HELP -- we are being forced to eat SPAM!

I would REALLY appreciate it if someone who knows about current email
technology could clue me in on how to have the emails generated by our
server NOT get forced into everyone’s spam/junk folder initially.

THANKS!!!

JIM DIXON, WB6NIL

Does anyone here use something like SpamAssassin on their server to receive the emails? Looking at what SpamAssassin thinks of the emails might provide some clues.

73 de VK3JED / VK3IRL
http://vkradio.com

If you post the headers in the email I’ll take a look at them.

Also you can google “email header test.”

David

David KE6UPI wrote:

If you post the headers in the email I'll take a look at them.

The header is clean, see below.

Return-Path: <app_rpt-users-bounces@qrvc.com>
X-Original-To: szingman@msgstor.com
Delivered-To: szingman@msgstor.com
Received: from localhost (localhost [127.0.0.1])
  by mail.msgstor.com (Postfix) with ESMTP id 20AB31A20D
  for <szingman@msgstor.com>; Tue, 1 Jun 2010 17:41:33 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at msgstor.com
X-Spam-Flag: NO
X-Spam-Score: 0.1
X-Spam-Level: X-Spam-Status: No, score=0.1 tagged_above=0 required=6.31
  tests=[RDNS_NONE=0.1]
Received: from mail.msgstor.com ([127.0.0.1])
  by localhost (mail.msgstor.com [127.0.0.1]) (amavisd-new, port 10024)
  with ESMTP id FOy8iJH9qM9i for <szingman@msgstor.com>;
  Tue, 1 Jun 2010 17:41:26 -0400 (EDT)
Received: from sh.qrvc.com (unknown [67.23.8.125])
  by mail.msgstor.com (Postfix) with ESMTP id D32071A304
  for <szingman@msgstor.com>; Tue, 1 Jun 2010 17:41:23 -0400 (EDT)
Received: from sh.qrvc.com (localhost [127.0.0.1])
  by sh.qrvc.com (Postfix) with ESMTP id 37CDFA8194;
  Tue, 1 Jun 2010 17:41:22 -0400 (EDT)
X-Original-To: app_rpt-users@qrvc.com
Delivered-To: app_rpt-users@qrvc.com

*puts on ISP hat for a brief moment*

Hint #1 -->Return-Path: <app_rpt-users-bounces@qrvc.com>
Received: from sh.qrvc.com (67-23-8-125.qrvc.com [67.23.8.125] (may be
forged))

The entire problem is that your forward DNS lookup (mail.qrvc.com)
does not match your reverse dns lookup (pointer) name
on what you are using for a mail host.

Get all these to match:

1. MX record you are publishing already OK
2. Forward host lookup (mail.qrvc.com) already OK
3. And reverse lookup (pointer) for IP should be mail.qrvc.com *need fix*

Since you seem to be using the same IP for multiple uses..
Would probably be best to set the MX to "qrvc.com" as to not cosmetically
mess with anything else you might have in place.
This is purely optional and is just what will get shown everywhere
logs etc where your IP gets reverse looked up & logged.
Otehrwise it will just show up as mail.qrvc.com

It's the reverse pointer for 67.23.8.125 that's mainly biting you in the ass.

It needs to match.. & the spam filters are expecting that.

iridiumX:~# host mail.qrvc.com
mail.qrvc.com has address 67.23.8.125
iridiumX:~#
(of course)

iridiumX:~# host qrvc.com
qrvc.com has address 67.23.8.125
qrvc.com mail is handled by 10 mail.qrvc.com.
iridiumX:~#

(yup) that sorta saved me the MX step

iridiumX:~# host 67.23.8.125
125.8.23.67.in-addr.arpa domain name pointer 67-23-8-125.qrvc.com.
iridiumX:~#
Not good! should come back as mail.qrvc.com.
That is if you want people to get your mail

OK let's see who your DNS servers are:

iridiumX:~# dig qrvc.com ns

; <<>> DiG 9.5.1-P3 <<>> qrvc.com ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59513
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:
;qrvc.com. IN NS

;; ANSWER SECTION:
qrvc.com. 85744 IN NS ns1.everydns.net.
qrvc.com. 85744 IN NS ns2.everydns.net.
qrvc.com. 85744 IN NS ns3.everydns.net.
qrvc.com. 85744 IN NS ns4.everydns.net.

