Reminder: Valid User Table Policy (old)
Moderator: Moderators
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
Reminder: Valid User Table Policy (old)
By the end of this month, our mail servers will begin checking and reporting the delivery status of all messages that pass through our mail services. Any message that is accepted by our system as valid, but is rejected by the final destination as invalid, will be subject to one of the following actions:
1) If the domain is in "Default Deny" mode, the corresponding table entry in the valid user table that permitted the message will be automatically disabled.
2) If the domain is in "Default Allow" mode, it will be automatically changed to "Defer All" and our servers will stop accepting mail for the domain.
For domains using a global table:
1) A global mode "Deny" table will have the corresponding table entry disabled.
2) A global mode "Allow" table will be changed to "Defer" and our servers will stop accepting mail for any domain using the global table.
Domains in automatic learning mode will be ignored.
If any automated action is taken on a domain by the system, you will be notified at the Alert Email Address configured for your account (or primary address if no alert address is configured). If a domain is automatically placed into defer mode, you may correct the problem and changing it back to the appropriate mode.
This policy change to require a valid user table for mail domains was first announced in September 2005 and became effective in November 2005. In May of 2006, we added an inline recipient verification feature, however, this proved ineffective since many users are simply changing the valid user table settings to bypass the checks. Therefore, we are going to start actively checking and disabling domains that violate this policy.
If you have not correctly configured a valid user table for your domain, do so now. All account levels are subject to this policy. If you have any questions, please contact us, or comment in this thread.
Mail Handling Options:
http://acc.rollernet.us/mail/handling.php
Account Preferences:
http://acc.rollernet.us/prefs.php
September 2005 announcement:
http://forums.rollernet.us/viewtopic.php?t=126
May 2006 announcement:
http://forums.rollernet.us/viewtopic.php?t=212
1) If the domain is in "Default Deny" mode, the corresponding table entry in the valid user table that permitted the message will be automatically disabled.
2) If the domain is in "Default Allow" mode, it will be automatically changed to "Defer All" and our servers will stop accepting mail for the domain.
For domains using a global table:
1) A global mode "Deny" table will have the corresponding table entry disabled.
2) A global mode "Allow" table will be changed to "Defer" and our servers will stop accepting mail for any domain using the global table.
Domains in automatic learning mode will be ignored.
If any automated action is taken on a domain by the system, you will be notified at the Alert Email Address configured for your account (or primary address if no alert address is configured). If a domain is automatically placed into defer mode, you may correct the problem and changing it back to the appropriate mode.
This policy change to require a valid user table for mail domains was first announced in September 2005 and became effective in November 2005. In May of 2006, we added an inline recipient verification feature, however, this proved ineffective since many users are simply changing the valid user table settings to bypass the checks. Therefore, we are going to start actively checking and disabling domains that violate this policy.
If you have not correctly configured a valid user table for your domain, do so now. All account levels are subject to this policy. If you have any questions, please contact us, or comment in this thread.
Mail Handling Options:
http://acc.rollernet.us/mail/handling.php
Account Preferences:
http://acc.rollernet.us/prefs.php
September 2005 announcement:
http://forums.rollernet.us/viewtopic.php?t=126
May 2006 announcement:
http://forums.rollernet.us/viewtopic.php?t=212
Last edited by RollerNetSupport on Fri Apr 24, 2009 1:54 am, edited 2 times in total.
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC
Catchall domains
Just to verify, domains that do indeed have a "catchall" account on the receiving end, and thus which should not (in normal circumstances) reject Roller Network mail to such a domain at all -- not counting explicit deny rules -- can still be in Default Allow mode without problems?
(I've personally left recipient verification turned on anyway, as I loathe backscatter. That said, I do understand the burden you're facing, and I appreciate the evolution of service that has come of it ... few mail providers have this degree of transparency to operations.)
(I've personally left recipient verification turned on anyway, as I loathe backscatter. That said, I do understand the burden you're facing, and I appreciate the evolution of service that has come of it ... few mail providers have this degree of transparency to operations.)
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
That's correct. The problem we're having is Default Allow being used without catchall accounts.Just to verify, domains that do indeed have a "catchall" account on the receiving end, and thus which should not (in normal circumstances) reject Roller Network mail to such a domain at all -- not counting explicit deny rules -- can still be in Default Allow mode without problems?
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC
How to deal with spam?
Just received your notice that if the domain is in "default deny" mode and the recipient is rejected by our server with a 5XX error code, the recipient will be removed from the valid user table.
We are running anti-spam software on our server and it is rejecting a fair amount of the mail coming through Rollernet's servers with a 5XX error code because it is spam. The user accounts being sent to, however, are valid. In this situation, in order to prevent the valid accounts from being disabled on the Rollernet end what do you recommend?
We are running anti-spam software on our server and it is rejecting a fair amount of the mail coming through Rollernet's servers with a 5XX error code because it is spam. The user accounts being sent to, however, are valid. In this situation, in order to prevent the valid accounts from being disabled on the Rollernet end what do you recommend?
Basically you have to move all your anti-spam to the rollernet servers. I had this same problem when I started using this service (Thanks for blocking 25 Cablevision). I had a fairly large set of blocklists and reject rules on my postfix installation at home and I added all the custom RBLs that I was using and enabled a bunch of the client validity checks here on Rollernet and I haven't seen any more spam than when I was hosting everything at home. I didn't have greylisting on my server so in some ways this service is actually better than my own configuration at home. One last thing I did at home was to add the rollernet mail servers to my postfix's "mynetworks" field to further limit any chance of rejecting a mail. I haven't had any problems whatsoever in the past 2.5 months. I've noticed a couple problems and brought them to Glen's attention and everything has been fixed in less than 24 hours. He's doing a great job and I'm glad I went with this service instead of "cheaper" redirection alternatives. I originally came here because it was free but when I saw how powerful a solution was available I had to sign up for the full service.
