Category Archives: Virtual Server

Fixing your dedicated IP sending reputation with outlook/hotmail

Posted on by

If you have a mail server with your own dedicated address that you host your own web sites on and send your own emails then you could have your emails rejected by Microsoft properties such as hotmail and outlook.com for no reason other than the IP address space you are in (e.g. the /24 ) has had spammers even though your specific IP address doesn’t SPAM.

You’ll get a rejected message such as,

550 5.7.1 Unfortunately, messages from [x.x.x.x] weren't sent. Please contact your Internet service provider since part of their network is on our block list (AS3140). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [DB5EUR03FT061.eop-EUR03.prod.protection.outlook.com]

All is not lost as you can have the IP mitigated and removed from the block. To do this you’ll have to do the following,

  1. Make sure that your SPF records are acceptable. Without valid SPF records then you’ll find that your emails will be marked as SPAM by servers such as gmail anyway.
  2. Register your IP addresses in the Smart Network Data Services program (SNDS). From this you can monitor the ‘health’ and reputation of your registered IPs by providing data about traffic such as mail volume and complaint rates seen originating from your IPs.  It is in the tools of the SNDS that you will see which of your IP addresses are blocked. To register, visit http://postmaster.live.com/snds/
  3. Then register for the Junk Email Reporting program (JMRP) so that when an Outlook.com user marks an email as “junk”, you will get a copy of the mail. This will allow you to see what you are sending is being marked as junk and to track down email traffic you did not send. To join, please visit http://support.msn.com/eform.aspx?productKey=edfsjmrpp&page=support_home_options_form_byemail&ct=eformts
  4. Remember to CONFIRM the SNDS/JMRP agreement that is sent to your registered email, This is an electronic signature using the Docusign system.
  5. Once you have done this then leave this for 48 hours and confirm that you are not getting any SPAM reports. It is unlikely anyway if it is just an IP that is blocked but the SNDS/JMRP changes take 24-48 hours to propagate.
  6. Now you can request a mitigation of your IP block using the following link, https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&wfname=capsub&productkey=edfsmsbl3Fill out the details demanded by the form and submit. Fairly quickly within an hour you should get a number of emails posted to your contact email and hopefully,  if your IP address was just accidentally been discriminated against because of the address block, get a reply that your IP address has been conditionally unblocked (“These IP(s) have been unblocked, but may be subject to low daily email limits until they have established a good reputation.“) . It’ll still show up blocked in SNDS for another day as the blocked list is only updated daily. After a day then your IP should disappear from the SNDS system.

    If you are bulk mailing people then it is simpler and far easier to do that via a bulk emailer such as Mailchimp or  Mailerlite and to not use your own server. Leave your server for your own individual emails.

Mailfilter fails to POP timestamp in message-ID invalid

Posted on by

Mailfilter POP timestamp in message-ID invalid and potentially also causes mailfilter to stall at 100% CPU.

I have a fetchmail daemon that call mailfilter as a postconnect (defined in the .fetchmailrc file). I got the following error message,
mailfilter: Examining 297 message(s).

mailfilter: Error: POP timestamp in message-ID invalid.
mailfilter: Error: Parsing the header of message 292 failed.
mailfilter: Error: Scanning of mail account failed.
mailfilter: Error: Skipping account xxxxxx@example.com@mail.example.com due to earlier errors.

and I noticed that the mailfilter process was running at 100% CPU though that may be unrelated.

I found that mailfilter 0.8.3 has a new option of -i to ignore POP timestamp. This is probably what I want to make this more stable.

As I’m adding this to a Parallels based server it is unlikely to have this version of mailfilter as this package has very little development activity as it is a stable application so I had to build from source.

My server didn’t have svn so I browsed the Sourceforge svn for mailfilter on my local PC and at the bottom there is a linkfor “Download GNU tarball” I copied that link and then pasted into my console and used wget to get this latest tarball from Sourceforge. It has a odd name so moved that to a tar.gz file name e.g. mv index.html\?view\=tar mailfilter.0.8.3.tar.gz and then ran tar xvfz mailfilter.0.8.3.tar.gz

Perquisite packages for building,

  • g++
  • bison
  • flex
  • libssl-dev

There may be more but that is the ones I needed to add to my server.

Making this you cd to the mailfilter directory and then run

./autogen.sh
make
sudo make install

If that works then this’ll probably install the mailfilter to /usr/local/bin/mailfilter so now in the .fetchmailrc change the postconnect line to have,

postconnect ''/usr/local/bin/mailfilter -i ''

use double quotes if you pass the new -i option to ignore timestamps. The -i is a new feature in Mailfilter 0.8.3 (not in 0.8.2).

Killall the mailfilter and fetchmail and then re-launch your fetchmail daemon.

Errors

Missing g++

If you see,

checking whether the C++ compiler works... no
configure: error: in `/root/sources/mailfilter':
configure: error: C++ compiler cannot create executables
See `config.log' for more details.

Then check the log file and look for g++ line e.g.

configure:2879: checking for g++
configure:2909: result: no

Do a g++ and if it comes back with -bash: g++: command not found then install the g++ package and then it will work. Re-run the ./autogen.sh and then make

Missing bison

If you get the make fail and you can see /bin/sh: yacc: command not found then you need a YACC of some kind. I installed bison re-run the ./autogen.sh and then make

Missing flex

If you get an error in the make e.g. it crashes out with g++: rcfile.cc: No such file or directory

g++: no input files
make[2]: *** [rcfile.o] Error 1

then check back and see if you see error: FlexLexer.h: No such file or directory . If so then check flex is installed. Install and then re-run ./autogen.sh and then make

Missing openssl header files
If you see openssl/ssl.h: No such file or directory and similar openssl/rand.h: No such file or directory then you need to install libssl-dev. Install that package and then re-run ./autogen.sh and then make.

After a month and a few weeks of use it has been stable. The erroneous timestamps are also suspected to stall Outlook 2003. I pick up emails in parallel to my customer to provide emergency support when they are on holiday. As Microsoft support for both XP and Office 2003 is finishing in April 2014 I plan to migrate the customer to a newer OS and Office version.

Pandora FMS Agent not connecting to localhost tentacle server

Posted on by

This is one of those silly gotchas that works on some servers but not on others. On servers you’ve probably gotten used to common server processes like mysql and ssh and so on listening on all IP addresses (0.0.0.0).

Doesn’t work that way on virtual (e.g. venet0) interfaces used with virtual servers. Few things get to have bindings like 0.0.0.0:port.

You probably know the answer now – If your tentacle server is bound to a specific IP then if the Pandora Agent (client) on the actual Pandora Server itself tries a default of “localhost” i.e. connect to itself then that isn’t going to work at all if the tentacle server is not listening on 127.0.0.1/0.0.0.0 but is listening on a specific IP address.

Fix is easy – do a netstat -an | grep 41121 and you’ll see something like…

tcp        0      0 X.X.X.X:41121     0.0.0.0:*               LISTEN

where X.X.X.X is an actual IP address and not 0.0.0.0.

In the /etc/pandora/pandora_agent.conf then set the server_ip to that IP address or, better, set it to the domain name that resolves to that IP.