Email From 166.102.165.166 and 65.54.246.172 Rejected
A family member reported that someone who had tried to send email to
her received a bounced message indicating the email was blocked because
of antispam provisions. I checked all email from the sender's email
address using the
find-recipients Perl script I created for such purposes. I saw that one
message she sent was rejected and one accepted.
# ./find-recipients.pl wendyvi21@alltel.net /var/log/maillog
Found 2 messages from wendyvi21@alltel.net in /var/log/maillog
Message recipients
Time Message ID Status Recipient
----------------------------------------------------------------
Jun 10 07:58:02 l5ABupmb001042 Rejected kittycat321@moonpoint.com
Jun 10 08:05:03 l5AC3omb001081 Sent kittycat321@moonpoint.com
When I checked the /var/log/maillog file for those two message
IDs, I found that the first message had been blocked by the
Spam and Open-Relay Blocking
System (SORBS) blocklist. SORBS is a
DNS Blacklist (DNSBL).
The message that was rejected was from ispmxmta05-srv.windstream.net
[166.102.165.166], while the one that was accepted was from
ispmxmta09-srv.windstream.net [166.102.165.170].
When I checked the SORBS list, it appeared that the 166.102.165.166
had been there for at least a week due to SORBS detecting spam
orginating from the email server at that address.
Database of servers sending to spamtrap addresses
| Address: | 166.102.165.166 |
| Record Created: | Tue Apr 17 01:00:04 2007 GMT |
| Record Updated: | Mon Jun 4 01:00:03 2007 GMT |
| Additional Information: |
[ Updated via: Spam 'o Matic ] Received: from
ispmxmta05-srv.windstream.net (ispmxmta05-srv.windstream.net [166.102.165.166]) by desperado.sorbs.net (Postfix) with ESMTP id EE4311144D for <[email]>;
Mon[email] 04 Jun 2007 10:40:27 +1000 (EST) |
| Currently active and flagged to be published in DNS |
But when I looked up the other IP address, 166.102.165.170, it appeared it
was also in the SORBS blocklist.
Database of servers sending to spamtrap addresses
| Address: | 166.102.165.170 |
| Record Created: | Tue Oct 4 13:04:20 2005 GMT |
| Record Updated: | Thu Apr 26 04:41:17 2007 GMT |
| Additional Information: |
Received: from ispmxmta09-srv.windstream.net (ispmxmta09-srv.windstream.net
[166.102.165.170]) by desperado.sorbs.net (Postfix) with ESMTP id 69DC21143A
for <[email]>; Sat[email] 10 Feb 2007 13:52:40 +1000 (EST) |
| Currently active and flagged to be published in DNS |
When I queried the SORBS database through the SORBS
Database Lookup
webpage, it appeared both addresses were present in the SORBS blocklist,
yet when I used
blq to query the SORBS blocklist, I found only the first .166 address listed
and not the .170 address, which was consistent with Sendmail's rejection of
the first message, but not the second one.
# ./blq sorbs 166.102.165.166
166.102.165.166 ispmxmta05-srv.windstream.net : dnsbl.sorbs.net : BLOCKED
# ./blq sorbs 166.102.165.170
166.102.165.170 ispmxmta09-srv.windstream.net : dnsbl.sorbs.net : ok
I received another report from a Hotmail sender
that she was finding email rejected as well. I went through the same process
as above. Again the SORBS website database query seemed to indicate that both
addresses would be blocked, but using blq showed only one was blocked, which
matched the entries I found in today's maillog file with the first message
from the sender being rejected and the second accepted. The first was from
bay0-omc2-s36.bay0.hotmail.com [65.54.246.172] and the second from
bay0-omc2-s37.bay0.hotmail.com [65.54.246.173].
When performing a database check via the website, I saw the following
for the IP address from which a message was rejected:
Database of servers sending to spamtrap addresses
| Address: | 65.54.246.172 |
| Record Created: | Thu Aug 3 02:30:03 2006 GMT |
| Record Updated: | Sat Jun 9 09:00:04 2007 GMT |
| Additional Information: |
[ Updated via: Spam 'o Matic ] Received: from
bay0-omc2-s36.bay0.hotmail.com (bay0-omc2-s36.bay0.hotmail.com [65.54.246.172])
by desperado.sorbs.net (Postfix) with ESMTP id 7EE241147D for <[email]>;
Sat, 09 Jun 2007 18:33:28 +1000 (EST) |
| Currently active and flagged to be published in DNS |
But I also saw the following for the IP address of the server from which
a message was accepted:
Database of servers sending to spamtrap addresses
| Address: | 65.54.246.173 |
| Record Created: | Fri Aug 4 13:53:11 2006 GMT |
| Record Updated: | Sat Mar 3 08:00:34 2007 GMT |
| Additional Information: |
[ Updated via: Spam 'o Matic ] Received: from bay0-omc2-s37.bay0.hotmail.com
(bay0-omc2-s37.bay0.hotmail.com [65.54.246.173]) by desperado.sorbs.net
(Postfix) with ESMTP id 8E17F114AE for <[email]>; Wed, 28 Feb 2007
21:44:25 +1000 (EST)
|
| Currently active and flagged to be published in
DNS |
Again, the information returned didn't seem to be consisttent with
what a blq query returned:
# ./blq sorbs 65.54.246.172
65.54.246.172 bay0-omc2-s36.bay0.hotmail.com : dnsbl.sorbs.net : BLOCKED
# ./blq sorbs 65.54.246.173
65.54.246.173 bay0-omc2-s37.bay0.hotmail.com : dnsbl.sorbs.net : ok
So the results I obtained through the website query don't seem to accurately
reflect what will be blocked, if I interpret seeing
"Currently active and flagged to be published in DNS" appearing in a red
block as an indication the address is in the blocklist as one to be blocked.
