7 Minute Miles

The Complexities of Email


The premise sounds so simple: get someone’s email address and you can send them a note. Just like traditional mail, there’s never been an absolute guarantee your email will get to its destination, but lately it’s felt like email is being lost more and more. Everybody hates junk mail, but the anti-spam methods being utilized today are impacting the delivery of legitimate email.

Case in point: about two weeks ago I tried sending a note from my personal Comcast account to my wife’s work account. I was on my work network at HSRA, so according to Comcast’s rules for sending mail on non-Comcast networks, I need to use different, secure port numbers to connect to them (SSL using port 465 for outgoing SMTP mail and port 995 for receiving mail via POP).

That had been working fine for months, but my message bounced back with the following message from her network’s mail server:

550 REPLY: 550_This_system_has_been_configured_to_reject_your_mail.
An_IP_address_(72.25.128.4)_found_in_the_message’s_’Received:’_headers
is_listed_by_the_lookup_site_’sbl-xbl.spamhaus.org.’

Spamhaus is one of the tools I use on my own mail servers to help with junk mail. The IP listed is the gateway address for the HSRA network, so when I went to the Spamhaus lookup page, it said that the HSRA network was being blacklisted on XBL because it appears in the Composite Blocking List. I had never heard of CBL before, but they said the HSRA network is a source of spam. When the blacklisted IP address of the HSRA network appeared in the header of my Comcast e-mail, the other network refused to accept and deliver it.

After spending a few hours reading through the CBL documentation, there were two things they said needed to be checked. First, they recommend that all port 25 traffic be blocked at the firewall (at least for all non-known mail servers). Since the HSRA mail server is located outside of the internal network, this would cause mail to fail internally unless the IP address of the HSRA mail server was specifically allowed. My connections to the Studio 4 email server would also be effected, but Comcast connections would work (as long as the alternate, non-port 25 settings were used).

The second issue was to identify which machine on the network was sending out junk mail. The HSRA network has more than 100 devices on it, but my initial focus was on the three Windows PCs we have. I checked the anti-virus settings on them and they were functioning OK. Windows Update was current. I downloaded and installed the new Windows Defender beta and found some Adware that wasn’t picked up by the other tools. I was still not confident I had found the culprit, though.

There are some basic traffic monitoring tools built-in to our firewall box (a SonicWall SOHO3). I captured some data and saw there was abnormal port 25 email traffic, but I couldn’t identify which machine was sending it. I made changes to the port 25 settings on the firewall to prohibit all traffic except to the HSRA and Studio 4 mail servers. The abnormal traffic patterns returned to normal. I still need to positively identify which machine was the source, but this was enough to get us off the blacklist.

I’ve never been formally trained on running mail servers, but this has been an interesting learning experience. I have new respect for the email gurus out there that try to keep things running smoothly…DK

Originally published by DK on May 12, 2006 at 3:49 pm in Technology


flourish icon