SCOTIA SYSTEMS BLOG

A while ago I wrote about UCEProtect and how they were blocking a mail server due to an IP on a nearby segment being classed as a spam sender.

Well today, I’ve hit another problem with UCEProtect – and this time it’s worse!

It started when the client started getting bounce messages on emails sent to AT&T’s network:

#5.3.0 smtp;553 5.3.0 flpd124 – o2N8qxwF027519, DNSBL:ATTRBL 521< *.*.*.* > _is_blocked.__For_information_see_http://att.net/blocks

Following the link to AT&T, there’s a form to request a de-listing, however no mention of why you’re getting blocked?

Now I’ve seen similar to this before, so knew to check out the following site which searches all the popular blacklists for listings:

http://www.mxtoolbox.com/blacklists.aspx

All came back clear, apart from one – backscatterer.org which was a new one to me?     So here’s the background on backscatterer.org.

Non-Delivery Reports and Backscatter

When you send an email to an organization, but spell the persons name wrongly, you get a bounce message.   This bounce message is generated in one of two ways.

1) The recipient server receives the email and then attempts to route it to the destination mailbox.   When it finds the mailbox doesn’t exist – it generates the bounce message.

2) The recipient server looks up the recipient name when the sending server starts the conversation.   When it finds the mailbox doesn’t exist – it terminates the connection, leaving the sending server to generate the NDR (non-delivery report)

If your server is configured using method (1) above (which is a valid method and withing the guidelines of the SMTP protocol) then backscatterer.org will blacklist you!!!

Now there are valid reasons for this – spammers are using the NDRs as a way to get your mail server to send spam NDRs by using fake email addresses.

However form them to then charge you 50 Euros to be removed from the list is a joke!   If you don’t pay to be removed – they’ll blacklist you for 4 weeks!

50 Euros to be delisted because your mail server is working correctly…   Hmmm…

Anyway, first here’s how to test your mailserver to see if it it vulnerable:

Telnet to your server on port 25, so : “telnet <serverip> 25″

You should receive a response similar to :

220 MAILSERVER.MYDOMAIN.COM Microsoft ESMTP MAIL Service, Version 6.0.3790.3959 ready at Tue, 23 Mar 2010 11:33:16 +0000

Type : “Helo sample.domain.com”Response : “MAILSERVER.MYDOMAIN.COM Hello”

Type : “mail from: fake@fakedomain.com”
Response : “250 2.1.0 fake@fakedomain.com….Sender”fake@fakedomain.com….Sender Ok”

Type : “RCPT TO:  wrongname@mydomain.com”

At this point you should receive “555 User unknown”

If you receive “250 .2.1.5 wrongname@mydomain.com” – then you have a problem.

The Fix (for Exchange 2003)

1) In System Manager, go to Global Settings, right click Message Delivery and select properties

2) Check the box “Filter recipients who are not in the directory”

3) Go To Administrative Group, Servers, Protocols, SMTP, right click and select properties. 

4) Under Advanced, select Edit and Check the box that says “Apply Recipient Filter”.

5) Restart the SMTP Service for the change to take effect.

If I were you I’d check my mailserver and apply the above fix before you get blacklisted and have to pay the 50 euros…

Oh – and if you’re blacklisted by AT&T – here’s the form to request delisting : http://worldnet.att.net/general-info/block_admin.html

Posted in IT Hints and Tips | 4 Comments »
Tags: Exchange, spam, UCEProtect

Firstly, if you’re interested in the Web Design industry and you’ve never heard of Paul Boag, or the Boagworld Podcast, you don’t know what you’re missing!   Paul’s weekly podcast with Marcus Lillington is both highly amusing and educational at the same time!

Today Paul posted a new article entitled : “Why I don’t get SEO”

Before reading my response – I suggest you head here first to read his article.

So, here’s my reply:

1) A continual investment

Yes, I’d agree that there are aspects to SEO which require continual investment, though I see this as no different to a marketing campaign.   There are also long lasting benefits though:

Site structure - An SEO project can include aspects of usability, such as menu structures and internal site linking.   Using Analytics as a way of tracking the results – these types of changes can produce verifiable improvements to both site visits and conversions

Changes to title tags can improve the readability of a sites entries in the search engine results – again a long lasting improvement.

2) You’re manipulating the system

I agree that black-hat SEO is manipulation, however I don’t see this as a form of SEO – more a form of hacking.    However, the examples above of site structure, title tags etc are more a form of usability improvements with a marketing emphasis.

3) It can damage the user experience.

Again – Yes, I agree that the black hat form of SEO (if it really can be included under SEO) leads to poor content for the users.   However SEO done properly can actually improve the user experience (see above).

4) It’s a passive form of marketing

Can’t fault you here Paul – yes SEO will not necessarily bring traffic from people who aren’t already looking for your product/services.   However it will increase the targeted traffic from those who are, but may have otherwise gone to a competitors site.

5) It carries no weight

This is where I believe SEO is taking it’s next major step – moving into the Social Networking world.    This relatively new aspect of SEO is more a merging SEO with traditional PR and Marketing .

However an existing part of SEO is link building, which is effectively a way of building personal recommendations (unless done with a black hat approach).

So there we go.   I agree with a lot of what Paul says, however I think the bad feelings towards SEO as a valuable service stem from the underhand techniques of the black hatters.    SEO should be a way of improving structure and content for both the user and the search engines, to provide a better service to the customer.   I also believe SEO now more than ever is a form of PR and Marketing (including Social) with a technical perspective.

Posted in SEO | No Comments »
Tags: SEO

OK, having written the last post on how to block port 25 on an ASA firewall, I thought I’d write a follow up post to explain why this is good procedure.

Port 25 if you’re not aware is the SMTP port used by mail servers to send email.    The popular trend with viruses now are to install “zombie processes” on infected machines.   These zombies are then used as spam mail servers – sending continuous streams of spam out to random addresses.

Not only is this going to slow down both your PC and your Internet connection – you’re also going to get detected as a spam sender and blocked!      There are centrally maintained black lists of spam senders which hare used by popular anti-spam software vendors to determine if an sender is a know spammer.   If your address reaches one of these black lists – you’ll find that around 80%-90% of email you send will now be blocked!

This is worse for larger businesses with many machines on a network.   It only takes one machine to get infected – and your business email will be blocked!

So the first step is obviously to make sure you’re properly protected.  However you may not have complete control over what gets plugged into the network?   What if you have customers coming in who use your network?

Well the next step you can take is to block port 25 (SMTP) for all machines “except” your mail server.   Most firewalls allow this, but the settings will be different for each one.

If you’re not sure how to configure this – contact info@scotiasystems.com and we’ll help you get protected.

Posted in IT Hints and Tips | 1 Comment »
Tags: AV, Firewall