Sean’s Obsessions

Sean Walberg’s blog

If You Run Your Mail on a Dynamic IP…

In case you didn’t know, I’m running this website and email domain on my cable modem. A few weeks ago I upgraded the box, which also resulted in a new address.

Now, dealing with a dynamic address is easy enough, I use Zone Edit for free DNS hosting, and ddclient to automagically update the records in the event the address changes.

However, something I’ve since learned is that when you get a new address, check to see if you are blacklisted.

I’ve dealt with being blacklisted before on non static IPs, when a mail server was found to be an open relay. It’s always been a pain to get off – once you find out which site is blacklisting you, you visit their page, request a retest, and wait.

However, these days there are dozens of blacklists, each with varying criteria for getting on to their list. This time around, the IP I picked up seemed to have an open proxy and open SOCKS servers. I didn’t notice until someone who I gave an alias to let me know he was having problems.

After checking into it, I found out that in early February there were problems reported from the address I inherited, and I was on 7 blacklists. After visiting each page and requesting a retest, I’m still waiting for 6 of them to perform the test. The one I did manage to get on tested me quickly, but the procedure involved sending the output of one web page to an email address, responding to that email with another key, and then visiting a web page. This had to be done per service, and I had 3 services that were flagged as problematic.

This is a big reason I don’t like blacklists. People who manage to get themselves on there have a hell of a time getting off. Reading through the FAQs on the various pages seem to indicate that I’ve committed a horrendous crime. There are a lot of admins out there that may not know they are on a list, or may have fixed the problems but not know how to get off. There don’t seem to be periodic retests either, it has to be manually put in.

To check if you are on blacklists, you can go to

http://www.senderbase.org/
http://openrbl.org

and put in your address.

To test if you are an open mail relay, telnet to relay-test.mail-abuse.org from your mail server, it will connect back.

Also make sure you have a working postmaster and abuse alias on your site, as some of the relays are kind enough to send a message. Remember, though, that they will be sending to your dynamic hostname rather than your regular domain, so make sure you accept mail for that host. Ie, my current IP means I have to accept mail for the h24-76-10-54.wp.shawcable.net domain. Sendmail users put this in /etc/mail/local-host-names or whatever is specified in the CW line in sendmail.cf.

Comments

I’m trying something new here. Talk to me on Twitter with the button above, please.