|
|
|
|
 |
 |
|
Why do I get emails from the RAV AntiVirus program in my black-hole account? |
|
|
This has historically been the most frequently asked question. You are probably seeing emails that look something like:
Failed to deliver to '<somename@somedomain.com@blacklisted>'
"RAV AntiVirus plugin for CommuniGate Pro has found a virus in the e-mail you are about to send. Your message is not delivered."
Some worms (viruses) are nasty little critters that attempt to emulate mail addresses then send itself. How it obtains your address is a mystery to us since we have spent no time researching the issue. Nevertheless, when it attempts to send via our mailing system it gets clobbered nine ways to Sunday and it is immediately killed and sent to your black-hole account.
I've been watching the mail list traffic on the RAV mail list and it appears that the message below is, in fact, a bug in the RAV virus filter that needs to be fixed.
So, in essence, the message is really meaningless, it shouldn't be sent, the offending worms are immediately killed, and there is an errant issue with RAV sending a stupid email!:)
Remember, the black-hole account is basically a trash can, which from time-to-time, receives valid email. We recommend you simply delete this mail....
|
|
|
|
|
|
|
How can I create and use Shared Mailboxes? |
|
|
A shared mailbox is a mailbox in account X that can be used by a user (account) Y. Shared mailboxes can be used for incoming mail processed by a group of people (sales department, support department, etc.). Shared mailboxes can be used as an extremely fast and effective alternative to mail and distribution lists: the announce mailbox in the marketing account can be used to store all company announcements. If all employees have read access to that mailbox, a single copy of each announcement becomes available to everybody.
To use a Shared Mailbox, two steps must be taken: first, potential users of the shared mailbox should be granted access rights for that mailbox. On the second step the user mailers should be configured to access shared mailbox(es). Since these shared mailboxes belong to a different account, they are called foreign mailboxes.
First, the owner of the shared mailbox should create a regular mailbox within his/her account. It is useful to create a special account public and create shared mailboxes in that account. To grant others access rights to the shared mailbox, the account owner should use either a decent IMAP client that can deal with ACL (Access Control Lists) or the WebUser Interface. The WebUser Interface section describes how you can set the desired Mailbox Access Rights.
If a shared mailbox is created inside the public account, it is useful to grant all Mailbox Access Rights to the real shared mailbox owner, so the owner can perform all operations with that mailbox without logging in as the user public.
To access shared mailboxes, user mailers should be configured to display both the user account's own mailboxes, and the available shared (foreign) mailboxes. The most universal method is to use the account Mailbox Subscription list. This list is a simple set of mailbox names, and both account's own mailbox and foreign mailbox names can be included into that list.
Many IMAP clients can only use the Mailbox Subscription list, but they cannot modify that list, or they do not allow a user to enter a foreign mailbox name into that list. In this case IMAP users should use the WebUser Interface to fill their subscription lists. If a shared mailbox announce has been created in the account marketing, users should put the ~marketing/announce foreign mailbox name into their subscription lists.
The domain administrator can use the Account Template to specify the initial Mailbox Subscription list, so all new accounts automatically get subscriptions to some shared mailboxes.
When shared mailboxes are included into the Account Subscription List, the users should configure their mail clients to display all mailboxes listed in the Subscription List:
- WebUser Interface users should check that the Show All Subscribed Mailboxes Setting is selected.
- Microsoft® Outlook Express users should open the IMAP account Properties panel and enable the Advanced setting called Only Show Subscribed Folders. Since in this mode the Outlook Express mailer shows ONLY the mailboxes listed in the account Mailbox Subscription list, the users should include their own mailboxes (Sent, Drafts, etc.) into their Subscription lists.
- Netscape® Messenger users should open the IMAP Mail Server Properties panel and enable the Advanced setting Show only subscribed folders. Since in this mode the Messenger mailer shows ONLY the mailboxes listed in the account Mailbox Subscription list, the users should include their own mailboxes (Sent, Drafts, etc.) into their Subscription lists.
The Messenger automatically scans the public account and displays its shared mailboxes made available for the Messenger user. As a result, if all shared mailboxes are created in the public account, Netscape Messenger users should not do anything with the Mailbox Subscription Lists.
Some clients (including Microsoft Outlook and Outlook Express) cannot display foreign mailboxes even if those mailbox names are included into the account subscription list. Users of these mailers can access foreign mailbox via mailbox aliases. They should use the WebUser Interface to specify aliases for foreign mailboxes they want to access. If a shared mailbox announce has been created in the account marketing, users should create the mkt-announce mailbox alias for the ~marketing/announce foreign mailbox. Their IMAP clients will display the mkt-announce name and will provide access to the ~marketing/announce mailbox messages.
The domain administrator can use the Account Template
to specify the initial Mailbox Aliases, so all new accounts automatically get
a predefined set of mailbox aliases for the specified shared mailboxes.
|
|
|
|
|
|
|
Why do I get good emails in my black-hole account? |
|
|
CybrHost does not block any email to your mail domain with the exception of the router blocks. The Internet is flooded with soliciting
E-mail messages distributed to millions of E-mail addresses. These messages are known as "spam".
Spammers fill your mailboxes with a huge amount of unwanted messages, not only overloading the
Internet and your Server resources, but making mail retrieval very slow and difficult for you.
To prevent unauthorized spam CybrHost employs the five following methods to filter offending email:
1. Blacklisted IP Addresses
2. DNS-based Blacklisting (Realtime Blackhole List - RBL)
a. MAPS DNS-based RBL
b. relays.ordb.org
c. dsn.rfc-ignorant.org
d. bl.spamcop.net
3. Blacklisting IP Domains
4. Banned Header Lines
5. Banned Body Lines
These methods nearly eliminate all spam flowing to you. The black-hole account in your mail domain is where our messaging system delivers spam identified (unsolicited) email. Acceptable client email may find its' way into this account if the sending host has been blacklisted by multiple RBLs. This is somewhat common in nature.
We no longer use any third-party RBLs. We now depend upon our own filters 1, 3, 4, and 5 above as has been requested by our clients.
Please see Note 1 for information on ifc-igorant.org and UUNet.
If you receive spam outside of the black-hole account, copy the full headers, and paste that information which includes the sending IP address, into a forwarded copy of the original email and send it to:
kill-spam@cybrhost.net
If you receive good client email in the black-hole account, copy the full headers, paste that information which includes the sending IP address back into a forwarded copy of the original email and send it to:
blacklist-admin@cybrhost.net
|
|
|
|
|
|
|
|
|
|
|
|
|
|
How do you protect us from illegal email relaying? |
|
|
Specifying Client IP Addresses
The way to decide if an incoming SMTP message is coming from your own user is to look at the network address it is coming from. If all your users connnect from one or several LAN(s), you can treat all messages coming from those networks as "messages from Clients", and your Server will relay them to the Internet. All of our servers are defined within the messaging system as Clients which allows mail to be relayed without any authentication from our servers.
For our standard client email we then employ a method called POP-before-SMTP.
The Read-then-Send method (POP-before-SMTP)
The POP, IMAP, and other "access-type" modules check if an authenticated user has connected from an IP address not listed as one of the Client Addresses. During that POP/IMAP session, and for some time after the session is closed, that IP address is considered to be a "Client Address", so that users can send mail via your Server right AFTER they have checked their mailboxes.
An expiration time of 10-minutes is used after connection from a non-trusted IP because of the "dynamic IP address" policies of most ISPs: when a user disconnects from an ISP modem pool, and some other user connects to the Internet via the same ISP, the same IP address can be assigned to that other user.
Since many mailer applications try to send queued messages first, the SMTP module checks the Return-Path (the address in the Mail From SMTP protocol command). If that address is an address of a registered user, a to-be-relayed message is not rejected with the "permanent failure" error code. Instead, a "temporary failure" code is returned (with the "try to authenticate first" comment). Many mailers do not interrupt the mail session when they receive such a code, and continue by authenticating the user, retrieving the user mail, and retrying to send the queued messages. The queued messages will be accepted this time, because the user is authenticated from the same address.
An SMTP (message submit) session should start either during a POP or IMAP session, or within the expiration time after the end of the POP/IMAP session. Then that SMTP session can last as long as needed (several hours), if the queued messages are large and the link is slow.
These two methods prohibit any unauthorized mail relays from spammers. For more information on mail protection please see CommuniGate Pro Protection.
On a side note, if you ever receive a message stating something like, "You should authenticate first, Port: 25, Secure(SSL): No, Server Error: 473", The first thing to recognize is the meaning of the error 4.7.3 (Persistent Transient Failure, Security conversion required but not possible.) Disable your secure connection to the mail server. The second thing you could try would be to enable authentication.
This coming January 2003 we will be disabling POP before SMTP and re-enabling full authentication prior to sending mail.
|
|
|
|
|
|
Can I use secure access for Administration & Web Mail? |
|
|
Yes, you can use https (secure SSL) calls to both the administrative and we mail interfaces. However, you must first set-up a SSL Certificate.
Open your Administrative Interface using: http://mail.YOUR_DOMAIN.COM:8010
Select the Security Link located in the upper menu bar.
In the SSL/TLS Certificate to Use block, select Custom.
Press the Update button.
In the Private Key block, set size to 1024bit.
Press the Generate Key button.
In the Certificate Generator block, fill in all of the fields with your information. The Organization Unit field is optional.
Press the Generate Self-Signed button
The Domain Certificate block will appear. This indicates that you have now created a secure certificate pair that will allow you to enter the administrative and web mail interfaces using:
https://mail.YOURDOMAIN.COM:9010 for the administrative interface, and
https://mail.YOURDOMAIN.COM for the web mail interface.
|
|
|
|
|
|
What do the SMTP status codes mean? |
|
|
Request for Comments (RFC) 1893 provides an enhanced set of status codes for Delivery Status Notification (DSN) messages. This is an extension of the coding defined in RFC 821. The error codes in RFC 821 are designed to deal with messaging, and are not as useful for DSN messages. The code specified in the "More Information" section provides a more specific, flexible system of coding for DSN messages (non-delivery reports, read and delivery receipts, and so on). The Enhanced Status Codes provide a standard mechanism for reporting mail system errors, and provide more meaningful information than the standard error codes defined in the SMTP RFC (821).
Collected Status Codes
First Digit
2.X.X Success
4.X.X Persistent Transient Failure
5.X.X Permanent Failure
Second and Third Digits
X.1.0 Other address status
X.1.1 Bad destination mailbox address
X.1.2 Bad destination system address
X.1.3 Bad destination mailbox address syntax
X.1.4 Destination mailbox address ambiguous
X.1.5 Destination mailbox address valid
X.1.6 Mailbox has moved
X.1.7 Bad sender's mailbox address syntax
X.1.8 Bad sender's system address
X.2.0 Other or undefined mailbox status
X.2.1 Mailbox disabled, not accepting messages
X.2.2 Mailbox full
X.2.3 Message length exceeds administrative limit
X.2.4 Mailing list expansion problem
X.3.0 Other or undefined mail system status
X.3.1 Mail system full
X.3.2 System not accepting network messages
X.3.3 System not capable of selected features
X.3.4 Message too big for system
X.4.0 Other or undefined network or routing status
X.4.1 No answer from host
X.4.2 Bad connection
X.4.3 Routing server failure
X.4.4 Unable to route
X.4.5 Network congestion
X.4.6 Routing loop detected
X.4.7 Delivery time expired
X.5.0 Other or undefined protocol status
X.5.1 Invalid command
X.5.2 Syntax error
X.5.3 Too many recipients
X.5.4 Invalid command arguments
X.5.5 Wrong protocol version
X.6.0 Other or undefined media error
X.6.1 Media not supported
X.6.2 Conversion required and prohibited
X.6.3 Conversion required but not supported
X.6.4 Conversion with loss performed
X.6.5 Conversion failed
X.7.0 Other or undefined security status
X.7.1 Delivery not authorized, message refused
X.7.2 Mailing list expansion prohibited
X.7.3 Security conversion required but not possible
X.7.4 Security features not supported
X.7.5 Cryptographic failure
X.7.6 Cryptographic algorithm not supported
X.7.7 Message integrity failure
The following is from RFC 1893:
This document defines a new set of status codes to report mail system
conditions. These status codes are intended to be used for media and
language independent status reporting. They are not intended for
system specific diagnostics.
