Eris help me

Mar 03, 2008 17:32

Today, I got to explain the extremely technical and exotic concept of "email list" to tech support at my ISP ( Read more... )

Leave a comment

rstormcrow March 4 2008, 14:35:29 UTC
Get a supervisor, tell them it's a LISTSERV mailing list.
get him to whitelist the originating IP address.

Trust me I am on two..

Reason it get's tagged as spam is that they must be using Reverse DNS to make sure that xxxx.com of the originator email address match up to the IP address of the LISTSERV

So the mail list is sent from listserv sitting on xxxx ip address;
The FROM: xxxxx.com does not match up to the originating IP address via RDNS (reverse domain name service)so it get's tagged as BULK
aka SPAM...

Hope this helps..

Tim the GEEK
IRL Lan ADMIN OCFS State of New York

Reply

elfwreck March 4 2008, 14:57:05 UTC
Howcome only some of the emails get bumped as spam? Does its IP change?

He thought he fixed this last week.

How do I find the originating IP address in the tangle of full headers?

Reply

rstormcrow March 4 2008, 16:03:29 UTC
if the listserv uses IRONPORT (multiple ip addresses)
and the originating IP is not blacklisted it gets thru
if blacklisted SPAM..

What do you use as EMAIL reader?

In yahoo it looks like this...

X-Originating-IP: [209.86.89.67]
Return-Path:
Authentication-Results: mta193.mail.re2.yahoo.com from=earthlink.net; domainkeys=pass (ok)

In outlook excuse you have to RIGHT CLICK then L click OPTIONS
In Eudora open the email and EXPAND the header
In Thunderbird pretty much the same thing

Most of this info can be accessed via the least used function key on the computer.

F-1 ;-)while in the program...

Reply

elfwreck March 4 2008, 18:33:54 UTC
What do you use as EMAIL reader?

Normally, pine. Stuff tagged as spam is being sent to Gmail.

Full headers easy to get (I hit "h" while the email's open in pine; I click "show original" in gmail's dropdown), but I don't know which of the forty-bazillion lines to look at.

Reply

rstormcrow March 4 2008, 19:14:09 UTC

"forty-bazillion lines to look at."

Keywords to look for

Return-Path:

Return path is the sender who claimed to send it

Received: from server4.freshwebmasters.com
server4.freshwebmasters.com [64.191.30.235]

Received is the IP address of the originating IP port where the mail came from.

also look at the REPLY TO: in the header..

SO what you need to do is contact the geek who runs the listserv
and ask his SENDING ip addresses and put this info into the hands of the receiving network admins hand and tell them to WHITELIST

TO track down who owns what IP address use
http://samspade.org

BTW are you using pine local or on the 'nix box via remote term?

Reply

elfwreck March 4 2008, 20:32:46 UTC
Errm... remote term?
I open telnet.exe. I use the dropdown to connect to my ISP. It asks for username & password. I give those.
I get a prompt. I type "pine." I read email.

Tracking the owner of the listserve shouldn't be hard; it's run by airage.com. On which site I couldn't find the mailing list at all, but still, it's not a secret list or anything like that.

I'll look at a few of the IP addresses to figure out what gets through and what bounces.

Reply

rstormcrow March 4 2008, 21:29:02 UTC
"Errm... remote term?"

Telnet -- terminal session aka remote terminal
so, you are using .nix to pine in a telnet window...

also is there a way to configure pine to allow a higher spam score on messages??

maybe...

http://www.washington.edu/pine/tutorial.4/#CanDoMore

Pine can do more

Reply

From recent bounced post elfwreck March 6 2008, 17:55:51 UTC
Received: from psmtp.com (exprod8mx208.postini.com [64.18.3.108])
by idiom.com (Postfix) with SMTP id E422D2D601F
for elfwreck@snip; Thu, 6 Mar 2008 09:45:22 -0800 (PST)
Received: from source ([216.143.158.253]) by exprod8mx208.postini.com ([64.18.7.10]) with SMTP;
Thu, 06 Mar 2008 12:45:19 EST
Received: from airage.com ([192.168.1.62]) by aantlist.airage.com
(Post.Office MTA v3.5.2 release 221 ID# 35-56975U100L100S0V35)
with ESMTP id com for ;
Thu, 6 Mar 2008 12:46:14 -0500
Received: from psmtp.com ([64.18.3.148] RDNS failed) by airage.com with Microsoft SMTPSVC(6.0.3790.3959);
Thu, 6 Mar 2008 12:45:05 -0500Received: from source ([76.96.30.64]) by exprod8mx248.postini.com ([64.18.7.10]) with SMTP ( ... )

Reply

Re: From recent bounced post rstormcrow March 7 2008, 13:05:00 UTC
"Received: from psmtp.com ([64.18.3.148] RDNS failed) by airage.com with Microsoft SMTPSVC(6.0.3790.3959);"

It's doing exactly doing what I figured except

see this http://samspade.org/whois/64.18.3.148

Postini (mailing list) is causing the failure.

Talk to the hostmaster@airage.com and

RegDate: 2004-07-01
Updated: 2008-02-26
RTechHandle: NETWO80-ARIN
RTechName: Network Administration
RTechPhone: 1-650-486-8100
RTechEmail: noc@postinicorp.com

OrgTechHandle: NETWO81-ARIN
OrgTechName: Network Administration
OrgTechPhone: 1-650-486-8100
OrgTechEmail: noc@postinicorp.com

To get an RDNS forwarder going..

also

"airage.com ([192.168.1.62])" This IP should not be out in public
it's a private internal IP address

Your AIRAGE guy needs to fix the external routing to not reflect internal routing. This is an Automatic spam bucket.

This whole list is badly configured.

Reply

Re: From recent bounced post rstormcrow March 7 2008, 13:13:33 UTC
addendum

Microsoft SMTPSVC(6.0.3790.3959);"

Tell airage guy to turn off exchange spam services or at least whitelist
(or local host) the stuff from postini.

Reply


Leave a comment

Up