Koozali.org: home of the SME Server

email concidered spam

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
email concidered spam
« on: April 20, 2018, 08:31:06 PM »
I have a client that is getting some of his outgoing email bounced back claiming it is spam.
His internet provider is Comcast, and the IP that he is connected to is showing up as a spammer. His IP is dynamic, but has not changed in quite a while.,
He is configured to have his email going through my serve.

I use TDSMetrocom as my provider. My IP is not being reported as a spammer.

His email client (Outlook 2010) is configured to use my server as his SMTP server, but the bounce message refers to the Comcast IP. This persons location is the only system I am experiencing this with. I know one other computer at this location that has the issue, but with only one recipient.

I don't understand why the Comcast IP is showing up in the header.
Is there anything I can do to correct this, or is he just stuck.

TIA
If you think you know whats going on, you obviously have no idea whats going on!

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: email concidered spam
« Reply #1 on: April 20, 2018, 10:27:01 PM »
without further analysis I would sugger an openvpn routed (https://wiki.contribs.org/OpenVPN_Routed) or openvpn S2S ( https://wiki.contribs.org/OpenVPN_SiteToSite ) connection.

You might not want your client to have access to your Lan, so be carrefull during the configuration.
Once the connection established you will be able to set the internal vpn ip to deliver emails. this will remove the comcast IP.

However, my feeling is a more in depth reading of the headers is needed. It is fairly normal to see the client IP in the header, you might even see the lan IP sometime.
Reading the header should show you other elements making the mails to be tagged as SPAM : no reverse DNS, no DNS for the domain pointing to this IP, no DMARC policy, no DKIM signature, no SPF policy or not respected....
You might also check all the blacklists for your client IP and server hostname.domain . See http://multirbl.valli.org/

Few of the blacklists you will be bale to delist him, some others you will need to have comcast to contact them.  In really few case there will be nothing to do as the  IP is considered as dynamic ...


Your goal is to reduce the negative SCORES and to add as many positive ones as you can by improving the configuration,

Also some helps could come from sending an email to  check-auth@verifier.port25.com and /or sa-test@sendmail.net  from the server

« Last Edit: April 20, 2018, 10:40:55 PM by Jean-Philippe Pialasse »

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: email concidered spam
« Reply #2 on: April 21, 2018, 02:44:29 PM »
Quote
His internet provider is Comcast, and the IP that he is connected to is showing up as a spammer. His IP is dynamic, but has not changed in quite a while.,
He is configured to have his email going through my serve.

I use TDSMetrocom as my provider. My IP is not being reported as a spammer.

His email client (Outlook 2010) is configured to use my server as his SMTP server, but the bounce message refers to the Comcast IP

If messages are bounced you'd have the message with  the reasons why

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: email concidered spam
« Reply #3 on: April 21, 2018, 03:33:03 PM »
A couple thoughts:

- There is a firewall rule that intercepts traffic going to port 25 on an outside server, controlled by config getprop smtpd Proxy - options are "transparent" (redirect traffic to port 25 of the LAN interface of the SME), "blocked" (block the traffic), or [anything else] (allow the traffic to pass through to the WAN destination).

- Since your client's clients are all working (sending mail OK) you may be able to change the delivery IP if you configure the client's server to use your server as as the "Internet provider's mail server":
https://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#E-mail_Delivery

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
Re: email concidered spam
« Reply #4 on: April 21, 2018, 04:00:15 PM »
Thanks for the input.
I changed his server to use my server as the SMTP serve as you suggested, but that was later yesterday.
I will try to get him to give it a try on Monday.

I think I may see what the cost is to have him upgrade to a static IP if that doesn't work. It would be easier to clear things up in that situation.
If you think you know whats going on, you obviously have no idea whats going on!

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: email concidered spam
« Reply #5 on: April 21, 2018, 07:28:49 PM »
Thanks for the input.
I changed his server to use my server as the SMTP serve as you suggested, but that was later yesterday.
I will try to get him to give it a try on Monday.
so give a little time to see what happen. Again from what I read your mail are not rejected, but rather tagged as spam (correct me if misunderstood) so you are better working on all mean to reduce the spam score aside from the IP. Clear reject on connection would be a reason to work on the IP.

I think I may see what the cost is to have him upgrade to a static IP if that doesn't work. It would be easier to clear things up in that situation.

well the thing is usually "static ip" are just dynamic IP that are not changed.... They still are in a IP block declared as dynamic, unless you go with a business offer with $$$$$, and still this is not a guarantee until you see the IP and test it.

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
Re: email concidered spam
« Reply #6 on: April 21, 2018, 07:38:37 PM »
There have been a few that have been bounced because the IP is in a few of the black lists.
I will see what happens on Monday.
Thanks for the help.
If you think you know whats going on, you obviously have no idea whats going on!

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
Re: email concidered spam
« Reply #7 on: May 03, 2018, 04:52:20 PM »
I am planning on installing site-to-site openvpn on my customers server and my server. How do I ensure that their email goes through the VPN and not just out over the internet?
I understand that I can change the SMTP serve in the email panel, but will that put the email through my server as they are not using the email function on their server?
If you think you know whats going on, you obviously have no idea whats going on!

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: email concidered spam
« Reply #8 on: May 03, 2018, 05:52:23 PM »
I am planning on installing site-to-site openvpn on my customers server and my server. How do I ensure that their email goes through the VPN and not just out over the internet?
to me you are just going with a XY situation.

Have you really investigated all levels about lowering the SPAM score for this client emails ?
Using simply VPN without managing the whole issue, will just :
- change the IP sending but might not change the score
- deteriorate your IP reputation

If you do not take the time to first:
- declare SPF fields for their domains
- declare a MX server for their domain
- declare a DKIM policy for their server, and enforce DKIM signing
- declare a DMARC policy and respect it
- configure reverse dns if available, if not change provider
- configure the way the server present itself according to reverse dns and DMARC policy
- fix any internal misuse of the email, by checking the SPAM codes of rejected emails : missing header, altered content after signing, wrong proportion of text/images...

And of course you will have to adapt most of those if you put your server as SMTP for your client.

Yes this is complex and time consuming, but this is how email goes in 2018... You can not cut corners.

I understand that I can change the SMTP serve in the email panel, but will that put the email through my server as they are not using the email function on their server?
explained this way, I will say no.. if they do not use their SME to send mail, then configuring their SME to relay mail to yours will do nothing ...  As from your writting, I understand that they use an external service for their emails (ISP, gmail, office365...)
However, you might be saying that they do not use the webmail but rather pop/imap and smtp (pointing to the SME) with a client on their computers?

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
Re: email concidered spam
« Reply #9 on: May 03, 2018, 09:42:12 PM »
 They have a dynamic is, so from what I understand, a reverse  DNSwon't work.a
They ate using my server for email using Outlook 2010.
Thank you for your input. I will be tackling these issue tonight.
« Last Edit: May 03, 2018, 09:48:33 PM by crazybob »
If you think you know whats going on, you obviously have no idea whats going on!

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: email concidered spam
« Reply #10 on: May 04, 2018, 04:30:48 AM »
They have a dynamic is, so from what I understand, a reverse  DNSwon't work.a
They ate using my server for email using Outlook 2010.
Thank you for your input. I will be tackling these issue tonight.
ok so as soon as you have fixed their DNS with information for SPF,DKIM and DMARC to point your server as legit SMTP, this will improve situation.

Then for the VPN, if still needed. You should use your IP to connect , not the domain, and set your domain (which is set in their outlook) on their SME to point to the VPN IP of your server.
so form their lan when they try to resolve your domain name it will point to the internal ip.