Results 1 to 13 of 13
  1. #1
    Join Date
    Jan 2004
    Location
    Northeast
    Posts
    60

    Just me or is my IP dirty?

    OK, so I just setup a fresh VPS as a mail server for a administrative contacts for a number of Wordpress sites I host - on multiple VPS's.

    Got everything setup with proper virtual mapping in my postfix server setup. Intitial test emails to GMail, Yahoo, Hotmail, etc. indicate that mail is being sent and recieved. Spamassasin is working properly on my side. Some email is understandably treated as spam on the recieving servers as my reverse DNS PTR records hadn't propagated yet. However, I noticed that some test emails where I had CC'd my ISP mail account were not showing up at all - not even in the spam folder.

    So, I check the mail log on my VPS and see the following error for mail sent to my ISP mail server:

    ERROR: Mail refused - <my.vps.ip> - See http://www.mail-abuse.org/cgi-bin/lookup?my.vps.ip
    So I go to the link in the error message and see the following:


    The IP address my.vps.ip does appear on the following database managed by Trend Micro's Network Reputation Services.

    Database Entry Action
    DUL my.vps.ip Remove

    Please see the linked web pages for further information about the database, contact information, why the address is listed, and how to get it removed, if applicable.

    Please note: These databases are based on IP addresses; they do not use host or domain names.

    I then decide to run it through some IP blacklist checkers and sure enough the IP shows up, although just a single record. I then reply to my ticket asking for a "what's up" and the reply I get was that it's because the rDNS PTR record hadn't propagated yet. Also, they tell me not to worry because the IP does not show up as blacklisted at dnsbl(.)info, so most likely I haven't set up my SMTP correctly.

    OK, so I try a test email to the same server from another VPS of mine with no rDNS set up. I get the following error in my mail log:

    421 4.7.1 - Connection refused. Cannot resolve PTR record for my.other.vps.ip
    So this basically tells me that the refusal has nothing to do with rDNS propagation, otherwise I would have been blocked and given the same error. The server must be running the IP against the Trend Micro database and blocking me because of that.

    The IP does come up clean at dnsbl(.)info - the few others I tried were mxtoolbox(.)com and myiptest(.)com and the IP was blacklisted at both.

    Looking for opinions -

    1) My VPS provider gave me a dirty IP, I should request a new one

    2) This is operator error on my part. I should wait out the rDNS propagation and look into my SMTP settings.

  2. #2
    Join Date
    Mar 2010
    Location
    Ireland
    Posts
    412
    It is very likely that somebody was using the same ip before the best option is to contact trend micro as advised and ask for the ip to be removed from their list and monitor your email account the fact that the ip is not listed dnsbl.info means it probably wasn't used to send huge amounts of spam so you should be fairly ok.
    European Xen based VPS Hosting
    Linux VPS Hosting | 1Gb Uplink
    Wide range of distribution and turn-key applications available.

  3. #3
    Join Date
    Feb 2010
    Location
    Maryville Tennessee
    Posts
    1,906
    Contact your service provider and explain to them that you were given an IP that had obviously been used before you, and that it has been blacklisted. They should have no problem giving your VPS a new IP, since it was their fault.

  4. #4
    Join Date
    Jan 2004
    Location
    Northeast
    Posts
    60
    Host issued me a new IP after having to argue my case a little harder. All is well now.

    Something to consider in the future - I'm sure that a lot of these hosts experience a high turnover and I'm sure that there are many accounts setup where users are engaged in questionable activity. Some good links posted above to check you IP's before going too far into your setups. Perhaps there's more that folks would care to add. An eye opening experience for me for sure.

  5. #5
    Join Date
    Mar 2010
    Location
    Ireland
    Posts
    412
    You are right however most of this lists provide easy remove option if your server is fixed. in most cases it is enough to put your ip address in some post field. Also the fact that IP addresses are quite valuable resource nowadays nobody can expect to get a new one sometimes even pools that hosting providers receive were utilised before somewhere else.
    European Xen based VPS Hosting
    Linux VPS Hosting | 1Gb Uplink
    Wide range of distribution and turn-key applications available.

  6. #6
    Join Date
    Jan 2004
    Location
    Northeast
    Posts
    60
    Quote Originally Posted by webangel_ie View Post
    You are right however most of this lists provide easy remove option if your server is fixed. in most cases it is enough to put your ip address in some post field.
    Yes, however some of these lists say upfront that it could take days to clear. Also, in my case I had to read my mail log files to find out why I was being blocked - doesn't come up in any of those other lists. Easily missed if you are not monitoring your logs - how would you like a client to let you know that they're not getting your mail because your IP is blacklisted? I really don't think it's my responsibilty to sweep up this crap. I think screening an IP as soon as you are provided your details is key.

  7. #7
    Join Date
    Mar 2010
    Location
    Ireland
    Posts
    412
    You are right but I wouldn't ever leave mail server or any other logs unmonitored, of course you should use some log parsing software rather than doing it by hand. But if you leave it if from any reason you will end up on the list again you wouldn't even notice.
    European Xen based VPS Hosting
    Linux VPS Hosting | 1Gb Uplink
    Wide range of distribution and turn-key applications available.

  8. #8
    Join Date
    Feb 2007
    Location
    Federal Heights, CO
    Posts
    1,860

    Question Trend Micro Dynamic User List (DUL)

    I just ordered a new VPS from LiquidWeb yesterday and all 4 of my IPs are on this list which prevents me from getting any e-mails to my main e-mail address.

    I spoke with LiquidWeb's tech support and they informed me to contact my ISP to get the IPs fixed. I assume that the bad IPs are that of the sending mail server and not the receiving mail server correct?

    I submitted the IPs for removal myself but I just got an automated reply telling me to contact the ASN owners. Is there anything else I can do to hopefully remedy this or is this something only LiquidWeb can fix?
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | North Carolina | New Jersey | Arizona | Texas

  9. #9
    Join Date
    Jun 2006
    Location
    Lansing, Michigan
    Posts
    649
    Quote Originally Posted by ZKuJoe View Post
    I just ordered a new VPS from LiquidWeb yesterday and all 4 of my IPs are on this list which prevents me from getting any e-mails to my main e-mail address.

    I spoke with LiquidWeb's tech support and they informed me to contact my ISP to get the IPs fixed. I assume that the bad IPs are that of the sending mail server and not the receiving mail server correct?

    I submitted the IPs for removal myself but I just got an automated reply telling me to contact the ASN owners. Is there anything else I can do to hopefully remedy this or is this something only LiquidWeb can fix?
    What is your ticket number? I can take a look at this for you.
    Travis Stoliker
    Liquid Web - Dedicated Hosting with Heroic Support
    StormOnDemand - Flexible Cloud Hosting Infrastructure
    1-800-580-4985 | Twitter: @liquidweb | @StormOnDemand

  10. #10
    Join Date
    Feb 2007
    Location
    Federal Heights, CO
    Posts
    1,860
    Ticket #: 2114962
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | North Carolina | New Jersey | Arizona | Texas

  11. #11
    Join Date
    Jun 2006
    Location
    Lansing, Michigan
    Posts
    649
    Joe,
    A supervisor is working on your issue now.

    Thank you,

  12. #12
    Join Date
    Feb 2007
    Location
    Federal Heights, CO
    Posts
    1,860
    Problem resolved for me. LiquidWeb staff contacted Trend directly and a human actually reviewed the IP versus the automated system I was stuck dealing with.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | North Carolina | New Jersey | Arizona | Texas

  13. #13
    Hello World!

    For those of you finding this thread via the search: When dealing with Trend Micro it is important to remember that in addition to the rDNS and WHOIS being required, you'll also need to be sure that the MX, A, and NS records are complete and that the values stored there also have complete matching 'A' records.

    Glad to hear it is working for you ZKuJoe- Please let me know if you need anything else.

  14. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Similar Threads

  1. Down and Dirty Billing!!!
    By TCP/IP Warrior in forum Hosting Software and Control Panels
    Replies: 2
    Last Post: 10-19-2006, 05:21 PM
  2. Dirty Bomb
    By ALGORYTHM in forum Web Hosting Lounge
    Replies: 1
    Last Post: 01-15-2005, 10:28 AM
  3. Dirty Minds
    By FredTT in forum Web Hosting Lounge
    Replies: 68
    Last Post: 01-05-2004, 11:21 PM
  4. dirty way to do it ...
    By denisdekat in forum Hosting Security and Technology
    Replies: 0
    Last Post: 07-01-2002, 01:12 PM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •