Hi Daniel, Which side of the conversation is this? Is this a customer of yours (a) trying to send email to you as their designated smart host? Or are they (b) trying to send mail from their own mail smart host behind a dynamic address. If (b), tell them to stop doing that and use a commercial smart host. It's war out there, and people trying to do their own thing are going to get caught in the crossfire between the spammers and their robot armies, and all the various countermeasures deployed to stop them. Dynamic address blocklists exist for a reason, the vast majority of mail coming out of addresses known to be dynamic or end-user assigned (rather than sending via an ISP or mail provider's smart host) is spam, and lots of providers block or score it accordingly. If (a), I think you might have bitten off more than you can realised. You can't just run a mail server and outsource your spam filtering to a blacklist provider and expect not to get problems. At a minimum, you need to be separating your inbound and outbound mail and applying policies accordingly. For inbound, apply your normal spam filtering, greylisting, blocklists etc. For outbound mail, the policies need to be different. Authenticate every connection, and be prepared for compromised authentication information, botnetted end user hosts and so-on - when you get one of these, you're going to suddenly be subjected to a flood of spam that will get you into every blocklist on the planet, unless you have mechanisms in place to stem the flow automatically and quickly. Mostly, that's a matter of traffic analysis rather than filtering. You can't rely in blocklists for this, or you're going to get false positives - and false negatives. External blocklists won't react anywhere near as quickly as you need for this. The good news is that most blocklists have automatic de-listing when spam stops. Mostly, blocklist operators aren't like ORBS any more; they know that both spam flows and IP addresses are ephemeral things. (If your blocklist provider doesn't behave that way, drop it like a hot rock.) The days of just spinning up Sendmail or Exchange to handle mail in and out of your local user base and forgetting about it are long gone. Running a mail server isn't a job for amateurs; it requires an ongoing commitment of time and knowledge. -- don On 19/02/15 10:59, Daniel Christie wrote:
Hello all, I'm working for a small web/mail hosting company. I've recently noticed a lot of blacklisted IP addresses from NZ based ISPs being dished out, part of our intrusion prevention methods involve denying connections from these addresses.
How do these blacklisted IP addresses get unlisted? Is it the responsibility of the customers of these ISPs or it is the responsibility of the ISP?
Daniel Christie _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog