Messaging
cancel
Showing results for 
Search instead for 
Did you mean: 

MS-SMTP help I'm being RBL'd

SOLVED
Go to solution
Fred Martin_1
Valued Contributor

MS-SMTP help I'm being RBL'd

Please see my thread in the Microsoft General forum:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=826738

Just put an anti-spam gateway running MS-SMTP, in front of my unix sendmail server. Now I'm being added to RBLs.

Seems that sendmail was properly configured for no open relay, but MS-SMTP is not.

Need assistance badly before I can't send email to anybody, any more.

Fred
fmartin@applicatorssales.com
25 REPLIES
Alex Lavrov.
Honored Contributor

Re: MS-SMTP help I'm being RBL'd

Here you go:
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6191AAE

Remove the previous version and install this one.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
Alex Lavrov.
Honored Contributor

Re: MS-SMTP help I'm being RBL'd

oops, sorry. replied to the wrong thread.

my apologies.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
Fred Martin_1
Valued Contributor

Re: MS-SMTP help I'm being RBL'd

That's too bad because I really need assistance :) ... no worries.
fmartin@applicatorssales.com
Andrew Cowan
Honored Contributor
Solution

Re: MS-SMTP help I'm being RBL'd

Are you sure that you are really on the RBH system?
Take a look at the various lists on this page: http://www.email-policy.com/Spam-black-lists.htm

The only way that I know of to clear yourself is to directly contact Spamhaus (et al) and explain that this was a mistake, and you have fixed your system.

The last time I went through this was several years ago, however the RBHS people reacted pretty quickly, and the mail started flowing again.
Fred Martin_1
Valued Contributor

Re: MS-SMTP help I'm being RBL'd

Yeah I'm certain, we're getting mail bounced back that names the list right in in. I sent them an email to ask to be removed and of course they bounced the email back because I'm on their list. Finally had to send an email to them from another account. That one removed me from the test list (NJABL) but now I'm on others.

And here's the thing, I've figured out why. I tried relaying with this scheme:

destination%domain@mydomain.com

...MS-STMP said it took the file for delivery. It did not actually relay, but it looks like it did. So I get on lists.

This has got to be repairable by config otherwise half the mail servers on the planet would be on the lists, no?
fmartin@applicatorssales.com
Fred Martin_1
Valued Contributor

Re: MS-SMTP help I'm being RBL'd

By the way I learned a lesson a few years ago, not to go to these sites and test your IP for open relays. Some of them add you to their list if it fails, and you just put yourself right on it.

The solution I think is to configure MS-SMTP properly, anyway. Just don't know how.
fmartin@applicatorssales.com
Andrew Cowan
Honored Contributor

Re: MS-SMTP help I'm being RBL'd

Ouch, I didn't experience the auto black-holling, but will be more carefull in future.

As for mailing the RBHS services, do they not have Internet based enquirey forms that you can fill in to cover this eventuality?

If not, simply use a personal email address that's outside the blocked domain, and I'm sure if you provide some information such as what caused the problem, and an alternative way to contact your company, e.g. fax, they'll respond favourabley.

Fred Martin_1
Valued Contributor

Re: MS-SMTP help I'm being RBL'd

Not the one I mentioned. I'd be curious to see what would happen, if someone out there also has MS-SMTP v.5 facing the the internet, if you try to relay using the scheme I've showed - does it accept as mine does? If not, I'd love to compare your settings to mine.
fmartin@applicatorssales.com
Fred Martin_1
Valued Contributor

Re: MS-SMTP help I'm being RBL'd

Here's the way I did the test. First you need an address to send the relay to. I used a hotmail account. Then from someplace on the internet, your home email lets say, log into your mail server with these commands:

telnet mydomain.com 25
helo
mail from: liar@spamfarm.com
rcpt to: account%hotmail.com@mydomain.com
data
this is a relay test
.
quit

If the server says it accepts the email for delivery, these RBLs can blacklist you. If the hotmail account actually gets the email then you are relaying it.

As I said - mine does not actually send it. You could argue that I'm being wrongly RBL'd but hey, the server said it took it for delivery.

Anyway I really don't feel like chasing down all the RBL lists, nor do I want to call all the domains that block me and ask to be whitelisted. Just want SMTP to behave.
fmartin@applicatorssales.com
Fred Martin_1
Valued Contributor

Re: MS-SMTP help I'm being RBL'd

I'm suprised at the lack of reponse to this, usually I get more from this forum. Let me ask something more specific then.

On the authentication page, are the following options:

[x] anonymous access
[x] basic authentication
.. [ ] requires TLS authentication
.. default domain: [ ]
[x] windows security package

I've read the docs, and I don't get it - both anonymous and basic are checked in my config. Shouldn't anonymous access and authentication be mutually exclusive?

fmartin@applicatorssales.com
Florian Heigl (new acc)
Honored Contributor

Re: MS-SMTP help I'm being RBL'd

No, they're not exclusive -
this is just an access setting which is coupled with relay settings.

It means anybody is allowed to connect to the virtual smtp server, and he is also allowed to handshake for authentication.

later on in the relay settings this means, that relaying is enabled for all computers/users that are successfully authenticated - so the mail server will accept mail from other servers but not relay it (anon) and will accept and relay mail from domain users abroad.

a few more things:
putting up a microsoft - based mail-filtering solution in from of a unix mail server is just not right.
I'm used to the scheme of putting a unix box in front of the windows server because of the various spam and relaying issues.

You might want to ask for hints in microsoft.public.exchange - I think this is the only place where internet-facing microsoft servers would be discussed without breaking to tears.

(otoh, I also run one as a testing ground)

also, most rbls DO email your postmaster account upon addition to their lists, but not add postmaster@domain.com but postmaster@ip.
actually this is a fair thing, as this account is stated neccessary in the RFCs.
actually exchange doesn't come with that account, and there's a great hassle adding it, according to what I read.

furthermore - no RBL will remove You just for asking them, this would render them very much useless for anyone using them.

the only logical conclusion would be changing Your mail setup, i.e. using some milter stuff in sendmail to forward the emails to the spam filter.

i.e.
WWW
|
sendmail ===== spamfilter
|
delivery

look, putting exchange in the middle of the internet is still arguable for a home user like I am, but it's far worse for a company.
You're just experiencing that, take the consequences.
yesterday I stood at the edge. Today I'm one step ahead.
Florian Heigl (new acc)
Honored Contributor

Re: MS-SMTP help I'm being RBL'd

apropos - the current access settings allowing 'BASIC' auth should never be used, the mean passwords will cross the network unencrypted.
Use a SSL certificate (commercial, or i.e. from cacert.org) with TLS authentication or disable basic and NTLM authentication if there is no remote access to this server.
yesterday I stood at the edge. Today I'm one step ahead.
Florian Heigl (new acc)
Honored Contributor

Re: MS-SMTP help I'm being RBL'd

Hi, have a short look at the attachment, I'm sorry it's in german, but the dialog looks the same in english ;)
those are the settings for no-relaying-for-anyone.
yesterday I stood at the edge. Today I'm one step ahead.
Fred Martin_1
Valued Contributor

Re: MS-SMTP help I'm being RBL'd

Florian,

Can you clear up something for me? Basically I want to accept mail from the internet side, but only relay mail for one machine, a protected mail server inside my network.

On the Relay Restrictions page, I put in the IP address for the protected server, and checked "only the list below". I'm assuming that's correct for what I just described.

Under that is the check box for "allow all computers which successfully authenticate to relay" ... am I correct in thinking that should be unchecked?
fmartin@applicatorssales.com
Florian Heigl (new acc)
Honored Contributor

Re: MS-SMTP help I'm being RBL'd

yes, it should be unchecked - but it won't help You solve the problem.

the problem is that MsSMTP accepts the 'wanne-be-spam' message and later drops/bounces it, which makes the RBL test think it really has relayed the message. (How should it think otherwise, when being told '...queued for deliviery')


I have a really hard time to think this appliance will be of any value for You.
yesterday I stood at the edge. Today I'm one step ahead.
Fred Martin_1
Valued Contributor

Re: MS-SMTP help I'm being RBL'd

By the way Florian, regarding your comment about the Microsoft/Unix thing, I would agree but here I have no choice. The anti-spam gateway (SpamLion) actually works quite well - but works in conjunction with MS-SMTP, so I had no choice. I think sendmail is a much more secure and reliable service as well.
fmartin@applicatorssales.com
Florian Heigl (new acc)
Honored Contributor

Re: MS-SMTP help I'm being RBL'd

If You need to use it, consider using it in parallel to sendmail as I laid out above.

I haven't created such a setup myself, so I can't tell You how it's done, but I know it is possible - You should get the most out of both systems.
yesterday I stood at the edge. Today I'm one step ahead.
Fred Martin_1
Valued Contributor

Re: MS-SMTP help I'm being RBL'd

Well, good news. The changes were made per your recommendations above:

Authentication Page: only "anon" is checked
On the relay page: unchecked "allow all computers"

And - now it does not appear to relay any longer.

I'm sure I will eventually be tested again and removed from the RBLs.
fmartin@applicatorssales.com
Fred Martin_1
Valued Contributor

Re: MS-SMTP help I'm being RBL'd

Looks like I spoke too soon. The test case I describe above, using this addressing scheme:

rcpt to: account%hotmail.com@mydomain.com

...that one still says it is queued for delivery - even tho it isn't.

I'm sure there are lots of MS-SMTP servers facing the internet, can it be that they are -all- blocked by the RBLs?

Anyone have experience with newer versions of MS-SMTP, than 5.0? Are they any better as regards this open relay thing?

fmartin@applicatorssales.com
Florian Heigl (new acc)
Honored Contributor

Re: MS-SMTP help I'm being RBL'd

Fred,

please compile a short overview of the changes You did and the situation You're in and head over to the official microsoft.public.exchange group
(via google: http://groups.google.com/groups?hl=en&lr=&group=microsoft.public.exchange.admin)
and post a summary with the example test that is still being queued, maybe there is some registry settting to influence the behaviour.

actually, many of those servers are really RBLd, but the admins don't even notice - You shouldn't expect anything to be sane in those environments. also, when they notice, they'll adapt their setup, not before - so there is a constant number of systems blacklisted, and a constant number that got fixed somehow (just stating my personal experience)

also, most Blacklist offer a website to re-issue a check of Your host to shorten the time of removal. (the point is: 'If there is a real maintainer, he'll get it removed by this means, if there is none, the system better stays on the list until the owner got someone to maintain the server')

At abuse.net there is a relay test script for testing purposes, thus it won't get You blacklisted.
You can use it for further tests:
http://www.abuse.net/relay.html


Good luck ;)
yesterday I stood at the edge. Today I'm one step ahead.
Florian Heigl (new acc)
Honored Contributor

Re: MS-SMTP help I'm being RBL'd

Ah, look, I just re-tested my system, and this is the typical MS-SMTP-problem I never got rid of, and this somewhat similar to Yours. (At work, this was the point when we put a OpenBSD/Spamassassin/Spamd box in front of the exchange servers)


From abuse.net/relay.html:
"
Relay test 8
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:
<<< 250 2.1.0 spamtest@[62.138.60.51]....Sender OK
>>> RCPT TO:<"securitytest@abuse.net">
<<< 250 2.1.5 "securitytest@abuse.net"@blutmeer.dyndns.org

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

Some systems appear to accept relay mail, but then reject messages internally rather than delivering them, but you cannot tell at this point whether the message will be relayed or not."

Their point is absolutely correct - they mail is being dropped in the end, it ends up in c:\program files\exchsvr\vsiroot\bad mail or whereever the bad mail directory is set too.

The problem is that a mail server shouldn't say that he'll relay something if he doesn't, so I understand the spamcop|spamhaus|etc people's point, even if it's annoying. when this were a hp-ux behaviour I'd try to get a change request on it's way, with MS I just feel there's no help.

yesterday I stood at the edge. Today I'm one step ahead.
Fred Martin_1
Valued Contributor

Re: MS-SMTP help I'm being RBL'd

I agree even though SMTP is saying it accepted the email, it may not actually be an open relay. No solice though, if the RBL lists ignore that and blacklist you anyway.

This is a fairly serious buisness situation for us, I get helpdesk calls nearly daily now from people that can't send email to old familiar contacts.

I don't suppose there's a newer version of MS-ESMTP for Win2K, that behaves better than ver.5.0.xxx ?
fmartin@applicatorssales.com
Florian Heigl (new acc)
Honored Contributor

Re: MS-SMTP help I'm being RBL'd

There might be a different MS-SMTP version with Exchange 2003 - I do not do if You are having relevant problems through this, do something:
- open a call with the appliances vendor
- open a call with microsoft
- get a good microsoft exchange consultancy that is able to resolve the problem
- try to compile a list where You are blacklisted, and gather their mechanism to unlist You again.
>>>>- collect data of remote (customer) sites that blocked You and if it's only a handful try to inform their admins so that they simply whitelist You. This would restore Your service until the appliance is working properly-<<<<

I think You should calculate two days until everything is resolved.
yesterday I stood at the edge. Today I'm one step ahead.
Fred Martin_1
Valued Contributor

Re: MS-SMTP help I'm being RBL'd

Now the good news - as I said I made the changes per your recommendations, but self-tests still failed in certain cases.

However, next I contacted the RBL lists in question (spamhaus.org, dsbl.org, ordb.org and a few others). I filled out forms etc. and asked to be re-tested and/or removed.

This morning, I appear to be in the clear. Not on any lists that I can find.

So, your setting recommendations are correct. And even though I appear to relay in certain cases, the RBL tests are clever enough to know this. DSBL in particular says that they actually attempt to receive a relayed email, and only block you if they get it. Fair enough.
fmartin@applicatorssales.com