Outgoing mail blocked by Jodohst

nzkiwi

nzkiwi

Perch
Recently the SMTP service for one of my customer was suspended, apparently for spam abuse. Neither the customer nor I was advised. Help desk was unable to provide me with the logs, so I cannot ascertain whether the customer herself spammed or whether her computer or email account was compromised. I took it that it was a one off glitch, but it appears to have happened again as help desk replied to my trouble ticked that they had "again enabled the smtp service" for the mailbox.

Is there some problem with the abuse department notices?

Original Ticket: DEF-96133-262
Current Tidket: CFW-87656-770
 
Have you made sure contact info is in sync with your address? We send such notices to the contact info section, sometimes people will update billing but not contact.

Did you get a copy of the wordpress security change notices that we sent on Monday that would be a good test to know.
 
Which address? The reseller contact address or the service account contact address? Actually in my case they are both the same. It's an address used only for communications with JH and has no Spam filter.

If you are referring to the message titled Notification - Brute Force Attack on WordPress Installs sent Tue 16 Apr 2013 02:26:18 NZST, yes I received it at the reseller/service address mentioned in the previous paragraph.
 
ok, We are checking on this further already, we actually did not find a mail from abuse in sent items, we are seeing if they did not send for some reason, which we will be having a chat with about if so.

Helpdesk may not have been able to provide logs because it may not be known to them as they did not take the action, that is why we are supposed to send abuse notices. This is an odd one, and I apologize in any case, because it hasn't been done right.

If SMTP was suspended it means a lot of mail was going out, that much I do know.
We can suspend both domain wide, and user level, normally domain wide is for more widespread sending abuse.
 
Thanks Stephen. In the case of the first incident, I delayed providing the client with the changed passwords until I was satisfied that she had done a full virus check of her computers. Without the logs I have to accept her word that the abuse was not intentional on her part.
 
So the same email address has again been identified as sending Spam. This time Abuse Department did send notification that the client was guilty of Spamming and had disabled SMTP for that mailbox. The message was sent from the client's phpBB forum to an email address with the same domain as the website. I'm trying to understand how the message could possibly be construed as Spam. The message is a standard message generated by phpBB advising admins that a new member has signed up. As the message never went anywhere except to the owner of the website I am at a loss as to how JH Spam filters could possibly identify it as Spam.

I have had numerous occasions in the past where clients have had SMTP disabled due to apparent Spamming, but this is the first time I have ever received a "TOS violation (spamming )" notice. I'm wondering how many other times my clients have had their SMTP service disabled because of false positives. The explanation given in ticket DEF-96133-262 doesn't really give a satisfactory reason of what it is about the email that made it appear Spammy, although the apology from JH was greatly appreciated.

I would appreciate some better explanation of why the the message was identified as Spam. I want to avoid similar situations in the future.
 
Most likely we got multiple spam complaints from it, I've seen this happen when people register using gmail.com addresses with lots of . . . . . in them in order to bypass filter (and still go to gmail) but then if any typo or misdirect we end up getting bounce backs due to blocked as spam and this is/can be the issue.
 
In this case of phpBB, all new forum members are moderated. As I understand it, no email is sent to a new member until he/she has been accepted. Although they can have up to a hundred or more applicants per week, less than 1% are accepted. The moderators check the IP address of every new applicant, and only under special circumstances are non-local IP addresses accepted. So it's very unlikely that typos are the cause.

However, one forum administrator had decided to change her email address as she was temporarily too busy to moderate new members. She set her email address to a non-existing address at the same domain as the forums. As the "to:", "From:" and "Reply-to:" addresses were all at the same JH hosted domain, she though this wouldn't be a problem. Perhaps this was the cause of the problem?

I have asked the client to set up a mailbox where messages are automatically deleted, and should any moderator/admin not wish to receive emails, they should set their address to that mailbox. Hopefully that will solve the problem.
 
yes that non existing would have made a lot of bounces in the mail server causing a queue backlog, so that explains what happened quite well.
 
You are correct Stephen. I've just located the forum's mailbox used as the From, Reply-To, Return-Path and Sender address. It had never been read and contained over 15000 bounces! Almost all appear to be caused by invalid addresses - mostly due to multiple moderators having invalid addresses. I've taken appropriate action.
 
You must log in or register to reply here.
Back
Top