Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is our IP being spoofed? 1

Status
Not open for further replies.
pkirill

pkirill

Technical User
Jun 15, 2002
134
0
0
US
Hi, I posted this question in the Email Issues forum and it was suggested I post here for greater response. Apologies in advance for the cross post...

I'm an 'inside network guy' and not an expert on the ways of the web so hopefully one of the gurus here can help. We've had trouble sending emails to a particular client. They get returned and the NDR states that "Client host [206.42.141.5] blocked using 88.blacklist.zap". The PROBLEM is that the IP noted in the NDR has nothing to do with us. I've been back and forth with the MS Exchange Host tech folks (who are decidedly not helpful) and they just keep sending me reports of the spam that they are filtering - again, none the email we sent is in those reports and the IP address associated with the sender has nothing to do with our network...

We have a very simple setup where we host our own Exchange, have a Watchguard firewall, and T1 with a single static IP.

So I guess my question is: Can anyone explain any reason or possibility why our IP address (67.62.xxx.xxx) could be blocked when the 206.xxx.xxx.xxx IP is the one blacklisted? I'm primarily looking for direction on where to go looking for a problem on our end as right now I don't think there is one...

Thanks for any help!
 
Sort by date Sort by votes
Is the IP of your firewall in the 67.62 subnet? The address 206.42.141.5 belongs to la-cust-mx.sys.cogentco.com. Here is their contact information:

Administrative Contact :
Cogent Communications
dns@COGENTCO.COM
1015 31ST ST NW
WASHINGTON, DC 20007-4406
US
Phone: 202-295-4200
Fax: 202-338-8798

Technical Contact :
Support, Cogent
support@cogentco.com
1015 31st ST, NW
Washington, DC 20007
US
Phone: 202-295-4200

I suggest you call their technical contact to see if they have any answeres for you.

When all else fails, read the book!
 
Upvote 0 Downvote
Thanks, Fuego - I did as suggested and contacted Cogent. They were not very helpful either. They just suggested I forward the emails to their abuse department. However, tech support at MSEH came through with the following explanation -
"What happens when you send an email is that a DNS lookup is done so that your mail server knows where to relay the emails to. In this case the NS server for [client's domain] belongs to Cogentco and it is telling senders to send mail to the cogentco network which in turn relays mail to our network. This is unfortunately causing for the IP to be on our blocklist as it looks like it is sending spoofed emails and in some occasions relaying/forwarding spam which is why it ended up on our blocklist.
The proper conduct would be that when a sender sends an email to the lasarchitect.com doamin that the NS server tells the sender that the MX record points to our network and in turn relayed to the recipient mail server.
I hope that they will take the email we sent them and show it to their ISP as it needs to fix the routing.
Thank you for bringing this to our attention; I hope that the recipient administrator will be thankful for your help."

And they sent a nice email to our client's IT department... Hopefully it will get resolved...

Thanks for you help!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Moved to 365 in cloud, cannot get iPhones default mail app to connect
Replies
2
Views
523
Priyanka_Chauhan
Priyanka_Chauhan
DrB0b
  • Locked
  • Question
Issue removing large deleted items folder's contents
Replies
1
Views
487
DrB0b
DrB0b
sreejay2211
  • Locked
  • Question
email issue
Replies
0
Views
518
sreejay2211
sreejay2211
sreejay2211
  • Locked
  • Question
Group issue
Replies
0
Views
496
sreejay2211
sreejay2211
sreejay2211
  • Locked
  • Question
0365 Group issue
Replies
0
Views
491
sreejay2211
sreejay2211

Part and Inventory Search

Sponsor

Back
Top