North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Apologies but...Verizon Postmaster?

  • From: Charles Sprickman
  • Date: Fri Nov 21 17:35:13 2003

On Fri, 21 Nov 2003, Jay Hennigan wrote:

> In our case it's at the IP level.  Our mailserver gets "connection refused"
> from their "business" mail servers at "bizmailsrvcs.net".  We got someone
> on the phone who was supposed to look into it a week or so ago.

Have a look at the logs on your primary MX.  Part of their "anti-spam"
solution seems to be a connection back to your primary MXer to check if
the envelope from is valid or not.  If you don't reply in the (very short)
timeout period, the mail is rejected with a *permanent* failure.

> > VZ was unable to tell me why we were initially blocked, but we were for a
> > number of days.  Not at the IP level, but at the envelope level; meaning
> > that if you issued a "mail from:" with the domain in question, you'd get
> > the "550 You are not allowed to send mail:sc004pub.verizon.net" message.
>
> They couldn't tell us either.

It's a horrible design.  It's useless for them on MTAs that just accept
everything into the queue and work it from there (qmail, ?) and a pain to
the sender if you happen to have your primary mx swamped in a spam attack
when they try to query it.  From what I can see, the timeout is *very*
short and they do not try anything other than the primary mxer.

There also does not seem to be a whitelist for problem sites (which we
apparently are) so the problem never really goes away, it just gets better
and worse as a direct parallel to your mxers load...  They also block mail
to their postmaster and abuse addresses, so you have to do some work to
get in touch with someone there.

Charles

> --
> Jay Hennigan - CCIE #7880 - Network Administration - [email protected]
> WestNet:  Connecting you to the planet.  805 884-6323      WB6RDV
> NetLojix Communications, Inc.  -  http://www.netlojix.com/
>