Which side of the conversation is this?
Is this a customer of yours (a) trying to send email to you as their
designated smart host?
Or are they (b) trying to send mail from their own mail smart host
behind a dynamic address.
If (b), tell them to stop doing that and use a commercial smart host.
It's war out there, and people trying to do their own thing are going to
get caught in the crossfire between the spammers and their robot armies,
and all the various countermeasures deployed to stop them. Dynamic
address blocklists exist for a reason, the vast majority of mail coming
out of addresses known to be dynamic or end-user assigned (rather than
sending via an ISP or mail provider's smart host) is spam, and lots of
providers block or score it accordingly.
If (a), I think you might have bitten off more than you can realised.
You can't just run a mail server and outsource your spam filtering to a
blacklist provider and expect not to get problems. At a minimum, you
need to be separating your inbound and outbound mail and applying
policies accordingly. For inbound, apply your normal spam filtering,
greylisting, blocklists etc.
For outbound mail, the policies need to be different. Authenticate every
connection, and be prepared for compromised authentication information,
botnetted end user hosts and so-on - when you get one of these, you're
going to suddenly be subjected to a flood of spam that will get you into
every blocklist on the planet, unless you have mechanisms in place to
stem the flow automatically and quickly. Mostly, that's a matter of
traffic analysis rather than filtering. You can't rely in blocklists for
this, or you're going to get false positives - and false negatives.
External blocklists won't react anywhere near as quickly as you need for
The good news is that most blocklists have automatic de-listing when
spam stops. Mostly, blocklist operators aren't like ORBS any more; they
know that both spam flows and IP addresses are ephemeral things. (If
your blocklist provider doesn't behave that way, drop it like a hot rock.)
The days of just spinning up Sendmail or Exchange to handle mail in and
out of your local user base and forgetting about it are long gone.
Running a mail server isn't a job for amateurs; it requires an ongoing
commitment of time and knowledge.
On 19/02/15 10:59, Daniel Christie wrote:
I'm working for a small web/mail hosting company.
I've recently noticed a lot of blacklisted IP addresses from NZ based ISPs being
dished out, part of our intrusion prevention methods involve denying connections from
How do these blacklisted IP addresses get unlisted? Is it the responsibility of the
customers of these ISPs or it is the responsibility of the ISP?
NZNOG mailing list