[/network/email/spam/blocklists]
permanent link
Content Management System (CMS) Comparison
I need to set up a Content Management System (CMS) for a new website.
I've considered
Drupal and
Mambo, but wanted to find
information comparing the two. I found a site today,
The CMS Matrix that allows you to
compare the features of dozens of content management systems. You can select
up to 10 at a time to see a comparison chart of features.
A comparison of Drupal and Mambo can also be found at
Leading Open Source CMS: Mambo versus Drupal - A Comprehensive
Comparison. That article references a more comprehensive
comparison of Drupal and Mambo,
Drupal VS. Mambo written for Xaneon
Development, a company which developed Mambo extensions.
References:
- The CMS Matrix
-
Leading Open Source CMS: Mambo versus Drupal - A Comprehensive Comparison
By Angsuman Chakraborty
September 13, 2005
Simple Thoughts - Simple solutions
for complex problems
-
Drupal VS. Mambo
Originally written for Xaneon Development by Arto Bendiken
Submitted: January 12, 2006
Xaneon Development
[/network/web/cms]
permanent link
OS-X Running on a PC
Enterprising OS-X hackers have found a way to run Apple's OS-X operating
system on standard PC hardware as related in
Wired's article
Mac Hacks Allow OS X on PCs. Despite Apple's use of a chip to
specifically prevent users from putting the operating system (OS) on a standard
PC, it is now possible to run the OS on standard
PC hardware.
[/os/os-x]
permanent link
Apple's Core Animation
Wired has an article,
Kiss Boring Interfaces Goodbye With Apple's New Animated OS
about a new animation feature that will become available in the Leopard
version of OS-X. The feature will allow developers to provide an animated
interface to their applications.
[/os/os-x]
permanent link
Mailman Mailing List Messages Arriving with Unwanted Attachment
I set up a
Mailman
mailing list for a family member. After I set up the list, she sent
a message to the list. The message arrived with a .txt attachment,
ATT00088.txt, that was 251 bytes in size. The attachment
had only 3 lines. The first was the mailing list name, the next was
the mailing list email address, and the last was the listinfo URL for
the mailing list. She uses Outlook 2003
and this is apparently a problem that occurs with Mailman maling list messages
received by Outlook users
when a footer is added to messages, which is Mailman's default behavior.
Apparently Mailman adds the footer as an attachment if the
original message posted contains a message formatted in HTML MIME,
or a text/plain MIME bodypart using a different character set than
what Mailman would use for the footers.
To prevent the addition of a footer to messages,
from the main mailman administration page for the list, I clicked on
[Non-digest options] The text below appeared in the
"Footer added to mail sent to regular list members" field.
_______________________________________________
%(real_name)s mailing list
%(real_name)s@%(host_name)s
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
The information listed has the following meaning.
msg_footer (nondigest): Footer added to mail sent to regular list membersText appended to the bottom of every immediately-delivery
message. This text can include
Python
format strings which are resolved against list attributes. The
list of substitutions allowed are:
real_name - The `pretty' name of the list; usually
the list name with capitalization.
list_name - The name by which the list is
identified in URLs, where case is significant. (For backwards
compability, _internal_name is equivalent.)
host_name - The fully qualified domain name
that the list server runs on.
web_page_url - The base URL for Mailman. This
can be appended with,
e.g. listinfo/%(internal_name)s to yield the
listinfo page for the mailing list.
description - The brief description of the
mailing list.
info - The full description of the mailing
list.
cgiext - The extension added to CGI scripts.
Since the list owner did not want any footer being sent with messages,
I removed all of the text from that field.
I also went to the digest options page and for the "Header added to
every digest" field, I removed all of the text in that field.
References:
-
[Mailman-Users] Why are footers sent as attachments?
Posted: January 29, 2006
The Mailman-Users
Archives
-
4.39. HELP! Mailman is munging HTML & MIME-formatted messages before they are
sent out? (problems with Mailman 2.1.x footers)
Mailman FAQ Wizard
[/network/email/mailing_list/mailman]
permanent link
Messages from Mailman Mailing List Appear From Listname-bounces
I set up a
Mailman
mailing list for a family member. When she receives messages from the
list they are arriving with a "from" address of
listname-bounces@listdomain.net On Behalf Of", with "listname" being the name
of the mailing list, followed by the sender's address. She uses Outlook
2003 and sees this as the "from" address, but when the same messages arrive
in a
Hotmail account, the "from" address
is the sender's email address. This behavior is apparently due to the fact
that Mailman creates, among other message headers, a "Sender" header of the form
"Sender: listname-bounces@listdomain". Some email clients, such as Outlook will
place the contents of that "sender" header in the "from" field when they
display the message.
By default, most email clients don't display the message headers, but if you
view the message headers for a message, you will see the "sender" header that
Mailman adds.
Viewing Message Headers in Outlook 2002
explains how to view those headers in Outlook
References:
-
Why do posts appear to be from listname-bounces@mailman.u.washington.edu?
Author: R. Skiver Thompson
August 2004
Frequently Asked Questions About Mailman
-
Viewing Message Headers in Outlook 2002
December 16, 2004
MoonPoint Support
[/network/email/mailing_list/mailman]
permanent link
