[Mailman-Users] Bounces being detected as spam/virus sending rate

Mark Sapiro mark at msapiro.net
Thu Apr 23 05:23:38 CEST 2015 

On 04/22/2015 07:28 PM, Steven D'Aprano wrote:
> 
> 
> I receive unhandled bounce notifications (no more than a handful of 
> those, which I then manually remove) and see notifications of addresses 
> that are removed for excessive bouncing, again no more than a handful at 
> a time. How can I see a list of members set to No Mail for bouncing?


bin/list_members --nomail=bybounce LISTNAME

or for all lists

for l in `bin/list_lists --bare`; do
    echo $l
    bin/list_members --nomail=bybounce $l
done

To see more detail get the script at
<http://www.msapiro.net/scripts/get_bounce_info.py>, copy it to
Mailman's bin/ directory and run

bin/withlist -a -r get_bounce_info


> Can you suggest anything I can do to avoid triggering the ISP's system? 
> (A hard question, I know, since we don't know precisely what triggers 
> it in the first place.)


You need much more information as to what is actually happening. If this
is one of the larger ISPs, see <http://wiki.list.org/x/4030690> for tips
on signing up for their feedback system.

It's a difficult process to get the information you need. Here's a case
story somewhat on topic.

I used to run my own outgoing MTA on my desktop computer. Everything was
properly configured including full circle DNS and a nice domain name
(msapiro.net). As far as I could tell, everyone accepted my mail, but I
used to check the status of my IP at
<https://postmaster.live.com/snds/ipStatus.aspx> (a service you can sign
up for).

Every couple of months, my IP would show up as "exhibiting bot like
behavior", even if I only sent a couple of personal messages to any
microsoft server, and even though the report at
<https://postmaster.live.com/snds/dataIP.aspx?ip=1152893423> always says
"Error: no data for the specified IP" because I have never sent the
threshold number of messages in a day. They never actually blocked my
IP; they just flagged it. I would report the flag and they would reply
with a message like


> Your IP (68.183.193.239) was blocked by Windows Live Hotmail because the majority of all the email that you send has been judged to be spam by our internal filtering system. I have conducted an investigation into the emails originating from your IP space and have implemented mitigation for your deliverability problem. This process may take 24 - 48 hours to replicate completely throughout our system.  


I have numerous saved emails from me asking them to just verify that
they have actually seen even one such spam message. The exchange usually
went something like this


>> We regret that we are unable to provide further assistance and details about this situation since we are not in liberty to discuss or provide samples of spam mails.
> 
> 
> The point is that I don't believe there have been any spam emails to Windows Live Hotmail that originated from IP 68.183.193.239. I don't care if you provide me with details of any specific email. I would just like you to verify that you personally have seen a copy or information about even one specific spam email originating from this IP.
> 
> 
>>At this point, I would suggest that you review and comply with Windows Live Hotmail's technical standards. This information can be found at http://postmaster.live.com/Guidelines.aspx
> 
> 
> I have reviewed the information on the above page and the pages linked therefrom, and I believe I am in compliance. Do you actually have an example of a non-compliant message originating from IP 68.183.193.239? You don't have to provide a sample or any specific information about it. I would just like you to tell me that you have actually found one.


No one ever confirmed that they had seen even one alleged spam message,
but they always removed the flag, but a couple of months later, it would
return and we'd do the same dance.

I finally decided that what was actually happening is every couple of
months they would notice that my IP was in a "home DSL" net block, and
sending even one message from such an IP was "bot like behavior".

The end of the story is I switched to sending my outgoing mail via my
production server that's in a commercial colocation facility, and
Microsoft stopped flagging my desktop IP as it sends them no mail at all.

The moral here is the bigger the ISP, the more difficult it is to get
any relevant information from them.

Good Luck.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list