smtp relay through eastlink and ESET Nod32 tagline = disappearing email
|
View:
New views
20 Messages
—
Rating Filter:
Alert me
|
| < Prev | 1 - 2 | Next > |
 |
smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by D G Teed-2
::
Rate this Message:
We have a Linux server at home for local mailboxes and it also
relays to Eastlink for our SMTP. My wife reported emails not being received at work sent from home. We use ESET nod32 virus software on Windows, and it integrates with Thunderbird. What I found when testing emails from Thunderbird on two different windows PCs, sending to work and to Gmail, is that if the integration set up has the default of adding a tag line: __________ Information from ESET NOD32 Antivirus, version of virus signature database 4556 (20091029) __________ The message was checked by ESET NOD32 Antivirus. and we are relaying through the local Linux as SMTP, then mail is disappearing. Linux server shows it is handed off to Eastlink's SMTP OK. If I either turn off the ESET message tagging, or use smtp.eastlink.ca directly from Thunderbird, then the message will be delivered. I would guess that something on Eastlink's side thinks this is indication of a virus. Otherwise I would expect a bounce. They use Ironport Senderbase and Sophos by the looks of the headers. With local mail delivery I don't see any headers added by ESET. I'm hoping to talk to Eastlink about this when I have a chance. --Donald _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by Vlado Keselj
::
Rate this Message:
Interesting. I did not know you can rely on Eastlink SMTP server for incoming mail. With business accounts, they unblock SMTP port so you can get email directly. To send email, it is a good idea to use their server, since many other SMTP servers will treat your IP number as a spam zombie. Vlado On Fri, 30 Oct 2009, D G Teed wrote: > We have a Linux server at home for local mailboxes and it also > relays to Eastlink for our SMTP. My wife reported emails > not being received at work sent from home. We use ESET > nod32 virus software on Windows, and it integrates with > Thunderbird. > > What I found when testing emails from Thunderbird > on two different windows PCs, sending to work and to Gmail, > is that if the integration set up has the default of adding a tag > line: > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database > 4556 (20091029) __________ > > The message was checked by ESET NOD32 Antivirus. > > and we are relaying through the local Linux as SMTP, then mail > is disappearing. Linux server shows it is handed off to > Eastlink's SMTP OK. > > If I either turn off the ESET message tagging, or use smtp.eastlink.ca > directly from Thunderbird, then the message will be delivered. > > I would guess that something on Eastlink's side thinks this is indication > of a virus. Otherwise I would expect a bounce. > They use Ironport Senderbase and Sophos by the looks of the headers. > With local mail delivery I don't see any headers added by ESET. > > I'm hoping to talk to Eastlink about this when I have a chance. > > --Donald > nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by George N. White III
::
Rate this Message:
On Fri, Oct 30, 2009 at 8:51 AM, D G Teed <donald.teed@...> wrote:
> We have a Linux server at home for local mailboxes and it also > relays to Eastlink for our SMTP. My wife reported emails > not being received at work sent from home. We use ESET > nod32 virus software on Windows, and it integrates with > Thunderbird. > > What I found when testing emails from Thunderbird > on two different windows PCs, sending to work and to Gmail, > is that if the integration set up has the default of adding a tag > line: > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database > 4556 (20091029) __________ > > The message was checked by ESET NOD32 Antivirus. Some email viruses add lines to the header claiming the messages have been checked. Many AV tools will use this to increase the "score", but should reject such messages unless there are other patterns that push the score over the threshold. Several weeks ago my wife's Eastlink mail was not being delivered to a friend using Sympatico. Sympatico support blamed the friend's use of Thunderbird, but after being told that was nonsense they admitted that Eastlink was blacklisted. I suspect this was an example of the blackholes.us problem: http://isc.sans.org/diary.html?storyid=7360 http://www.circleid.com/posts/20091013_unwelcome_afterlife_for_a_long_dead_blacklist/ > and we are relaying through the local Linux as SMTP, then mail > is disappearing. Linux server shows it is handed off to > Eastlink's SMTP OK. > > If I either turn off the ESET message tagging, or use smtp.eastlink.ca > directly from Thunderbird, then the message will be delivered. > > I would guess that something on Eastlink's side thinks this is indication > of a virus. Otherwise I would expect a bounce. > They use Ironport Senderbase and Sophos by the looks of the headers. > With local mail delivery I don't see any headers added by ESET. > > I'm hoping to talk to Eastlink about this when I have a chance. > > --Donald > > > _______________________________________________ > nSLUG mailing list > nSLUG@... > http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug > > -- George N. White III <aa056@...> Head of St. Margarets Bay, Nova Scotia _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by D G Teed-2
