If you run your mail on a dynamic IP…
In case you didn’t know, I’m running this website and email domain on my cable modem. A few weeks ago I upgraded the box, which also resulted in a new address.
Now, dealing with a dynamic address is easy enough, I use Zone Edit for free DNS hosting, and ddclient to automagically update the records in the event the address changes.
However, something I’ve since learned is that when you get a new address, check to see if you are blacklisted.
I’ve dealt with being blacklisted before on non static IPs, when a mail server was found to be an open relay. It’s always been a pain to get off — once you find out which site is blacklisting you, you visit their page, request a retest, and wait.
However, these days there are dozens of blacklists, each with varying criteria for getting on to their list. This time around, the IP I picked up seemed to have an open proxy and open SOCKS servers. I didn’t notice until someone who I gave an alias to let me know he was having problems.
After checking into it, I found out that in early February there were problems reported from the address I inherited, and I was on 7 blacklists. After visiting each page and requesting a retest, I’m still waiting for 6 of them to perform the test. The one I did manage to get on tested me quickly, but the procedure involved sending the output of one web page to an email address, responding to that email with another key, and then visiting a web page. This had to be done per service, and I had 3 services that were flagged as problematic.
This is a big reason I don’t like blacklists. People who manage to get themselves on there have a hell of a time getting off. Reading through the FAQs on the various pages seem to indicate that I’ve committed a horrendous crime. There are a lot of admins out there that may not know they are on a list, or may have fixed the problems but not know how to get off. There don’t seem to be periodic retests either, it has to be manually put in.
To check if you are on blacklists, you can go to
http://www.senderbase.org/
http://openrbl.org
and put in your address.
To test if you are an open mail relay, telnet to relay-test.mail-abuse.org from your mail server, it will connect back.
Also make sure you have a working postmaster and abuse alias on your site, as some of the relays are kind enough to send a message. Remember, though, that they will be sending to your dynamic hostname rather than your regular domain, so make sure you accept mail for that host. Ie, my current IP means I have to accept mail for the h24-76-10-54.wp.shawcable.net domain. Sendmail users put this in /etc/mail/local-host-names or whatever is specified in the CW line in sendmail.cf.
why not just reboot the box/modem and get a new ip? I seems like a lot less trouble to me…
May 3rd, 2004 at 9:30 pmA reboot wouldn’t get me a new address… I’d have to turn it off for a few hours at least (in the 3 or so years I’ve had this service, the only time I’ve changed addresses was when they split my node)
My other thought was to change the MAC on the card and get a new address that way, but by that time, I was off most of the lists anyway.
Sean
May 3rd, 2004 at 9:34 pmHi Sean,
It takes lot of effort and time to put together such valuable knowledge for the world to read. Thanks for doing it.
Though, I understand that there would be lots of articles on setting up a web/mail server at home running on DSL/Cable connections, I was just wondering if it’d be possible to learn it from your experience. Could you kindly post an article on how you did it and also on how to secure such a set-up.
Regards,
August 15th, 2004 at 2:16 amN
Very interesting. Thanks for the tip about relay-test.mail-abuse.org. I also run a mail server behind a cable modem, but I am on a static IP addr. I really don’t want that to get into a blacklist.
November 16th, 2004 at 11:13 am