The syntax of the new status codes is defined as:
status-code = class "." subject "." detail
class = "2"/"4"/"5"
subject = 1*3digit
detail = 1*3digit
White-space characters and comments are NOT allowed within a status-
code. Each numeric sub-code within the status-code MUST be expressed
without leading zero digits.
Status codes consist of three numerical fields separated by ".". The
first sub-code indicates whether the delivery attempt was successful.
The second sub-code indicates the probable source of any delivery
anomalies, and the third sub-code indicates a precise error condition.
The codes space defined is intended to be extensible only by standards
track documents. Mail system specific status codes should be mapped
as close as possible to the standard status codes. Servers should
send only defined, registered status codes. System specific errors
and diagnostics should be carried by means other than status codes.
New subject and detail codes will be added over time. Because the
number space is large, it is not intended that published status codes
will ever be redefined or eliminated. Clients should preserve the
extensibility of the code space by reporting the general error
described in the subject sub-code when the specific detail is
unrecognized.
For additional information and discussion of this coding, including
definitions of terminology, please see RFC 1893.
|
|
|
|
|
|
Can you tell me about your spam filters? |
|
|
Last Update: Saturday, January 25, 2003
CybrHost employs several different methods to filter potential spam into your black-hole account:
- Blacklisted IP Addresses. When a "blacklisted" host connects to your server and tries to submit a message via SMTP, it gets an error message from your SMTP module and mail from that host is not accepted. Offending hosts are added, by hand, into black-hole IP database.
- DNS-based Blacklisting (RBL.) We do not use any third-party RBLs.
- Blacklist by DNS Name. When a client connects from an IP address not listed in the Client IP Addresses and Blacklisted IP Addresses lists, and the Blacklist by DNS Name option is enabled, the server tries to get the domain name for that IP address (if the IP address is aa.bb.cc.dd, the Server tries to retrieve the PTR record for the dd.cc.dd.aa.in-addr.arpa name). If the PTR domain name is retrieved, it is checked against the strings specified in the table (these strings can include the windcard (*) symbols). If the retrieved name matches one of the table strings, the address is processed as a blacklisted one.
- Banned Body Lines and Banned Header Lines (RFC 822 Receiver). You can specify a set of message Header and Body lines to be used to detect spam. When the server receives mail in the RFC822 format (via SMTP, RPOP, POP XTND XMIT, PIPE modules), it compares each received header and body line with the specified lists. If a message contains one of the specified lines, the message is rejected.
- Router Blocks. Undesired domain names can be blocked at the router and is used to blacklist known bulk mail spammers and adult web sites. The router block generates a failure notice to the blacklisted domain account. The system does not process this mail.
In addition to incoming spam filters CybrHost users two methods to un-list addresses (White Hole Addresses):
- UnBlacklistable (White Hole) IP Addresses. This database, updated by hand, includes a list of IP addresses that are unblacklisted.
- UnBlacklist by DNS Name. This database, updated by hand, includes "unblacklist" addresses using their DNS (PTR) names
The links above include the entire blacklist and whitehole data as of the date mentioned above. For more information on the CommuniGate filters please see Blacklisting Offenders.
You can also view the archived data which is available here.
|
|
|
|
|
|
Can I automatically move black-hole email into the users email account? |
|
|
Using the Stalker Rules function, it is very easy to create automated re-directs of email from one account to another.
To create a single account name filter:
Open your Administrative Interface using: http://mail.YOUR_DOMAIN.COM:8010
Select the black-hole account.
Enter ACCOUNT_NAME RE-DIRECT in the box to the right of the Add Rule Button.
Press the Add Rule button.
Press the edit link.
To add the first filter:
Under Data select Any To or Cc
Under Operation select is
Under Parameter enter *ACCOUNT_NAME@YOUR_DOMAIN.COM*
Under Action select Redirect to
Under Parameters enter ACCOUNT_NAME@YOUR_DOMAIN.COM
Press the Update button
To add the second filter:
Under Data select Any To or Cc
Under Operation select is
Under Parameter enter *ACCOUNT_NAME@MAIL.YOUR_DOMAIN.COM*
Under Action select Redirect to
Under Parameters enter ACCOUNT_NAME@YOUR_DOMAIN.COM
Press the Update button
Notes
- You must use an * at the beginning and end of the Parameter (not Parameters!) setting above.
- Repeat the steps above to add an additional account name filters.
- If you do not wish to retain a copy of the email redirected in the steps above, you can add an additional Action of Discard. Again, press the Update button. This added step will then remove the email from the black-hole account.
|
|
|
|
|
|
Note 1. ifc-ignorant.org is blocking all CybrHost mail servers. [Return to FAQ question above] |
|
|
Important Note: On December 16, 2002 rfc-ignorant.org published the following on their web site
63.64.0.0/10 (No Longer Listed) [approved by dredd, removed by autohash]
This removal was subsequent to an email sent to WorldCom on Wednesday, December 11, 2002 by CybrHost discussing, in part, this issue.
Important Note: On November 21, 2002 rfc-ignorant.org arbitrarily and capriciously blacklisted Cybrhost's mail servers. In fact, rfc-ignorant.org blocked 63.64.0.0/10 IP block range in total. This totally unacceptable blacklisting is against UUNet and not CybrHost. We have repeatedly requested rfc-ignorant.org remove or white list our 63.74.0.0/24 range of IPs. If this action is not completed by December 5, 2002 CybrHost will seek injunctive relief from the Court System.
The following is SpamCop's reason (logic?) for blocking the CybrHost mail servers:
ipwhois.rfc-ignorant.org
63.64.0.0/10 (Listed) [dredd]
If you are the site administrator for the listed domain or netblock, and this has been corrected, please contact admin@rfc-ignorant.org to have this listing removed.
Submitted by: 165.230.209.234
Evidence:
I am resubmitting these as separate blocks as a means of gradually increasing
the pressure on uu.net to correct their 'swipper@uu.net' problem.
-Allen
Pavel_Lozhkin@deltabank.ru (external.deltabank.ru [195.239.16.250])
At least one of these contacts (last one) is bounced:
----- The following addresses had permanent fatal errors -----
<swipper@uu.net>
----- Transcript of session follows -----
... while talking to imr2.ash.ops.us.uu.net. [153.39.43.15]:
>>> RCPT To: <swipper@uu.net>
<<< 550 <swipper@uu.net>... User unknown
550 <swipper@uu.net>... User unknown
OrgName: UUNET Technologies, Inc.
OrgID: UU
NetRange: 63.64.0.0 - 63.127.255.255
CIDR: 63.64.0.0/10
NetName: UUNET63
NetHandle: NET-63-64-0-0-1
Parent: NET-63-0-0-0-0
NetType: Direct Allocation
NameServer: AUTH03.NS.UU.NET
NameServer: AUTH00.NS.UU.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1999-01-22
Updated: 2001-09-26
TechHandle: OA12-ARIN
TechName: UUNet, Technologies
TechPhone: +1-800-900-0241
TechEmail: help@uu.net
OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName: abuse
OrgAbusePhone: +1-800-900-0241
OrgAbuseEmail: abuse-mail@wcom.com
OrgNOCHandle: OA12-ARIN
OrgNOCName: UUNet, Technologies
OrgNOCPhone: +1-800-900-0241
OrgNOCEmail: help@uu.net
OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: swipper@uu.net
ifc-ignorant.org is blocking Cybrhost's mail servers due to a dispute over an UUNet email address! This arbitrary and capricious decision by rfc-ignorant.org, and negligence on the part of WorldCom/UUNet is damaging CybrHost Corporation as every day passes.
CybrHost sincerely apologizes to our clients for this unfortunate and ill-conceived situation.
|
|
|
|
|
CYBRHOST
located in the upper right-hand corner of the address block. A new page will appear
displaying the full headers. Copy this information, close the window, press Foward. The mail sending
screen will appear. Paste the header, previously copied, into the message screen and above "--- the forwarded message follows ---."
Send the email to either of the addresses above.
located on the upper-portion of every page. Click on the icon and the correct manual page will be displayed in a new window.
