hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : VPS Hosting : Just me or is my IP dirty?
Reply

Forum Jump

Just me or is my IP dirty?

Reply Post New Thread In VPS Hosting Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 03-23-2010, 10:36 AM
Luckybum Luckybum is offline
Junior Guru Wannabe
 
Join Date: Jan 2004
Location: Northeast
Posts: 60

Just me or is my IP dirty?


OK, so I just setup a fresh VPS as a mail server for a administrative contacts for a number of Wordpress sites I host - on multiple VPS's.

Got everything setup with proper virtual mapping in my postfix server setup. Intitial test emails to GMail, Yahoo, Hotmail, etc. indicate that mail is being sent and recieved. Spamassasin is working properly on my side. Some email is understandably treated as spam on the recieving servers as my reverse DNS PTR records hadn't propagated yet. However, I noticed that some test emails where I had CC'd my ISP mail account were not showing up at all - not even in the spam folder.

So, I check the mail log on my VPS and see the following error for mail sent to my ISP mail server:

Quote:
ERROR: Mail refused - <my.vps.ip> - See http://www.mail-abuse.org/cgi-bin/lookup?my.vps.ip
So I go to the link in the error message and see the following:


Quote:
The IP address my.vps.ip does appear on the following database managed by Trend Micro's Network Reputation Services.

Database Entry Action
DUL my.vps.ip Remove

Please see the linked web pages for further information about the database, contact information, why the address is listed, and how to get it removed, if applicable.

Please note: These databases are based on IP addresses; they do not use host or domain names.

I then decide to run it through some IP blacklist checkers and sure enough the IP shows up, although just a single record. I then reply to my ticket asking for a "what's up" and the reply I get was that it's because the rDNS PTR record hadn't propagated yet. Also, they tell me not to worry because the IP does not show up as blacklisted at dnsbl(.)info, so most likely I haven't set up my SMTP correctly.

OK, so I try a test email to the same server from another VPS of mine with no rDNS set up. I get the following error in my mail log:

Quote:
421 4.7.1 - Connection refused. Cannot resolve PTR record for my.other.vps.ip
So this basically tells me that the refusal has nothing to do with rDNS propagation, otherwise I would have been blocked and given the same error. The server must be running the IP against the Trend Micro database and blocking me because of that.

The IP does come up clean at dnsbl(.)info - the few others I tried were mxtoolbox(.)com and myiptest(.)com and the IP was blacklisted at both.

Looking for opinions -

1) My VPS provider gave me a dirty IP, I should request a new one

2) This is operator error on my part. I should wait out the rDNS propagation and look into my SMTP settings.



Sponsored Links
  #2  
Old 03-23-2010, 10:58 AM
webangel_ie webangel_ie is offline
Aspiring Evangelist
 
Join Date: Mar 2010
Location: Ireland
Posts: 412
It is very likely that somebody was using the same ip before the best option is to contact trend micro as advised and ask for the ip to be removed from their list and monitor your email account the fact that the ip is not listed dnsbl.info means it probably wasn't used to send huge amounts of spam so you should be fairly ok.

__________________
European Xen based VPS Hosting
Linux VPS Hosting | 1Gb Uplink
Wide range of distribution and turn-key applications available.

  #3  
Old 03-23-2010, 11:22 AM
TBradley TBradley is offline
Web Hosting Master
 
Join Date: Feb 2010
Location: Maryville Tennessee
Posts: 1,906
Contact your service provider and explain to them that you were given an IP that had obviously been used before you, and that it has been blacklisted. They should have no problem giving your VPS a new IP, since it was their fault.

Sponsored Links
  #4  
Old 03-24-2010, 10:55 AM
Luckybum Luckybum is offline
Junior Guru Wannabe
 
Join Date: Jan 2004
Location: Northeast
Posts: 60
Host issued me a new IP after having to argue my case a little harder. All is well now.

Something to consider in the future - I'm sure that a lot of these hosts experience a high turnover and I'm sure that there are many accounts setup where users are engaged in questionable activity. Some good links posted above to check you IP's before going too far into your setups. Perhaps there's more that folks would care to add. An eye opening experience for me for sure.

  #5  
Old 03-24-2010, 11:03 AM
webangel_ie webangel_ie is offline
Aspiring Evangelist
 
Join Date: Mar 2010
Location: Ireland
Posts: 412
You are right however most of this lists provide easy remove option if your server is fixed. in most cases it is enough to put your ip address in some post field. Also the fact that IP addresses are quite valuable resource nowadays nobody can expect to get a new one sometimes even pools that hosting providers receive were utilised before somewhere else.

__________________
European Xen based VPS Hosting
Linux VPS Hosting | 1Gb Uplink
Wide range of distribution and turn-key applications available.

  #6  
Old 03-24-2010, 11:31 AM
Luckybum Luckybum is offline
Junior Guru Wannabe
 
Join Date: Jan 2004
Location: Northeast
Posts: 60
Quote:
Originally Posted by webangel_ie View Post
You are right however most of this lists provide easy remove option if your server is fixed. in most cases it is enough to put your ip address in some post field.
Yes, however some of these lists say upfront that it could take days to clear. Also, in my case I had to read my mail log files to find out why I was being blocked - doesn't come up in any of those other lists. Easily missed if you are not monitoring your logs - how would you like a client to let you know that they're not getting your mail because your IP is blacklisted? I really don't think it's my responsibilty to sweep up this crap. I think screening an IP as soon as you are provided your details is key.

  #7  
Old 03-24-2010, 11:43 AM
webangel_ie webangel_ie is offline
Aspiring Evangelist
 
Join Date: Mar 2010
Location: Ireland
Posts: 412
You are right but I wouldn't ever leave mail server or any other logs unmonitored, of course you should use some log parsing software rather than doing it by hand. But if you leave it if from any reason you will end up on the list again you wouldn't even notice.

__________________
European Xen based VPS Hosting
Linux VPS Hosting | 1Gb Uplink
Wide range of distribution and turn-key applications available.

  #8  
Old 04-27-2010, 12:41 AM
ZKuJoe ZKuJoe is offline
Securing the Dragon.
 
Join Date: Feb 2007
Location: Federal Heights, CO
Posts: 1,705
Question Trend Micro Dynamic User List (DUL)

I just ordered a new VPS from LiquidWeb yesterday and all 4 of my IPs are on this list which prevents me from getting any e-mails to my main e-mail address.

I spoke with LiquidWeb's tech support and they informed me to contact my ISP to get the IPs fixed. I assume that the bad IPs are that of the sending mail server and not the receiving mail server correct?

I submitted the IPs for removal myself but I just got an automated reply telling me to contact the ASN owners. Is there anything else I can do to hopefully remedy this or is this something only LiquidWeb can fix?

__________________
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas


  #9  
Old 04-27-2010, 01:12 AM
LiquidWebTravis LiquidWebTravis is offline
Web Hosting Master
 
Join Date: Jun 2006
Location: Lansing, Michigan
Posts: 648
Quote:
Originally Posted by ZKuJoe View Post
I just ordered a new VPS from LiquidWeb yesterday and all 4 of my IPs are on this list which prevents me from getting any e-mails to my main e-mail address.

I spoke with LiquidWeb's tech support and they informed me to contact my ISP to get the IPs fixed. I assume that the bad IPs are that of the sending mail server and not the receiving mail server correct?

I submitted the IPs for removal myself but I just got an automated reply telling me to contact the ASN owners. Is there anything else I can do to hopefully remedy this or is this something only LiquidWeb can fix?
What is your ticket number? I can take a look at this for you.

__________________
Travis Stoliker
Liquid Web - Dedicated Hosting with Heroic Support
StormOnDemand - Flexible Cloud Hosting Infrastructure
1-800-580-4985 | Twitter: @liquidweb | @StormOnDemand

  #10  
Old 04-27-2010, 01:33 AM
ZKuJoe ZKuJoe is offline
Securing the Dragon.
 
Join Date: Feb 2007
Location: Federal Heights, CO
Posts: 1,705
Ticket #: 2114962

__________________
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas


  #11  
Old 04-27-2010, 01:45 AM
LiquidWebTravis LiquidWebTravis is offline
Web Hosting Master
 
Join Date: Jun 2006
Location: Lansing, Michigan
Posts: 648
Joe,
A supervisor is working on your issue now.

Thank you,

  #12  
Old 04-27-2010, 05:10 AM
ZKuJoe ZKuJoe is offline
Securing the Dragon.
 
Join Date: Feb 2007
Location: Federal Heights, CO
Posts: 1,705
Problem resolved for me. LiquidWeb staff contacted Trend directly and a human actually reviewed the IP versus the automated system I was stuck dealing with.

__________________
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas


  #13  
Old 04-27-2010, 05:19 AM
aduncan_LW aduncan_LW is offline
New Member
 
Join Date: Apr 2010
Posts: 1
Hello World!

For those of you finding this thread via the search: When dealing with Trend Micro it is important to remember that in addition to the rDNS and WHOIS being required, you'll also need to be sure that the MX, A, and NS records are complete and that the values stored there also have complete matching 'A' records.

Glad to hear it is working for you ZKuJoe- Please let me know if you need anything else.

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Down and Dirty Billing!!! TCP/IP Warrior Hosting Software and Control Panels 2 10-19-2006 05:21 PM
Dirty Bomb ALGORYTHM Web Hosting Lounge 1 01-15-2005 10:28 AM
Dirty Minds FredTT Web Hosting Lounge 68 01-05-2004 11:21 PM
dirty way to do it ... denisdekat Hosting Security and Technology 0 07-01-2002 01:12 PM

Related posts from TheWhir.com
Title Type Date Posted
In Clean Energy A is for Apple and Google, Not Amazon: Greenpeace Web Hosting News 2014-04-08 10:27:57
HostingCon - My Money Trail Blog 2013-06-12 15:37:11
eMetrics Marketing Optimization Summit 2012 Web Hosting Events 2012-09-28 12:49:05
Icelandic Cloud Host GreenQloud Names CEO and CMO Web Hosting News 2012-07-05 16:07:13
Binero Brings Greenpeace Parody Site Online After Previous Host Shuts it Down Web Hosting News 2012-06-13 13:16:03


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?