Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
User Journal

Journal FortKnox's Journal: Marotti.com, guilty until proven innocent 10

My server is getting the ass end of a spam cleanup. If you try to email me, roadrunner sees it comes from marotti.com and bounces it. I tried contacting roadrunner. I got ignored.

Anything like this happen to anyone else? I don't have ftp, nor telnet open, and relaying off. There is no way my server is being used by a spammer (but probably someone around my ip did, and I'm gettin screwed cause of it).

Any ideas on what to do?
This discussion has been archived. No new comments can be posted.

Marotti.com, guilty until proven innocent

Comments Filter:
  • by The Turd Report ( 527733 ) <the_turd_report@hotmail.com> on Thursday May 22, 2003 @02:59PM (#6017425) Homepage Journal
    They don't give a rats ass. What IP is being blocked? I can search all the public DNSbls and see if you are listed in some larger blocks. Some BLs will list /20 networks and larger, so you might be caught up in that. Or, RR has you listed as a dynamic IP pool. Your best bet is to get the people you are emailing on RR to bitch to them about not getting their legit mail. A paying customer might have more luck. Or, you can forward your mail via a smarthost/you ISP's MX.
  • Stay on the line. Ask to escalate the call, until you talk to somebody who can help. Odds are, the first person you talk to will be trained to deflect your call.

    If you can't get anything through the tech line, call management. If you can't get anything there, call legal. You are paying for a service, and they are denying it.

  • How is rr blocking incoming mail? Either they block port 25 inbound or they let it though, I don't see how they would be able to do anything more than that, and it sure looks to me like they're not blocking the port:

    Validation results

    canonical address: <hostmaster@marotti.com>

    MX records preference exchange IP address (if included)
    5 marotti.com []
    SMTP session

    [Contacting marotti.com []...]
    220 xerxes.marotti.com ESMTP Sendmail 8.11.3/8.11.3/SuSE Linux 8.11.1

    • On further reflection I think I understand what you meant -- you relay through RR's smarthost and up until now it accepted mails with FROM: marotti.com fine, but now it won't? It that it? In that case you need to make sure you're authenticating with the server before sending, usually this is done with pop-before-send, or with SSL/TLS. If that still won't work then you can run a smtp server on your local machine and instead of relaying, just deliver directly. This will work most of the time, the problem
  • marotti.com seems to be hosted in RoadRunner's own IP block, so I'm guessing it's not an IP-based blacklist (or they'd terminate the spammer rather than blocking). What exactly are you experiencing that makes you say that the mail is blocked?

    Have you got residential or business service from RoadRunner? If residential, do they allow you to run servers? When I used RoadRunner, the user agreement prohibitted servers of any sort. If this is the case for you, it would explain why they are blocking your mail-serv

  • It is quite possible that some spammer was faking your email as the sending address in his spam. Said spammer hits enough servers and RR goes after them, hitting you. This somewhat happened to me at school: a spammer would spam other school students using on campus student email.

    Of course the school's blocking policy was more sophistocated than what RR seems to be doing to you.
  • Here's the error message I get when I try to send you mail:

    (reason: 550 5.7.1 Mail Refused - 65.29.213 - See http://security.rr.com/mail_blocks.htm#security - 20030518)

    So it's not based on FK's e-mail address, or port blocking as others have suggested. The explanation at that URL also rules out a DNSBL. It says that RR themselves have either found a security issue with the machine at that IP (open relay/proxy is given as an example) or are experiencing an ongoing attack from that machine.

    My guess is still

    • Also, what makes you think this has something to do with spam? Have they said something to that effect? (If it's just the front-line phone reps, I wouldn't put too much faith in their interpretation of the situation)

Drilling for oil is boring.