaying through your ISP's SMTP server is that it introduces another possible point of failure, but that seems to be an acceptable tradeoff.
Re:Relay through ISP (Score:3, Interesting)
The best solution is probably to get your own server on a static IP and smarthost through that; since it's entirely under your control you know it's not going to get some handy config change which breaks your mail, nor is it likely to go away for hours on end while it's broken/fixed/upgraded without warning.
Re:Relay through ISP (Score:3, Informative)
AOL has done this in the past,
Re:Relay through ISP (Score:2)
Most people have a choice of exactly one ISP. Take it or leave it.
Actually, we do have two available here. Both have reported the same problem with mail to aol.com addresses. Maybe AOL is blocking all email from ISPs. That would definitely cut down the amount of spam that their customers receive.
Re:Relay through ISP (Score:2)
If so, how do you explain the bounce messages in my wife's inbox that explicitly says this is so?
And the message says this is because of dynamic IP addresses. It doesn't say that smtp.rcn.com has a dynamic IP address; it just says that some rcn.com addresses are dynamic. That is apparently sufficient ground at AOL to block email from smtp.rcn.com.
Maybe I am a dummy, but how do you suggest we get our email accepted by aol.com?
Re:Relay through ISP (Score:2)
Re:Relay through ISP (Score:1)
Doesn't always work. Some ISPs will not accept email from one domain routed through another domain's SMTP server...
Re:Relay through ISP (Score:2)
Re:Relay through ISP (Score:2)
Re:Relay through ISP (Score:1)
Re:Relay through ISP (Score:2)
And if your domain isn't the ISP's domain, you get a 5xx error when you do the MAIL FROM:youremailaddr
If you change that email addr, you don't get the bounces.
If you change your email address to one of the ISPs then you don't get to use your domain for email.
Move. (Score:1)
Re:Move. (Score:1)
Talk to your provider.... (Score:2, Interesting)
If your ISP is unwilling to have their own netblocks removed from MAPS lists, then you need to consider a new ISP.
Re:Talk to your provider.... (Score:2)
But if anybody really wants to use the black lists they should use them as _part_ of the antispam process. If a sending IP is on the list, you ALLOW the connection, but you weight the message on the more spammy side. That way if the message is not spam it still has a chance to vindicate itself.
The popular method of 100% blocks is plain stupid and outdated.
Use SmartHost (Score:5, Informative)
define(`SMART_HOST',`smtp.myisp.com')dnl
of course it'll be different if you're using another MTA. MAPS DUL (dialup up list) is doing what it's supposed to do. It's listing dynamic address ranges such as cable modems, DSL lines, and dialup numbers. A lot of spam can come from these so people choose to use them to block email that isn't coming from the ISPs mail servers.
Re:Use SmartHost (Score:2)
Oh, wait. I forgot. The Internet died a long time ago.
*sigh*
Re:Use SmartHost (Score:3, Insightful)
The MAPS DUL is a list of IP's that are not supposed to be running mail servers, usually according to the people who actually own those IP addresses. Most dynamic IP's should be on it, as would any static IP's whose owners (the ISP who gives you your IP) told MAPS that yes, they are not supposed to run servers.
Don't like it? Exercise your free market rights and buy your service from somebody else.
In this life, if y
Re:Use SmartHost (Score:2, Informative)
Postfix can be setup similarly in the postfix/transport file: The null entries for my.domain are so that internal mail doesn't go to outbound-relay.isp.domain.
Phil
Re:Use SmartHost (Score:2)
Use relayhost for the mail relaying part.
This is a cleaner solution than the one you have right now
Re:Use SmartHost (Score:2)
I run Exchange, so it was a little more work then your single line sendmail config
Here's a write up [christopherlewis.com].
Re:Use SmartHost (Score:1)
Well (Score:4, Insightful)
That's my EUR 0.016414 anyways.
Re:Well (Score:2)
On a similar note, you could get an inexpensive VDS. I use JVDS.net, whom I consider excellent, but there are others. My unaffiliated endorsement: With JVDS, $15 or $20 (FreeBSD or Linux - your choice) monthly gets you get root access, 3 GB disk and 64 Mb RAM, which will easily handle your web and mail server.
I'll second that (Score:2)
a bit SOL (Score:1)
Pay for commercial service (Score:1)
Life is full of disappointments. "End to end" is dead. You're going to have to suck it up and pay for commercial Internet connectivity in order to get out of the ghetto. Where I live, business-class cable connections start at around USD 175 per month. If you're lucky, your commercial ISP might even let you update the reverse DNS entries for your IP allocations.
