Great, Shaw is playing with email things again :-(
All of a sudden all emails from my box (on a shaw cable modem) outgoing (via Shaw's recommended smarthost) were being blocked by Shaw. They blocked me from 1am to 4:30pm.
I've been using this setup for 10+ years and never had a problem. They must have switched to a new email outsource service or something.
Even funnier, what triggered it seems to be this: I'm trying to help my customer with Spam problems and the RT ticket he made (and hence email subject) had the word "Spam" and Shaw barfed it back and started the blocking without warning:
========================= Date: Fri, 24 Apr 2015 01:07:55 -0500 From: Mail Delivery Subsystem MAILER-DAEMON@tecnopolis.ca Subject: Returned mail: see transcript for details
The original message was received at Fri, 24 Apr 2015 01:07:54 -0500 from localhost.localdomain [127.0.0.1]
----- The following addresses had permanent fatal errors ----- customer@mycustomer.com (reason: 552 5.2.0 lWmIYQYgD7S0qlWmJYSEv0 spam rejected)
----- Transcript of session follows ----- ... while talking to shawmail.wp.shawcable.net:
DATA
<<< 552 5.2.0 lWmIYQYgD7S0qlWmJYSEv0 spam rejected 554 5.0.0 Service unavailable
[...] Subject: [Tecnopolis #2173] Spam Possible =========================
Hahaha. Pathetic. So any email that wants to talk about spam and has that word in the subject is blocked? What if I want to talk about viagra or rolex, is that blocked too?
All subsequent emails for the whole day got a bounce:
========================= The original message was received at Fri, 24 Apr 2015 02:54:59 -0500 from localhost.localdomain [127.0.0.1]
----- The following addresses had permanent fatal errors ----- customer@mycustomer.com (reason: 554 mo23.dcs.int.inet shaw.ca ESMTP server not available)
----- Transcript of session follows ----- ... while talking to shawmail.wp.shawcable.net: <<< 554 mo23.dcs.int.inet shaw.ca ESMTP server not available 554 5.0.0 Service unavailable =========================
WTF is mo23.dcs.int.inet? Looks new to me.
Anyhow, after a call to a clueless tech rep telling me I'm unsupported because I run sendmail *simply as an outgoing mail MTA pointing directly to their smart host* and an email to their (hopefully) more advanced techs, I got nowhere until it magically fixed itself at 4:30. I probably hit their BL timeout or something.
I dare anyone on the Shaw network using normal SMTP outgoing to send an email with the subject of "sp*m" (I dare not spell it out in full, he who can't be named and all that). Let me know if they block you for a day and whether you get anywhere with tech support.
Shame on Shaw. Almost getting as bad as MTS. Wait a minute, no one can get *that* bad (MS Live mail anyone?). :-)
I have a simple solution - don't be dependent on the whims of your ISP for mail servers. I'm using Tucows/OpenSRS for my globally accessible (authenticated) SMTP server, which also means I won't be rejected for "relaying" if I connect my laptop to the Internet at some other premises than my own.
Also, for good measure, I am using this same SMTP server at Gmail, where (policy change in Sep 2014) any newly created "from" address requires you to supply your own SMTP server (a BYOS policy - "bring your own server").
For a Tucows/OpenSRS reseller, that SMTP server costs $0.50 per month - a negligible cost.
Regarding MTS, I believe they recently switched from MS Live/Hotmail/Outlook to something else for their mail service offering (@ mymts.net).
Hartmut W Sager - Tel +1-204-339-8331
On 25 April 2015 at 01:31, Trevor Cordes trevor@tecnopolis.ca wrote:
Or set up your own mail relay with a cloud provider, and funnel everything through there over IPsec or even just a private port #. This can be done for as little as US$2.99/month. -Adam
On April 25, 2015 12:51:54 PM CDT, Hartmut W Sager hwsager@marityme.net wrote:
On 2015-04-25 Hartmut W Sager wrote:
I have a simple solution - don't be dependent on the whims of your ISP for mail servers.
I'm sort of half-dependent. I'm running all my own sendmail servers. Incoming is all direct to me, but outgoing I'm forced through Shaw's smarthost since they block outgoing port 25 to all but that one host. If ISPs didn't block port 25 (net neutrality anyone?) I wouldn't even have to use their smarthost (not to open that discussion again...).
That sounds great, I didn't know about that. I will see if I can find it in their ever-changing wacky interface (unless you know the secret location!). Any gotchas or limitations?
Or Adam's VPS ideas, but I'm loathe to pay for something that *should* be free (and once was free). It's not money, it's principle. (RANT: the net was supposed to be about everyone being a server, not just a consumer, but they take away ports one by one saying "you aren't allowed to do that, go pay X company $Y/month to do it or buy our double/triple business plan pricing where you're still not allowed to do it but we'll turn a blind eye". /RANT)
Ahhh.... I just spotted the reply from Shaw... this explains EVERYTHING:
"We are in the middle of transitioning our spamcontrol to cloudmark and as you seem to send out via our server you were more than likely blocked. The blocks are in place for 24 hours and then are lifted."
"I would suggest you use mail.shaw.ca or even the direct IP 64.59.128.135. In future I should suggest you attempt a telnet into the mail port and if it doesn’t resolve you could likely be blocked again."
Interesting, so they are implementing blocking via DNS if I read that right? Hmm... If I get blocked again, I might just hardcode their smarthost's IP into my sendmail.mc line... That might explain the weird domain in the original SMTP diag email... they were returning me a bogus domain name that doesn't resolve as a means to block. If I'm reading all this correctly...
How come whenever a company outsources email it becomes worse than useless? Grrrr...
Oh ya, their email also hinted that if I change sendmail to send to their smarthost via auth/encrypted port 587, that I might be subject to less stringent rulesets. I guess that makes sense, a zombie bot on a Windbloze box would send on 25, and probably not have creds for 587.
Now to see if sendmail can smarthost to a auth'd 587... m4 here I come...
New motto: sendmail: if you can config it, you can config anything
I can only think of one gotcha/limitation: They (Tucows/OpenSRS) start you with a daily outbound limit of about 50 e-mails, and they ramp it up very rapidly (almost daily) to about 500 based on your good behaviour.
Indeed, good luck finding this stuff in their ever-changing wacky interface though! And I'm not about to torture myself explaining that in writing. To help you, I'd have to be on the phone with you and in my Tucows/OpenSRS interface at the same time. One hint: Use their new (overall screwy) interface for this one.
Oh ya, their email also hinted that if I change sendmail to send to their smarthost via auth/encrypted port 587, ...
I send from Gmail with SSL on port 465 (they also allow TLS on port 587) using my Shaw consumer ISP (no static IP address), with no problems ever.
Here's an excerpt from my Gmail config area:
[... name deleted ...] info@marityme.com Not an alias. Mail is sent through: smtp-1.marityme.com Secured connection on port 465 using SSL
The SMTP server smtp-1.marityme.com is just a CNAME to my Tucows/OpenSRS SMTP server (with a very long name) - it makes me look more professional that way.
Also, with the "not an alias" option selected, the detailed header source code seen at the receiving end does not show my Gmail address.
Hartmut W Sager - Tel +1-204-339-8331
On 25 April 2015 at 23:46, Trevor Cordes trevor@tecnopolis.ca wrote:
-
Adam Thompson -
Hartmut W Sager -
Trevor Cordes