Re: Avoiding spam blacklists
On 2017-01-11 (12:20 MST), Larry Kuenning wrote: > > Excuse my ignorance, but isn't this whole discussion of "/128" based on the > assumption that this notation means a block of 2^128 addresses? No, a /128 is a single IP out of the 2^128 block space. Just like a single IPv4 is a /32, while a “class A” is /8. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
Re: Avoiding spam blacklists
> Larry Kuenning kirjoitti 11.01.2017 kello 21:20: > > Excuse my ignorance, but isn't this whole discussion of "/128" based on the > assumption that this notation means a block of 2^128 addresses? And isn't > 2^128 the size of the entire IPv6 address space? There would be nothing left > over after designating a block of that size. > > Doesn't "/128" mean a block of 2^7 addresses, i.e. just 128? OT, but in short: /128 means the count of ones in the bitmask. For IPv6 /128 means a single address - like /32 means in IPv4. The ones in the bitmask denote the bits belonging to the address provider upstream (e.g. ISP). /128 means all of the bits are out of your hands, you have only a single address. I have /64 which means I can subnet the last 64 bits as I see fit. -- Cheers Petri GSM +358 400 505 939
Re: Avoiding spam blacklists
Excuse my ignorance, but isn't this whole discussion of "/128" based on the assumption that this notation means a block of 2^128 addresses? And isn't 2^128 the size of the entire IPv6 address space? There would be nothing left over after designating a block of that size. Doesn't "/128" mean a block of 2^7 addresses, i.e. just 128? On 1/11/2017 1:18 PM, @lbutlr wrote: On 2017-01-10 (09:16 MST), Jan Ceuleers wrote: On 09/01/17 21:06, @lbutlr wrote: 640K RAM ought to be enough for everybody. No even similar. The address space for 128bit is in the general neighborhood of the number of atoms in the universe. Sorry, that's 256 bits. 128 bits is the number of stars in 100,000,000,000,000,000 universes. All I'm saying is that "we" might merely not yet have thought of how end users might be able to make use of a plethora of IP addresses. That’s not relevant at all to Linode assigning a /128 IP to a machine. -- Larry Kuenning la...@qhpress.org
Re: Avoiding spam blacklists
On 2017-01-10 (09:16 MST), Jan Ceuleers wrote: > > On 09/01/17 21:06, @lbutlr wrote: >> 640K RAM ought to be enough for everybody. >>> No even similar. The address space for 128bit is in the general >>> neighborhood of the number of atoms in the universe. >> Sorry, that's 256 bits. 128 bits is the number of stars in >> 100,000,000,000,000,000 universes. > All I'm saying is that "we" might merely not yet have thought of how end > users might be able to make use of a plethora of IP addresses. That’s not relevant at all to Linode assigning a /128 IP to a machine. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
Re: Avoiding spam blacklists
On 09/01/17 21:06, @lbutlr wrote: > 640K RAM ought to be enough for everybody. >> No even similar. The address space for 128bit is in the general neighborhood >> of the number of atoms in the universe. > Sorry, that's 256 bits. 128 bits is the number of stars in > 100,000,000,000,000,000 universes. All I'm saying is that "we" might merely not yet have thought of how end users might be able to make use of a plethora of IP addresses. And the uses that "we" do come up with might be wasteful (such as determining certain fields of assigned IPv6 addresses by making them up (i.e. using random bits)), such that the address space is being used only (very) sparsely). Anyway, probably off-topic.