Re:Pay for commercial service (Score:1)
Well DUH... (Score:4, Insightful)
Then you are stuck between a rock and a hard place. You are using a residential class line for business class use. MAPS is right to block residential lines because of all the zombie relay servers that virus writers are including in their payloads now.
Either pay for a business class connection, or use the SMTP server your provider gives you.
It's not the "open internet" that you'd like to see. Live within the limitations this simple, dumb network provides.
Besides, do you honestly expect MAPS to whitelist a dynamic IP? MAPS is not the problem, PEBKAC.
-Adam
Re: (Score:2)
Re:Well DUH... (Score:2)
You may have an earthlink static IP, but it's still within the earthlink netblock, and since the vast majority of earthlink users use the earthlink SMTP server, and do not keep their own PCs clean of zombie relays, then it is perfectly reasonable to block smtp transactions from that netblock.
Or are you saying that the 0.1% of internet users who want (not need or require, but want) to send email from t
Comment removed (Score:5, Interesting)
Re:Well DUH... (Score:5, Insightful)
It's not just open relays, it's also all those machines that have been taken over by trojans with built-in SMTP engines.
Another reason for not using smarthosts (Score:1)
If you use a smarthost, the error response is wrapped up in a verbose email, so you have to implement automated handling, parsing, error code extraction, working out which email address it refer to, and all the rest.
Re:Well DUH... (Score:2)
If you're regularly connecting to different ISPs as often as that then the internet is apparently worth something to you. Which means that you should step up to the plate and either:
1. Use a mail-provider service like Fu
Re:Well DUH... (Score:3, Funny)
Lemme get this straight. They're supposed to complain each time they don't receive an email. And they would know when this is happening exactly how?
That's like taking class attendence by asking
Re: (Score:2)
Re:Well DUH... (Score:2)
Re: (Score:1)
Re:Well DUH... (Score:2)
Their competitors just get more customers if their competitors don't use ISPs which incorrectly use MAPS.
At my office we have an antispam software that uses something like a MAPS list, and it blocks mail from DULs. I checked today and there were a few genuine requests for quotations and other important emails.
Now that really suc
Re:Well DUH... (Score:1, Interesting)
So the ISP would lie?
So the ISP is stupid too? Or can neither you nor the ISP really think of a single reason why a machine might be configured to send email directly?
Re:Well DUH... (Score:2)
I mean, presumably every casual internet user connects to the internet via some business, but still...
Re:Well DUH... (Score:1)
Re:Well DUH... (Score:2)
Some of the suckier ISPs out there probably don't allow it... (except for a Sender matching the account's username@isp.com exactly, you know)
Re:Well DUH... (Score:2)
Re:Well DUH... (Score:2)
No, I'm saying that only business class internet connections are expected to be fully open and unblocked. Residential customers get what they pay for.
When I wanted to overcome a similar problem myself (my ISP was free, but wouldn't forward email which had my domain's address instead of the ISPs) I simply made a port forwarder on my work machine which allowed me to use my work's SMTP server - the connection appeared to come fr
Re:Well DUH... (Score:1)
i was hoping for more of a "sad, but not entirely true! there's still hope! order now for your swedish internet enlarger! just visit www.undergroundinternet.com.biz.ecommerce for your trial subscription to the NEW INTERNET!" or something. you know.
unfortunately, "realist" attitudes are strikingly popular nowadays. i am still fully tongue-in-cheek, and awaiting for my style of half-seriousness, half-mockery to come back in style. but, you're right, there are always a plethora of
No such thing as "business class" (Score:2)
Business-class-service NOTHING!; its morons who use dont understand the stupid filtering they use and then can't get emails. So I don't buy ebay from them next time.
I'm thinking of poor road runner users here who only have once choice of ISP; shame they are half cut off from the internet by their cheap-skate ISP.
Demon internet give me a full
Re:Well DUH... (Score:2)
God I hate spammers
Learning the hard way, eh? (Score:3, Informative)
This is where you learn to relay your outgoing mail through your upstream provider. You should of course continue to be the MX for your domain for all other purposes.
I know other people have mentioned this, but seriously... No cable or DSL clients should be pretending to be a full-on mail hub. Just use the smtp resources of your upstream provider.
Only corps should be free to run their own mail? (Score:2)
Re:Only corps should be free to run their own mail (Score:1)
* You route your outgoing IP traffic through your upstream provider.
* You should also route your outgoing SNMP traffic through your upstream provider.
Free Speech? You have *got* to be kidding me
You don't think sending your outgoing traffic upstream negates your ability to be an independant voice, do you? This isn't about running your own mail or being an independant voice, it's about routing traffic. *routing traffic*
This is basic networking-made-simple here.
By "full on mail
Re:Only corps should be free to run their own mail (Score:2)
There are ISPs like Speakeasy that let their customers run servers and even resell their bandwidth. I'd just rather switch to one of them than be complacent to yet another restriction the mainstre
Re:Only corps should be free to run their own mail (Score:4, Insightful)
Absolutely NOBODY is preventing this guy from running whatever server he wants to.
Some people are, however, exercising their own rights to refuse to accept communications from him, for a reason that may or may not be reasonable, valid, or useful.
Re:Only corps should be free to run their own mail (Score:2)
Re:Only corps should be free to run their own mail (Score:4, Informative)
He's not blacklisted. He's accurately listed as being a residential dynamic-assigned user.
The fact that some other mail servers choose not to accept his mail, based on that fact, has nothing to do with his ISP.
A full on mail hub is... (Score:3, Insightful)
A full on mail hub is somebody running a mail server on a connection where they are contractually allowed to run a mail server on that connection.
Nobody gets onto the MAPS DUL (dial up list) that easily. You have to be a netblock that has dynamic IP's (meaning that you can't receive mail anyway, as your IP could change) or has static IP's but has had your ISP confirm t
Re:A full on mail hub is... (Score:2, Insightful)
With respect, I highly resent the above quip. I do pay for my connection -- up to 10MBps, no bandwidth limit. That was what I signed up for and I pay my bill faithfully.
While I am running a mail server, I can guarantee you I use *far* less bandwidth than any of my neighbours who download pr0n and have their PCs infected with the worm-de-jour. We serve mostly static web pages, some MP3s of a few local indie bands and email for 5-6 accounts, each
Re:A full on mail hub is... (Score:2)
Well, if they didn't tell you that you can't run servers, then you should be able to. So if your IP is on the MAPS DUL,
These "services" suck (Score:5, Insightful)
And for what? I still see a ton of spam, despite the fact that my ISP uses MAPS.
Re:These "services" suck (Score:2)
Re:These "services" suck (Score:2)
Re:These "services" suck (Score:2)
Did you actually test MAPS/ORBS to see how accurate they are? Is your mailserver configured to do further processing on mails from IPs listed on MAPS/ORBS?
At home I regularly get 100-200+ spams a day. Spambayes screens most of them with minimal false positives (there were a few false positives during the initial training period, zero since then - I'm still testing it ). Even my personal naive keyword filtering screened out plenty of spam with very minimal false positives.
Dis
Re:These "services" suck (Score:2)
cheap webspace host (Score:3, Insightful)
Use MailHop Outbound from DynDNS.org (Score:4, Informative)
At this point, you'd probably want your DNS hosted through them, as well. On the plus side, this would give your domain a complete and consistent appearance, IP-wise. I believe at this point, you may even be able to add SPF records to your DNS entry as well. (Though I'm not sure if they do the correct thing outbound for SPF.)
The whole shebang would probably still come to less than $100/yr.
Dynu (Score:1)
My ISP used to block incoming 25, and Dynu was my primary MX that could use ETRN to send to "alternate" ports, much like DynDNS.
Now that my ISP has come to their senses and has allowed me to run a mail server, it makes a great inexpensive failsafe in case of routing or power outages.
This is MUCH less than $100/yr
Re:Dynu (Score:1)
My other factor was that I just got burned with my old email forwarding provider, and wanted:
1 - Someone more high-profile, less likely to go away or act weird. DynDNS.org has been around a LONG time.
2 - My own domain, even if it's more expensive. Even if DynDNS.org were to go away or act weird, with a bit of effort I should be able to regain con
You have a few options (Score:3, Interesting)
2. Convince the people you wish to exchange mail with (who presumably want your mail) to either
a. Stop using MAPS
b. Stop using the DUL
c. Add your server to a local whitelist
Note that gaining control over your reverse DNS listing will not help; DUL is based on netblocks.
3. Get a better ISP. There are options out there that will do what you want, and not all are prohibitively expensive. If you ISP's options are, switch. I've been very happy with speakeasy. They are available to most of the US. If you get one of their very reasonably priced (multiple) static IP packages, you will not be on the DUL. What's better, they will set your reverse DNS to whatever you wish so long as you own the domain in question. Their TOS are also very nice, explicitly permitting you to run your own servers so long as you don't disrupt the network. (They do permit running spam, porn, and irc if it's part of a public irc network, as those tend to disrupt service more often than they don't.) Speakeasy is not the only option... there are other similar ones, but I haven't tried any of them.
4. (As others have said) Use a smarthost for your mail. Receive incoming mail on your own server but configure your outgoing mail to relay through your ISP's gateway. This is trivial with most MTAs. See your documentation for details.
5. Complain to your ISP, and tell them that you're willing to switch if they can't get you onto a netblock that isn't blacklisted. It might work. Their cost to acquire a new customer is relatively high, so they should be interested in accomodating you. Don't just go based on their written policy, though. Talk to a real person, preferably one who would feel the pain of lost revenue.
Well, it looks like the consensus is... (Score:5, Insightful)
Glad to see so many people here who are interested in maintaining a free system.
-Rusty
publish SPF records for your domain (Score:1)
I don't use MAPS, but do blacklist residental Internet connections, so when people in your situation send me email (as the postmaster for a domain diluged with spam), I offer to whitelist them until I get SPF-based whitelis
Other alternatives. (Score:3, Funny)
I can see you have been told the politically correct answer to this situation: "Suck it up, do it for the common good."
But if you are a true American, one question has not yet been answered. What's in it for me? How can I get rich off of this? How do I make them pay?
The answer is simple. Sue Em!
Chances are if you are posting this, you reside within the United States. This makes things more difficult, but not impossible, we just have to be more clever. Our first direction we must look toward in this time of opportunity is toward The Courts. Unfortunately this course will not serve us well. Nothing MAPS does is inherently illegal. Even worse, they have developed a significant volume of caselog to show your average judge that they have a right to do what they do and you have no right to complain. So unless you happen to have a friendly state law or lawmaker in you back pocket (not likely for an indie band) the courts will not likely be of use to you.
Luckily here in the grand old USA, the Courts aren't the only places to extract money from people you don't like. Are you or any of the band members from Canada or Mexico? Can your latino drummer fake a mexican accent? If so then you can demand compensation under Section 7 of the NAFTA Treaty, the expatriation clause. While normally this clause only applies to government regulation, there have been complaints brought forth against psudo-governmental entities (such as industry trade groups and sanctioning bodies) which you could argue the MAPS organization is one of. From there, it's up to them to prove the rules don't apply to them or else you get money. Nothing could be simpler.
There you have it, a simple solution to your problem both short term and long term. Assuming that MAPS survives their major outflow of cash, you will now be able to afford professional internet connectivity free from MAPS blocking. If they don't survive, hey your free to send emails anyway and you get a tidy bundle of cash (a double victory).
irrespectfully submitted, with tounge firmly in cheekAsk users of DUL to stop being lame (Score:2)
Just set up your MTA to use a smarthost for sites which deny mail from you; whether you do that for all hosts or just those which suck is up to you and the capabilities of your MTA. There's not really a lot more you can do; the DUL is doing precisely what it's designed for -- it's the users which are taking "sendin
Why not host your website on a cheap host? (Score:3, Informative)
Re:Why not host your website on a cheap host? (Score:1)
As far as uptime goes, I must say Shaw cable has been incredibly good for the last two years or so (as in, less than a day total down per year). It's good enough for a 'hobby' server
Had this problem about a fortnight ago... (Score:2)
Collateral damage (Score:2)
You're just collateral damage in the "War on Spam". I am too. Until people start realizing the amount of false-positives that spam filters catch, the carpet bombing will continue and still catch One company stopped really quickly when they found the spam filtering lost some email orders.
I'm surprised at how unsophisticated some SMTP servers are. They'll take my mail even when I have the wrong $HOSTNAME set. Yet if I
Three options, one will work for you (Score:1)
Second option: find out if your ISP will allow you to relay your email out through their mail servers. Many will, some won't.
Third option costs $15/year but will work in all cases. Go to pobox.com and sign up for one of their life-time emails. Then configure your MTA to
Re:Three options, one will work for you (Score:1)
My thought was get a cheap account on some low-use *nix box, talk to the admin, and get him to host mail-relay for your domain.com
*shrugs* - my .02 cents
Solution enclosed (Score:1)
The main problem is that sometimes, one man's spam is another man's treasure. I don't think it is up to a central authority to tell me what I can and can't read. I much prefer the client-side flavors of spam filtering, such as bayesian filters (of which a
Makes sense to me. (Score:3, Funny)
It gives you a big benefit, you get to send email to people.
what wrong with using the reverse hostname? (Score:1)
joe.user@CPE000d42345c2g-CT014250031146.cpe.net
Short and to the point!
-Pete
sounds like another spamhaus victim (Score:2)
This has hassled me to no end.
They are cavalier about it and will not modify their mechanism to be more specific.
In short they suck.
SMTP Isn't The Only Blacklistable Protocol (Score:2)
In the meanwhile, I browse