All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Anyone has issues with colocrossing IP nullroute?
A few months ago, I ran away from a VPS provider because they nullrouted my IP for SMTP activity. It happened a few times, and everytime it happened, I checked the mail log of the server and mail queue but didn't find anything unusual (it was like I sent email at a rate of 1 email per a few hours). At that time I thought some issues with the provider's monitoring system.
Today, a very similar problem happened to my another server at a quite a big provider here in LET. My IP was nullrouted by the datacenter. And a very similar email sent to me, said that the nullroute may be up to 48 hours. I log in to my server through the console, checked and see one email stuck at the queue (guess it could not be delivered due to some problems). Checking the mail log I see the total of sending and receiving rate is 1 email per every 0.5 to 1.5 hours, and it was nullrouted by the datacenter.
Normally, I think if the provider nullroute, they should lift it immediately upon request (since this is the first time), but no, they said it may be any time up to 48 hours.
So I believe the nullroute was done by their upstream. I check the IP address in whatismyipaddress dot com, and I see the IP is owned by colocrossing. Due to the similarity of the nullroute email notification, I also checked the IP address of the previous provider (that I ran away a few months ago), and see that IP is also owned by colocrossing.
I am managing many VPS for different clients, but I have encountered only 2 irritating problems and they are both related to colocrossing.
So, I just wonder if anyone else has the same problem with me, or I am the only one?
Comments
Name of the providers?
I don't tend to send too many messages through ColoCrossing since I prefer to be IPv6 native whenever possible.
Thanks, maybe it is not advisable to name them here, since it may affect their business. And I'm still having service with one of them.
Yup, happened with me as well. Cc reseller, null routed the ip because if spam emails, when it was just the server sending "service down" emails to the admin email.
After 6 hours of down time, finally my server is back online. I sent them details about how to investigate our server mail log. A support staffs just replied that "The threshold on this was way too low on the datacenter's end.", so if I understand correctly he has investigated and admitted due to the datacenter's fault. By saying "Datacenter" i'm not sure if he is referring to his company or his upstream.
Their initial system just monitored PPS on port 25 and applied nullroutes based on that so sending any reasonable amount of emails (a couple a second, maybe even less) could get you smacked.
They supposedly do have a way to whitelist people, or at the very least increase the limit.
Francisco
Is this a typo? In my case that was a couple of email every 1-2 hours and my IP was still nullrouted.
I don't know the limits, I assumed 1 or 2 a second would be a fair number they kept it at.
If it's that low then damn.
Francisco
And you think checking your own mail logs is the definitive answer here?
In your shoes the questions and things in my head would be:
1) Damn someone is using me as an open relay, how?
2) Damn someone is proxying mail traffic via my VPS, how?
3) Let me check the release notes for anything I have installed for updates, security patches and what they were for.
4) Let me monitor and collate some traffic on all mail ports.
5) Let me run tcpdump and filter port 25 for later analysis should this happen again.
6) If I am running email from the server let me change my passwords just incase.
Seems a bit too much of a coincidence, I think you need to do a lot more troubleshooting.
I have had a customer call me all the names under the sun only to find out on further investigation his home PC was the problem and he was using the VPS as a VPN.
Oh dear! Your message was sent through ColoCrossing's patented V6 proxy technology (aka. CloudFlare).
Exactly what happened with me too (and more than once on more than a couple of VPSs at different DCs but all CC locations). I had to ticket in and explain stuff to get the nullroute lifted and also to increase the limit (or whitelist - not sure what was actually done).
After the first few hiccups though things have been very good and I've not had any issues with my usual volume of system mails/notifications/alerts (all only to my own - no general/public emails at all).
Hopefully a similar approach (ticketing in, clarifying things) can get you sorted out @MultiStars
Well, for all of my servers I do the following: Limit SSH access only to my IPs, No open relay, enable SMTP_BLOCK setting in csf, limit each minute to send a maximum of 1 email (through MTA setting) even though my actual sending rate is much lower, update server every month.
I have never used tcpdump to capture all traffic on port 25, since I'm not good at tcpdump analysis. I have no idea about what is "proxying mail traffic", but I would say I am a typical/regular user, and probably all my settings above are reasonably secured.
When I went away from my first providers, I just reused all settings (including mail settings, data files) in a new provider except the root password, and it hasn't happened over the past few months. (in the old provider, it was nullrouted a few times)
Thanks @nullnothere, my current provider said they have requested for an increase in limit, not sure how much they increase, let's hope it will not occur again.
If they impose limits on the small amount of emails you sent I think it is time to look for another provider. Who knows what other restrictions / limitation they have.
Did the system monitor the difference between inbound and outbound pps?
This sounds vulnerable to attack.
Nope
Yes, my terms of service said 100 emails/hour max. I was well under half that (NO spams) and got null routed by colocrossing twice (once in San Jose and once in Buffalo). I asked nicely and they unblocked. It sounded like they asked the data center to fix their limits, but I'm playing it careful now.