Re: Avoiding spam blacklists
> On 09 Jan 2017, at 12:28, @lbutlr wrote: > > On 09 Jan 2017, at 10:50, Jan Ceuleers wrote: >> On 09/01/17 16:58, @lbutlr wrote: >>> (1.8x10E19 is enough address space for every single person on the planet to >>> have two and a half billion IPs to themselves). >> 640K RAM ought to be enough for everybody. > > No even similar. The address space for 128bit is in the general neighborhood > of the number of atoms in the universe. Sorry, that's 256 bits. 128 bits is the number of stars in 100,000,000,000,000,000 universes. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
Re: Avoiding spam blacklists
On 09 Jan 2017, at 10:50, Jan Ceuleers wrote: > On 09/01/17 16:58, @lbutlr wrote: >> (1.8x10E19 is enough address space for every single person on the planet to >> have two and a half billion IPs to themselves). > 640K RAM ought to be enough for everybody. No even similar. The address space for 128bit is in the general neighborhood of the number of atoms in the universe. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
Re: Avoiding spam blacklists
On 09/01/17 16:58, @lbutlr wrote: > (1.8x10E19 is enough address space for every single person on the planet to > have two and a half billion IPs to themselves). 640K RAM ought to be enough for everybody.
Re: Avoiding spam blacklists
On 29 Dec 2016, at 03:53, Peter wrote: > Linode assigns a single static IPv6 /128 That seems like incorrect behavior. 2^64 is 1.8 10E19 addresses. There is absolutely no reason to mask to 128bits, it's absurd. (1.8x10E19 is enough address space for every single person on the planet to have two and a half billion IPs to themselves). -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.
Re: Avoiding spam blacklists
On 2016-12-28 09:36, Alice Wonder wrote: On 12/28/2016 12:28 AM, John Fawcett wrote: On 12/28/2016 08:32 AM, Alice Wonder wrote: Virtual machine for a web application, it is still in testing. reverse DNS is properly set up. Postfix only listens on the local host. Linux firewall drops anything not to port 80, 443, or a custom high number port I use for SSH. This postfix is not an open relay, or a relay for anything on the Internet, it only exists so the web application can send e-mail. SPF for the domain is correctly set up, DKIM for the host is correctly set up, when it sends an e-mail and I inspect it - it passes the rDNS, SPF, and DKIM checks. So far it has only sent e-mails to addresses I control as the web application is still in testing. Yet yesterday the IP address ended up on Spamhaus blacklist. I am 100% confident that no one else was sending e-mail from that IP address, I'm a bit puzzled as to how the IP address got added to the blacklist, but I was told that Spamhaus sometimes just adds an entire subnet if more than one IP on the subnet was sending spam, and that's probably what happened. I think that is irresponsible of Spamhaus if that is what they are doing, but is there something more I can do other than correct rDNS, SPF, and DKIM to avoid getting on a blacklist? if you know which of the spamhaus lists it was you can check out its policy. Each list has its own specific criteria. Also if you were recently assigned the ip the listing may predate your activity. John The IP is relatively new to me, about two months, but it was not on the list before as I use Spamhaus on my other mail servers and mail from it was not being rejected until yesterday. I did go through the manual removal process and that worked, but I'm worried about it happening again. So what dis Spamhaus say? Why is your IP listed? Did you actually mass mail?
Re: Avoiding spam blacklists
On 29/12/16 01:32, John Fawcett wrote: >> The IP is relatively new to me, about two months, but it was not on >> the list before as I use Spamhaus on my other mail servers and mail >> from it was not being rejected until yesterday. >> >> I did go through the manual removal process and that worked, but I'm >> worried about it happening again. > > One thing that is worth noting is that blocking of ipv6 addresses is > going to be done generally not at the lowest level since that will > create a lot of entries. Spamhaus are listing at /64 range. That is > compliant with the ipv6 space that end users should get as a minimum > allocation. However, not all providers adhere to the minimum allocation. > For example one of my providers gives me a single ipv6 /128 address. > That means that anyone else in the /64 could get my ip blocked. This is likely what happened. Linode assigns a single static IPv6 /128 by default, but you can request a /64 free of charge. For an email server I would recommend you do this or you will have problems. Peter
Re: Avoiding spam blacklists
On 12/28/2016 09:36 AM, Alice Wonder wrote: > On 12/28/2016 12:28 AM, John Fawcett wrote: >> On 12/28/2016 08:32 AM, Alice Wonder wrote: >>> Virtual machine for a web application, it is still in testing. >>> >>> reverse DNS is properly set up. >>> Postfix only listens on the local host. >>> Linux firewall drops anything not to port 80, 443, or a custom high >>> number port I use for SSH. >>> >>> This postfix is not an open relay, or a relay for anything on the >>> Internet, it only exists so the web application can send e-mail. >>> >>> SPF for the domain is correctly set up, DKIM for the host is correctly >>> set up, when it sends an e-mail and I inspect it - it passes the rDNS, >>> SPF, and DKIM checks. >>> >>> So far it has only sent e-mails to addresses I control as the web >>> application is still in testing. >>> >>> Yet yesterday the IP address ended up on Spamhaus blacklist. >>> >>> I am 100% confident that no one else was sending e-mail from that IP >>> address, I'm a bit puzzled as to how the IP address got added to the >>> blacklist, but I was told that Spamhaus sometimes just adds an entire >>> subnet if more than one IP on the subnet was sending spam, and that's >>> probably what happened. >>> >>> I think that is irresponsible of Spamhaus if that is what they are >>> doing, but is there something more I can do other than correct rDNS, >>> SPF, and DKIM to avoid getting on a blacklist? >> >> if you know which of the spamhaus lists it was you can check out its >> policy. Each list has its own specific criteria. Also if you were >> recently assigned the ip the listing may predate your activity. >> >> John >> > > The IP is relatively new to me, about two months, but it was not on > the list before as I use Spamhaus on my other mail servers and mail > from it was not being rejected until yesterday. > > I did go through the manual removal process and that worked, but I'm > worried about it happening again. One thing that is worth noting is that blocking of ipv6 addresses is going to be done generally not at the lowest level since that will create a lot of entries. Spamhaus are listing at /64 range. That is compliant with the ipv6 space that end users should get as a minimum allocation. However, not all providers adhere to the minimum allocation. For example one of my providers gives me a single ipv6 /128 address. That means that anyone else in the /64 could get my ip blocked. John
Re: Avoiding spam blacklists
Alice Wonder: > Static IP, Linode. Only the IPv6 was listed, the IPv4 was not, but it > seems that postfix usually chooses IPv6 when the receiving MX resolves > on IPv6. And that's probably the correct behavior. smtp_address_preference (default: any) ... Postfix SMTP client address preference has evolved. With Postfix 2.8 the default is "ipv6"; earlier implementations are hard-coded to prefer IPv6 over IPv4. The reason to use "any" is so that mail won't get stuck, as long as at least one IP protocol (Postfix mission is to deliver mail, not to enforce preferences for a specific protocol). Wietse
Re: Avoiding spam blacklists
I'm on Digital Ocean, which is basically similar to Linode. You can just get a new IP and maybe have better luck. That is employ the "V" in VPS. For a brief period you will be charged for two VPS. Digital Ocean charges by the hour (like a seedy motel). Probably Linode is similar. The reason I haven't done this myself is I need to do the DNS setup again for the new IP. I'm on a seldom used RBL called spamrl.com. Truly incompetent organization. I tell them that I'm clear on 90+ RBLs, but they don't care. Their system is perfect. ;-) But I can pay 20€ a month to be on a white list! Spamrl.com isn't even on the mxtool checker. Original Message From: Alice Wonder Sent: Tuesday, December 27, 2016 11:32 PM To: Postfix users Subject: Avoiding spam blacklists Virtual machine for a web application, it is still in testing. reverse DNS is properly set up. Postfix only listens on the local host. Linux firewall drops anything not to port 80, 443, or a custom high number port I use for SSH. This postfix is not an open relay, or a relay for anything on the Internet, it only exists so the web application can send e-mail. SPF for the domain is correctly set up, DKIM for the host is correctly set up, when it sends an e-mail and I inspect it - it passes the rDNS, SPF, and DKIM checks. So far it has only sent e-mails to addresses I control as the web application is still in testing. Yet yesterday the IP address ended up on Spamhaus blacklist. I am 100% confident that no one else was sending e-mail from that IP address, I'm a bit puzzled as to how the IP address got added to the blacklist, but I was told that Spamhaus sometimes just adds an entire subnet if more than one IP on the subnet was sending spam, and that's probably what happened. I think that is irresponsible of Spamhaus if that is what they are doing, but is there something more I can do other than correct rDNS, SPF, and DKIM to avoid getting on a blacklist?
Re: Avoiding spam blacklists
Static IP, Linode. Only the IPv6 was listed, the IPv4 was not, but it seems that postfix usually chooses IPv6 when the receiving MX resolves on IPv6. And that's probably the correct behavior. On 12/28/2016 12:18 AM, Dominic Raferd wrote: Is your mailserver's external ip static or dynamic? I am afraid that mail servers from dynamic ips always get listed as spambots even when using SPF, DKIM, correct rDNS etc. The solutions in this case are either to get your isp to allocate to you a static ip (not all isps offer this however), set up another mail server at a new location with static ip (e.g. vps), or use a relayhost through which postfix can send your outgoing mails. Usually your isp will provide a relayhost. This relayhost won't be bothered that you are sending from a dynamic ip and the servers onto which it sends your mails will be concerned about the relayhost's ip (which will be static), not yours. On 28 December 2016 at 07:32, Alice Wonder wrote: Virtual machine for a web application, it is still in testing. reverse DNS is properly set up. Postfix only listens on the local host. Linux firewall drops anything not to port 80, 443, or a custom high number port I use for SSH. This postfix is not an open relay, or a relay for anything on the Internet, it only exists so the web application can send e-mail. SPF for the domain is correctly set up, DKIM for the host is correctly set up, when it sends an e-mail and I inspect it - it passes the rDNS, SPF, and DKIM checks. So far it has only sent e-mails to addresses I control as the web application is still in testing. Yet yesterday the IP address ended up on Spamhaus blacklist. I am 100% confident that no one else was sending e-mail from that IP address, I'm a bit puzzled as to how the IP address got added to the blacklist, but I was told that Spamhaus sometimes just adds an entire subnet if more than one IP on the subnet was sending spam, and that's probably what happened. I think that is irresponsible of Spamhaus if that is what they are doing, but is there something more I can do other than correct rDNS, SPF, and DKIM to avoid getting on a blacklist?
Re: Avoiding spam blacklists
On 12/28/2016 12:28 AM, John Fawcett wrote: On 12/28/2016 08:32 AM, Alice Wonder wrote: Virtual machine for a web application, it is still in testing. reverse DNS is properly set up. Postfix only listens on the local host. Linux firewall drops anything not to port 80, 443, or a custom high number port I use for SSH. This postfix is not an open relay, or a relay for anything on the Internet, it only exists so the web application can send e-mail. SPF for the domain is correctly set up, DKIM for the host is correctly set up, when it sends an e-mail and I inspect it - it passes the rDNS, SPF, and DKIM checks. So far it has only sent e-mails to addresses I control as the web application is still in testing. Yet yesterday the IP address ended up on Spamhaus blacklist. I am 100% confident that no one else was sending e-mail from that IP address, I'm a bit puzzled as to how the IP address got added to the blacklist, but I was told that Spamhaus sometimes just adds an entire subnet if more than one IP on the subnet was sending spam, and that's probably what happened. I think that is irresponsible of Spamhaus if that is what they are doing, but is there something more I can do other than correct rDNS, SPF, and DKIM to avoid getting on a blacklist? if you know which of the spamhaus lists it was you can check out its policy. Each list has its own specific criteria. Also if you were recently assigned the ip the listing may predate your activity. John The IP is relatively new to me, about two months, but it was not on the list before as I use Spamhaus on my other mail servers and mail from it was not being rejected until yesterday. I did go through the manual removal process and that worked, but I'm worried about it happening again.
Re: Avoiding spam blacklists
On 12/28/2016 08:32 AM, Alice Wonder wrote: > Virtual machine for a web application, it is still in testing. > > reverse DNS is properly set up. > Postfix only listens on the local host. > Linux firewall drops anything not to port 80, 443, or a custom high > number port I use for SSH. > > This postfix is not an open relay, or a relay for anything on the > Internet, it only exists so the web application can send e-mail. > > SPF for the domain is correctly set up, DKIM for the host is correctly > set up, when it sends an e-mail and I inspect it - it passes the rDNS, > SPF, and DKIM checks. > > So far it has only sent e-mails to addresses I control as the web > application is still in testing. > > Yet yesterday the IP address ended up on Spamhaus blacklist. > > I am 100% confident that no one else was sending e-mail from that IP > address, I'm a bit puzzled as to how the IP address got added to the > blacklist, but I was told that Spamhaus sometimes just adds an entire > subnet if more than one IP on the subnet was sending spam, and that's > probably what happened. > > I think that is irresponsible of Spamhaus if that is what they are > doing, but is there something more I can do other than correct rDNS, > SPF, and DKIM to avoid getting on a blacklist? if you know which of the spamhaus lists it was you can check out its policy. Each list has its own specific criteria. Also if you were recently assigned the ip the listing may predate your activity. John
Re: Avoiding spam blacklists
Is your mailserver's external ip static or dynamic? I am afraid that mail servers from dynamic ips always get listed as spambots even when using SPF, DKIM, correct rDNS etc. The solutions in this case are either to get your isp to allocate to you a static ip (not all isps offer this however), set up another mail server at a new location with static ip (e.g. vps), or use a relayhost through which postfix can send your outgoing mails. Usually your isp will provide a relayhost. This relayhost won't be bothered that you are sending from a dynamic ip and the servers onto which it sends your mails will be concerned about the relayhost's ip (which will be static), not yours. On 28 December 2016 at 07:32, Alice Wonder wrote: > Virtual machine for a web application, it is still in testing. > > reverse DNS is properly set up. > Postfix only listens on the local host. > Linux firewall drops anything not to port 80, 443, or a custom high number > port I use for SSH. > > This postfix is not an open relay, or a relay for anything on the Internet, > it only exists so the web application can send e-mail. > > SPF for the domain is correctly set up, DKIM for the host is correctly set > up, when it sends an e-mail and I inspect it - it passes the rDNS, SPF, and > DKIM checks. > > So far it has only sent e-mails to addresses I control as the web > application is still in testing. > > Yet yesterday the IP address ended up on Spamhaus blacklist. > > I am 100% confident that no one else was sending e-mail from that IP > address, I'm a bit puzzled as to how the IP address got added to the > blacklist, but I was told that Spamhaus sometimes just adds an entire subnet > if more than one IP on the subnet was sending spam, and that's probably what > happened. > > I think that is irresponsible of Spamhaus if that is what they are doing, > but is there something more I can do other than correct rDNS, SPF, and DKIM > to avoid getting on a blacklist?
Avoiding spam blacklists
Virtual machine for a web application, it is still in testing. reverse DNS is properly set up. Postfix only listens on the local host. Linux firewall drops anything not to port 80, 443, or a custom high number port I use for SSH. This postfix is not an open relay, or a relay for anything on the Internet, it only exists so the web application can send e-mail. SPF for the domain is correctly set up, DKIM for the host is correctly set up, when it sends an e-mail and I inspect it - it passes the rDNS, SPF, and DKIM checks. So far it has only sent e-mails to addresses I control as the web application is still in testing. Yet yesterday the IP address ended up on Spamhaus blacklist. I am 100% confident that no one else was sending e-mail from that IP address, I'm a bit puzzled as to how the IP address got added to the blacklist, but I was told that Spamhaus sometimes just adds an entire subnet if more than one IP on the subnet was sending spam, and that's probably what happened. I think that is irresponsible of Spamhaus if that is what they are doing, but is there something more I can do other than correct rDNS, SPF, and DKIM to avoid getting on a blacklist?
