Slashdot Mirror
Overcoming MAPS Reverse-Lookup Oppression?
ArghBlarg asks: "Imagine the following scenario: you're the volunteer admin for a small, non-profit site for a few local artists and musicians. You run your web site and SMTP server out of your laundry room, via cable broadband. The broadband provider doesn't mind, as you only get a few hits a day; you keep your system secure and were only rooted once, over 4 years ago (hey, it happens). Your site has never, ever (to your knowledge) relayed spam. On the whole you've been an exemplary netizen. One day, some email you send bounces because your ISP's entire netblock has been placed on the MAPS DUL. True, your server's IP isn't technically static (though it hasn't changed in 12 months); because your domain is embedded within the broadband provider's larger IP block, reverse lookups don't give your domain name, rather that of the provider (with a huge number prefixed as the hostname). Hence you're considered a rogue SMTP node and blocked by MAPS. I've emailed MAPS but they won't agree to whitelist me. I have a proper MX record for my SMTP server, under my domain name. What can I do? Is there any way to make my legitimate domain take precedence in reverse-lookups, so I don't show up as being part of a spam-friendly network?"
"Please don't bother suggesting that I ask my provider to give me a static IP outside the affected block -- they won't, not without upgrading to a MUCH more expensive package which gives me no benefit for a small-traffic server like this.
What have you done to get your domain, running on a pseudo-static IP, out from under the thumb of the spam block lists? While I wholeheartedly support the efforts of the MAPS people and others like them to stamp out the vermin that are spammers, our domain has become collateral damage in the war!"
What have you done to get your domain, running on a pseudo-static IP, out from under the thumb of the spam block lists? While I wholeheartedly support the efforts of the MAPS people and others like them to stamp out the vermin that are spammers, our domain has become collateral damage in the war!"
You should configure your SMTP server to relay all mail through the ISP's SMTP server. Then people will receive the mail from the ISP, not from you, and presumably they won't be blacklisting the official SMTP server for the ISP (or else you have a bigger problem).
define(`SMART_HOST',`smtp.myisp.com')dnl
of course it'll be different if you're using another MTA. MAPS DUL (dialup up list) is doing what it's supposed to do. It's listing dynamic address ranges such as cable modems, DSL lines, and dialup numbers. A lot of spam can come from these so people choose to use them to block email that isn't coming from the ISPs mail servers.
Prevent email address forgery. Publish SPF records for y
Why not run email and webhosting separately? Email could always be run through a provider (Flames Burn seems to be focusing on helping independent musicians). Yes, you're small and non-profit but I'm sure your time could be better used than dealing with hassles like these. Pay for the hosting, then spend your time on other stuff for this organization. From the looks of it, and the needs you have, this may be a simpler solution. Of course, I'm not supremely technically versed, and it sort of goes against the hacker mentality leaving this problem unsolved...
That's my EUR 0.016414 anyways.
Small potatoes make the steak look bigger.
Please don't bother suggesting that I ask my provider to give me a static IP outside the affected block -- they won't, not without upgrading to a MUCH more expensive package which gives me no benefit for a small-traffic server like this.
Then you are stuck between a rock and a hard place. You are using a residential class line for business class use. MAPS is right to block residential lines because of all the zombie relay servers that virus writers are including in their payloads now.
Either pay for a business class connection, or use the SMTP server your provider gives you.
It's not the "open internet" that you'd like to see. Live within the limitations this simple, dumb network provides.
Besides, do you honestly expect MAPS to whitelist a dynamic IP? MAPS is not the problem, PEBKAC.
-Adam
You being on the DUL is a good thing. It means less spam from your entire netblock.
This is where you learn to relay your outgoing mail through your upstream provider. You should of course continue to be the MX for your domain for all other purposes.
I know other people have mentioned this, but seriously... No cable or DSL clients should be pretending to be a full-on mail hub. Just use the smtp resources of your upstream provider.
I had to waste alot of time with ORBS because my company's upstream provider had a larger netblock that we were a part of blacklisted. The people I emailed were quite obnoxious and rude, despite the fact that our servers were secure and never relayed a thing.
And for what? I still see a ton of spam, despite the fact that my ISP uses MAPS.
Conformity is the jailer of freedom and enemy of growth. -JFK
Go sign up for an account with one of the inexpensive web hosts out there. For a few dollars per month you can point your web site's MX record thataway and run your email through their SMTP.
For a small (volume-dependent) fee DynDNS.org will relay outbound mail for you with the 'MailHop Outbound' service. They will also relay inbound mail to your server (on a high port, if need be because of your ISP) with 'MailHop Relay'.
At this point, you'd probably want your DNS hosted through them, as well. On the plus side, this would give your domain a complete and consistent appearance, IP-wise. I believe at this point, you may even be able to add SPF records to your DNS entry as well. (Though I'm not sure if they do the correct thing outbound for SPF.)
The whole shebang would probably still come to less than $100/yr.
The living have better things to do than to continue hating the dead.
1. (You sound like you tried this one) Convince MAPS not to blacklist you. This is unlikely to happen if you're only in the DUL.
2. Convince the people you wish to exchange mail with (who presumably want your mail) to either
a. Stop using MAPS
b. Stop using the DUL
c. Add your server to a local whitelist
Note that gaining control over your reverse DNS listing will not help; DUL is based on netblocks.
3. Get a better ISP. There are options out there that will do what you want, and not all are prohibitively expensive. If you ISP's options are, switch. I've been very happy with speakeasy. They are available to most of the US. If you get one of their very reasonably priced (multiple) static IP packages, you will not be on the DUL. What's better, they will set your reverse DNS to whatever you wish so long as you own the domain in question. Their TOS are also very nice, explicitly permitting you to run your own servers so long as you don't disrupt the network. (They do permit running spam, porn, and irc if it's part of a public irc network, as those tend to disrupt service more often than they don't.) Speakeasy is not the only option... there are other similar ones, but I haven't tried any of them.
4. (As others have said) Use a smarthost for your mail. Receive incoming mail on your own server but configure your outgoing mail to relay through your ISP's gateway. This is trivial with most MTAs. See your documentation for details.
5. Complain to your ISP, and tell them that you're willing to switch if they can't get you onto a netblock that isn't blacklisted. It might work. Their cost to acquire a new customer is relatively high, so they should be interested in accomodating you. Don't just go based on their written policy, though. Talk to a real person, preferably one who would feel the pain of lost revenue.
.sig: file not found
... that only large businesses should be allowed to run mail servers that can send e-mail.
Glad to see so many people here who are interested in maintaining a free system.
-Rusty
You never know...
I can see you have been told the politically correct answer to this situation: "Suck it up, do it for the common good."
But if you are a true American, one question has not yet been answered. What's in it for me? How can I get rich off of this? How do I make them pay?
The answer is simple. Sue Em!
Chances are if you are posting this, you reside within the United States. This makes things more difficult, but not impossible, we just have to be more clever. Our first direction we must look toward in this time of opportunity is toward The Courts. Unfortunately this course will not serve us well. Nothing MAPS does is inherently illegal. Even worse, they have developed a significant volume of caselog to show your average judge that they have a right to do what they do and you have no right to complain. So unless you happen to have a friendly state law or lawmaker in you back pocket (not likely for an indie band) the courts will not likely be of use to you.
Luckily here in the grand old USA, the Courts aren't the only places to extract money from people you don't like. Are you or any of the band members from Canada or Mexico? Can your latino drummer fake a mexican accent? If so then you can demand compensation under Section 7 of the NAFTA Treaty, the expatriation clause. While normally this clause only applies to government regulation, there have been complaints brought forth against psudo-governmental entities (such as industry trade groups and sanctioning bodies) which you could argue the MAPS organization is one of. From there, it's up to them to prove the rules don't apply to them or else you get money. Nothing could be simpler.
There you have it, a simple solution to your problem both short term and long term. Assuming that MAPS survives their major outflow of cash, you will now be able to afford professional internet connectivity free from MAPS blocking. If they don't survive, hey your free to send emails anyway and you get a tidy bundle of cash (a double victory).
irrespectfully submitted, with tounge firmly in cheekMinne-snow-da: Winter is comming...
For instance, FuitadNET offers a $5/mo package that includes DNS hosting, 3GB of Web Space, 25GB of bandwidth, and 100 e-mail addresses. You'll get better uptime than with a cable modem and shouldn't have to worry about MAPS or ORDB or whatever.
Maxim: People cannot follow directions.
Increases in truth directly with the length of time spent explaining them
Absolutely NOBODY is preventing this guy from running whatever server he wants to.
Some people are, however, exercising their own rights to refuse to accept communications from him, for a reason that may or may not be reasonable, valid, or useful.
Vintage computer games and RPG books available. Email me if you're interested.
He's not blacklisted. He's accurately listed as being a residential dynamic-assigned user.
The fact that some other mail servers choose not to accept his mail, based on that fact, has nothing to do with his ISP.
Vintage computer games and RPG books available. Email me if you're interested.
What exactly constitutes a "full on mail hub" and someone "pretending to be a full on mail hub", and who are you to make that distinction?
A full on mail hub is somebody running a mail server on a connection where they are contractually allowed to run a mail server on that connection.
Nobody gets onto the MAPS DUL (dial up list) that easily. You have to be a netblock that has dynamic IP's (meaning that you can't receive mail anyway, as your IP could change) or has static IP's but has had your ISP confirm to MAPS that yes, your block is not allowed to run a mail server.
You pay for what you get. If you pay for a service that says "no mail servers" and then go an run a mail server, well, you get your ass blocked. You're operating outside your contract already, you're got no real right to bitch about this one.
Want to run a mail server? Buy your connection from someone that allows you to do so.
The internet ain't free, bub. You pay for your connection. In many cases, you can pay less if you use that connection for less. This is standard market economics at work. Most people don't use their connections for everything they can squeeze out of them, and so they get a bargain from their supplier. By trying to get that bargain while exceeding those limitations (in this case, not running a mail server is likely *explicitly* stated in your contract with the ISP), you're essentially being a jackass.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
they won't, not without upgrading to a MUCH more expensive package which gives me no benefit for a small-traffic server like this.
It gives you a big benefit, you get to send email to people.