Difference between revisions of "2024/05/10"
Line 21: | Line 21: | ||
Upon following the "more information" link, I found information which suggested that Gmail was blocking me because I'd ended up on a blocklist somehow, and that this had happened because I was running an open SMTP relay on that server (which is something you just don't do, in this era, because spammers ''will'' abuse it). | Upon following the "more information" link, I found information which suggested that Gmail was blocking me because I'd ended up on a blocklist somehow, and that this had happened because I was running an open SMTP relay on that server (which is something you just don't do, in this era, because spammers ''will'' abuse it). | ||
===finding the problem=== | ===finding the problem=== | ||
The first thing I did was check MX Toolbox to make sure I hadn't inadvertently opened a relay (or that my system had been hacked and one had been installed) -- nope, all good: | The first thing I did (yesterday afternoon) was check [https://mxtoolbox.com MX Toolbox] to make sure I hadn't inadvertently opened a relay (or that my system had been hacked and one had been installed) -- nope, all good: | ||
[[File:2024-05-10.screen.02.png]] | [[File:2024-05-10.screen.02.png]] | ||
Line 28: | Line 28: | ||
Note that this list goes on for about 3-4x that long, and all the rest are green/OK. | Note that this list goes on for about 3-4x that long, and all the rest are green/OK. | ||
===getting | ===getting off the lists=== | ||
The next step, then, is how to appeal these listings -- given that they're all based on an incident which happened before I was assigned that IP address, and which was in fact over 3 years ago. | ====List the First==== | ||
The next step, then, is how to appeal these listings -- especially given that they're all based on an incident which happened before I was assigned that IP address, and which was in fact over 3 years ago. | |||
SORBS seemed to be telling me that I basically can't right now because they're dealing with a DDoS attack... except that "Re-testing is currently ENABLED", so...? | SORBS seemed to be telling me that I basically can't right now because they're dealing with a DDoS attack... except that "Re-testing is currently ENABLED", so...? | ||
Line 39: | Line 40: | ||
[[File:2024-05-10.screen.04.png]] | [[File:2024-05-10.screen.04.png]] | ||
In any case, I was able to request a de-listing -- which succeeded, and somehow ended me up at Spamhaus, so maybe that "can't do it now [yes we can]" warning was about something else? | In any case, I was able to request a de-listing -- which succeeded, and somehow ended me up at Spamhaus (not SORBS), so maybe that "can't do it now [yes we can]" warning was about something else? | ||
[[File:2024-05-10.screen.05.png]] | [[File:2024-05-10.screen.05.png]] | ||
====List the Second==== | |||
So that's one down. It was bedtime, so I started in on the next one the next day, i.e. this morning: "SORBS SPAM" -- huh, SORBS again? Didn't I just do them? Well, apparently not... | |||
[[File:2024-05-10.screen.06.png|thumb|I saw the SORBS information here first, but the other screen seems rather more readable.]] | |||
[[File:2024-05-10.screen.07.png]] | |||
File:2024-05-10.screen.06.png | |||
File:2024-05-10.screen.07.png | I tried to submit a removal request from there, but it said this: | ||
File:2024-05-10.screen.08.png | |||
File:2024-05-10.screen.09.png | [[File:2024-05-10.screen.08.png]] | ||
File:2024-05-10.screen.10.png | |||
File:2024-05-10.screen.11.png | ...which turned out to mean that I had to be actually accessing the web site ''from'' the blocked IP address. | ||
File:2024-05-10.screen.12.png | |||
</ | Now, that machine is not a desktop. It doesn't have a desktop installed on it. There's Linux trickery<ref>If you connect with <code>ssh -X</code>, you can run GUI applications remotely.</ref> you can use in order to run GUI applications -- such as a web browser -- on a remote machine, but this tends to be slow and also adds more computing burden to the machine (lots of libraries need to be installed, and it may cause additional processes to always be run at startup; I don't actually know), so I try to avoid it -- and web browsers tend to be particularly CPU-hungry. | ||
My first thought was to install a very basic browser, since the SORBS site doesn't seem likely to expect a lot of finicky JavaScript stuff to work right -- but then I remembered the existence of {{l/wp|Lynx (web browser)}}, a web browser that runs entirely in a text-terminal... and after some stumbling around trying to figure out how to navigate web-pages and click on things without a mouse, success was attained: | |||
[[File:2024-05-10.screen.08a.png]] | |||
[[File:2024-05-10.screen.09.png]] | |||
====List the Third==== | |||
And now we come to the final blocklist on the list of listed blocks, "UCEPROTECTL3": | |||
{| | |||
|- | |||
| [[File:2024-05-10.screen.10.png|x400px]] | |||
| [[File:2024-05-10.screen.11.png|x400px]] | |||
|} | |||
The second screen in particular contained some text which seems to throw some light on the situation: | |||
<blockquote> | |||
Further information which seems potentially illuminating: | |||
'''As you should know now: It is not you, it is your complete provider which got UCEPROTECT-Level 3 listed.''' | |||
<br>Your IP 68.183.140.54 was NOT part of abusive action, but you are the one that has freely chosen your provider. | |||
By tolerating or ignoring that your provider doesn't care about abusers you are indirectly also supporting the global spam with your money. | |||
Seen from this point of view, you really shouldn't wonder about the consequences. | |||
'''Therefore we recommend:''' | |||
<br>Please send a complaint to your provider and request they fix this problem immediatly. | |||
Think about this: You pay them so that you can use the Internet without problems; | |||
If they are ignoring your complaint or claiming they can't do anything, you should consider changing your provider. | |||
There are currently about 105,000 providers worldwide, but only a few hundred make it to get listed into UCEPROTECT-Level 3. | |||
According to the statistics measured against the mailflow of several national authorities in Germany, Austria and Switzerland, those few providers which often end up in our Level 3 are responsible for 50 - 75% of all global spam, while almost no real mail came from their networks and ranges. | |||
</blockquote> | |||
...which seems maybe a tad harsh (especially the first paragraph) -- but reading it in Autistic Non-Implicatory Mode, it actually seems like a pretty legit point. | |||
So apparently my primary recourse is to get DigitalOcean to get ''their'' house in order. Do I have any confidence that they can or will? Kind of not. However, there are at least two other options: | |||
# Find a servlet (VPS) host whose IP range is ''not'' blocked for bad behavior. | |||
# Get on WhiteListed: | |||
[[File:2024-05-10.screen.12.png]] | |||
[[File:2024-05-10.screen.14.png|thumb|Not On Any of the Lists!]] | |||
This, unfortunately, costs money (although the price goes down steeply the further ahead you pay). I'm thinking I will want to use some combination of the two: pay for a certain amount of WhiteListed time, and also move to another host -- because, of the two available Hetzlets<ref>like a "droplet" (VPS) at Digital Ocean, only at Hetzner</ref> I currently have, although one of them (in the US) is on UCE's blocklist, the other one -- in Finland -- is not (see sidebar, because for some reason I wanted to include the entire listing). | |||
==Footnote== | |||
<references> | |||
</references> |
Revision as of 20:11, 10 May 2024
Friday, May 10, 2024 (#131) Woozle's journal
|
|
|
Two days ago (May 8), I noticed that Gmail is now outright blocking my emails.
<woozalia@gmail.com>: host gmail-smtp-in.l.google.com[172.253.115.27] said: 550-5.7.1 [68.183.140.54 18] Gmail has detected that this message is likely 550-5.7.1 suspicious due to the very low reputation of the sending IP address. 550-5.7.1 To best protect our users from spam, the message has been blocked. 550-5.7.1 For more information, go to 550 5.7.1 https://support.google.com/mail/answer/188131
I was rather frightfully put out by this, having already spent many hours/days configuring SPF and DKIM and I don't know what else in order to prevent being spamcanned -- and the message seemed to suggest that there was no remedy or appeals process.
It had been working fine as recently as May 5, so whatever changed was obviously very recent.
Long story short:
- Actually, no, it happened in August of 2020 -- definitely not sometime between May 5 and May 8, not recent, and in fact over a month before I started using that IP address.
- There are 3 IP blocklists which might be causing this. I've managed to get off two of them; the third involves more effort and possibly some money.
Long Story Not Short
Upon following the "more information" link, I found information which suggested that Gmail was blocking me because I'd ended up on a blocklist somehow, and that this had happened because I was running an open SMTP relay on that server (which is something you just don't do, in this era, because spammers will abuse it).
finding the problem
The first thing I did (yesterday afternoon) was check MX Toolbox to make sure I hadn't inadvertently opened a relay (or that my system had been hacked and one had been installed) -- nope, all good:
Next thing was to see if I could find out what blocklists I'm on, and hopefully why.
Note that this list goes on for about 3-4x that long, and all the rest are green/OK.
getting off the lists
List the First
The next step, then, is how to appeal these listings -- especially given that they're all based on an incident which happened before I was assigned that IP address, and which was in fact over 3 years ago.
SORBS seemed to be telling me that I basically can't right now because they're dealing with a DDoS attack... except that "Re-testing is currently ENABLED", so...?
I was able to create an account and at that point it seemed willing to let me start into the de-listing process -- at which point I first found out just how far back they were reaching:
In any case, I was able to request a de-listing -- which succeeded, and somehow ended me up at Spamhaus (not SORBS), so maybe that "can't do it now [yes we can]" warning was about something else?
List the Second
So that's one down. It was bedtime, so I started in on the next one the next day, i.e. this morning: "SORBS SPAM" -- huh, SORBS again? Didn't I just do them? Well, apparently not...
I tried to submit a removal request from there, but it said this:
...which turned out to mean that I had to be actually accessing the web site from the blocked IP address.
Now, that machine is not a desktop. It doesn't have a desktop installed on it. There's Linux trickery[1] you can use in order to run GUI applications -- such as a web browser -- on a remote machine, but this tends to be slow and also adds more computing burden to the machine (lots of libraries need to be installed, and it may cause additional processes to always be run at startup; I don't actually know), so I try to avoid it -- and web browsers tend to be particularly CPU-hungry.
My first thought was to install a very basic browser, since the SORBS site doesn't seem likely to expect a lot of finicky JavaScript stuff to work right -- but then I remembered the existence of Lynx (web browser), a web browser that runs entirely in a text-terminal... and after some stumbling around trying to figure out how to navigate web-pages and click on things without a mouse, success was attained:
List the Third
And now we come to the final blocklist on the list of listed blocks, "UCEPROTECTL3":
The second screen in particular contained some text which seems to throw some light on the situation:
Further information which seems potentially illuminating: As you should know now: It is not you, it is your complete provider which got UCEPROTECT-Level 3 listed.
Your IP 68.183.140.54 was NOT part of abusive action, but you are the one that has freely chosen your provider. By tolerating or ignoring that your provider doesn't care about abusers you are indirectly also supporting the global spam with your money. Seen from this point of view, you really shouldn't wonder about the consequences.Therefore we recommend:
Please send a complaint to your provider and request they fix this problem immediatly. Think about this: You pay them so that you can use the Internet without problems;If they are ignoring your complaint or claiming they can't do anything, you should consider changing your provider. There are currently about 105,000 providers worldwide, but only a few hundred make it to get listed into UCEPROTECT-Level 3.
According to the statistics measured against the mailflow of several national authorities in Germany, Austria and Switzerland, those few providers which often end up in our Level 3 are responsible for 50 - 75% of all global spam, while almost no real mail came from their networks and ranges.
...which seems maybe a tad harsh (especially the first paragraph) -- but reading it in Autistic Non-Implicatory Mode, it actually seems like a pretty legit point.
So apparently my primary recourse is to get DigitalOcean to get their house in order. Do I have any confidence that they can or will? Kind of not. However, there are at least two other options:
- Find a servlet (VPS) host whose IP range is not blocked for bad behavior.
- Get on WhiteListed:
This, unfortunately, costs money (although the price goes down steeply the further ahead you pay). I'm thinking I will want to use some combination of the two: pay for a certain amount of WhiteListed time, and also move to another host -- because, of the two available Hetzlets[2] I currently have, although one of them (in the US) is on UCE's blocklist, the other one -- in Finland -- is not (see sidebar, because for some reason I wanted to include the entire listing).