::
Rate this Message:
On Fri, Oct 30, 2009 at 9:04 AM, Vlado Keselj <vlado@...> wrote:
My Linux box is relaying out via their smtp.eastlink.ca. Incoming is handled by dyndns.org and their mailhop feature that causes incoming mail to come into an unconventional port. Outbound on port 25 is blocked by eastlink. Just clearing up the misunderstandings. This is not related to the issue at hand. --Donald _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by D G Teed-2
::
Rate this Message:
On Fri, Oct 30, 2009 at 9:20 AM, George N. White III <gnwiii@...> wrote:
Probably not the same problem, but I'm curious what they do. Was the mail bounced or trounced (i.e. lost)? At my work, we bounce - reject - email which fails reputation look ups, RDNS, etc. Spam is simply tagged for recipients to filter. Only viruses are not delivered nor bounced. Even with viruses, the recipient gets an email that an email was going to be delivered to them and is now quarantined. --Donald _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by Paul-219
::
Rate this Message:
Just a side note, parts of Eastlink's business IP pool is listed on SORBS "dynamic IP" block list. You will be effected by this as it seems people use it for flat out blocks instead of scoring. If anyone plans on running a business connection SMTP server check the IP your going to use for your MX against a black hole list search engine like: http://www.blacklistalert.org/
Personally dislike RBHL's. Heck, using SORBS really relaxed (spam not recent or new) list I was getting warnings of a block on Google servers when testing it months ago. On Fri, Oct 30, 2009 at 9:04 AM, Vlado Keselj <vlado@...> wrote:
_______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by George N. White III
::
Rate this Message:
On Fri, Oct 30, 2009 at 11:00 AM, D G Teed <donald.teed@...> wrote:
> On Fri, Oct 30, 2009 at 9:20 AM, George N. White III <gnwiii@...> > wrote: >> >> Several weeks ago my wife's Eastlink mail was not being >> delivered to a friend using Sympatico. Sympatico support >> blamed the friend's use of Thunderbird, but after being told >> that was nonsense they admitted that Eastlink was blacklisted. >> I suspect this was an example of the blackholes.us problem: >> >> http://isc.sans.org/diary.html?storyid=7360 >> >> http://www.circleid.com/posts/20091013_unwelcome_afterlife_for_a_long_dead_blacklist/ >> > > Probably not the same problem, but I'm curious what they do. > Was the mail bounced or trounced (i.e. lost)? trounced > At my work, we bounce - reject - email which fails reputation look ups, > RDNS, etc. > Spam is simply tagged for recipients to filter. Only viruses are not > delivered nor bounced. Even with viruses, the recipient gets an email > that an email was going to be delivered to them and is now quarantined. At times, I have had 1000's of virus-related mails an hour on my chebucto address. Many of those were bounces. In such cases trounce is the only option. The real issue is that a big mail server requires 7/24 attention to adjust to circumstances. If you use blacklists you need ways to check that they are being maintained in a sensible fashion. Do you keep stats on the numbers of bounced/trounced emails per hour? I suppose it would be good to break down the stats into groupings, e.g., a few server addresses that are responsible for a bulk of the mails plus "the others". If you are suddenly bouncing or trouncing an abnormal volume of mail in a grouping then you need to take action -- either one of you filters is broken or you are seeing the start of a major virus outbreak, DOS attack, etc. > --Donald > > > _______________________________________________ > nSLUG mailing list > nSLUG@... > http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug > > -- George N. White III <aa056@...> Head of St. Margarets Bay, Nova Scotia _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by Ian Campbell-9
::
Rate this Message:
On Fri, Oct 30, 2009 at 11:10:53AM -0300, Paul B wrote:
> Just a side note, parts of Eastlink's business IP pool is listed on SORBS > "dynamic IP" block list. You will be effected by this as it seems people use > it for flat out blocks instead of scoring. If anyone plans on running a > business connection SMTP server check the IP your going to use for your MX > against a black hole list search engine like: http://www.blacklistalert.org/ > > Personally dislike RBHL's. Heck, using SORBS really relaxed (spam not recent > or new) list I was getting warnings of a block on Google servers when > testing it months ago. There's nothing (terribly) wrong with blocking outright on reputable lists that have a reasonable false positive rate. A moderately large mailserver I used to admin has blocked ~1.25 million emails based on spamhaus and spamcop in the last day, or around 15 a second. I'm happy not to have that flowing through the spam filter. There's nothing (terribly) wrong with scoring based on RBL hits, even on crappier lists, and then dropping the mail if it exceeds a threshold. RFC-ignorant may suck (and it does), but if something's on RFC-ignorant, SORBS, APEWS etc., chances are the listing is probably legit. ... but SORBS... I can't say this enough. SORBS is awful. SORBS sucks. If you block outright based on SORBS you are a bad person and you should feel bad, and more importantly you deserve to lose email. If you block outright based on it for mail services that aren't your own, you should be fired. Collateral damage is an explicit goal, and they charge for delisting. F*** 'em. _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by Ian Campbell-9
::
Rate this Message:
On Fri, Oct 30, 2009 at 11:00:40AM -0300, D G Teed wrote:
> > At my work, we bounce - reject - email which fails reputation look ups, > RDNS, etc. I hope you're only bouncing for checks carried out during the SMTP session. Accepting mail for delivery and then bouncing is a no-no. > Spam is simply tagged for recipients to filter. Only viruses are not > delivered nor bounced. Even with viruses, the recipient gets an email > that an email was going to be delivered to them and is now quarantined. I greatly appreciate when admins do that on networks I use. Bonus points if they make the scoring available, rather than a binary spam/ham header. _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by Paul-219
::
Rate this Message:
On Fri, Oct 30, 2009 at 2:35 PM, Ian Campbell <ian@...> wrote:
SORBS is horrible hence why my underlying distrust in RBHL's. There's been a few other instances where the list provider was totally in the wrong for listing the mail server for xyz reason (ie the spam source was flagged for an opt out email). Heck finding an RFC compliant email server is harder to find. Deploying gray-listing for testing was endless amusement and frustration just due to MTA's improperly setup. The time invested in white listing was more then the reduction in spam load. Ran into so many issues with improperly setup retry times (ie 60second retry with a 3rd failure), setups where reverse DNS on the MX doesn't match, no DNS entry for MTA's, or HELO identification not properly set. I think the best was an SPF with the -all mechanism and the MTA nowhere in the record. _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by D G Teed-2
::
Rate this Message:
On Fri, Oct 30, 2009 at 1:14 PM, George N. White III <gnwiii@...> wrote:
Usually this means your address was used as the from address in a spam batch, or something equivalent happened with a backscatter incident. They usually happen once and then everything is quiet. At work we've been using VBOUNCE for spam tagging things that look like back scatter. There is one bug in VBOUNCE if using SA less than 3.3 causing false positives from some auto-generating mail sources. The real issue is that a big mail server requires 7/24 Trend Micro's paid service and spamhaus is all that I trust. We quickly learn of false positives and both of these have been very high quality. Do you keep We rarely get into black listing anything manually. We keep stats on daily basis and also graph queue size in cacti with 5 minute intervals. That is on the work side. At home, the volume is ultra low. --Donald _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by D G Teed-2
::
Rate this Message:
On Fri, Oct 30, 2009 at 2:41 PM, Ian Campbell <ian@...> wrote:
Yes we use recipient look ups and over quota look ups and everything possible is done to only accept email at the MX we can actually file into a good mailbox. I greatly appreciate when admins do that on networks I use. Bonus Yes, I like including the spam score tags. When someone gets spam that should have been tagged and complains, I ask to see their headers. It provides me with tags and scores; with some further log checks I can possibly tweak the severity of scores. --Donald _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by Mike Spencer
::
Rate this Message:
While we're on the subject of spam blocking, would any of you {sys,network} admins like to comment on barracuda.com AKA barracudacentral.org? Their relationship to (identity with?) emailreg.org (for-fee whitelisting service) and comments in various on-line venues [1] makes it sound like a company/service of dubious standards. My SMTP smarthost at tallships.ca was recently listed and I got a bounce from a list I've been on for years. The list server operator supports very many mailing lists, (mostly for amateur radio) and should know what he's doing. Was I wrong to have told him that he should lose Barracuda on account of the above dicey aspects and reputation? - Mike [1] E.g. http://www.debian-administration.org/users/simonw/weblog/295 -- Michael Spencer Nova Scotia, Canada .~. /V\ mspencer@... /( )\ http://home.tallships.ca/mspencer/ ^^-^^ _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by D G Teed-2
::
Rate this Message:
On Fri, Oct 30, 2009 at 7:51 AM, D G Teed <donald.teed@...> wrote: notspam-submit =at-symbol= corp.eastlink.ca
I phoned Eastlink support about this. They report Cisco's Ironport had quarantined the email. The tech first said this is a standard practice they have with spam filtering, as they couldn't return all outbound emails flagged as spam. I asked if the logs showed any link that would further breakdown what rule had been triggered by my email. He said there was nothing like it. I then asked if there is any mechanism whereby they can pass on to Cisco, their product catches a false positive. He inquired about this and reported I could report the nature of the false positive to: He also sent the parts of the Ironport log so we could have a reference point (that was nice). Part of my concern is the false positive depended on being relayed out via my Debian server. There is possibly something in the amavisd or postfix lines appearing in the header which Ironport doesn't like. It is hard to know whether the Linux relay weighs on their scoring to such a degree that possibly many sorts of text appearing in the email body could result in lost (not bounced) email. --Donald _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by George N. White III
::
Rate this Message:
On Tue, Nov 3, 2009 at 10:33 AM, D G Teed <donald.teed@...> wrote:
> On Fri, Oct 30, 2009 at 7:51 AM, D G Teed <donald.teed@...> wrote: >> >> What I found when testing emails from Thunderbird >> on two different windows PCs, sending to work and to Gmail, >> is that if the integration set up has the default of adding a tag >> line: >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature database >> 4556 (20091029) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> and we are relaying through the local Linux as SMTP, then mail >> is disappearing. Linux server shows it is handed off to >> Eastlink's SMTP OK. >> >> If I either turn off the ESET message tagging, or use smtp.eastlink.ca >> directly from Thunderbird, then the message will be delivered. >> >> I would guess that something on Eastlink's side thinks this is indication >> of a virus. Otherwise I would expect a bounce. >> They use Ironport Senderbase and Sophos by the looks of the headers. >> With local mail delivery I don't see any headers added by ESET. >> >> I'm hoping to talk to Eastlink about this when I have a chance. >> > > I phoned Eastlink support about this. They report Cisco's > Ironport had quarantined the email. The tech first said this is > a standard practice they have with spam filtering, as they couldn't > return all outbound emails flagged as spam. I asked if the logs showed > any link that would further breakdown what rule had been triggered by > my email. He said there was nothing like it. I then asked if there > is any mechanism whereby they can pass on to Cisco, their > product catches a false positive. He inquired about this and > reported I could report the nature of the false positive to: > > notspam-submit =at-symbol= corp.eastlink.ca > > He also sent the parts of the Ironport log so we could have a reference > point > (that was nice). > > Part of my concern is the false positive depended on being relayed > out via my Debian server. There is possibly something in the > amavisd or postfix lines appearing in the header which Ironport doesn't > like. > It is hard to know whether the Linux relay weighs on their scoring to > such a degree that possibly many sorts of text appearing in the email > body could result in lost (not bounced) email. There was a report on CBC radio this AM of email problems between Eastlink and Symaptico that implied the problems were of short duration and affected only a few users. This led to a bunch of people sending email to report problems going back a few