[108383] in North American Network Operators' Group
RE: Go daddy mail services admin
daemon@ATHENA.MIT.EDU (Blake Pfankuch)
Wed Oct 1 15:13:50 2008
From: Blake Pfankuch <bpfankuch@cpgreeley.com>
To: Matthew Huff <mhuff@ox.com>, 'Jeff Kinz' <jkinz@kinz.org>
Date: Wed, 1 Oct 2008 13:13:27 -0600
In-Reply-To: <483E6B0272B0284BA86D7596C40D29F9142D5A8632@PUR-EXCH07.ox.com>
Cc: "'nanog@nanog.org'" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Thank you all for your help. The issue is now resolved, in an ass backward=
s sort of way. We purchased a VPS and set up a smtp proxy on an obscure po=
rt and mail is now being processed.....
-----Original Message-----
From: Matthew Huff [mailto:mhuff@ox.com]
Sent: Wednesday, October 01, 2008 8:34 AM
To: 'Jeff Kinz'; Blake Pfankuch
Cc: 'nanog@nanog.org'
Subject: RE: Go daddy mail services admin
We encountered some mail systems where they checked each hop in the receiv=
ed list and if each and every one could not be reverse resolved, the mail w=
ould bounce. And even if they resolved, they were checked against the PBL. =
We had to add some internal mail servers to our external dns because of thi=
s. I would have preferred just to let the mail bounce, but since they were =
customers, we had to bend.
Designing a mail system that paranoid is certainly up to individual sites, =
but they shouldn't be surprised when legitimate mail bounces. Even if you a=
re doing this, it should be to setup a score and mark the header, rather th=
an bouncing.
----
Matthew Huff | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
www.ox.com | Phone: 914-460-4039
aim: matthewbhuff | Fax: 914-460-4139
-----Original Message-----
From: Jeff Kinz [mailto:jkinz@kinz.org]
Sent: Wednesday, October 01, 2008 10:17 AM
To: Blake Pfankuch
Cc: nanog@nanog.org
Subject: Re: Go daddy mail services admin
On Tue, Sep 30, 2008 at 07:21:52AM -0600, Blake Pfankuch wrote:
> Amazingly its not a route problem. Its actually confirmed an issue
> with the mail server. Hense me asking for a mail services admin. The
> issue is confirmed from 3 locations with 3 different ISP's and I do
> actually know whats going on. I can connect to the server, but it
> will not allow me to send messages, even when authenticated. Returns
> a 554. It has been doing this with legitimate mail. They do not have
> the ability to send outbound as they get a 554 from their home office.
> The secondary smtp server links me to spamhaus saying that it will not
> allow relay based on an existing PBL entry. The PBL entry is because
> it's a residential DHCP connection, and the PBL entry was put in place
> by the isp. Please see http://www.spamhaus.org/pbl/query/PBL191963 if
> you have questions.
>
> So. Again. Looking for a GoDaddy Mail services Admin.
Hi Blake -
With Godaddy The 554 code is a tipoff.
Does the error also contain the text:
SMTP error from remote mail server after end of data:
host smtp.where.secureserver.net [xx.xx.xx.xx]:
554 The message was rejected because it contains prohibited virus or sp=
am content
GoDaddy has an unusual policy of rejecting any email that mentions anything=
that resolves to an IP address on the PBL list
Note this means any text string with the email body itself, not the origina=
ting IP of the email.
Any text, a URL or a even a dotted quad that resolves to the PBL list will =
cause the email to blocked.
By way of example, this policy blocks emails from amazon ec2 merchants even=
if the email only mentions a web site hosted at ec2, and the email itself =
is from a static web server with proper MX records.
They have been contacted multiple times over the years about this issue and=
refuse to change their policy. The PBL list explicitly describes how to u=
se their list and this way of using it is incorrect. The PBL list is suppo=
sed to be used to check the IP address of the system actually delivering th=
e email to your server, not the contents of the email.
Based on their long term refusal to adjust their policy to conform to PBL i=
ntended usage of the list I suspect this issue cannot be corrected. The on=
ly answer I have found is to inform the affected people they have to move f=
rom GoDaddy to a company that does a better job to correct the problem.
If this is NOT the issue creating your problem, then you may be able to get=
GoDaddy to do something to help.
Good luck.
Jeff Kinz.
