An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#17304 - 09/03/11 10:28 AM Spam eating monkey?
Bensheim Offline


Registered: 08/16/09
Loc: UK
Twice in the last two days, emails I have sent to legitimate contacts have been bounced back with

Service unavailable; Client host [212.23.3.141] blocked using backscatter.spameatingmonkey.net; listed, see http://spameatingmonkey.com/lookup/212.23.3.141

They emailed me, I replied. Then I got bounced back.

Is there something wrong with the client host, which is the same in both cases?

(In the first case I phoned her, and her response was "it must mean my mailbox is full". Is this likely considering the bounceback message?)

Baffled. Thanks for any replies.

Top
#17305 - 09/03/11 11:37 AM Re: Spam eating monkey? [Re: Bensheim]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
The URL at http://spameatingmonkey.com/lookup/212.23.3.141 explains what the problem is. Your IP address has been blacklisted by an anti-spam blacklist called spameatingmonkey.

In your particular case, your IP address has been added to a backscatter spam blacklist. Backscatter means that oyu are not deliberately spamming; instead, either you or your ISP is indirectly spamming, by sending "bounce" messages to spam email. The buil-in Mac email program has a "bounce" command, but you should never, ever use it; spammers always forge the From: addrss, so if you bounce a spam message, you will end up sending it to the poor schlub whose email was forged.

Similarly, ISPs must never bounce spam, because that just sends the spam to the person whose email address was forged. If you are not bouncing the spam, call your ISP and see if they are.

If you click on the link in the message you posted, you will see a place you can click on to ask that your IP address be removed from the blacklist.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#17306 - 09/03/11 11:53 AM Re: Spam eating monkey? [Re: Bensheim]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Spameatingmonkey and other similar organizations maintain various blacklists which in turn are used by email servers to screen out potential junk email. (Estimates are that in the United States alone there are some 6,600,000,000,000 emails sent in the year 2009 and the US did not generate the largest volume of SPAM messages that year. That dubious honor belongs to Brazil with 7.7 trillion messages.) Blacklists are an effective, albeit imperfect tool in the battle against SPAM. There is always the downside that legitimate domains and IPs can get on the blacklist for any number of reasons. I know of several perfectly legitimate small businesses and even churches who's IP address has ended up on blacklists. At least in this case you were notified of the block. All too often you never know if or why your intended recipient did not get the message. It just disappears into the "bit bucket". Spam Eating Monkey lists their various blacklists and the reason for putting an IP on each of them here.

In this particular case IP address 212.23.3.141 is on the SEM-BACKSCATTER (backscatter.spameatingmonkey.net) list.
Originally Posted By: Spameathingmonkey
This list contains all IPs that sent mail to a spamtrap address with a NULL sender (<>) over the required threshold. All IPs are automatically expired after 15 days of inactivity.

In general it is the responsibility of the IP address owner to contact Spameatingmonkey to request their removal from the blacklist.
_________________________
joemikeb • moderator

Top
#17307 - 09/03/11 01:40 PM Re: Spam eating monkey? [Re: tacit]
Bensheim Offline


Registered: 08/16/09
Loc: UK
I've put my IP address into

http://spameatingmonkey.com/lookup?check=..........submit=submit

and it says

Not Listed

all the way down the results screen.

Do you mean the IP address of my ISP?

Anyway, feeling suitably reckless, I input that 212. and requested removal. It is not my IP address but I went ahead anyway.

.........pause.......

I have determined that it is my ISP for internet.

I will contact them accordingly, and thank you for your help on this very obscure (to me) problem.

You are all absolutely marvellous. Please write that down and read it again.

Top
#17308 - 09/03/11 04:48 PM Re: Spam eating monkey? [Re: Bensheim]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
A convenient source for information on IP addresses is WhatIsMyIP.com. It will immediately tell you what your WAN (lWide Area Network a.k.a. the internet) IP address is, as opposed to the IP address seen by the computers on your LAN (Local Area Network. Then if you click on "IP Lookup" at the top of the window it will tell you who an IP address belongs to and in general where it is located.

There are Terminal commands for doing the same thing as well as a number of applications, and web sites, but I find this one easy to use and informative.
_________________________
joemikeb • moderator

Top
#17311 - 09/04/11 09:31 AM Re: Spam eating monkey? [Re: joemikeb]
Bensheim Offline


Registered: 08/16/09
Loc: UK
It's quite funny, that IP Lookup. It puts me in the center of London (England); a city about 200 miles away.

Anyway, I am very pleased indeed to report back to FTMac that I seem to have fixed this strange issue - with your help.

The two emails which bounced back lately, I have re-sent, and had no bounce back messages. (Such messages are always instantaneous.)

My ISP will be puzzled tomorrow when they read my emails alerting them to the Spam Eating Monkey which they upset. Or fed?


Top
#17312 - 09/04/11 11:15 AM Re: Spam eating monkey? [Re: Bensheim]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Quote:
It's quite funny, that IP Lookup. It puts me in the center of London (England); a city about 200 miles away
That is pointing to the address the IP address is registered to ie. your Internet Service Provider.
_________________________
joemikeb • moderator

Top
#17313 - 09/04/11 11:30 AM Re: Spam eating monkey? [Re: Bensheim]
alternaut Offline

Moderator

Registered: 08/04/09
The description on WhatIsMyIP.com's IP Address Lookup page states:

'This tool is not 100% accurate due to many different factors. Some of those factors include where the owner of the IP has it registered, where the agency that controls the IP is located, proxies, cellular IPs, etc. [...] At best, you'll get the exact city in which the user of the IP is located.'

In your case either one of the 2 first items (or both) apply.
_________________________
alternaut moderator

Top
#17317 - 09/05/11 06:13 AM Re: Spam eating monkey? [Re: Bensheim]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Originally Posted By: Bensheim
I've put my IP address into

http://spameatingmonkey.com/lookup?check=..........submit=submit

and it says

Not Listed

all the way down the results screen.

Do you mean the IP address of my ISP?

Anyway, feeling suitably reckless, I input that 212. and requested removal. It is not my IP address but I went ahead anyway.

.........pause.......

I have determined that it is my ISP for internet.

I will contact them accordingly, and thank you for your help on this very obscure (to me) problem.


Interesting response from my ISP this morning as follows:

"I can see that some of our mail servers are listed on spam blocklists. We make every reasonable effort to be removed from these. However, in some cases, this is not possible due to the owners of the blocklists demanding disproportionate payments from (us*) for these IP addresses to be unblocked. This is unfortunate but looks like it will be the situation for the foreseeable future."

*name removed by me

That might interest some people here, and I have replied saying that I got their IP address unblocked myself.......

Top
#17318 - 09/05/11 08:13 AM Re: Spam eating monkey? [Re: Bensheim]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
That's the standard response from gray-hat ISPs who permit spam on their networks.

I know of no blacklists that require money to be delisted. However, ISPs often see "kicking spammers off" as a form of revenue loss, since they are no longer making money from the spammers they boot.

If my ISP said something like that to me, I'd change ISPs. Its an admission that they allow spam.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#17324 - 09/05/11 01:50 PM Re: Spam eating monkey? [Re: tacit]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Hi Tacit

Change my broadband-providing ISP on the single basis that one dot com with whom I email has (spuriously imo) blacklisted them?

Isn't that a tad drastic? My broadband-providing ISP has been nothing other than brilliant in every respect in the 6-7 years I've been with them. I won't bore everyone with a list of their virtues compared with other ISPs here in the UK.

Is there a single internet service provider which has a proven 100% clean record on the 'allow spam' front? I doubt it.

Top
#17325 - 09/05/11 02:06 PM Re: Spam eating monkey? [Re: Bensheim]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Anyway, this gets even more interesting, in a way.

I just went onto (oh why the heck not just say it) farmline.com which is when clicked

farming.co.uk

and found a page http://www.farming-online.co.uk/support/email/

which says

"Important Information for senders experiencing rejection errors

The Farming Online e-mail service adheres to all current RFC guidelines/standards for SPF, DKIM, HELO, PTR checks and blacklists to minimise spam for all e-mail users.

This may affect some own domain senders (ie senders using an incorrectly configured exchange server, or sending using a different smtp server address other than the domains own smtp address). "



Top
#17341 - 09/07/11 09:44 AM Re: Spam eating monkey? [Re: tacit]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: tacit
I know of no blacklists that require money to be delisted.


Oh it exists, and is somewhat common. They usually refer to it as "express delisting", and a fee does apply, usually around $35 to get it delisted within a few hrs as opposed to a few days.
_________________________
I work for the Department of Redundancy Department

Top
#17342 - 09/07/11 11:57 AM Re: Spam eating monkey? [Re: Bensheim]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Originally Posted By: Bensheim
Isn't that a tad drastic? My broadband-providing ISP has been nothing other than brilliant in every respect in the 6-7 years I've been with them. I won't bore everyone with a list of their virtues compared with other ISPs here in the UK.

Is there a single internet service provider which has a proven 100% clean record on the 'allow spam' front? I doubt it.


It might be drastic; I personally have a zero-tolerance policy for spam and spam support.

I make sure that the IP addresses my ISPs give me are clean and don't appear in any blacklist, and yes, I have been known to leave an ISP for giving me a 'dirty' IP address. smile ISPs tolerate spam because they make money from spam. The only way that corporate entities can be made to change their behavior, other than through government intervention, is by financial pressure.

Originally Posted By: virtual1
Oh it exists, and is somewhat common. They usually refer to it as "express delisting", and a fee does apply, usually around $35 to get it delisted within a few hrs as opposed to a few days.


Requesting money for "expedited" removal, seems to me, isn't the same thing as requesting money for removal. If a blacklist has a way to delist an IP for free, and the ISP that owns it refuses to use it, then the ISP can't claim "oh, it's too expensive to delist"--that's disingenuous.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#17356 - 09/09/11 07:14 AM Re: Spam eating monkey? [Re: tacit]
Bensheim Offline


Registered: 08/16/09
Loc: UK
I have got to the bottom of this, if anyone's interested.

For reasons so long ago that I simply cannot remember (we're talking 4-5 years), I had my Mail Preferences set up with Mail In being hosted on one ISP, and Mail Out being hosted on another ISP. (I am a customer of both ISPs.)

This worked flawlessly for all those years, until about a week ago (whenever I started this thread). Events were then as described as in this thread.

Both my ISPs told me to do the same thing: set incoming and outgoing mail servers to use the same ISP, which I did, and now I can send mail to the place which was rejecting them before.

It seems that it's a common spammers trick to use different ISPs for in and outbound traffic. Whether that is or isn't true, the previous settings always worked up until this recent episode.


Top
#17357 - 09/09/11 09:04 AM Re: Spam eating monkey? [Re: Bensheim]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: Bensheim
It seems that it's a common spammers trick to use different ISPs for in and outbound traffic. Whether that is or isn't true, the previous settings always worked up until this recent episode.

It is quite common in the US for ISPs to block traffic on Port 25 that is not directed to that ISP's SMTP server. Exceptions are made for SMTP servers operating on ports 465 and 587 which require authentication (userid and password) to accept traffic. The intent of is to prevent the ISP's networks from being used for the distribution of SPAM and Malware.

How effective these tactics are I cannot say, but often they were and are instituted as a partial settlement in lawsuits brought against the ISPs by various state and federal Attorneys General.
_________________________
joemikeb • moderator

Top
#17358 - 09/09/11 10:03 AM Re: Spam eating monkey? [Re: joemikeb]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
The blocks on port 25 usually aren't about prohibiting a person from using different ISPs for inbound and outbound traffic (though they do have that effect) so much as they are to prohibit people from running their own mail servers, often without their knowledge.

Nearly all spam these days is funneled through virus-infected computers. It's one of the ways that virus makers make money, and it's part of the reason computer malware is a huge and highly profitable business.

One of the first viruses to do this was a bit of malware called W32/Minmail.MM. It did something new: on infected computers, it set up a mail server running on port 25. Then, it reported the IP address of the infected computer back to the virus creators. The virus creators would then sell or rent time on the infected computer to spammers, who would use it to funnel spam without the computer owner even knowing it--all the computer owner would know is that his computer was acting slow.

Almost all modern malware will set up mail servers as part of what it does. Blocking port 25 was a technique to combat spam from infected computers, though these days modern malware sets up mail servers on a number of different ports, and/or use authentication, encryption, or both to hide the mail traffic.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#17361 - 09/09/11 11:31 AM Re: Spam eating monkey? [Re: Bensheim]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
on a somewhat related note, I was just looking at my mailserver log and omgwtfbbq look at ALL the blocks due to my spamhaus DNSRBL subscription! I am so glad I run that. They do a very good job it seems. I almost never get false positives - the only couple I have gotten have been traced back to an infected (botnetted) machine at someone's little rinkydink web/email hosting provider.
_________________________
I work for the Department of Redundancy Department

Top
#17614 - 09/26/11 03:18 AM Re: Spam eating monkey? [Re: Bensheim]
Bensheim Offline


Registered: 08/16/09
Loc: UK
This makes no sense whatsoever.

Both my Macs in this office have the same Mail Preferences now: using the same server at one ISP to send and receive emails.

Having been away for a week, no one has changed anything, I now find that one Mac cannot send emails but the other one can and does. The settings are identical.

The error message on the Mac which won't send emails is something like "check your settings". I reported this to the ISP and their reply was polite disbelief.

I have therefore reinstated the previous outgoing mail server (which is a different ISP) on that particular Mac.

Crazy. Mad. Nonsensical, eh?

Top
#17617 - 09/26/11 10:39 AM Re: Spam eating monkey? [Re: Bensheim]
ganbustein Offline


Registered: 08/04/09
Originally Posted By: Bensheim
This makes no sense whatsoever.

Both my Macs in this office have the same Mail Preferences now: using the same server at one ISP to send and receive emails.

I now find that one Mac cannot send emails but the other one can and does. The settings are identical.


This may be related to a problem I ran into trying to get my iPad (and later an iPhone) to check mail on my personal domain. Rather than bore you with all the hair-pulling and mysterious symptoms I ran into, I'll cut to the chase.

What I learned was that my domain's mail server would not allow simultaneous SSL connections from the same IP address to the same port number for IMAP. All the devices behind my NAT router appear, to the server, to be coming from the same IP address.

SSL+IMAP is supposed to use port 993, but the server in question would also allow SSL+IMAP over port 143, so my current workaround is: my desktop computers connect to port 143, and only one of them is ever running Mail.app at any one time. My iPad and iPhone both connect to port 993 (the iPhone in particular not liking non-standard ports), and I only ever check mail from one or the other at home.

When I'm away from home, there's no problem. When the iDevices are not behind my NAT router, they appear to be coming from different IP addresses, and can fetch mail simultaneously. (I can test this at home by turning off WiFi on an iDevice, forcing it to be "away from home".)

It's not a problem with my NAT router (an Airport Extreme Base Station), because MobileMe and GMail both work as expected, allowing simultaneous SSL+IMAP access from all my devices, even through the router.

The point is, the problem may be not in your settings, but in your mail provider's settings.

One test is to quit your mail program on the machine where it works, and see if mail starts working (after a decent delay and perhaps some prodding) on the other.

(OTOH, I notice you say your problem is in sending mail, which has nothing to do with IMAP. Still, the symptoms I was seeing were so baffling before I finally figured out what was happening that it was difficult to get a good handle on what was and wasn't working. Maybe an actual problem with IMAP is spilling over into an apparent problem with sending mail.)

Top
#17620 - 09/26/11 12:39 PM Re: Spam eating monkey? [Re: Bensheim]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
There should be some more detail other than "check your settings". Did you see anything else (such as "The server could not be contacted on port XXX")?
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#17621 - 09/26/11 12:42 PM Re: Spam eating monkey? [Re: ganbustein]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Originally Posted By: ganbustein


This may be related to a problem I ran into trying to get my iPad (and later an iPhone) to check mail on my personal domain. Rather than bore you with all the hair-pulling and mysterious symptoms I ran into, I'll cut to the chase.

What I learned was that my domain's mail server would not allow simultaneous SSL connections from the same IP address to the same port number for IMAP. All the devices behind my NAT router appear, to the server, to be coming from the same IP address.


Some Web hosts also limit the number of processes which can be spawned on a server, with each IMAP session resulting in one process.

My hosting provider, for example, limits me to 25 processes. In Leopard and before, each time I ran Mail.app to fetch my mail, one IMAP session was spawned. In Snow Leopard and later, Mail.app creates *two* IMAP connections to each server, spawning two processes per mail session. (Don't ask me why.) Using POP instead of IMAP reduces the server connections and hence the number of running processes.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top

Moderator:  alternaut, dianne, MacManiac