Forum Discussion

ccpanel's avatar
ccpanel
New Member
5 years ago

554 5.7.1

When sending email out of eudora on hughes internet service, all emails to both yahoo.com and gmail.com get bounced.

 

these are legit emails to family.

single, original emails, not forwards, not spam.

 

there is no outgoing signature, no attachments(service is SLIGHTLY faster than dialup)

 

this happens irregardless of address book or direct typing.

 

a bit of goggling and I see that hughesnet.com has an atrocious rating and is most likely blacklisted on those servers.

 

It is also possible and likely that hughes/eudora might be using TLSv old version instead of new.

 

https://knowledge.broadcom.com/external/article/155061/smtp-code-554-571-and-the-message-is-rej.html

Possible scenarios:

  • The IP address has been included in a Real-Time Blacklist due to Spam coming from your domain.
  • Your domain or IP address has been blacklisted by the recipient.

 

this site;

http://multirbl.valli.org/lookup/hughesnet.com.html

clearly shows huighesnet is blacklisted on 3 servers, failed on 1, listed on 1 other.

This assumes if theres 1 fault, there must be others.

and since neither gmail or yahoo are even available to be checked-they are probably blacklisting too.

 Testing other domainas yeilded zero fails.

 

this site

https://mxtoolbox.com/problem/mx/dmarc-policy-not-enabled?page=prob_mx&action=mx:hughesnet.com&showlogin=1&hidepitch=0&hidetoc=1

says "No DMARC Protection" and all I know about that is goggle... but apparently hughes doesnt have the right settings.

 

https://mxtoolbox.com/SuperTool.aspx?action=mx%3ahughesnet.com&run=toolpage

 

when I check the ip;

https://www.spamrats.com/lookup.php?ip=********

Does IP Address comply with reverse hostname naming convention... Failed!

RATS-Dyna - On the list. Worst Offender Alert.

This is a Worst Offender Alert and this means that not only this IP address, but the whole class 'C' is also on the indicated SpamRats List. Usually this means the whole range has the same issue of naming conventions or no reverse DNS AND that many IP's from this Class C have been used in Spam Attacks, Dictionary attacks or other forms of attacks, as detected by Mail Servers in the Data Collection Grid. You will NOT be able to use the removal form to remove your IP Addresses. If you have recently been assigned the IP Addresses, or have changed what these IP Addresses are used for, you can use the contact form and ask for a reclassification, but you will have to provide full disclosure, including whois for the ip addresses, your affiliation with the company that owns them, and a description of what the IP's were previously used for, and what they will be used for, in order for a Spam Auditor to consider reclassification. Remember, the majority of the IP's in this space WERE detected as being involved in some form of attack or abusive behaviour, so you had better have a good reason to ask for removal, and you need to own or control the IP addresses, as evidenced by ARIN whois.

 

  • We are sorry that we cannot remove your IP address at this time. This IP Address appears to be designated as a 'dynamic' IP Address.
  • Only the ISP or company that has control over the IP Address may request a removal.
  • Being listed on SpamRats should not affect you in any way, or your ability to send email through your email provider. If it does, and you get a bounce message, it is much more likely that this is a problem with your email client configuration.
  • Please contact your ISP to address this issue.

 

this is from a computer of a virus free 80 year old lady(mom)

 

 

  • Too much information posted here, so I'll just deal with the pertinent issue:

    1. HughesNet has many users on a contracted email server, so DKIM isn't going to be feasible.

    2. They have a DMARC policy and a published SPF record in the DNS record, it's just set up to soft fail for anything not in their passable IP spec.

     

    The problem is the soft fail. They know about it. They also know about the TLS issue. As I said, they use a subcontracted email server, so they're at their mercy.

     

    If this is a problem, I recommend getting your own gmail (or other free email account) and use that instead.

  • heres the redacted full fail email bounce;

     

    On Sunday, November 1, 2020, 07:09:02 PM CST, *> wrote:
     
     
    SMX-Results: classifications=clean
    x-binding: postmig.hughes.net
    X_CMAE_Category: 0,0 Undefined,Undefined
    X-CNFS-Analysis: v=2.1 cv=eeudB+wH c=1 sm=0 tr=0 
    a=7EUpco2kou8R3+YclCVmDA==:117 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 
    a=s5jvgZ67dGcA:10 a=KGjhK52YXX0A:10 a=afefHYAZSVUA:10 a=pGLkceISAAAA:8 
    a=RjnGT0qymAG9YVMVa8kA:9 a=_8t50pCI6oYA:10 a=pOfvU1qiAAAA:8 
    a=h7xUtXWKvlL9-eM2ISsA:9 a=HwP9BBoVAAAA:8 a=K-v-2zaBAAAA:8 a=hEh3JUyyAAAA:8 
    a=JOTxZxH5rwjyr02B3CUA:9 a=GYYCrG5mmoTx1AJ-63yv:22 
    a=wkYxKhw-HeU8SOjXaEtz:22 a=q2aDPwXDRxExA5do78dt:22
    X-CM-Score: 0
    X-Scanned-by: Cloudmark Authority Engine
    Authentication-Results: mx01.hughes.cmh.synacor.com 
    header.from=postmaster@hughes.net; sender-id=softfail
    Authentication-Results: mx01.hughes.cmh.synacor.com 
    smtp.mail=@smtp02-forward-2.daemonmail.net; spf=neutral; sender-id=neutral
    X-Best-Tracker:
    X-Virus-Scanned: Debian amavisd-new at mxwin07.daemonmail.net
    X-Spam-Score: -1.901
    X-Spam-Level:
    X-Spam-Status: No, score=-1.901 tagged_above=-999 required=10
        tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001]
        autolearn=ham autolearn_force=no
    From: Mail Delivery System <postmaster@hughes.net>
    To: w*g
    Subject: Mail Delivery Failure
    Date: Wed, 21 Oct 2020 11:58:39 -0400
     
    This message was created automatically by the mail system (ecelerity).
     
    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:
     
    >>> *@gmail.com (reading confirmation): 550 5.1.8 Invalid mailbox
    Reporting-MTA: dns; smtp.hughes.net
    Arrival-Date: Wed, 21 Oct 2020 11:58:39 -0400
     
    Remote-MTA: dns; 129.213.66.119
    Diagnostic-Code: smtp; 550 5.1.8 Invalid mailbox
    Final-Recipient: rfc822; *@gmail.com
    Action: failed
    Status: 5.1.8
    Last-Attempt-Date: Wed, 21 Oct 2020 11:58:39 -0400
    ------ This is a copy of the headers of the original message. ------
     
    Return-Path: <w*g>
    x-binding: smx_relay
    X-Authed-Username: d29vZHNvbjE5MjdAaHVnaGVzLm5ldA==
    X_CMAE_Category: 0,0 Undefined,Undefined
    X-CNFS-Analysis: v=2.1 cv=CqEfCiMD c=1 sm=0 tr=0 
    a=TNn/E7rXHaBL7SaPLGSxeA==:117 a=TNn/E7rXHaBL7SaPLGSxeA==:17 
    a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=8nJEP1OIZ-IA:10 
    a=HwP9BBoVAAAA:8 a=a0xGtHLcbs11TVhAxx0A:9 a=wPNLvfGTeEIA:10 
    a=wkYxKhw-HeU8SOjXaEtz:22
    X-CM-Score: 0
    X-Scanned-by: Cloudmark Authority Engine
    Authentication-Results: smtp02.hughes.cmh.synacor.com 
    header.from=wo*rg; sender-id=neutral
    Authentication-Results: smtp02.hughes.cmh.synacor.com 
    smtp.mail=w*rg; spf=neutral; sender-id=neutral
    Authentication-Results:  smtp02.hughes.cmh.synacor.com 
    smtp.user=w*@hughes.net; auth=pass (LOGIN)
    Received-SPF: neutral (smtp02.hughes.cmh.synacor.com: 67.45.112.32 is 
    neither permitted nor denied by domain of customclassics.org)
    Received: from [67.45.112.32] ([67.45.112.32:60007] 
    helo=M-PC.customclassics.org)
        by smtp.hughes.net (envelope-from <w*rg>)
        (ecelerity 2.2.3.49 r(42060/42061)) with ESMTPA
        id D7/92-31042-9AA509F5; Wed, 21 Oct 2020 11:58:37 -0400
    X-Sender: w*@hughes.net@mail.hughes.net
    X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1
    Date: Wed, 21 Oct 2020 08:51:44 -0700
    From: w*n <w*g>
    Subject: Re: W*n T-shirt
    In-Reply-To: <CAM6bGPxWwbcr7CTk5q6q68StFFFmAhFjD9Yu89Mc+6aXSwS+JA@mail.g
      mail.com>
      <CAM6bGPxWwbcr7CTk5q6q68StFFFmAhFjD9Yu89Mc+6aXSwS+JA@mail.gmail.com>
    Mime-Version: 1.0
    Content-Type: text/plain; charset="iso-8859-1"; format=flowed
    Content-Transfer-Encoding: quoted-printable
     
    • ccpanel's avatar
      ccpanel
      New Member

      and of course-the emails attempted are full legit emails.

       

      also-when sending to teh yahoo, it said -failed to login and wouldnt send.

       

      successfull sends to other domains before, during, and after other fails.

      • ccpanel's avatar
        ccpanel
        New Member

        This IP has been flagged because it is dynamic or by suspect to be domestic use only.

        If you are running an email service on this IP, ask ISP to change the rDNS.

        The removal of this IP from this blacklist depends on change of rDNS to match the FQDN of the mail server.