If you run your own mail server (or know someone who does) you might point out to them that the DSBL blacklist is currently blacklisting parts of gmail. I can’t comment on what gmail may or may not be going to deserve being blacklisted; I can only comment that whoever you are, you almost certainly have friends using gmail who are going to be blacklisted too. So, yaknow, you probably want to stop using DSBL, at least until they fix this.
17 thoughts on “note to anyone who runs their own mail server”
Comments are closed.
Related Sites of InterestLuis Villa’s Blog / note to anyone who runs their own mail serverLuis Villa’s Blog Ramblings on law school in New York, free software, and the spaces in between. Skip to content Home note to anyone who runs their own mail server If you run your own mail server (or know someone who does) you might point out to the
Thanks–I run a mail server for personal use(large files and things) and I haven’t been able to receive Gmail messages. Good to know why now!
I used to use RBLs, but given the politics surrounding who gets listed, I’ve decided it’s best not to use them – I don’t want to give these people the ability to censor the email I receive, just because they don’t like some random site.
Just Say No To RBLs, kids!
Let’s not shoot the messenger here (or miss some fairly important details.)
Firstly, if you’re using list.dsbl.org, you won’t see any rejections because the Google IP is only in unconfirmed.dsbl.org / multihop.dsbl.org
To switch off the DNSBL entirely is like tossing the baby out with the bathwater. DNSBLs have their purpose and they do their job well – you just need to choose the ones you use carefully and read their listing and usage policies before you switch them on!
It’s fairly rare to see “political” listings in reputable lists as it almost immediately drives off users with inevitable false positives.
However I don’t see this being such an example – looks like someone at Google fouled up and needs to fix the configuration. It’s not the fault of dsbl.org, they’re just going off the information fed to it by their testing mechanisms. If you really need @gmail.com without interruption, use access(5) or a similar mechanism to whitelist them until Google get their act together.
I’m a DSBL user and never had a false positive – ditto Spamhaus (zen.spamhaus.org) and njabl.org. On the other hand indiscriminate choices of lists like SORBS or rfc-ignorant.org will likely see more than a few.
In this particular case the mail user was using multihop.dsbl.org, which dsbl recommends using- “most users will probably only want to use list.dsbl.org and multihop.dsbl.org.” So yes, this will be blocked with the recommended setup.
If you really need @gmail.com without interruption
Debian admins have suggested (sorry, can’t find the link) that something like a third of their list signups are from gmail. Gmail is pervasive. So there is no ‘if’, unless you’re some sort of hermit and don’t want email anyway.
I’m a DSBL user and never had a false positive
Sure about that? I found out about this because my mail to a DSBL user bounced, and he was surprised about it when I contacted him via other means. He also said this wasn’t the first time.
“… at least until they fix this.”?
Blacklists, even if they worked — and they don’t — are an attempt at solving the wrong problem. Spam isn’t the problem; the real problem is how to keep email useful as a communication tool. (Or, if things are really bad for you, how to make it useful again.)
You get lots of mail and you need to classify it somehow. Loosely speaking, you want to classify it into three groups: stuff you want to read right away, stuff you don’t want to read now but want to hold on to anyway (for any number of reasons), and stuff you never want to read.
As to blacklists maintained by various random people, well, power corrupts and all that. And if you’re not very powerful… hmm… I guess in that case little power grabs tend to turn people into a wackos.
I won’t presume to tell people what they want to do, but I will presume to tell them what they should do, and that is to stop using RBLs now and forever.
[…] mail-abuse and not DSBL.However, clearly there are some problems for Gmail due to DSBL rules>http://tieguy.org/blog/2007/04/09/note-to-anyone-who-runs-their-own-mail-server/I am so absolutely frustrated in having my Gmail emails rejected due to some Blacklist that suddenly […]
[…] (”DNSBLs”) among some members of the Internet community (pro-DNSBL here and slightly con here for […]
Just FYI — I’ve had experience about SORBS list blocking gmail as well. That’s when I am trying to send email to others from my gmail a/c. The full error message is like:
PERM_FAILURE: SMTP Error (state 9): 554 5.7.1 Service unavailable; Client host [66.249.92.171] blocked using dnsbl.sorbs.net; Spam Received Recently See: http://www.sorbs.net/lookup.shtml?66.249.92.171
If you’d bothered to check DSBL’s site instead of complaining that “they need to fix this” you’d have found out that the problem is entirely on Gmail’s side of things. Gmail lets unauthorized users relay messages, pure and simple. Here’s a page with proof:
http://dsbl.org/message?37724616
Note the following lines:
MAIL FROM:
RCPT TO:
and in the email headers:
Return-Path:
Simply by fudging the return path they were able to have the Gmail server relay a message from one address to another, with neither being a Gmail address.
This is Gmail’s problem, and your efforts would be better spent complaining to Gmail to fix their actual problem instead of DSBL to fix a nonexistent problem.
You have an uphill battle, as, spitting in the face of every best practice email system admins have, Gmail is concerned only with accounts that “do” send spam, not with accounts that “could” send spam. See their unbelievably ignorant message here:
http://dsbl.org/email?9457
Even if gmail is wrong (which I’m not sure it is, given that they can do vastly more traffic analysis than the average mail forwarder), by blocking gmail, DSBL is hurting DSBL’s users much more than DSBL is hurting gmail. That is a shitty reality, but it is a reality. Any blacklist which refuses to cope with reality isn’t one that real people should use.
I don’t see how traffic analysis has anything at all to do with gmail being wrong or right. If I log onto gmail’s servers from the outside world, don’t authenticate, and can send email to anyone I want, that’s an open relay. There’s no analysis, traffic or otherwise. It is what it is, and the facts show that Gmail is wrong. In fact, if you read the email message I linked to, the Gmail person acknowledges that they’re running a relay.
You could say that it doesn’t hurt DSBL’s users at all. After all, they never see the consequences of Gmail’s actions. It’s Gmail users whose mail get bounced back that experience these failures.
DSBL isn’t refusing to cope with reality. They’re facing the reality that Gmail is an open relay, and they’re treating it like every other open relay. That’s their job, and they’re simply refusing to treat Gmail different than other providers. If Hotmail was an open relay, everyone would bitch at Microsoft to fix the problem, not DSBL…why is Google being treated differently?
You’re making assumptions about how I’d treat hotmail- careful there. Besides the broken assumption, the bottom line is that you’re not blocking some accidentally open relay with a handful of legitimate users and no policy of blocking spammers- you’re blocking an open relay which (1) claims to be blocking spammers (even if it is technically open) and (2) has tens of millions of legitimate users. There is a fine line being ‘taking a principled stand’ and ‘being inflexibly boneheaded’, and you’re on the wrong side of it.
As far as your assumptions about who is being hurt… I found out about this because someone using DSBL asked me for information and didn’t get it. In this particular case, no skin off my back; big skin off his. He is the one who was hurt, not me. But I’m sure this is the first time anyone who uses DSBL has ever asked for information from a gmail user, so maybe you’re right.
I made no assumption as to how you specifically would treat Hotmail. I made an assumption as to how I would expect people to generally react to Hotmail, given how online press has reacted to other security flaps there in the past.
I’m sorry my sarcasm about who would see the consequences of Gmail’s actions was lost on you.
As to (1), I have seen nothing from Gmail where they claim that they are blocking spammers. Conversely I have seen evidence that they admit they are an open relay to DSBL administrators.
As far as (2), I fail to see why that makes a difference. My mail server could have twenty million users. If it’s an open relay, it’s still an open relay. Having more users doesn’t make me more or less “right” about having one. It just means that people using those blocklists will then have a harder decision when deciding whether to allow all the other spam-dumping servers to talk to them as well just to let Gmail in, or whether to keep Gmail out to keep the other spam out.
Anyways, you’ve totally missed my original point, which was, why not bitch at Gmail to fix their problem instead of DSBL? You can react the same way regardless, by not using DSBL’s blocklists, or adding a Gmail exception, if you can find a server list. But if you want the problem to be solved permanently, at least go to (and blame) the cause of it, not the effect.
Your own link says that Google has automated processes in place to detect spamming, which presumably includes measuring volume of relaying.
I certainly want the problem solved in the long term, and I’ll go ahead and bitch to gmail, but in the meantime, anyone who wants mail from the tens of millions of gmail users should turn off DSBL, and they should consider ditching any service which is so dogmatic about open relays that they are willing to shut off the third largest source of legitimate email.
Large difference between detecting spammers and blocking spammers. They can go ahead and detect spammers all they want, and shut off referenced Gmail accounts — which may or may not be actual guilty parties if return paths are being spoofed — but if they’d close their hole they’d be blocking spammers to begin with. Oh, and they’d not get listed on DSBL. Gmail also has a long history of being listed on SpamCop as well, meaning users of either service will see this issue. And again, if they’d just plug their hole…
Anyways, DSBL doesn’t shut off the third largest source of legitimate mail. DSBL users do. DSBL lists them when they collect hard evidence that they’re spam-friendly, and they have every right to treat every service equally. This doesn’t make them dogmatic, it makes them fair. They give their users the hard facts, and it’s up to the users to decide to put in an “allow” rule specifically for Gmail, unless they want to accept all the other spam junk that DSBL’s lists block. Personally, I appreciate this fairness. My mail server’s been repeatedly scanned for open relays and it’s locked down tight — and my reward is not getting publicly shamed by being added to open relay block lists.
There’s no reason Gmail should be treated any differently. Again, it’s up to DSBL users to decide how to resolve the situation if Google refuses to fix the problem…but it has nothing to do with dogma, and it has nothing to do with any sort of a DSBL problem.
If you think Gmail should not be held accountable and be given a pass just because it’s a very large (users and volume) mail service, then perhaps you think Microsoft should not be held accountable for security holes in Windows just because it’s the most widely-used operating system.
[…] (”DNSBLs”) among some members of the Internet community (pro-DNSBL here and slightly con here for […]