;; ADDITIONAL SECTION:
ns1.everydns.net. 53496 IN A 208.76.61.100
ns2.everydns.net. 53496 IN A 208.76.62.100
ns3.everydns.net. 53496 IN A 208.76.63.100
ns4.everydns.net. 53496 IN A 208.76.60.100

;; Query time: 1 msec
;; SERVER: 10.73.73.20#53(10.73.73.20)
;; WHEN: Tue Jun 1 19:36:45 2010
;; MSG SIZE rcvd: 174

iridiumX:~#

...Some DNS hosting company Cool.

OK let's see who's responsible for reverse dns

iridiumX:~# dig 8.23.67.in-addr.arpa ns

; <<>> DiG 9.5.1-P3 <<>> 8.23.67.in-addr.arpa ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26400
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;8.23.67.in-addr.arpa. IN NS

;; ANSWER SECTION:
8.23.67.in-addr.arpa. 84591 IN NS ns1.slicehost.net.
8.23.67.in-addr.arpa. 84591 IN NS ns2.slicehost.net.

;; ADDITIONAL SECTION:
ns1.slicehost.net. 2496 IN A 67.23.4.57
ns2.slicehost.net. 2493 IN A 173.45.224.132

;; Query time: 1 msec
;; SERVER: 10.73.73.20#53(10.73.73.20)
;; WHEN: Tue Jun 1 19:40:52 2010
;; MSG SIZE rcvd: 119

iridiumX:~#
Ok that seems to be somewhere else (rackspace) but i'm sure it's under
your control..

OK here's the homework...

1. Your forward DNS record needs to be the same as your reverse lookup.
   Have your DNS folks (slicehost/rackspace) assist on getting that to
match..
   the reverse lookup should be a PTR record set to "mail.qrvc.com."

and yes with the trailing "." you see there.
If they have a web interface to update it you *may* not need the trailing
"." but that's what ends up in the zone file for the DNS itself.

Nice 4 letter domain name BTW-

You're giving "QVC" some competition.

I still have odlc.com

Those are pretty rare.

Cheers!

-Steve

Michigan Broadband Systems Inc.
"Always Connected"

(734)527-7150

Steve's cellphone: (734)904-1811

Or I'm way off base (been a LONG day) and should have been testing for the
allstartlink.org domain MX.. (which look ok) far as that
reverse stuff goes.

*puts on ISP hat for a brief moment*

Hint #1 -->Return-Path: <app_rpt-users-bounces@qrvc.com>
Received: from sh.qrvc.com (67-23-8-125.qrvc.com [67.23.8.125] (may be
forged))

The entire problem is that your forward DNS lookup (mail.qrvc.com)
does not match your reverse dns lookup (pointer) name
on what you are using for a mail host.

Get all these to match:

1. MX record you are publishing already OK
2. Forward host lookup (mail.qrvc.com) already OK
3. And reverse lookup (pointer) for IP should be mail.qrvc.com *need fix*

Since you seem to be using the same IP for multiple uses..
Would probably be best to set the MX to "qrvc.com" as to not cosmetically
mess with anything else you might have in place.
This is purely optional and is just what will get shown everywhere
logs etc where your IP gets reverse looked up & logged.
Otehrwise it will just show up as mail.qrvc.com

It's the reverse pointer for 67.23.8.125 that's mainly biting you in the
ass.

It needs to match.. & the spam filters are expecting that.

iridiumX:~# host mail.qrvc.com
mail.qrvc.com has address 67.23.8.125
iridiumX:~#
(of course)

iridiumX:~# host qrvc.com
qrvc.com has address 67.23.8.125
qrvc.com mail is handled by 10 mail.qrvc.com.
iridiumX:~#

(yup) that sorta saved me the MX step

iridiumX:~# host 67.23.8.125
125.8.23.67.in-addr.arpa domain name pointer 67-23-8-125.qrvc.com.
iridiumX:~#
Not good! should come back as mail.qrvc.com.
That is if you want people to get your mail

OK let's see who your DNS servers are:

iridiumX:~# dig qrvc.com ns

; <<>> DiG 9.5.1-P3 <<>> qrvc.com ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59513
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:
;qrvc.com. IN NS

;; ANSWER SECTION:
qrvc.com. 85744 IN NS ns1.everydns.net.
qrvc.com. 85744 IN NS ns2.everydns.net.
qrvc.com. 85744 IN NS ns3.everydns.net.
qrvc.com. 85744 IN NS ns4.everydns.net.

;; ADDITIONAL SECTION:
ns1.everydns.net. 53496 IN A 208.76.61.100
ns2.everydns.net. 53496 IN A 208.76.62.100
ns3.everydns.net. 53496 IN A 208.76.63.100
ns4.everydns.net. 53496 IN A 208.76.60.100

;; Query time: 1 msec
;; SERVER: 10.73.73.20#53(10.73.73.20)
;; WHEN: Tue Jun 1 19:36:45 2010
;; MSG SIZE rcvd: 174

iridiumX:~#

...Some DNS hosting company Cool.

OK let's see who's responsible for reverse dns

iridiumX:~# dig 8.23.67.in-addr.arpa ns

; <<>> DiG 9.5.1-P3 <<>> 8.23.67.in-addr.arpa ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26400
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;8.23.67.in-addr.arpa. IN NS

;; ANSWER SECTION:
8.23.67.in-addr.arpa. 84591 IN NS ns1.slicehost.net.
8.23.67.in-addr.arpa. 84591 IN NS ns2.slicehost.net.

;; ADDITIONAL SECTION:
ns1.slicehost.net. 2496 IN A 67.23.4.57
ns2.slicehost.net. 2493 IN A 173.45.224.132

;; Query time: 1 msec
;; SERVER: 10.73.73.20#53(10.73.73.20)
;; WHEN: Tue Jun 1 19:40:52 2010
;; MSG SIZE rcvd: 119

iridiumX:~#
Ok that seems to be somewhere else (rackspace) but i'm sure it's under
your control..

OK here's the homework...

1. Your forward DNS record needs to be the same as your reverse lookup.
   Have your DNS folks (slicehost/rackspace) assist on getting that to
match..
   the reverse lookup should be a PTR record set to "mail.qrvc.com."

and yes with the trailing "." you see there.
If they have a web interface to update it you *may* not need the trailing
"." but that's what ends up in the zone file for the DNS itself.

Nice 4 letter domain name BTW-

You're giving "QVC" some competition.

I still have odlc.com

Those are pretty rare.

Cheers!

-Steve

Michigan Broadband Systems Inc.
"Always Connected"

(734)527-7150

Steve's cellphone: (734)904-1811

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
App_rpt-users mailing list
App_rpt-users@qrvc.com
http://qrvc.com/mailman/listinfo/app_rpt-users

Michigan Broadband Systems Inc.
"Always Connected"

(734)527-7150

Steve's cellphone: (734)904-1811

The return email from signup is the one in question when signing up on the new beta site.. the reply email drops into the local spam bucket in my outlook. I sent Jim, and someone I trust on such matters, the header file to look .. I saw 2 entries apache may have been inserting that do not seem "right" to me... they may have been artifacts from install...and need to be corrected...

One was a reply email address of apache@beta.allstarlink.org

and one was apache@localhost as I recall...

I have it at work and I am at home now...

Doug
KD8B

Steve Zingman wrote:

Doug Bade wrote:

That is not the header he is having trouble with. The header that seems broken is the one that is your reply to signing up to the beta site.. it appears to have some default apache at localhost type things popping up in it.. that MAY be involved..

I copied the header file from my subscription and sent it to Jim.. mine went to my spam box.. it was not tagged as spam by my spam filter per-se or my ISP.... just Outlook decided it was.... and I have sent a copy to one of my ISP friends to look at. I can send you a copy tomorrow if you want, Steve, as I am at home and it is at work...

Doug
Kd8B

My signup message was clean as far as SpamAssassin was concerned. Went to my inbox.
I'm using Thunderbird as a client here.
I can paste the header from the signup message if anyone wants to see it.

Steve

My ISP bud signed up and it came to him fine as well… he saw a couple
things that looked strange as I had noted with apache default ish
looking stuff… but nothing obvious…

Jon N8USK just found this…

"Actually it looks like maybe the IP is listed…

http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist:67.215.233.178

"

Doug

Steve Zingman wrote:

He also suggested that this thread might be helpful to Jim to diagnose
it.

I hope this helps… Doug
Doug Bade wrote: