From: Jason Jonelis
Sent: Monday, December 18, 2006 11:44 AM
To: 'unblock@godaddy.com'
Subject: RE: Update [Incident ID: 1424158] - Unblock request 216.133.162.187

To Whom It May Concern:

 

Currently the system is blocking IP 216.133.162.187 from sending mail to certain sites under your control.  I’ll assume for a moment here that the site’s owners are using your built-in spam filtering without fully realizing the implications of said filters.  While your tools are showing a “bogus helo”, a failed “rDNS”, and bogus “rcpt to” command for our mail server, I must point out that the error is in fact on your end.

 

To begin, I must point to a very old, yet very simple, tool commonly found on all major computers today: the telnet tool.  If you are to type in “telnet 216.133.162.187 25” you will get this: “220 mail.mnjtech.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at <date and time here>”.  Next type a “helo” command and you will be greeted with “250 mail.mnjtech.com Hello [YOUR IP HERE]”.  That’s about as simple as I can make it, but it’s as clear as day that IP 216.133.162.187 on port 25 (THE standard SMTP port) is in fact responding as mail.mnjtech.com.

 

If you were to actually look at the emails being sent from our system through IP 216.133.162.187 you will see a fully functional reverse DNS (rDNS) for this IP.  The IP 216.133.162.187 corresponds with mail.mnjtech.com and can be found using a variety of tools, my favorite being the “host <IP>” command found on every flavor of linux.

 

Now, with regards to the “rcpt to” being off, I’d like to point out the standard headers from an email coming from IP 216.133.162.187 show ALL of the proper information in accordance with normal internet emailing procedures.  Here is a brief summary, edited for our use:

Return-Path: <jjonelis@mnjtech.com>

X-Original-To: USER@DOMAIN

Delivered-To: USER@DOMAIN

Received: from mail.mnjtech.com (mail.mnjtech.com [216.133.162.187])

     by INCOMING EMAIL SERVER (Postfix) with ESMTP id A2B4D139BFE

     for <USER@DOMAIN>; Fri, 15 Dec 2006 13:48:50 -0800 (PST)

Content-class: urn:content-classes:message

MIME-Version: 1.0

Content-Type: multipart/related;

     type="multipart/alternative";

     boundary="----_=_NextPart_001_01C72092.CC2CFA91"

Subject: SUBJECT

X-MimeOLE: Produced By Microsoft Exchange V6.5

Date: Fri, 15 Dec 2006 15:48:43 -0600

Message-ID: <8E4054ECFAFC834E8F5E092271D96059C0D087@MNJSERVER8.mnjtech.com>

X-MS-Has-Attach: yes

X-MS-TNEF-Correlator:

Thread-Topic: SUBJECT

Thread-Index: AccgksonPErZVAaDRtGFKM5Ko+AVMQ==

From: "Jason Jonelis" <jjonelis@mnjtech.com>

To: <USER@DOMAIN>

 

Unless your spam filter is looking at the message-ID of *@MNJSERVER8.mnjtech.com, which besides being a bad practice to have (you’ll probably redirect a bunch of false positives in terms of emails received), if you look at mnjserver8.mnjtech.com you will see that it resolves to the same IP address as mail.mnjtech.com (216.133.162.187).

 

I hope this concludes any issues regarding the delisting of our mail server from your spam filters.  If you have any further questions or comments please feel free to respond to this email and I’ll get to them as soon as I can.

 

Thanks again,

 

 

Jason Jonelis
800-870-4340 ext. 8323
jjonelis@mnjtech.com

AIM: windowsisavirus

From: unblock@godaddy.com [mailto:unblock@godaddy.com]
Sent: Monday, December 18, 2006 11:33 AM
To: Jason Jonelis
Subject: Update [Incident ID: 1424158] - Unblock request 216.133.162.187

 

Our support staff has responded to your request, details of which are described below:

Discussion Notes

Support Staff Response

Dear Sir/Madam,

Thank you for contacting Online Support. The IP address you have submitted (216.133.162.187) is not currently eligible for unblocking because the mailserver has returned a 'bogus helo'. This indicates that the server the email originated from either has a virus or has not been setup correctly. Please refer to the following information regarding this issue:

--------------------------------------------------------------------------------------------------

The SMTP HELO command is used by the outgoing mail server to greet the destination servers that they are connecting to. It is usually the first command issued when mail is being sent. It means "Hello, I am ..." Many viruses and bulk emailers send false or nonstandard HELO messages. We are starting to filter these messages and block traffic from email servers that utilize non-standard HELO settings.

Here are the types of error messages related to helo issues that you may experience:

1. bogus helo

This means that the sending email server connected to our mail server and said "HELO [their IP]". RFC 1132 says that the HELO ("hello") message should contain "a valid principal host domain name for the client host". This means a name like "smtp.exampledomain.com", or "mail.exampledomain.com". An IP address is not a valid listing for the name of the server.

In order to resolve this situation, the sending server's administrators will need to configure the server properly, which will cause it to identify itself by name rather than IP address. The administrators of this server may also want to check it for viruses, as many viruses use the HELO command with an IP rather than the name.

2. bogus helo (IP address listed here)

This means that the sending server connected to our mail server and said "HELO (receiving email server's IP)". What this means is that the sending server tried to say Hello, I'm you!" This action is generally caused by a virus.

In order to resolve this situation, the sending server's administrators will need to check it for viruses.

3. bogus helo matches rcpt

This means that the sending system connected to our mail server and said "HELO (receiving email server's domain name)". This is another version of "Hello, I'm you!" but using the server's domain name rather than the server's IP address. This is normally caused by a virus or a bulk emailer.

If this process is not done intentionally, it is generally created by a virus. The server's administrators will need to check the machine for problems.

We hope that this information is useful in diagnosing and resolving the issue that you are experiencing.

Please let us know if we can help you in any other way.

Sincerely,

Phillip P.
Online Support
Technician

Customer Inquiry

IP: 216.133.162.187
From: jjonelis@mnjtech.com
Phone: 8008704340
Submitted by: 216.133.162.185

You make it very difficult to email responses to the \"unblock@godaddy.com\" account - as any email from this IP address is blocked.



If you need further assistance with this matter, please reply to this email or contact customer service at 480-624-2500 and reference [Incident ID: 1424158].

Thanks,
Customer Service

© 2006. All rights reserved.