Here is the RBL list I use (hint, use the bulk add feature):
argentina.blackholes.us [remove]
bl.spamcop.net [remove]
blackholes.easynet.nl [remove]
brazil.blackholes.us [remove]
cbl.abuseat.org [remove]
china.blackholes.us [remove]
cn-kr.blackholes.us [remove]
dnsbl.ahbl.org [remove]
dnsbl.njabl.org [remove]
hongkong.blackholes.us [remove]
japan.blackholes.us [remove]
korea.blackholes.us [remove]
list.dsbl.org [remove]
malaysia.blackholes.us [remove]
multihop.dsbl.org [remove]
nigeria.blackholes.us [remove]
opm.blitzed.org [remove]
proxies.blackholes.wirehub.net [remove]
relays.ordb.org [remove]
russia.blackholes.us [remove]
sbl-xbl.spamhaus.org [remove]
sbl.spamhaus.org [remove]
spews.blackholes.us [remove]
taiwan.blackholes.us [remove]
thailand.blackholes.us [remove]
turkey.blackholes.us [remove]
whois.rfc-ignorant.org [remove]
Dave
Here is the RBL list I use (hint, use the bulk add feature):
argentina.blackholes.us [remove]
bl.spamcop.net [remove]
blackholes.easynet.nl [remove]
brazil.blackholes.us [remove]
cbl.abuseat.org [remove]
china.blackholes.us [remove]
cn-kr.blackholes.us [remove]
dnsbl.ahbl.org [remove]
dnsbl.njabl.org [remove]
hongkong.blackholes.us [remove]
japan.blackholes.us [remove]
korea.blackholes.us [remove]
list.dsbl.org [remove]
malaysia.blackholes.us [remove]
multihop.dsbl.org [remove]
nigeria.blackholes.us [remove]
opm.blitzed.org [remove]
proxies.blackholes.wirehub.net [remove]
relays.ordb.org [remove]
russia.blackholes.us [remove]
sbl-xbl.spamhaus.org [remove]
sbl.spamhaus.org [remove]
spews.blackholes.us [remove]
taiwan.blackholes.us [remove]
thailand.blackholes.us [remove]
turkey.blackholes.us [remove]
whois.rfc-ignorant.org [remove]
Dave
Re: How to deal with spam?
Set your anti-spam configuration to discard rather than reject mail coming in from the Roller Network servers. Think of it this way: It's not really feasible for rollernet -- which effectively works as a secondary MX -- to validate to your local anti-spam rules within the SMTP session, so a 5xx from you means that rollernet would have to send a bounce. Instant source of backscatter, and that's the major problem here.SAK917 wrote:We are running anti-spam software on our server and it is rejecting a fair amount of the mail coming through Rollernet's servers with a 5XX error code because it is spam. The user accounts being sent to, however, are valid. In this situation, in order to prevent the valid accounts from being disabled on the Rollernet end what do you recommend?
(I use custom milter-based filtering, so I was able to change my code to tell the MTA to discard if the anti-spam rule matched, and it came from rollernet. Your software may not be so flexible; if not, I'm not sure how to fix your situation.)
You should not be using bl.spamcop.net as a blacklist unless you feel like rejecting 10% or more of legitimate mail. Spamcop itself states that the list should be used for scoring, not outright blocking, because its automated nature makes it (demonstrably) highly susceptible to accidental listings.dstutz wrote:Here is the RBL list I use (hint, use the bulk add feature):
bl.spamcop.net [remove]
If you're using sbl-xbl, then remove plain sbl, because that's a subset of sbl-xbl. You're just doing a redundant lookup here.dstutz wrote:sbl-xbl.spamhaus.org [remove]
sbl.spamhaus.org [remove]
Re: How to deal with spam?
Thanks for the suggestion tvierling, I appreciate the input. I will configure our server to accept and delete the spam or park it in a spam-trap account as opposed to rejecting it. Don't know why I didn't think of that before... I guess it is easy to go with default settings (reject in this case) if it seems to be working smoothly.tvierling wrote:Set your anti-spam configuration to discard rather than reject mail coming in from the Roller Network servers.
Thanks again!
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
Just to clarify; we won't ever remove any existing data from the tables. It will just be switched to "Disabled" and a notification will be sent. If this happens, there won't be any restrictions about reactivating the entry.Just received your notice that if the domain is in "default deny" mode and the recipient is rejected by our server with a 5XX error code, the recipient will be removed from the valid user table.
As others have mentioned, the preferred solution is to quietly discard or file things that fail your anti-spam filter when it's sourced from one of our mail servers. I'm also working on having a content filter (spamassassin) option in our filters as well, hopefully be the end of the month. Adding Spamassassin should present a complete filtering solution. The hard part is allowing the full set of Spamassassin rules to be modified dynamically through the account manager.
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact:
A new logging type has been added to the mail logs; "SMTP Bounce Logs". Anything logged under this type are errors that cause backscatter and will be subject to our backscatter prevention policy.
Please check these logs and make sure your valid user table is properly configured. If you have any questions, contact us.
Please check these logs and make sure your valid user table is properly configured. If you have any questions, contact us.
Technical Support support@rollernet.us
Roller Network LLC
Roller Network LLC
Ok to allow all for secondary mx
Is it ok to use allow all for domains where I only use rollernet for secondary mx ?
Thanks/Max
Thanks/Max
-
- Site Admin
- Posts: 598
- Joined: Wed Nov 17, 2004 10:05 pm
- Location: Nevada
- Contact: