bbs.spamgourmet.com

Our webserver GeoShell.org tries to send email under various situations such as when a new user signs up on the forum ... but if people sign up using spamgourmet addresses we're getting this:

----- Transcript of session follows -----
... while talking to gourmet.spamgourmet.com.:
>>> MAIL From:<httpd@war.interhact.net>
<<< 554 5.7.1 rejected - looks like a dynamic address **** contact us if you're not a virus
554 5.0.0 Service unavailable

Final-Recipient: [[[a spamgourmet address]]]
Action: failed
Status: 5.7.1
Diagnostic-Code: SMTP; 554 5.7.1 rejected - looks like a dynamic address **** contact us if you're not a virus
Last-Attempt-Date: Thu, 28 Dec 2006 23:53:13 -0600

The server's not using a dynamic IP (although we just found it was listed as dynamic by NOMOREFUN -- apparently just because the reverse dns resolves to reverse.layeredtech.com (our ISP) -- we've corrected their listing but anyway... ).

Is there anything else we can do to avoid this, or are you just using the NOMOREFUN lists?

I'll whitelist the server post haste.

ack - but what's the IP address?

I think I got it -- geoshell.org itself, right?

We're using a couple of lists to reject the virus bots, but I doubt your server's on them. The rule that was catching it was a simple regex that looks for dynamic looking hostnames on the reverse lookup.

Hopefully the problem's solved, and sorry for the trouble. On the bright side, putting these measures in place has restored our service to normal operaiton after a couple of months of bad slowness.

Yep, that did it. Thanks

By the way, has there been any progress in getting the core spamgourmet code running as a milter?

a little, but still a way to go.

I just tried to send from my pc, at lavastorm.com, and got the same error:
You do not have permission to send to this recipient. For assistance, contact your system administrator.
[stuff deleted]
rejected - looks like a dynamic address **** http://spamgourmet.com/dynamic.html>


Hopefully your configuration isn't bouncing too many legit servers?!?

I know you can probably white-list this server, but I am just worried about how many servers are getting bounced now... or maybe you might need to tweak some more settings to be a little more lax.

Keep up the good work, fight the fight!
$Rich

RoboCuz,

The dynamic address detection could use some fine tuning. Right now, it's a bit rough. If your emails are unduly rejected, please post (or PM) the whole rejection message with the sending server's IP address.

rough, yes. Many, many, many "servers" are being rejected that way, but it seems to be a good fit with the group of bots that are attacking. If you visit the web page in the error message, you'll see that we instruct you to contact us -- I've been contacted three or four times in the past few weeks, and whitelisted the associated boxes.

We'll keep fine tuning, but, remembering how things were running before these rules were in place as opposed to now, I think we'd all agree that the rules are necessary.

So, uhm ... our server had hardware issues and we had to get a new one, and now it's getting rejected again because the name/ip is different.

Name: peace.interhact.net
Address: 72.232.199.162

Thanks in advance

P.S. The good news is, regardless of what the rest of the world is doing, we've moved from war to peace!

I added that IP - it reverses to 165.199.232.72.reverse.layeredtech.com

Is that a dedicated server? If so, would they put in a PTR record to reverse to the peace address? If so, that would likely help.

One of the first things I had to do on the new server here before we switched over was to get the new ISP to set a PTR record for the exact name of the mail host (gourmet.spamgourmet.com) so that forward (what's in the HELO statement) and reverse are the same -- some really paranoid mail servers require this. Probably more than is needed, but a reverse that doesn't contain a bunch of numbers will definitely help.

Yeah, actually, it *is* a dedicated server with several IPs of it's own, and we're working on getting the reverse set up ... my buddy that runs the server forgot all about it.

Is dynamic.html still mentioned in the error messages?

Can you rename the word "ISP" there to "mail hosts"? I've encountered a representative that claimed they're a mail host and not an ISP (that provides Internet access) and thus tried to avoid what the page said.

In any case, would adding a PTR record solve such issues without any need to contact you?