Results 1 to 13 of 13
Thread: Just me or is my IP dirty?
-
03-23-2010, 10:36 AM #1Junior Guru Wannabe
- Join Date
- Jan 2004
- Location
- Northeast
- Posts
- 60
Just me or is my IP dirty?
OK, so I just setup a fresh VPS as a mail server for a administrative contacts for a number of Wordpress sites I host - on multiple VPS's.
Got everything setup with proper virtual mapping in my postfix server setup. Intitial test emails to GMail, Yahoo, Hotmail, etc. indicate that mail is being sent and recieved. Spamassasin is working properly on my side. Some email is understandably treated as spam on the recieving servers as my reverse DNS PTR records hadn't propagated yet. However, I noticed that some test emails where I had CC'd my ISP mail account were not showing up at all - not even in the spam folder.
So, I check the mail log on my VPS and see the following error for mail sent to my ISP mail server:
ERROR: Mail refused - <my.vps.ip> - See http://www.mail-abuse.org/cgi-bin/lookup?my.vps.ip
The IP address my.vps.ip does appear on the following database managed by Trend Micro's Network Reputation Services.
Database Entry Action
DUL my.vps.ip Remove
Please see the linked web pages for further information about the database, contact information, why the address is listed, and how to get it removed, if applicable.
Please note: These databases are based on IP addresses; they do not use host or domain names.
I then decide to run it through some IP blacklist checkers and sure enough the IP shows up, although just a single record. I then reply to my ticket asking for a "what's up" and the reply I get was that it's because the rDNS PTR record hadn't propagated yet. Also, they tell me not to worry because the IP does not show up as blacklisted at dnsbl(.)info, so most likely I haven't set up my SMTP correctly.
OK, so I try a test email to the same server from another VPS of mine with no rDNS set up. I get the following error in my mail log:
421 4.7.1 - Connection refused. Cannot resolve PTR record for my.other.vps.ip
The IP does come up clean at dnsbl(.)info - the few others I tried were mxtoolbox(.)com and myiptest(.)com and the IP was blacklisted at both.
Looking for opinions -
1) My VPS provider gave me a dirty IP, I should request a new one
2) This is operator error on my part. I should wait out the rDNS propagation and look into my SMTP settings.
-
03-23-2010, 10:58 AM #2Aspiring Evangelist
- Join Date
- Mar 2010
- Location
- Ireland
- Posts
- 412
It is very likely that somebody was using the same ip before the best option is to contact trend micro as advised and ask for the ip to be removed from their list and monitor your email account the fact that the ip is not listed dnsbl.info means it probably wasn't used to send huge amounts of spam so you should be fairly ok.
European Xen based VPS Hosting
Linux VPS Hosting | 1Gb Uplink
Wide range of distribution and turn-key applications available.
-
03-23-2010, 11:22 AM #3Web Hosting Master
- Join Date
- Feb 2010
- Location
- Maryville Tennessee
- Posts
- 1,904
Contact your service provider and explain to them that you were given an IP that had obviously been used before you, and that it has been blacklisted. They should have no problem giving your VPS a new IP, since it was their fault.
-
03-24-2010, 10:55 AM #4Junior Guru Wannabe
- Join Date
- Jan 2004
- Location
- Northeast
- Posts
- 60
Host issued me a new IP after having to argue my case a little harder. All is well now.
Something to consider in the future - I'm sure that a lot of these hosts experience a high turnover and I'm sure that there are many accounts setup where users are engaged in questionable activity. Some good links posted above to check you IP's before going too far into your setups. Perhaps there's more that folks would care to add. An eye opening experience for me for sure.
-
03-24-2010, 11:03 AM #5Aspiring Evangelist
- Join Date
- Mar 2010
- Location
- Ireland
- Posts
- 412
You are right however most of this lists provide easy remove option if your server is fixed. in most cases it is enough to put your ip address in some post field. Also the fact that IP addresses are quite valuable resource nowadays nobody can expect to get a new one sometimes even pools that hosting providers receive were utilised before somewhere else.
European Xen based VPS Hosting
Linux VPS Hosting | 1Gb Uplink
Wide range of distribution and turn-key applications available.
-
03-24-2010, 11:31 AM #6Junior Guru Wannabe
- Join Date
- Jan 2004
- Location
- Northeast
- Posts
- 60
Yes, however some of these lists say upfront that it could take days to clear. Also, in my case I had to read my mail log files to find out why I was being blocked - doesn't come up in any of those other lists. Easily missed if you are not monitoring your logs - how would you like a client to let you know that they're not getting your mail because your IP is blacklisted? I really don't think it's my responsibilty to sweep up this crap. I think screening an IP as soon as you are provided your details is key.
-
03-24-2010, 11:43 AM #7Aspiring Evangelist
- Join Date
- Mar 2010
- Location
- Ireland
- Posts
- 412
You are right but I wouldn't ever leave mail server or any other logs unmonitored, of course you should use some log parsing software rather than doing it by hand. But if you leave it if from any reason you will end up on the list again you wouldn't even notice.
European Xen based VPS Hosting
Linux VPS Hosting | 1Gb Uplink
Wide range of distribution and turn-key applications available.
-
04-27-2010, 12:41 AM #8Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
Trend Micro Dynamic User List (DUL)
I just ordered a new VPS from LiquidWeb yesterday and all 4 of my IPs are on this list which prevents me from getting any e-mails to my main e-mail address.
I spoke with LiquidWeb's tech support and they informed me to contact my ISP to get the IPs fixed. I assume that the bad IPs are that of the sending mail server and not the receiving mail server correct?
I submitted the IPs for removal myself but I just got an automated reply telling me to contact the ASN owners. Is there anything else I can do to hopefully remedy this or is this something only LiquidWeb can fix?-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
04-27-2010, 01:12 AM #9Web Hosting Master
- Join Date
- Jun 2006
- Location
- Lansing, Michigan
- Posts
- 649
Travis Stoliker
Liquid Web - Dedicated Hosting with Heroic Support
StormOnDemand - Flexible Cloud Hosting Infrastructure
1-800-580-4985 | Twitter: @liquidweb | @StormOnDemand
-
04-27-2010, 01:33 AM #10Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
Ticket #: 2114962
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
04-27-2010, 01:45 AM #11Web Hosting Master
- Join Date
- Jun 2006
- Location
- Lansing, Michigan
- Posts
- 649
Joe,
A supervisor is working on your issue now.
Thank you,
-
04-27-2010, 05:10 AM #12Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
Problem resolved for me. LiquidWeb staff contacted Trend directly and a human actually reviewed the IP versus the automated system I was stuck dealing with.
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
04-27-2010, 05:19 AM #13New Member
- Join Date
- Apr 2010
- Posts
- 1
Hello World!
For those of you finding this thread via the search: When dealing with Trend Micro it is important to remember that in addition to the rDNS and WHOIS being required, you'll also need to be sure that the MX, A, and NS records are complete and that the values stored there also have complete matching 'A' records.
Glad to hear it is working for you ZKuJoe- Please let me know if you need anything else.
Similar Threads
-
Down and Dirty Billing!!!
By TCP/IP Warrior in forum Hosting Software and Control PanelsReplies: 2Last Post: 10-19-2006, 05:21 PM -
Dirty Bomb
By ALGORYTHM in forum Web Hosting LoungeReplies: 1Last Post: 01-15-2005, 10:28 AM -
Dirty Minds
By FredTT in forum Web Hosting LoungeReplies: 68Last Post: 01-05-2004, 11:21 PM -
dirty way to do it ...
By denisdekat in forum Hosting Security and TechnologyReplies: 0Last Post: 07-01-2002, 01:12 PM