weeks with Eastlink and Sympatico each blaming the other. Turns out there is a Commissioner for Complaints for Telecommunications Services: <http://www.crtc.gc.ca/eng/INFO_SHT/t1003.htm> Contact the Commissioner for Complaints for Telecommunications Services If you’re not satisfied with your Internet service provider’s response, check the Commissioner for Complaints for Telecommunications Services (CCTS) website to see if your service provider is a member. If so, contact the CCTS with your complaint. The CCTS is an independent agency that helps resolve consumer complaints about your telecommunications service. Contact them at: email: info@... mail: P.O. Box 81088, Ottawa, Ontario K1P 1B1 toll-free telephone: 1-888-221-1687 toll-free TTY: 1-877-782-2384 fax: 1-877-782-2924 --------------------------------------------------------------------------------------------------------------- CBC interviewed the CCTS, who admitted few people know he exists. -- George N. White III <aa056@...> Head of St. Margarets Bay, Nova Scotia _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by Jason Kenney-2
::
Rate this Message:
Yup. During the CRTC hearings on traffic management recently there
was a lot of discussion about process, and he (CCTS commissioner) came up repeatedly as the person you are supposed to talk to. The reports I got from people who were in the room was that most everyone there was also surprised to learn he existed. :) Jason On Wed, Nov 4, 2009 at 2:22 PM, George N. White III <gnwiii@...> wrote: > > There was a report on CBC radio this AM of email problems between > Eastlink and Symaptico that implied the problems were of short duration > and affected only a few users. This led to a bunch of people sending email > to report problems going back a few weeks with Eastlink and Sympatico > each blaming the other. Turns out there is a Commissioner for Complaints > for Telecommunications Services: > > <http://www.crtc.gc.ca/eng/INFO_SHT/t1003.htm> > > Contact the Commissioner for Complaints for Telecommunications Services > If you’re not satisfied with your Internet service provider’s > response, check the Commissioner for Complaints for Telecommunications > Services (CCTS) website to see if your service provider is a member. > If so, contact the CCTS with your complaint. > The CCTS is an independent agency that helps resolve consumer > complaints about your telecommunications service. Contact them at: > email: info@... > mail: P.O. Box 81088, Ottawa, Ontario K1P 1B1 > toll-free telephone: 1-888-221-1687 > toll-free TTY: 1-877-782-2384 > fax: 1-877-782-2924 > --------------------------------------------------------------------------------------------------------------- > > CBC interviewed the CCTS, who admitted few people know he exists. > > > -- > George N. White III <aa056@...> > Head of St. Margarets Bay, Nova Scotia > _______________________________________________ > nSLUG mailing list > nSLUG@... > http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug > nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by D G Teed-2
::
Rate this Message:
On Wed, Nov 4, 2009 at 2:22 PM, George N. White III <gnwiii@...> wrote:
I wonder if Eastlink is able to butter up the media that easily or are the media just confused by the confusing rumors they hear and they simply repeat it all hoping it was the truth. The problem had gone on for more than a week. My wife reported colleagues not receiving email for at least that long between her lost email and my most recent test of Nov 2nd. How many people are effected is likely unknown. If you didn't receive something you were not expecting, and there is no bounce, how would anyone know? I fail to see how Eastlink's Ironport on smtp.eastlink.ca for outbound on Eastlink customers becomes an Aliant problem. The only thing that could possibly explain the double blame is if Aliant runs Ironport with the same settings to delete "spam". If you don't have a guarantee that your email went *somewhere* (aside from viruses), then email isn't very useful. Turns out there is a Commissioner for Complaints I've dealt with the CRTC before. They are little more than an ombudsman to ensure a complaint does receive a response. The response can bear no semblance to reality, simply following good deductive logic of anything stated in the enterprise's correspondence, and it is perfectly acceptable to the CRTC. --Donald _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by David Potter-7
::
Rate this Message:
I experienced a similar event several years ago with Aliant. I was administering a couple of servers for a business, and one day my tripwire and a couple of other reports did not appear in my Sympatico (home) account. When I checked the mail logs, I could see that the mail had been accepted by the Aliant smtp server. For a week, Aliant tech support maintained that they didn't loose email, etc., etc., etc.. At some point some indiscreet support person mentioned that they had recently moved to another server (in Ottawa I think). At that point I knew I had them... ;-) Shortly after that I actually spoke to a system administrator and I dared him to check his logs for the Msg ID of one of the messages my logs said they had received. Well....... His rough count was 10,000 messages received but undelivered. It took them about 10 days before I didn't notice the arrival of old mail and even then it's hard to tell whether they deliver it all or simply dumped a bunch.... My unanswerable question(s) included: 1) How many job interviews were missed? 2) How many resumes were lost? 3) How many relationships were severed (or mangled)? 4) How many people missed out on cruises, estate settlements, larger genitalia, etc.. My guess was LOTS! D G Teed wrote: On Wed, Nov 4, 2009 at 2:22 PM, George N. White III <gnwiii@...> wrote: --
_______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by Greg Estabrooks
::
Rate this Message:
> > For a week, Aliant tech support maintained that they didn't loose > email, etc., etc., etc.. > > At some point some indiscreet support person mentioned that they had > recently moved to another server (in Ottawa I think). At that point I > knew I had them... ;-) I ran into this same thing a few weeks ago. We had several customers call and complain that email they sent to many Aliant users hadn't made it yet I could see in the logs they had received every one of them. And it turned out that our Nagios system had noticed that they had changed the IPs on which they receive email the same day. Of course several of the customers didn't believe me but there wasn't much I could do to convince them since email is really an on your honour system and all I could do was show my logs of them accepting it. I think a huge queue just hit the bit bucket over those days :) _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
|
|
Re: smtp relay through eastlink and ESET Nod32 tagline = disappearing email
by D G Teed-2
::
Rate this Message:
On Fri, Nov 6, 2009 at 8:56 AM, Greg Estabrooks <greg@...> wrote:
It might have something to do with dodging reputation server black lists. Switching your mail server's IP is one way to dodge a block list. Here is my theory... IronPort has been deleting malware and spam sent by users at the source as a way to defend the ISP's smtp server from being reported and blacklisted. This has been going on for a long time, and as long as the spam tagging threshold had few false positives, no one noticed. A few weeks ago there was a reported outage between many cable ISPs where they could not deliver email to hotmail. Perhaps whatever block list reputation service hotmail uses (home grown at Microsoft?) was still reporting Eastlink, Aliant, and others as having poor reputation. To improve the reputation, the ISPs implement more agressive spam checks, or lower the score threshold in Ironport for which emails are quaranteed. Now more emails are being caught and quaranteed. As we have no mechanism to be aware of the quarantee, and no interface for releasing false positives, the term quarantee is synonymous with delete. If one googles "ironport", "email", and "delete", you'll find hits from many University sites which use IronPort. They are help desk pages explaining how uses can access a web site interface and release email quaranteed as spam. Some say their system will email users with a report on quaranteed spam. So it is possible to notify users of this using IronPort, but for some reason the ISPs have elected not to or they require time to develop a solution. Does anyone have knowledge of how the ISPs respond to customer PCs with malware sending out spam? Are they quickly denied access to smtp? If not, perhaps they are using IronPort as a hammer (as in: "when all you've got is a hammer, everything looks like a nail"). This effects more than people with @eastlink and @sympatico addresses. If your home Linux box does relay out through the ISP's smtp, it will be potentially seeing lost email. I know that something about my Linux box talking to smtp.eastlink.ca is partially related to the delivery deletions. If I include the NOD32 email tagging and send out directly to smtp.eastlink.ca from Windows, the email is delivered. If I send out via Linux, but have NOD32 not add a tagged message, the email is delivered. --Donald _______________________________________________ nSLUG mailing list nSLUG@... http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug |
| < Prev | 1 - 2 | Next > |
| Free embeddable forum powered by Nabble | Forum Help |
