Welcome to the removals ticketing center.
All communications regarding the removal of 2001:913:1fff:ffff::/64 can be found here. To send a message to the delisting team simply type into the “new message” box below. They will respond as soon as possible.
Latest correspondence
Thank you for contacting Spamhaus CSS Removals,
You _are_ aware of the dismal reputation of nohost.me?
Because it is free, it gets abused continuously. Too much of that and it gets listed.
Regards,
R e
New message
Previous correspondence
I was able to check the mail server behind 2001:913:1fff:ffff::42. The HELO is correct :
helocheck@abuseat.org](mailto:helocheck@abuseat.org)\: host mail.abuseat.org[54.93.50.35] said: 550 *** The
HELO for IP address 80.67.181.159 was 'paragram.nohost.me' (valid syntax)
*** (in reply to RCPT TO command)
Also, the mail server is getting a 10/10 on https://www.mail-tester.com/
So, I don't see why this mail server is getting blacklisted? Do you have any clue?
> CSS lists IPv6 with /64 granularity and one or more IPs within the /64 in question are sending spam. A /64 is the industry standard for the smallest IPv6 allocation to individual customers, even for home-uses like cable, DSL or wireless. The /64 choice has RFC4291 as its origin and it is further discussed in RFC6177.
Ok, but as far as I know, you are the only one who is blacklisting /64, which leads to such issues, so we can fairly say that the problem comes from your side. As you can see, we aren't the only one with this problem : https://forum.yunohost.org/search?q=spamhausipv6
Thanks for your explanations!
As I was saying, the IP 2001:913:1fff:ffff::42 is not assigned to my server, but to one of Neutrinet's member. I've contacted the owner of this IP and we will check what's going wrong with his mail server as soon as possible.
However, I don't think Neutrinet (= my ISP) will be able to fix the /64 issue, because the provided IPv6 are shared between users of the VPN. Still, as I'm one of the sysadmin at Neutrinet, I will discuss this matter with the rest of the sysadmin team, but I'm afraid this would require a refactoring of our VPN. Knowing that, would it be possible for you to make an exception for this /64 and consider this range as individual servers ?
Thanks for your explanations!
As I was saying, the IP 2001:913:1fff:ffff::42 is not assigned to my server, but to one of Neutrinet's member. I've contacted the owner of this IP and we will check what's going wrong with his mail server as soon as possible.
However, I don't think Neutrinet (= my ISP) will be able to fix the /64 issue, because the provided IPv6 are shared between users of the VPN. Still, as I'm one of the sysadmin at Neutrinet, I will discuss this matter with the rest of the sysadmin team, but I'm afraid this would require a refactoring of our VPN. Knowing that, would it be possible for you to make an exception for this /64 and consider this range as individual servers ?
Thank you for contacting Spamhaus CSS Removals,
Please use https://translate.google.com/ for language, if needed.
Is this IP yours? 2001:913:1fff:ffff::42
If it is not yours, please read the FAQ link provided below, and call your ISP.
If it IS yours, the second half of this response applies.
CSS lists IPv6 with /64 granularity, and one or more IPs within the /64 in question are sending spam. A /64 is the industry standard for the smallest IPv6 allocation to individual customers, even for home-uses like cable, DSL or wireless. The /64 choice has RFC4291 as its origin and it is further discussed in RFC6177.
For more detailed information, please this FAQ regarding IPv6 and CSS:
https://www.spamhaus.org/faq/section/Spamhaus%20CSS#426
To resolve this issue, contact the ISP providing your IPv6 address and request assignment of a /64 range appropriate for email service.
These links may be helpful when having the conversation with your ISP:
https://slash64.net/
https://etherealmind.com/allocating-64-wasteful-ipv6-not/
https://www.m3aawg.org/sites/default/files/document/M3AAWG_Inbound_IPv6_Policy_Issues-2014-09.pdf
---
2001:913:1fff:ffff::/64 is making SMTP connections which indicate that it is potentially misconfigured. Unfortunately it appears some elements of your existing configuration create message characteristics identical to previously identified spam messages.
Please correct the mail server's HELO 'paragram.nohost.me' and if needed, configure it with correct DNS (forward and reverse) and HELO/EHLO values. Here is an example:
Correct HELO/DNS/rDNS alignment for domain example.com:
- Mail server HELO: mail.example.com
- Mail server IP: 192.0.2.12
- Forward DNS: mail.example.com -> 192.0.2.12
- Reverse DNS: 192.0.2.12 -> mail.example.com
Correcting an invalid HELO or a HELO/forward DNS lookup mismatch will stop the IP from being listed again.
Points to consider:
* Alignment: it is strongly recommended that the forward DNS lookup (domain name to IP address) and rDNS (IP to domain) of your IP should match the HELO value set in your server, if possible
* The IP and the HELO value should both have forward and rDNS, and should resolve in public DNS
* Ensure that the domain used in HELO actually exists!
Additional points:
* According to rFC, the HELO must be a fully qualified domain name (FQDN): "hostname.example.com" is an FQDN and "example.com" is not an FQDN.
* The domain used should belong to your organisation.
* HELO is commonly a server setting, not DNS.
Contact your hosting provider for assistance if needed.
Please verify your HELO. If all settings are correct, you have a different problem, probably malware/spambot.
Again, the HELO we are seeing is 'paragram.nohost.me'. The last detection was at 2023-07-25 12:50:00 (UTC).
For information on misconfigured SMTP servers, please see this FAQ:
https://www.spamhaus.org/faq/section/Hacked...%20Here's%20help#539
CSS listings expire a few days after last detection. You can always open a ticket (or update an existing one) to inform us when and how the situation was been secured.
Regards,
R e
Hello,
I'm self-hosting my emails since 5 years, but I getting blacklisted by you since a few months, while I changed nothing...
As I said in a previous message, I'm self-hosting my emails behind a VPN provided by Neutrinet, a belgian non-profit organization which is part of the FFDN. I use Yunohost, which is a free software that helps people to self-host. Unfortunately, Yunohost only use a single IPv6 for the mail, and Neutrinet's VPN usually provide a single IPv6 as well to their members.
Could you stop considering a mail server with single IPv6 as spam? You seem to be the only blacklist using this arbitrary criteria...
Thanks!
See my previous complains